Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come. “Ransomware authors are...

A bill that would force companies to decrypt messages and unlock devices if ordered to do so by government court order, surfaced Friday and is rattling security and privacy advocates and IT business leaders. They contend the bill is misguided and will have a detrimental effect on civil liberties and business. The issue came to...

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Researcher Joakim Kennedy of Rapid7 disclosed in March some details affecting critical flaws in Moxa NPort 6110 Modbus/TCP to serial...

Google beefed up the way it displays Safe Browsing Alerts for Network Administrators this week, adding information about sites peddling unwanted and malicious software as well as those caught carrying out social engineering attacks. Google debuted the service, which notifies network admins after observing potentially damaging URLs on their networks, in 2010. Going forward, administrators...

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively...

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has the potential to morph into something more sinister. “Today...

MIAMI—Defense may win football championships, but it gets steamrolled in computer security arenas. “A dollar of offense beats a dollar of defense,” said Nate Fick, CEO of Endgame Inc., on Thursday during his keynote address at Infiltrate Conference. Fick’s talk in front of an audience of exploit engineers and offensive security specialists painted a grim...

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 privately disclosed the issue to the storage vendor on...

WhatsApp’s addition of end-to-end encryption is a good start, but does not present users with a complete solution that protects against the prying eyes of intrusive governments and nosey third-parties. That’s the consensus among privacy and security experts that commend Facebook-owned WhatsApp for flipping the switch on end-to-end encryption for its one billion users worldwide....

Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS. “Successful exploitation could cause a crash and potentially allow an attacker to take control of...