USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it...

Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities. The lion’s share of the bugs, 14, were in the font-processing...

Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the bugs, a type confusion vulnerability and...

Florida-based cancer treatment center 21st Century Oncology Holdings is warning 2.2 million patients that health data and Social Security numbers were stolen from its computer network. The breach, which was revealed on March 4, occurred last November and included the theft of patient names, Social Security numbers, physicians’ names, diagnoses and treatment information, and insurance information....

Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines. Two of the bulletins rated critical address flaws in Internet Explorer and Microsoft Edge. The IE bulletin, MS16-023, patches 13 vulnerabilities in the browser, all...

Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.” Last month, Adobe patched...

Anand Prakash could have hacked your Facebook account or anyone else’s. The India-based security researcher found a glaring password-reset vulnerability last month that allowed him to crack open any of Facebook’s 1.1 billion accounts using a rudimentary brute force password attack. But instead of pillaging accounts for financial data, Prakash reported his findings to Facebook...

The Internet Systems Consortium (ISC) this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol (DHCP) to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition. The group acknowledged on Monday that it plans to release DHCP 4.1-ESV-R13 and DHCP 4.3.4, at some point...

Amazon reversed course on its unpopular decision to remove encryption from its Fire OS 5 tablets. Over the weekend, Amazon said, customers’ device-level encryption support will return this spring. The move comes after Amazon customers and privacy activists expressed outrage over the company’s choice to remove encryption from its popular consumer line of Fire tablets running...

Apple’s head of software engineering told law enforcement and the government via a Washington Post op-ed on Sunday that a precedent-setting backdoor into the iPhone threatens to turn back the clock on mobile security to less safe times. The column, written by Craig Federighi and posted last night, argues that the removal of security features...