Cisco Systems said it has patched a critical flaw tied to its TelePresence hardware that allowed unauthorized third-parties to access the system via an API bug. The networking behemoth also alerted customers to a duo of denial of service attack vulnerabilities that represent a high risk for its FirePOWER firewall hardware. The United States Computer Emergency Readiness...

The Linux Foundation says a new Core Infrastructure Initiative (CII) Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates nor validate open source projects. Instead, CII is a platform for open source projects...

Hackers sympathetic to ISIS may lack the funding and talent of government-sponsored hackers, but they merit attention because of their promotion of physical violence and ability to incite others via social media to target individuals or groups. A report today by security company Flashpoint points out that while these groups are not official members of...

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Researcher Joakim Kennedy of Rapid7 disclosed in March some details affecting critical flaws in Moxa NPort 6110 Modbus/TCP to serial...

Juniper Networks hopes to remove any clouds of uncertainty that its networking gear might still have a backdoor that could allow the NSA or hackers to snoop on traffic running through its hardware. On Thursday, Juniper completed an update to the way its ScreenOS software handles encryption. Juniper said it has integrated the company’s widely...

The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright...

The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington,...

Cisco Systems issued a “critical” patch on Wednesday for its Nexus 3000 and 3500 series switches that allow remote attackers to access default account and static password information on affected hardware. The vulnerability could allow an unauthenticated user to log in to the affected system with the privileges of a root user. The account is...

A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm (.PDF) by researchers at Cylance, the campaign has managed to stay persistent over the years, and especially lately, by using dynamic DNS domains and customized backdoors. While the group...

Threatpost editor Mike Mimoso talks with Dewan Chowdhury, the founder and CEO of MalCrawler, about hacking power grids and a honeypot they built to mimic an energy management system. [embedded content]