Cisco Talos said on Friday that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks. Worse, researchers said that thousands of servers have already been backdoored. Hardest hit have been K-12 schools running library management software published by Follett called Destiny, Cisco...

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has ported over user data policies its...

Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic Communications Privacy Act that is at the heart of...

VMware fixed a critical vulnerability in one of its products this week that if exploited by an attacker, could’ve led to a man-in-the-middle attack. According to an advisory, the problem existed in VMware’s Client Integration plugin, a collection of tools present in a handful of other products the company ships, including some versions of its vCenter Server,...

URL shorteners are convenient, but for a long time gave security practitioners anxiety because it was difficult to determine where the shortened address was taking you. Two researchers have now given you new reasons to fear URL shorteners, especially for those storing and sharing data on cloud-based services. Independent researcher Martin Georgiev and Cornell University...

Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation (Burr-Feinstein, the California decryption bill) and the dawn of ‘cryptoworms’ – Mike also discusses last week’s Infiltrate Conference in Miami. Download: Threatpost_News_Wrap_April_15_2016.mp3 Music by Chris Gonsalves

Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote. But opponents of the bill, who argued Assembly Bill 1681 would undermine...

The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform. US-CERT today pushed out an alert advising QuickTime for Windows users that the only mitigation is to uninstall the software. “Computers running QuickTime...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0.  Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,”...

Mike Mimoso talks to Katie Moussouris about her newly launched consultancy Luta Security, the Hack the Pentagon bug bounty program, and some ISO news around vulnerability disclosure. Download: Katie_Moussouris_on_Her_New_Consultancy_Hack_the_Pentagon_and_More.mp3 Music by Chris Gonsalves