Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting that accounts was targeted in a password reuse attack. According to a statement issued by Carbonite on Tuesday hackers were attempting to break into user accounts using stolen credentials. In some cases, personal information may have been exposed,...

Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month. Let’s Encrypt launched to the general public just seven months ago. “Our goal is to get the entire web 100 percent HTTPS,” said Josh Aas, executive director for the Internet Security Research Group, the...

For the last month, attackers have used a combination of phishing and typosquatting to carry out a campaign aimed at stealing Bitcoin and blockchain wallet credentials. More than 100 phony Bitcoin and blockchain domains have been set up so far, many which mimic legitimate Bitcoin wallets. Most of the sites were registered on May 26...

The Department of Justice is countering a growing chorus of privacy advocates who are against a rule change that will greatly expand law enforcement’s ability to hack into computers located around the world. In a blog post to the DoJ website late Monday, Assistant Attorney General Leslie Caldwell argued law enforcement must not be stymied...

Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend. John Bennett, product line director for Citrix said the attack was a result of leaked passwords from other accounts used to crack open existing GoToMyPC accounts....

Taiwanese electronics company Acer began sending letters to customers last week indicating that some of their sensitive financial information–credit card data included–may have been accessed over the last year or so. Customers’ names, addresses, card numbers, expiration dates, and three digit CVV security codes may have been accessed by a third party, according to a data breach letter...

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: Threatpost_News_Wrap_June_17_2016.mp3 Music by Chris Gonsalves

Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches. “This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past,...

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privacy provision by civil liberties groups who had worked for years to...