A recent Internet scan threw a bucket of cold water on the notion that wonky, unsecured services have been significantly reduced from the Internet. “Today’s Internet in 2016 looks like the 1996 Internet, which is a little depressing,” said Rapid7 security research manager Tod Beardsley. Beardsley and colleagues Bob Rudis and Jon Hart today published...

Ridesharing company Uber recently patched a vulnerability in its site that could have allowed an attacker to log into some “.uber.com” sites without a password and further compromise its internal network. Uber awarded Finnish security researcher Jouko Pynnönen $10,000 for discovering the flaw last month, equalling the highest bounty the company has paid out since it launched the...

Facebook has patched a vulnerability in the desktop and mobile versions of its Messenger app that allows an attacker to access and modify chats, exposing the victim to potential fraud and malware. Researchers at Check Point Software Technologies privately disclosed the issue May 2 to Facebook, which patched it two weeks later. The flaw, Check...

Security experts are warning owners of Mitsubishi Outlander Plug-In Hybrid Electric Vehicle that their cars can be hacked via the automobile’s on-board WiFi network used for remote control of key car features. The hybrid electronic vehicle, which is slated to be sold here in the U.S. starting this fall, suffers from weak password requirements that...

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team—Rahul Chatterjee, Ari Juels and Thomas...

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while Mediaserver has been a mainstay since Google began releasing patches on a...

News of yet another years-old social media site hack surfaced over the weekend when it was learned that hackers infiltrated the European social network VK.com at some point over the last several years and made off with credentials for 100 million of its users. Breach notification site LeakedSource touted the breach on Sunday, claiming it was selling...

New Microsoft Silverlight and Adobe Flash exploits that bypass Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) have found their way into an updated version of the Angler Exploit Kit. EMET is a suite of freely available tools for Windows machines that mitigate memory-based attacks. The exploits, discovered by security firm FireEye, affect only Windows 7 machines–still used by...

Researchers who dig deep through the code of one of the latest strains of ransomware might be surprised and even a little irked at what they find. Hidden inside some of those strings of code are taunts aimed at them. According to Lawrence Abrams who runs BleepingComputer.com, the malware, BlackShades Crypter a/k/a SilentShades was spotted late last...

The network time protocol, at the center of a number of high-profile DDoS attacks in 2014, was updated on Thursday to ntp-4.2.8p8. The latest version includes patches for five vulnerabilities, including one rated high-severity. NTP, specifically the NTP daemon, synchronizes system clocks with time servers. Vulnerable NTP servers were used two years ago with regular...