Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.

An Android app that falsely claimed to be a tool for keeping smartphones up-to-date with the latest version of the OS was found surreptitiously tracking the physical location of it users using spyware called SMSVova.

Mike Mimoso and Chris Brook discuss the news of the week, including last Friday’s ShadowBrokers dump – how Microsoft learned of the vulnerabilities, how they were patched by Oracle, along with Microsoft ditching passwords, and a new car dongle hack.

Microsoft announced this week its giving users a new way to sign into their accounts without long and complicated passwords.

A new ransomware-as-a-service called Karmen appeals to ransomware newbies with a low price, easy setup and developer updates.

A rash of Java-based remote access Trojans is targeting tax filers with bogus IRS attachments.

At the Kaspersky Lab Security Analyst Summit, Android Security Team malware analyst Elena Kovakina explained Google’s strategy for countering ransomware on Android.

Mike Mimoso, Tom Spring, and Chris Brook recap Infiltrate Con in Miami last week, and Kaspersky Lab’s Security Analyst Summit in St. Maarten

University researchers created a browser-based JavaScript that leverages a phone’s smart device sensor data to steal PINs.

A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules and IoT components was revealed Thursday at the Infiltrate Conference