Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the...

Civil liberties groups are anxiously waiting to see if an anti-surveillance amendment will be added to a Department of Defense spending bill Tuesday. The so-called Massie-Lofgren amendment would reign in U.S. domestic mass surveillance by the NSA and protect U.S. encryption standards. The amendment, considered a significant post-Snowden reform, risks not being added to a...

Certificate authority Let’s Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend.

Fifty-one million iMesh accounts are for sale on Dark Web for $700, bringing the number of user accounts tied to recent breaches to over 700 million.

Netgear on Friday released firmware updates for two of its router products lines, patching vulnerabilities that were reported six months ago. Users should update to firmware version 1.0.0.59, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key embedded in older versions of the firmware. A vulnerability note published by...

Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials. A Russian hacker known as Tessa88 has been involved in a number of recent password disclosures with Twitter being the most recent. He shared the cache of Twitter data with...

BitTorrent has warned users of its uTorrent client to change their passwords after a third-party breach allowed hackers to walk off with a list of its forum users. “On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums,” the company said in an advisory this week....

A high-severity vulnerability in Google’s Chrome browser that allows attackers to execute code on targeted systems via a PDF exploit has been patched by Google. Researchers at Cisco said users were at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within Google’s Chrome default PDF viewer, called...

Tens of millions of Twitter account records including cleartext passwords are up for sale on a black market site, the latest cache of bundled credentials for major online services to be made available. The Twitter records have been analyzed by LeakedSource, which said in a post yesterday that a Russian hacker known as Tessa88 provided...

Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and...