Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers. The flaw rests in the management of system timer resources and could allow an attacker to remotely crash the router. “An attacker could exploit this vulnerability...

While most of the discussion around ransomware is rightly so about the unabated stampede of new strains and variations on existing samples, relatively little discourse focuses on detection beyond antivirus and intrusion prevention systems. Some generic ransomware detection systems for Windows and OS X exist, but many of those are signature-based or have other limitations...

Dirt cheap ransomware selling for as little as $39 on the dark web has security experts concerned the low price coupled with its potency could trigger a wave of new infections. The ransomware is called Stampado and besides its hallmark low price, the ransomware is also unique because it threatens to delete files every six hours...

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug. Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit automaker to introduce a bug bounty...

A scathing congressional report points the finger at hackers sponsored by the Chinese government for their role in a series of hacks against the U.S. Federal Deposit Insurance Corp. (FDIC). The report also alleges the agency covered up the hacks in order to guarantee the appointment of current chairman Martin J. Gruenberg. The report from...

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a module used for creating REST APIs, Coder, a module...

Researchers from MIT believe a new anonymity scheme they’ve devised dubbed Riffle could contend with Tor, claiming it’s every bit as secure as Tor, and bandwidth-efficient, to boot. According to a paper, “Riffle: An Efficient Communication System With Strong Anonymity,” (.PDF) released this week, the system can guarantee anonymity among a large group of users, as...

Intel issued an important security patch Monday for a vulnerability that could allow hackers to execute arbitrary code on targeted systems running Windows 7. The bug, located in Intel’s HD graphics Windows kernel driver, leaves affected systems open to a local privilege escalation attacks that could give criminals the ability take control of targeted systems....

A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. The Seeking Alpha mobile app for Android and iOS also leaks everything from HTTP cookies to stock positions the user may be interested in. The app is not...

Networked printers have always posed an interesting attack vector, mostly for academics looking for vulnerabilities, and vandals sending garbage to the print bin. Microsoft, today, however patched a legitimate vulnerability that an attacker could abuse to attack corporate and home networks. MS16-087, one of a half-dozen critical security bulletins published today by Microsoft, patches a...