SAN FRANCISCO—Experts have stressed this week that DROWN is no Heartbleed, but at some point in the not too distant future, there’s going to be another major Internet vulnerability and developers at OpenSSL claim they’re battle tested. Rich Salz and Tim Hudson, members of OpenSSL’s development team, described in a talk at RSA Conference this week...

Researchers revealed a massive transport layer security (TLS) vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure to the so-called DROWN attack that can decrypt Internet traffic and leave...

Hospitals are risking patient lives by failing to protect critical computer systems that can be manipulated by attackers. In a scathing report that looks at the current state of hospital security, researchers say everything from bedside patient monitoring systems, automated drug dispensing machines to patient records are inadequately protected. The finding are from Baltimore, Md-based...

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a Trustwave SpiderLabs researcher, told Threatpost his lab found the Anger Exploit Kit on a popular website for the second time in a week, exposing just under million...

Last month, when researcher Troy Hunt argued the dangers of insecure APIs at a security workshop, little did he know hours later he would discover an API vulnerability that allowed remote access to onboard computers of 200,000 Nissan Leaf and eNV200 electric automobiles. “After talking about the way applications can sometimes get APIs wrong, a...

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access bypass vulnerability, the lone fix marked critical, a user could’ve submitted their own...

The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available. On Tuesday, the Taiwanese electronics company agreed to 20 years of periodic security audits along with fines of $16,000 per incident that could reach as much...

Child safety firm uKnowKids is blasting a security researcher who discovered the company exposed 1,700 identities of the children they were supposed to be protecting. On Monday, security researcher Chris Vickery alerted uKnowKids, a company that helps parents keep tabs on their kid’s online activities, that one of its databases containing sensitive company information and...

The nation-state sponsored hacker group allegedly behind the 2014 attack against Sony Pictures Entertainment has been linked to similar intrusions against a number of companies in South Korea including the Dark Seoul and Operation Troy attacks. A coalition of security companies called Operation Blockbuster, including Kaspersky Lab, Novetta, AlienVault, Invincea, ThreatConnect, Volexity, Symantec, and PunchCyber today published...

Exploits for a vulnerability in Microsoft Silverlight have found their way into the dangerous Angler Exploit Kit a little more than a month after it was patched. French security researcher Kafeine said he was able to get independent confirmation from researchers at Kaspersky Lab that the exploit targeted CVE-2016-0034, which was fixed by Microsoft in...