Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...

Certificate authority Let’s Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend.

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.

Fifty-one million iMesh accounts are for sale on Dark Web for $700, bringing the number of user accounts tied to recent breaches to over 700 million.

More than a year after hackers managed to manipulate the system the Internal Revenue Service has reinstated its Get Transcript service.

Netgear on Friday released firmware updates for two of its router products lines, patching vulnerabilities that were reported six months ago. Users should update to firmware version 1.0.0.59, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key embedded in older versions of the firmware. A vulnerability note published by...

For close to a month, the master encryption key unlocking files ravaged by TeslaCrypt has been publicly available, putting an end to a profitable strain of ransomware. In the weeks since, various decryptors have been developed that can be used to unlock files. Kaspersky Lab, for one, updated its Rakhni utility to include TeslaCrypt v3...

Mike Mimoso and Chris Brook discuss news from the week, including how the recent data breaches have fed off password reuse, how a Canadian university paid $20K CDN following a ransomware attack, a scan that showed a lack of secured services on the internet, and more. Download: Threatpost_News_Wrap_June_9_2016.mp3 Music by Chris Gonsalves

Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials. A Russian hacker known as Tessa88 has been involved in a number of recent password disclosures with Twitter being the most recent. He shared the cache of Twitter data with...

A Windows zero-day for sale on the black market for $90,000 just received a price drop. The flaw that allegedly leaves all versions of Windows users exposed to a local privilege escalation (LPE) vulnerability can now be snatched up for $85,000. According to Trustwave, which has been monitoring the price, this is the second price drop...