The effectiveness of bug bounty programs is difficult to deny, especially after adoption of one at Uber, which announced last month it would begin paying $10,000 for critical bugs, and the Department of Defense, whose Hack the Pentagon illustrates the government’s softening stance on hackers. The Massachusetts Institute of Technology announced this week that it will...

Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of the San Bernardino shooter? For some in the security community the answer is a resounding yes. For others, the answer is not so clear-cut. FBI Director James Comey said on Thursday the agency...

Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO’s stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end crypto, Teslacrypt, and more. http://traffic.libsyn.com/digitalunderground/Threatpost_News_Wrap_April_22_2016.mp3 Download: Threatpost_News_Wrap_April_22_2016.mp3 Music by Chris Gonsalves

A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker. A researcher who requested anonymity found and privately disclosed the issue to Microsoft on Tuesday. It’s unknown whether Microsoft will patch this issue with...

In a storyline that rivals an episode of The Sopranos, researchers at FireEye documented the heist of bank card data from 20 million individuals that involved a complex web of crooks that may have netted hackers more than $100 million since 2014. In conjunction with recently acquired Isight Partners, FireEye released a report Thursday that shines a bright...

Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content. The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy Westergren Jr., who privately disclosed the issue to Adobe. Unlike...

Cisco released software updates to address five separate denial of service vulnerabilities, all which the company considers either high or critical severity, across its product line this week. According to a series of security advisories issued on Wednesday, three of the five vulnerabilities exist in Cisco’s Wireless LAN Controller (WLC) devices, commonly used to manage...

Apple’s latest transparency report published on Wednesday shows a big increase in the number of law enforcement and government requests for account and device data. Publication of the report comes on the heels of the latest chapter in the Apple-FBI tussle over encryption and privacy. Tuesday’s hearing before the House Energy and Commerce Committee dredged up...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. Reports of APT activities detail compromises spanning multiple organizations, sectors, industry verticals, and countries (over multiple years). According to MITRE: “it is becoming increasingly necessary for organizations to...

Messaging firm Viber is adding end-to-end encryption for 711 million of its users, becoming the latest tech firm to embrace encryption on an massive scale. Making the move even more provocative is the fact Viber is owned by a Japanese conglomerate and operates out of Israel – making it immune to existing and any upcoming U.S....