Jon Callas, equal parts security entrepreneur and innovator, has been hired at Apple for what will be his third stint with the company. Callas left Silent Circle, a company he cofounded, in April after four years there. Silent Circle designs and produces secure communication platforms, including the Blackphone and Silent Phone mobile devices, Silent OS...

The obvious takeaway from last week’s LinkedIn data breach revelation where we learned hackers were selling 117 million LinkedIn usernames, email addresses and passwords from a 2012 breach is, change your passwords-and often. The not so obvious takeaways come from noted security expert Troy Hunt, creator of the cyber-breach service Have I Been Pwned? and...

A private industry notification sent by the FBI in late April to its business partners warns of the risks associated with KeySweeper, a tool released in January 2015 by noted hardware hacker and researcher Samy Kamkar. Sixteen months ago, Kamkar released the source code and instructions on how to build the device, which looks like...

Facebook on Thursday patched a pair of vulnerabilities that enabled brute-force attacks against Instagram passwords, and also hardened its password policy. Researcher Arne Swinnen privately disclosed the flaws in December and in February respectively. One bug was patched in February, while the other went through two rounds of fixes before the issue was resolved on...

Reaction to the release of Google’s Allo messaging app has been mixed since it was unveiled Wednesday during Google’s I/O event. Allo has two modes, a normal mode run by an artificial intelligence that includes Google Assistant. It analyzes messages and offers suggestions based on the content that could include things like restaurant, movie or...

LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud...

Mike Mimoso and Chris Brook discuss the news of the week, including the LinkedIn breach, TeslaCrypt closing up shop, and a breakthrough in random number generation. The two also recap this week’s Source conference in Boston. Download: Threatpost_News_Wrap_May_20_2016.mp3 Music by Chris Gonsalves

Over 117 million LinkedIn user logins are for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). The breach is tied to an earlier hack on LinkedIn in 2012, when the company originally said 6.5 million accounts had been compromised. The hacker, identified as Peace, claims the the data...

Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker. First reported at the RSA Conference in March, Skycure discovered a theoretical attack that involves the exploitation of...

Mozilla on Wednesday filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose a vulnerability it exploited in the Tor Browser and Firefox. The FBI used the zero-day to hack a child pornography site and de-anonymize users visiting the site using the Tor Browser. Mozilla’s motion asks that the...