The U.S. government has entered into the St. Jude-MedSec-Muddy Waters fray with an investigation into claims St. Jude medical devices are vulnerable to cyberattacks. The Food and Drug Administration and Department of Homeland Security also apparently disapprove of the approach taken by MedSec and Muddy Waters to short St. Jude stock rather than privately disclose...

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in...

This week’s Android Security Bulletin patched a calamity of vulnerabilities that threatened almost every device in circulation and illustrated the fragility of the Android ecosystem. The bulletin addressed more than 50 vulnerabilities, including nine rated critical by Google because of the possibility of remote code execution. Off the top, Google fixed the two remaining unpatched...

Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S. House of Representatives’ Committee on Oversight and Government Reform blasted the...

WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday. WordPress 4.6.1 Security and Maintenance Release https://t.co/NzOLsywTri — WordPress (@WordPress) September 7, 2016 The update addresses two separate security issues, a cross-site scripting vulnerability and a path traversal vulnerability. The XSS vulnerability, discovered by Cengiz...

After a summer of high-profile attacks and disclosures centered around enterprise network infrastructure, the Department of Homeland Security on Tuesday put out an alert explaining some of the tactics used by advanced attackers, and urged special caution in maintaining supply chain integrity. The warning to network operators, in particular aimed at those managing Cisco gear, comes...

Google this week shared with developers security enhancements it has added to the new Nougat version of Android and additional security features for webmasters via Safe Browsing to help pinpoint harmful content on websites. Under the banner of its nine-year-long Safe Browsing initiative, Google introduced new features that protect against threats such as deceptive sites and...

Eleven critical vulnerabilities have been patched in network management systems (NMS) from four leading manufacturers: Cloudview, Netikus, Paessler and Opmantek. The flaws enable remote cross-site scripting and command-injection attacks. Public disclosure of the vulnerabilities coincided with a technical description by Rapid7 released Wednesday; the research compliments earlier work on similar bugs found in 2015. Each of the 11 vulnerabilities varied...

St. Jude Medical yesterday filed a lawsuit alleging that investment research firm Muddy Waters and healthcare security research company Med Sec made false claims in a report focused on the security of St. Jude products. The report released Aug. 25 warned of potentially catastrophic cybersecurity vulnerabilities in St. Jude pacemakers, defibrillators and other medical devices....

The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or at least brick—any Android device dating back to version 4.2. The key to staving off another...