Last month, when researcher Troy Hunt argued the dangers of insecure APIs at a security workshop, little did he know hours later he would discover an API vulnerability that allowed remote access to onboard computers of 200,000 Nissan Leaf and eNV200 electric automobiles. “After talking about the way applications can sometimes get APIs wrong, a...

This Threatpost op-ed is part of a series of guest contributions from computer security research and policy experts. Today, we feature Kaspersky Lab’s Kurt Baumgartner.  Boulder, Colorado’s Open Space and Mountain Parks winter photo gallery displays parts of the beautiful and productive 45,000-plus “open space” acres that buffer the city from sprawling development. At the same...

It took Apple nine words to make its point: “This is not a case about one isolated iPhone.” Apple on Thursday filed a motion to vacate a court order mandating it assist the FBI in unlocking an iPhone belonging to the San Bernardino shooter. Apple said the order violates its First Amendment rights—software code is...

Automaker Nissan deactivated a remote access feature that let owners of its Leaf electric car remotely adjust climate controls and check battery status via a smartphone app. The move comes after a security researcher posted his finding regarding a simple hack that allowed anyone with the right Leaf automobile VIN number to access the climate...

Apple, like most advanced tech companies, understands threats and how to close them off. But one salient point that’s emerged from its ongoing dispute with the FBI over unlocking the San Bernardino shooter’s phone is that Apple is a threat to itself. Therefore, expect any future iPhone security updates to take into account that Apple...

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access bypass vulnerability, the lone fix marked critical, a user could’ve submitted their own...

A U.S. district court judge has confirmed what has probably been the worst-kept secret in security, that Carnegie Mellon University’s Software Engineering Institute was indeed contracted by the Department of Defense to study how to break Tor anonymity. A motion to compel discovery filed by Brian Farrell, a defendant charged with conspiracy to distribute drugs...

After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites. Researchers are calling this variant “CTB-Locker for Websites” because it targets websites, encrypts their content, and demands a 0.4 bitcoin ($425) ransom for access to the decryption key. In a technical breakdown of “CTB-Locker for Websites”,...

The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along with fines of $16,000 per incident that could reach as much...

A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm (.PDF) by researchers at Cylance, the campaign has managed to stay persistent over the years, and especially lately, by using dynamic DNS domains and customized backdoors. While the group...