The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed ‘Broadpwn’ that impacts both Android and iOS devices.

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.

The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.

An academic paper demonstrates a new ASLR bypass executed through a side-channel attack against the branch target buffer in an Intel Haswell CPU.

The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers, however, have come up with...