The world’s largest online communications company WhatsApp, with one billion users, announced Tuesday it added end-to-end encryption to its entire platform. The move is seen as a major win for security and privacy advocates. It also shifts the encryption spotlight away from Apple and its battle with the FBI and thrusts the Facebook-owned WhatsApp center stage. Co-founders...

The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of the National Technical University of Athens...

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla Foundation’s plug-in vetting process for its Firefox browser. Researchers presented...

Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report disclosing the vulnerability, Talos reports a rigged LHA and LZH...

New ransomware called KimcilWare is targeting websites running the Magento ecommerce platform, used by the likes of Vizio, Olympus and Nike. According to security experts from the MalwareHunterTeam, hackers exploit vulnerabilities in the Magento ecommerce platform and install the KimcilWare ransomware on the webserver. Once installed, attackers use Rijndael block ciphers to encrypt website files and demanding...

When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses. The most recent attacks against the root servers happened over a two-day period starting last Nov. 30, and impacted services...

Portions of the hospital chain MedStar Health remain offline Wednesday as a result of a major malware attack that occurred Monday and crippled the hospital’s computer systems and forced one of the largest healthcare providers in Maryland and Washington, D.C. to turn patients away. The healthcare provider said the attack forced it to shut down its...

Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub. Unlike traditional ransomware samples that rely on gullible users to click on a malware-infected email attachment or visit a booby-trapped website, this new breed of ransomware is installed once attackers have exploited unpatched server vulnerabilities. To date, only...

Popular open source shopping cart app Zen Cart is warning its users of dozens of cross-site scripting vulnerabilities found in its software. Affected websites, security experts say, risk exposing customers to malware, theft of cookies data and site defacement. Researchers at the security firm Trustwave discovered the vulnerabilities in September 2015 and have worked closely...

Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he stumbled upon two bugs, a combination of missing authentication and an insecure...