LastPass has taken measures to mitigate a phishing attack described this weekend at ShmooCon that put at risk users’ credentials and information stored by the password manager. Researcher Sean Cassidy, chief technology officer of cloud security company Praesidio, demonstrated an attack where he was able to recreate a LastPass login page, pixel-for-pixel as he said....

Apple has had two cracks at patching a vulnerability that allows malicious apps to bypass its OS X Gatekeeper security feature, and twice has taken a shortcut approach to the fix, said the researcher who reported the flaw. The latest measure to address this was released on Thursday and it appears Apple again took steps to...

The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP. The flaw affects nearly all IPv4 DHCP clients and relays and most servers, ISC said in its advisory. “A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally,”...

Microsoft Silverlight vulnerabilities certainly don’t have the same hacker cred as bugs in Adobe Flash, for example, but nonetheless, that does not diminish their value, nor does that mean they should be ignored. Microsoft patched a critical flaw in the application framework on Tuesday, and researchers at Kaspersky Lab’s Global Research and Analysis Team caution...

Microsoft released a scant nine bulletins today for Patch Tuesday, but six of them are marked critical and seven can lead to remote code execution. The updates, which address 25 vulnerabilities will be the last many who run Internet Explorer 8, 9, and 10 will receive unless they elect to update to a newer browser. The patches, the...

Adobe today patched 17 vulnerabilities in Acrobat and Reader, all of which the vendor rated as critical and warn could allow an attacker to commandeer the underlying system. Adobe said desktop versions of Acrobat and Reader XI (11.0.13), for Windows and Macintosh, are affected, as are Acrobat and Reader DC (15.009.20077 and 15.006.30097). None of...

Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen...

Anxiety was high around April 8, 2014 when Microsoft officially closed the door on security support for Windows XP. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed. The anticipated malware apocalypse, however, never really came for the remaining XP machines in circulation. And now...

Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

As promised, Mozilla officially began rejecting new SHA-1 certificates as of the first of the year. And as promised, there have been some usability issues. Mozilla yesterday said that some security scanners and antivirus products are keeping some from reaching HTTPS websites. “When a user tries to connect to an HTTPS site, the man-in-the-middle device...