HD Moore, creator of the Metasploit Framework and a security innovator behind a number of Internet-wide security research projects, is moving into venture capital. Moore announced yesterday that he is leaving his current post as chief research officer at Rapid7 on Jan. 29 for a new opportunity in the VC world, an offer he called...

Asacub, once thought of as spyware, appears to have completed its transition into mobile banking malware, according to research published this week. When the Android malware surfaced in June 2015, researchers with Kaspersky Lab assumed it was spyware. It more or less fit the part; Asacub siphoned incoming SMS messages, browser history, and contacts — and...

Oracle’s quarterly Critical Patch Updates (CPU) are known for their daunting volume, usually a disproportionately big number of fixes that database and system administrators have to deal with every three months. Yesterday’s CPU, however, takes the cake. Oracle pushed out the door a record 248 patches on Tuesday, for vulnerabilities across its product lines. That...

Attackers behind the Dridex Trojan have narrowed their sights on banks based in the United Kingdom frequented by high-value business accounts, researchers claim. When a new version of the Trojan was released two weeks ago, it was promptly followed by a series of infection campaigns that focused on U.K. users. Limor Kessem, a cybersecurity evangelist...

Apple on Tuesday released security patches for iOS, OS X and an update for the Safari browser. The patches come less than a week after a ShmooCon presentation by Synack director of research Patrick Wardle revealed that Apple’s Gatekeeper security feature in OS X can be bypassed by an attacker with network-level access. The OS...

Mitigating fraud has long been an uphill battle for the online advertising world and numbers released Tuesday indicate it’s been a pricey one. The industry is poised to lose a combined $7.2 billion worldwide this year thanks to bogus ad fraud bots, according to a study carried out this past summer by the Association of National...

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified. A few of the estimated 50 recipients happened to be...

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yahoo through its HackerOne program. Pynnonen...

A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added. “It’s pretty bad because a...

The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes that medical device manufacturers not only address cybersecurity risks before they design products, but also during the maintenance of those products. FDA outlines cybersecurity recommendations for medical device manufacturers. https://t.co/d58cWW3ecJ — U.S. FDA (@US_FDA) January 15, 2016 The...