OpenSSH on Friday dropped a patch for a vulnerability that could expose files to theft and manipulation. The flaw affects all versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled, the OpenSSH project said in its advisory. Unpatched versions of OpenSSH don’t properly sanitize input and can be abused to inject commands to xauth. “Injection...

Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish security company Security Explorations last week disclosed that Oracle’s patch...

Mike Mimoso and Chris Brook discuss the week in news, including how Amazon is backtracking on encryption when it comes to their devices, a new set of alleged passcode bypasses for iOS, and the new OS X ransomware KeRanger. Download: Threatpost_News_Wrap_March_11_2016.mp3 Music by Chris Gonsalves

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop. The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16” designed keep Samsung laptop users’ drivers...

Adobe today released a new version of Flash Player that patches 18 vulnerabilities, all of which can result in remote code execution attacks. On Tuesday, Adobe pushed out security updates for Reader, Acrobat and Digital Editions, and gave users a head’s up about an upcoming Flash update. Today’s Flash release patches a host of memory-related...

Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication. The OTR development team yesterday pushed out libotr 4.1.1 which patches...

Despite the rush to patch systems at risk to the massive transport layer security (TLS) vulnerability, known as DROWN, hundreds of cloud services are still at risk of attack. According to two independent research firms, Netskope and Skyhigh Networks, a week after the vulnerability was identified DROWN still presents a high risk to companies. Skyhigh...

USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it...

Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities. The lion’s share of the bugs, 14, were in the font-processing...

Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the bugs, a type confusion vulnerability and...