The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Google has put websites signed with WoSign/StartCom SSL certificates on notice that it will no longer trust certs from the Chinese CA starting in Chrome 61.

Google has released a reCAPTCHA API for Android, a first for the mobile applications.

How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week’s Apple security announcements are all discussed.

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.

Google has removed offending accounts involved in a widespread phishing attack today impersonating Google Docs.

NIST’s latest password guidelines focus less on length and complexity of secrets and more on other measures such as 2FA, throttling, and blacklists.

Fuze addressed two issues that publicly exposed recordings of private business meetings made over the collaboration platform.

Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty.