Google beefed up the way it displays Safe Browsing Alerts for Network Administrators this week, adding information about sites peddling unwanted and malicious software as well as those caught carrying out social engineering attacks. Google debuted the service, which notifies network admins after observing potentially damaging URLs on their networks, in 2010. Going forward, administrators...

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively...

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has the potential to morph into something more sinister. “Today...

MIAMI—Lisa Wiswell’s phone rang off the hook last summer in the throes of the OPM hack. But she wasn’t just answering questions from those whose security clearance and personal data disappeared into the Chinese ether; there were also hackers on the other end of the line offering their help. Wiswell, digital service lead with the...

The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright...

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 privately disclosed the issue to the storage vendor on...

Several vulnerabilities in Ubuntu’s implementation of the Linux kernel, including a use-after-free vulnerability and a timing side-channel vulnerability, were patched today. An advisory issued by Ubuntu Wednesday morning urges users to patch if they’re running 14.04 LTS or any derivative builds. The update fixes a use-after-free vulnerability in the kernel’s CXGB3 driver that an attacker could...

Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS. “Successful exploitation could cause a crash and potentially allow an attacker to take control of...

Security experts warn companies need to brace for new harder-to-detect and more determined variants of the Locky ransomware spotted recently in the wild. The news comes just as reported Locky ransomware attacks have waned in recent weeks. Locky is now trying to evade detection by changing the way the ransomware communicates from an infected computer...

Routers manufactured by Quanta are riddled with critical vulnerabilities–backdoors, a hardcoded SSH key, and remote code execution flaws, to name a few–that won’t be patched because the company considers the product end of life. Researcher Pierre Kim found the flaws and reasons that the flaws are due to incompetence, or at worst, calls them “a deliberate act...