D-Link is wrestling with a vulnerability in its DCS­930L Wi-Fi camera that was privately disclosed by security company Senrio. The flaw exposes the cameras to remote code execution, a Senrio report says. CEO Stephen Ridley told Threatpost that his company is working with D-Link on remediation. D-Link, meanwhile, said in a statement emailed to Threatpost:...

Mozilla fixed 13 security issues, including two critical vulnerabilities that could have led to spoofing and clickjacking, among other issues, when it updated Firefox to the latest build, Firefox 47, this week. One of the issues, a buffer overflow, could have resulted in a potentially exploitable crash according to an advisory published by the company on Tuesday....

It was June 2012 when Dale Meredith was shopping online for a BBQ grill for Father’s Day and found one at Sears.com. The only snag, he had to create a username and password to buy it. That irked him. He was annoyed because it was literally the hundredth-plus service—including his local newspaper, home router, and...

Google said that it will initiate on June 16 a gradual deprecation of SSLv3 and RC4 for Gmail IMAP/POP mail clients. Both the crypto protocols cipher are notoriously unsafe and are being phased out in big chunks of the Internet. Google, for its part, had already announced in May that it would no longer support...

A recent Internet scan threw a bucket of cold water on the notion that wonky, unsecured services have been significantly reduced from the Internet. “Today’s Internet in 2016 looks like the 1996 Internet, which is a little depressing,” said Rapid7 security research manager Tod Beardsley. Beardsley and colleagues Bob Rudis and Jon Hart today published...

Facebook has patched a vulnerability in the desktop and mobile versions of its Messenger app that allows an attacker to access and modify chats, exposing the victim to potential fraud and malware. Researchers at Check Point Software Technologies privately disclosed the issue May 2 to Facebook, which patched it two weeks later. The flaw, Check...

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team—Rahul Chatterjee, Ari Juels and Thomas...

News of yet another years-old social media site hack surfaced over the weekend when it was learned that hackers infiltrated the European social network VK.com at some point over the last several years and made off with credentials for 100 million of its users. Breach notification site LeakedSource touted the breach on Sunday, claiming it was selling...

The network time protocol, at the center of a number of high-profile DDoS attacks in 2014, was updated on Thursday to ntp-4.2.8p8. The latest version includes patches for five vulnerabilities, including one rated high-severity. NTP, specifically the NTP daemon, synchronizes system clocks with time servers. Vulnerable NTP servers were used two years ago with regular...

Mike Mimoso and Chris Brook discuss the news of the week, including the back and forth around whether or not TeamViewer was hacked, the fallout around the years-old MySpace and Tumblr breaches, and a 90K Windows zero day.