Amazon is getting into the certificate game. The company announced late last week that it launched a certificate manager to expedite the process of securing SSL/TLS certificates for customers looking to add HTTPS to their sites or apps. The move comes less than a year after Amazon applied to Mozilla and the Android Open Source...

Magento patched 20 vulnerabilities last week, including a stored cross-site scripting (XSS) flaw in the e-commerce platform that could have let an attacker take over a site and create new admin accounts. Researchers at Sucuri dug up the XSS vulnerability while combing through research audits last November. It took a while for Magento to get back to...

FreeBSD has patched a denial-of-service vulnerability affecting versions configured to support SCTP and IPv6, the default configurations on later version of the open source OS. Researchers at Positive Technologies in the U.K. said versions 9.3, 10.1 and 10.2 are affected and can be exploited by a specially crafted ICMPv6 packet, which will cause a kernel...

AMX, a provider of audio-visual conferencing gear used in sensitive government and military locations, has removed a “deliberate” backdoor in one of its central controller system products. New firmware for the AMX NX-1200 was made available Thursday, removing an administrative account that was reachable remotely. AMX said in a description of the firmware update that...

Mike Mimoso and Chris Brook discuss the week in news, including the Linux zero day–how it was patched in Android, Twitter users sent nation state messages that are still looking for answers, and bot fraud. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated. The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially, startup Perception Point said that upwards of two-thirds...

HD Moore, creator of the Metasploit Framework and a security innovator behind a number of Internet-wide security research projects, is moving into venture capital. Moore announced yesterday that he is leaving his current post as chief research officer at Rapid7 on Jan. 29 for a new opportunity in the VC world, an offer he called...

Apple on Tuesday released security patches for iOS, OS X and an update for the Safari browser. The patches come less than a week after a ShmooCon presentation by Synack director of research Patrick Wardle revealed that Apple’s Gatekeeper security feature in OS X can be bypassed by an attacker with network-level access. The OS...

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yahoo through its HackerOne program. Pynnonen...

A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added. “It’s pretty bad because a...