Mozilla yesterday updated Firefox and patched 10 vulnerabilities, one which was rated critical. Firefox 46 also included patches for four vulnerabilities that Mozilla rated as high severity. Critical bugs enabled remote code execution without user interaction, while bugs rated high can be exploited to steal browser data or inject code into websites via the browser....

The digital gaming platform Steam was quick to patch a cryptographic issue in its client recently that could have allowed an attacker to read sensitive information sent over its network, take over an account, or view plain-text passwords. Valve, the Bellevue, Wash.-based video game developer that oversees the platform, rolled out new code on its servers...

An obscure Windows feature known as hotpatching, missing in the OS since the introduction of Windows 8, is a preferred tool used by a resourced attack group called Platinum that was uncovered by Microsoft. The group has carried out targeted attacks in South and Southeast Asia since at least 2009, focusing primarily on government interests,...

With some members of the so-called Armada Collective in jail, another actor has decided to co-opt their technique of sending threatening DDoS extortion messages to businesses worldwide. Only difference is, this group isn’t following through with its threat, and it’s still collecting serious money. A blog post from CloudFlare CEO Matthew Prince says that the...

A lack of security common sense still plagues businesses with 30 percent of phishing emails opened by campaign targets. Worse, 12 percent click on the attachments inside those phishing attacks, giving crooks easy access to systems to snarf up credentials that are later used to pull off financially or espionage motivated crimes. That’s the big...

When exploits kits, in particular Angler, spread ransomware infections, people get nervous. The latest strain to appear in the virulent Angler kit is CryptXXX, which researchers at Proofpoint and Fox IT tied to the same group dropping old-school Reveton ransomware and Bedep click-fraud malware. CryptXXX asks for a steep $500 in Bitcoin to unlock files...

A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and unsupported Windows XP operating system. “This is a new and...

Accessing Facebook over Tor may seem to be a contradiction, but apparently that’s not the case for a million or so users of the anonymity service. Facebook on Friday said that in April, for the first time, there were more than one million people accessing Facebook over Tor in a 30-day period. As a comparison...

The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks. The malware has started targeting corporate, SMB, investment banking and consumer accounts at banks, including some in Portugal and the U.S., in addition...

Hackers behind the $81 million heist in February at Bangladesh Bank used stolen credentials to inject a malware toolkit into the financial institution’s implementation of the SWIFT payment system. The attackers used the access afforded by the credentials to send fraudulent money transfers to accounts in the Philippines and the malware was used to electronically cover the...