Chrome users who navigate to some HTTP sites will be notified, starting in January, they’re on a site that isn’t secure. Google said today the browser will begin explicitly labeling HTTP connections that feature either a password or credit card form as non-secure. The company said the plan is its first step toward marking all HTTP sites...

WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday. WordPress 4.6.1 Security and Maintenance Release https://t.co/NzOLsywTri — WordPress (@WordPress) September 7, 2016 The update addresses two separate security issues, a cross-site scripting vulnerability and a path traversal vulnerability. The XSS vulnerability, discovered by Cengiz...

Google this week shared with developers security enhancements it has added to the new Nougat version of Android and additional security features for webmasters via Safe Browsing to help pinpoint harmful content on websites. Under the banner of its nine-year-long Safe Browsing initiative, Google introduced new features that protect against threats such as deceptive sites and...

Eleven critical vulnerabilities have been patched in network management systems (NMS) from four leading manufacturers: Cloudview, Netikus, Paessler and Opmantek. The flaws enable remote cross-site scripting and command-injection attacks. Public disclosure of the vulnerabilities coincided with a technical description by Rapid7 released Wednesday; the research compliments earlier work on similar bugs found in 2015. Each of the 11 vulnerabilities varied...

For a long time, Yelp.com has been one of the Internet’s most-frequented resources for crowd-sourced local business, restaurant and hospitality reviews and tips. Starting today, the door will be open to researchers and bug-hunters who are invited to participate in Yelp’s public bug bounty. The company has, for two years, participated in a private bounty...

Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program. The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and Linux versions of .NET Core and ASP.NET Core. Bounty payouts range from...

The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple expanded the scope of...

Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler exploit kit was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware. Download: Threatpost_News_Wrap_September_2_2016.mp3 Music by Chris Gonsalves

A global malvertising campaign exposing potentially one million users to the risk of being infected with CrypMIC ransomware delivered via the Neutrino Exploit Kit has been shut down, according to researchers. Cisco’s Talos Security Intelligence and Research Group, which discovered the criminal activity, said the malvertising campaign stretched across North America, EU, Asia-Pac and the...

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose of quickly caching data. The tool’s developers configured Redis...