Fast-food chain Wendy’s disclosed it was a victim of a point-of-sale system attack that installed malware on PoS computers affecting 300 franchise restaurants. The disclosure was part the company’s first quarter 2016 SEC filings on Wednesday and is the most complete account to date of a 2015 data breach. “In January, we began to investigate unusual...

The method the FBI used to unlock the San Bernardino killer’s iPhone 5C does not work on newer models, FBI Director James Comey told a crowd of students on Wednesday night. In a Q&A following a keynote address at Kenyon College’s Expectation of Privacy conference in Gambier, Ohio, Comey spoke vaguely but clarified that the...

Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection. The flaw is also impacts  Snort, an open source network-based intrusion detection system also owned by Cisco....

The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common thing between the two...

Last month, when researcher Troy Hunt argued the dangers of insecure APIs at a security workshop, little did he know hours later he would discover an API vulnerability that allowed remote access to onboard computers of 200,000 Nissan Leaf and eNV200 electric automobiles. “After talking about the way applications can sometimes get APIs wrong, a...

The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along with fines of $16,000 per incident that could reach as much...

A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan. 29. Check Point security researchers disclosed the AirDroid...

Attackers behind the Dridex Trojan have narrowed their sights on banks based in the United Kingdom frequented by high-value business accounts, researchers claim. When a new version of the Trojan was released two weeks ago, it was promptly followed by a series of infection campaigns that focused on U.K. users. Limor Kessem, a cybersecurity evangelist...

The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps written by the same group of Chinese developers. Worse yet is Brain...

A security researcher is in a bit of a scrum with Facebook over vulnerability disclosures that not only tested the boundaries of the social network’s bug bounty program, but also prompted threats of legal and criminal action. Wesley Wineberg, a contract employee of security company Synack, said today in a personal blogpost and in emails...