Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks. Jasek said the problem is traced back to devices that use the Bluetooth Low Energy (BLE) feature for access control. He said too often...

Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service (DoS) attack. The hotfixes come more than two months after the vulnerabilities were publicly disclosed. Juniper warned network administrators in June about the flaw, which...

Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded. The threat, according to Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, centers...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber...

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day exploits and refined coding to exfiltrate...

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search for and spread between networked programmable logic controllers (PLCs). PLC-Blaster was designed to target Siemens SIMATIC...

Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed. “Over the seven years working on Android security vulnerabilities I’ve seen a lot of bugs and a lot of fear uncertainty and doubt,” said Nick Kralevich, Android platform...

LAS VEGAS—Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. “It’s time someone else pick it up,” Valasek said. “We did our part and it’s time...

Does dropping an infected USB drive in a parking work when it comes to a hacker luring its prey into a digital trap? The answer is a resounding yes. At Black Hat USA, security researcher Elie Bursztein shared the results of an experiment where he dropped 297 USB drives with phone-home capabilities on the University...

LAS VEGAS – Poor operational security on the part of Nigerian scammers running a Business Email Compromise (BEC) scheme has given researchers a window into their operations. Dell SecureWorks today published a report at Black Hat USA 2016 on what the criminals involved call wire-wire, or “waya-waya.” These attackers aren’t particularly sophisticated malware coders, for...