USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it...

Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities. The lion’s share of the bugs, 14, were in the font-processing...

Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the bugs, a type confusion vulnerability and...

Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines. Two of the bulletins rated critical address flaws in Internet Explorer and Microsoft Edge. The IE bulletin, MS16-023, patches 13 vulnerabilities in the browser, all...

Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.” Last month, Adobe patched...

Anand Prakash could have hacked your Facebook account or anyone else’s. The India-based security researcher found a glaring password-reset vulnerability last month that allowed him to crack open any of Facebook’s 1.1 billion accounts using a rudimentary brute force password attack. But instead of pillaging accounts for financial data, Prakash reported his findings to Facebook...

The Internet Systems Consortium (ISC) this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol (DHCP) to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition. The group acknowledged on Monday that it plans to release DHCP 4.1-ESV-R13 and DHCP 4.3.4, at some point...

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11 when Proofpoint uncovered live attacks against Indian diplomats operating...

Mike Mimoso and Chris Brook recap RSA 2016, including how pervasive the FBI vs. Apple debate has been around the conference, OpenSSL two years after Heartbleed, and why hacking back is always a bad idea. Download: Threatpost_News_Wrap_March_4_2016.mp3 Music by Chris Gonsalves

Should passwords that protect your financial data be less secure than the ones used to lock up selfies, cat videos and tweets swapped on social networks? In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers found that 35 percent had...