An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a proof-of-concept of the exploit. Golunski said that ColdFusion...

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions. It’s the latest development since February when cybercriminals used SWIFT to steal $81 million in a Bangladesh Bank...

Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the incident Tuesday in a blog post. The compromised feature, Secure Notes, enables...

Security researchers warn mixing vulnerability disclosures with stock market bets sets a troubling precedent that erodes confidence in the relationship between businesses and white hat hackers who help uncover threats. Researchers are responding to the unprecedented partnership between security research firm MedSec and investment research outfit Muddy Waters LLC. Last week, Muddy Waters released a scathing report based...

More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say. According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web of botnets carrying out the attacks. “This research shocked us,”...

Researchers at Ben-Gurion University of Negev have found a way to take a run-of-the-mill USB device and use it to leak data from an air-gapped computers via RF signals. Academics with the school’s Cyber Security Research Labs division claim they’ve come up with software, dubbed USBee, that can modulate binary data over electromagnetic waves, and then transmit...

The Federal Bureau of Investigation’s Cyber Division warned election officials nationwide this month to fortify their systems in the wake of two breaches it was able to detect earlier this summer. A “flash” warning sent by the agency about 10 days ago warned state boards of election to take the necessary precautions to safeguard their...

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync passwords in addition to any...

Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report released by private equity firm Muddy Waters Capital with help from medical researchers at...

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on ShadowBrokers and Cisco, the Sweet32 collision attack, decryptors for the Wildfire ransomware, and this week’s gaming forum breaches. Download: Threatpost_News_Wrap_August_26_2016.mp3 Music by Chris Gonsalves