Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the device. Researchers at IBM’s X-Force Application...

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose of quickly caching data. The tool’s developers configured Redis...

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions. It’s the latest development since February when cybercriminals used SWIFT to steal $81 million in a Bangladesh Bank...

Security researchers warn mixing vulnerability disclosures with stock market bets sets a troubling precedent that erodes confidence in the relationship between businesses and white hat hackers who help uncover threats. Researchers are responding to the unprecedented partnership between security research firm MedSec and investment research outfit Muddy Waters LLC. Last week, Muddy Waters released a scathing report based...

When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users. The fact that the online storage site was hacked four years ago was no secret. But details around the sheer size of the stolen database, which contains users’ email addresses plus hashed and salted passwords from 2012, were unknown until Tuesday,...

Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely. Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH, according to one of the victims. In each instance, the web folder...

Researchers at Ben-Gurion University of Negev have found a way to take a run-of-the-mill USB device and use it to leak data from an air-gapped computers via RF signals. Academics with the school’s Cyber Security Research Labs division claim they’ve come up with software, dubbed USBee, that can modulate binary data over electromagnetic waves, and then transmit...

Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report released by private equity firm Muddy Waters Capital with help from medical researchers at...

Cisco today began the process of patching a zero-day vulnerability in its Adaptive Security Appliance (ASA) software exposed in the ShadowBrokers data dump. Users on affected versions of ASA, 7.2, and 8.0 through 8.7, are urged to migrate soon to 9.1.7(9) or later. Newer versions that are also implicated—9.1 through 9.6—are expected to be updated...

Outdated vBulletin forum software is being blamed for the breach of a Grand Theft Auto fan forum called GTAGaming. It marks the second time in two days a gaming forum has been targeted by hackers and that a SQL injection vulnerability is believed to have been exploited. The fan website notified users Tuesday of a database breach in which email addresses, hashed passwords...