Signal has fixed bugs in its Android messaging app that allow an attacker to corrupt an encrypted attachment and remotely crash the application.

Edward Snowden took his case to the media Wednesday arguing a presidential pardon would be important step in preserving democracy and his only hope in returning to the United States. He argued that under the current Espionage Act, future whistleblowers would be less inclined to come forward to expose government abuses of power. “Today whistleblowing...

Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,” warns a sharp rise of devices using known private keys...

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync passwords in addition to any...

Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report released by private equity firm Muddy Waters Capital with help from medical researchers at...

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on ShadowBrokers and Cisco, the Sweet32 collision attack, decryptors for the Wildfire ransomware, and this week’s gaming forum breaches. Download: Threatpost_News_Wrap_August_26_2016.mp3 Music by Chris Gonsalves

The United States is months removed from this spring’s Apple vs. FBI debacle, but the debate around encryption is just beginning to play out in Europe. A joint press conference held Tuesday in Paris between Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve marked perhaps the most public declaration by a government figure that there...

RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish. Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected...

Mike Mimoso and Chris Brook discuss the news of the week, including the Shadow Brokers debacle, the VeraCrypt audit, Pokemon ransomware, and a browser address bar vulnerability. Download: Threatpost_News_Wrap_August_19_2016.mp3 Music by Chris Gonsalves

New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator. The flaws were privately disclosed by Felix Dörre and Vladimir Klebanov of Karlsruhe Institute of Technology in Germany, and according to an advisory from the...