A vulnerability that exists in embedded computers manufactured by Moxa could allow remote authenticated users to overwrite firmware, in turn rendering the devices unusable. Moxa, a Taiwan-based networking company, announced recently that instead of patching the line of products affected by the vulnerability, UC 7408-LX-Plus, it would discontinue the devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)...

Civil liberties and privacy groups are petitioning the U.S. government for more time to fight the FBI’s request to exempt itself from lawsuits related to its warehouse of an estimated 100 million biometric records if it’s found in violation of the federal Privacy Act of 1974. At issue is the government’s massive Next Generation Identification...

Yahoo today disclosed the contents of three National Security Letters it has received since 2013, the first time a company has made such a disclosure since the passage of the USA FREEDOM Act. Under the law, the FBI is now required to periodically review whether non-disclosure around National Security Letters remains appropriate. “We believe this...

Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000. Security experts say the zero-day exploit looks legitimate and in the wrong hands could be an...

Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device. Researcher Chilik Tamir of mobile security company Mi3 Security disclosed last week...

Hackers are peddling roughly 427 million passwords belonging to users of MySpace, a social network that in its heyday was one of the most visited sites on the internet. The same service that claimed to have information on 164 million LinkedIn users earlier this month is now boasting to have information on 360 million MySpace...

Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching by IBM researchers and is becoming a growing new threat to businesses vulnerable to attacks. According to IBM’s X-Force researchers, the...

Last year’s Superfish and eDellRoot bloatware mishaps exposed the security nightmare that pre-installed software updaters can create on new laptops. And while these two high-profile incidents made the issue public, they’re hardly isolated cases. Many popular consumer and business laptops from manufacturers such as Dell, HP, Lenovo, Asus and Acer include bloatware that have a...

Businesses were hit hardest by inbox-based scams in 2015 that robbed U.S. companies of $263 million. The numbers come from the FBI’s recently released 2015 Internet Crime Report that tallies the types of cybercrimes hitting U.S. business and individuals the hardest. According to the FBI, its Internet Crime Complaint Center (IC3) received 288,012 complaints last...

The FBI’s refusal to share details about a network investigative technique it used to gather evidence against a Vancouver teacher charged with possession of child pornography has forced a federal judge’s hand to exclude the evidence from trial. The NIT used by the FBI to hack the Playpen website is believed to have de-anonymized users...