Signal has fixed bugs in its Android messaging app that allow an attacker to corrupt an encrypted attachment and remotely crash the application.

The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.

Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network.

Microsoft this week patched a zero-day vulnerability in the Internet Explorer and Edge browsers being used in the AdGholas malvertising campaign.

Cisco warned customers of 12 vulnerabilities across its product line this week, including a critical vulnerability in the software that powers its conferencing product, WebEx Meetings Server. The company stressed on Wednesday that version 2.6 of its WebEx Meetings Server is vulnerable to a remote command execution vulnerability. If exploited, the bug could enable an attacker to...

Bruce Schneier talks to Mike Mimoso about information he was given regarding an increase in DDoS and probing attacks targeting companies running core internet infrastructure in an attempt to test their defenses. For some additional context about this conversation, read an article by Schneier on these incidents, and check out a recent VeriSign report quantifying...

Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced by Google’s Project Zero research team, the contest began yesterday and is scheduled to run...

Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today. The company is warning users that if left unpatched, 10 of the issues can lead to remote execution. The updates resolve issues in Microsoft Windows, Office, Office Service and Web Apps, Exchange, its Internet Explorer and...

After a month free of Flash Player fixes and emergency patches, Adobe today resumed its monthly ritual of releasing a security update for the maligned software. Today’s update patched 29 issues, most of which enabled remote code execution attacks on the host system. Adobe also updated its Air SDK and Compiler, and Adobe Digital Editions....

With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses. “Tomorrow it’s going to be business as usual, but it will also raise anxiety as we get closer to October,” said Chris...