Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peace_of_mind”. The Yahoo credentials, according to the site listing the database for sale, includes usernames, passwords (hashed using the MD5 algorithm), birthdates and backup emails for some accounts. The...

LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said that during...

Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Security Bulletin, which marks its first anniversary this week after its maiden voyage...

LAS VEGAS — It wasn’t long ago that ROP, or return-oriented programming, was a hacker’s best friend when it came to bypassing mitigations against memory-based attacks such as DEP and ASLR. ROP, however, is so 2005. In the last couple of years, researchers and attackers have figured out how to bypass popular tools such as...

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this vulnerability allows hackers to monitor the URLs of every...

Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability – KeySniffer, NIST’s statement on 2FA, a LastPass remote compromise bug, and a new Tor paper. Download: Threatpost_News_Wrap_July_29_2016.mp3 Music by Chris Gonsalves

Developers with Android’s Security Team peeled back some of the layers on the mobile operating system this week; describing the lengths Google goes to protect the Linux kernel. In a post to Google’s Security Blog, Jeff Vander Stoep clarified several mitigations slated for inclusion in Nougat, the next stable Android build, and steps they’ve taken...

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serious problems in the password manager. Ormandy has been behind...

Amid the connections being made between the Russian government and the attack on the Democratic National Committee (DNC), researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s Global Research and Analysis Team shared some insight into their day-to-day investigations...

Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help? In an effort to answer those questions and help victims retrieve data encrypted by ransomware a unique public and private sector...