At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers a combined $550,000 – an...

Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: Threatpost_News_Wrap_June_17_2016.mp3 Music by Chris Gonsalves

Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches. “This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past,...

Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against the zero-day were used in March by the ScarCruft APT gang...

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privacy provision by civil liberties groups who had worked for years to...

Privacy experts are arguing this week the FBI, which maintains a vast – and apparently even larger than expected – treasure trove of facial recognition photos, isn’t doing enough to safeguard the databases, many which contain images of innocent citizens. According to a report released by the Government Accountability Office on Wednesday the FBI has access to...

An underground market peddling hacked servers was a unique find, even for a seasoned researcher such Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic[.]biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was meticulously managing this trading platform and selling for as little...

Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution. The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware of public attacks against these vulnerabilities, but...

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use...