A Windows zero-day for sale on the black market for $90,000 just received a price drop. The flaw that allegedly leaves all versions of Windows users exposed to a local privilege escalation (LPE) vulnerability can now be snatched up for $85,000. According to Trustwave, which has been monitoring the price, this is the second price drop...

A high-severity vulnerability in Google’s Chrome browser that allows attackers to execute code on targeted systems via a PDF exploit has been patched by Google. Researchers at Cisco said users were at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within Google’s Chrome default PDF viewer, called...

Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and...

D-Link is wrestling with a vulnerability in its DCS­930L Wi-Fi camera that was privately disclosed by security company Senrio. The flaw exposes the cameras to remote code execution, a Senrio report says. CEO Stephen Ridley told Threatpost that his company is working with D-Link on remediation. D-Link, meanwhile, said in a statement emailed to Threatpost:...

Mozilla fixed 13 security issues, including two critical vulnerabilities that could have led to spoofing and clickjacking, among other issues, when it updated Firefox to the latest build, Firefox 47, this week. One of the issues, a buffer overflow, could have resulted in a potentially exploitable crash according to an advisory published by the company on Tuesday....

It was June 2012 when Dale Meredith was shopping online for a BBQ grill for Father’s Day and found one at Sears.com. The only snag, he had to create a username and password to buy it. That irked him. He was annoyed because it was literally the hundredth-plus service—including his local newspaper, home router, and...

Ridesharing company Uber recently patched a vulnerability in its site that could have allowed an attacker to log into some “.uber.com” sites without a password and further compromise its internal network. Uber awarded Finnish security researcher Jouko Pynnönen $10,000 for discovering the flaw last month, equalling the highest bounty the company has paid out since it launched the...

Facebook has patched a vulnerability in the desktop and mobile versions of its Messenger app that allows an attacker to access and modify chats, exposing the victim to potential fraud and malware. Researchers at Check Point Software Technologies privately disclosed the issue May 2 to Facebook, which patched it two weeks later. The flaw, Check...

Security experts are warning owners of Mitsubishi Outlander Plug-In Hybrid Electric Vehicle that their cars can be hacked via the automobile’s on-board WiFi network used for remote control of key car features. The hybrid electronic vehicle, which is slated to be sold here in the U.S. starting this fall, suffers from weak password requirements that...

Google today pushed out its monthly Android patches, addressing what is becoming a monthly custom of a critical Mediaserver vulnerability, in addition to a half-dozen critical flaws in different Qualcomm drivers. The Android Security Bulletin includes patches for eight critical flaws, and while Mediaserver has been a mainstay since Google began releasing patches on a...