It took close to two months, but free wireless and mobile provider FreedomPop has acknowledged reports of a serious vulnerability in its service. U.K.-based researcher Paul Moore told Threatpost that FreedomPop, which has been operating in the U.K. since last September, finally responded to a bug report that Moore had sent twice since March 24,...

Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn. To make matters worse, the servers, manufactured by Taiwan-based networking device company Moxa, have had shoddy security for a while, according to researchers at Rapid7. Joakim...

Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...

Mike Mimoso and Chris Brook discuss the week in news, including how Amazon is backtracking on encryption when it comes to their devices, a new set of alleged passcode bypasses for iOS, and the new OS X ransomware KeRanger. Download: Threatpost_News_Wrap_March_11_2016.mp3 Music by Chris Gonsalves