Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: Threatpost_News_Wrap_June_17_2016.mp3 Music by Chris Gonsalves

Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against the zero-day were used in March by the ScarCruft APT gang...

Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution. The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware of public attacks against these vulnerabilities, but...

Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015. Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into...

A flaw in the popular Telegram Messenger app that allows attackers to crash devices and run up wireless data charges is being disputed by the app maker who calls the claims false. According to two Iranian-based researchers, Sadegh Ahmadzadegan and Omid Ghaffarinia, Telegram users are vulnerable to attacks via specially crafted messages that can bypass...

Microsoft pushed out 16 bulletins on Tuesday addressing 44 different vulnerabilities in its software, including Windows, Exchange Server, Office, Edge, and Internet Explorer. Five of the bulletins have been branded critical because each vulnerability associated with them could be used to carry out remote code execution; the remaining 11 are marked important. According to experts, one...

Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the...

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.

Netgear on Friday released firmware updates for two of its router products lines, patching vulnerabilities that were reported six months ago. Users should update to firmware version 1.0.0.59, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key embedded in older versions of the firmware. A vulnerability note published by...