Google this week explained how it weighs potentially harmful Android apps using the Verify Apps malware scanner and a scoring system it calls Dead or Insecure.

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security. Download: Justine_Bone_on_St._Jude_Vulnerabilities_and_Medical_Device_Security.mp3 Music by Chris Gonsalves

Oracle patched 270 vulnerabilities, many remotely exploitable, across 45 different products as part of its quarterly Critical Patch Update (CPU) on Tuesday.

Samsung Smartcam devices are vulnerable to remote takeover via a malicious firmware update, researchers with the former GTVHacker group said.

Researchers say iTunes and Apple’s App Store suffer from a persistent input validation and mail encoding web vulnerability. If exploited, it could allow an attacker to inject their own malicious script.

Command injection vulnerabilities and accessible default admin credentials in home routers distributed by Thailand’s largest broadband provider remain unpatched despite private disclosures to the vendors last July.

The news of the week is discussed, including the ShadowBrokers’ farewell, GoDaddy’s buggy domain validation issue, MongoDB ransoms, and the latest with St. Jude Medical.

Mike Mimoso talks to Marie Moe, a research scientist at SINTEF of Norway, about her personal and emotional connection to medical device security.

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

The ShadowBrokers are selling a cache of Windows exploits and attack tools for 750 Bitcoin.