TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These samples, researcher Amanda Rousseau told Threatpost, were found in...

Oracle fixed 136 vulnerabilities across 46 different products this week as part of its quarterly Critical Patch Update. More than half of the CVEs, 72, could be remotely exploitable without authentication. Fixes for a slew of products, including Oracle’s Database Server, E-Business Suite, Fusion Middleware, along with its Sun Products line, Java SE platform, and MySQL database,...

With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific; Kaspersky Lab has built ransomware decryptors for CoinVault and Bitcryptor, and Cisco has...

BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices. The company’s CEO John Chen penned a statement on Monday, reiterating that one of BlackBerry’s core principles is customer privacy. But, he also acknowledging...

Representatives from Apple and the FBI testified Tuesday at a House Energy and Commerce Committee hearing on the ongoing encryption debate. Both vowed to work cooperatively to move past the current encryption impasse and find common ground. They also used the hearing to clarify stances on encryption and set the record straight on the FBI’s use...

Last year was a landmark time for Android security. Google dealt with a major vulnerability in Stagefright, launched a monthly patch release and vulnerability rewards program, and continued to chip away at the number of malicious applications that find their way onto devices. Given all of that progress, however, Google still struggles with the economics...

The Mousejack vulnerability raised awareness of the potential risks introduced by a wireless mouse or keyboard to the enterprise. From a relatively short distance, a hacker could send packets to the device that generate keystrokes on the host computer rather than mouse clicks. In short order, attackers could install malware, including dangerous rootkits in a...

Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File (RTF) documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back to 2009. According to Arbor Networks, the...

Google has trumpeted its Safe Browsing alerts as a key component in redirecting victims away from potentially malicious websites. An offshoot of that work is that apparently webmasters heed those warnings too and remediate vulnerabilities and bugs quicker. A co-branded study between Google and the University of California-Berkeley looked at more than 760,000 website hijackings...

A new web application security scanner, developed by a former MIT student now Berkeley postdoctoral researcher, could be a real find for developers wishing to lock down bugs that live outside the OWASP top 10. The static-analysis tool is called Space and will be unveiled at the upcoming International Conference on Software Engineering (ICSE). Space, used...