Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices. Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled out, among others, in the National Security Agency’s product catalog...

A security researcher is in a bit of a scrum with Facebook over vulnerability disclosures that not only tested the boundaries of the social network’s bug bounty program, but also prompted threats of legal and criminal action. Wesley Wineberg, a contract employee of security company Synack, said today in a personal blogpost and in emails...

A trove of MacKeeper user data—some 13 million records—has been locked down after a researcher found an exposed and accessible database using a simple Shodan query. Chris Vickery revealed his discovery on Monday on Reddit in more of an appeal to reach officials at Kromtech, the parent company that owns MacKeeper, a suite of performance...

A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers. Notifications began appearing in the inboxes of affected users two days ago, with very little concrete information accompanying the warning. Twitter said in the notification that the...

Now that encryption has been elevated to a default technology on mobile devices, the government has heightened its “Going Dark” rhetoric, again on Wednesday insisting during a Senate Judicial Committee hearing that Silicon Valley figure out how to deliver plain-text communication between criminal and terror suspects to law enforcement. FBI Director James Comey and California...

Experts believe that the success tied to a recent spate of DDoS-for-hire groups may be because many are copycat collectives operating with a shorter lifespan. Researchers with Recorded Future, a Massachusetts-based firm that tracks real time threat intelligence, said Monday that they’ve noticed an increase in would-be hackers asking for guidance on forums when it comes to...

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption. The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October. Now, anyone...

In March when Moxie Marlinspike and Open Whisper Systems released the iOS version of the Signal encrypted messaging app, the noted security researcher promised to expand its reach and among other things, eventually release a desktop version of Signal. That vision was realized on Wednesday with the public availability of the Signal Desktop beta, written...

UPDATE VTech, a company that manufactures electronic learning devices, baby monitors, toys, and other equipment, announced Monday that information from five million customer accounts, which include identity information belonging to children, were accessed in an attack earlier this month. The news follows up a statement from the company late last week that attackers had infiltrated one of...

A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after the airline announced its bug bounty program, the...