Attackers behind the Vawtrak banking Trojan have been keeping busy, updating the malware over the last few weeks with new a domain generation algorithm (DGA) and SSL pinning capabilities. Research published by security firm Fidelis on Tuesday explains the updates and breaks down how Vawtrak’s DGA generates domains, connects to them, and validates their certificates. Researchers looked at two samples they observed on July 28...

A host of web-based vulnerabilities in Orsam Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine vulnerabilities with temporary mitigation advice users can deploy...