Google yesterday released an update for the Chrome browser that patches seven vulnerabilities and also updates Adobe Flash Player. It also announced that Google Safe Browsing has been extended to Chrome for Android. The Chrome browser update is the second in less than a week; on Dec 1, Chrome 47 was released and 41 vulnerabilities...

Adobe may indeed be thinking about phasing out Flash Player, and updates like today’s monster security bulletin will only serve to fuel that movement going forward. Released just an hour before Microsoft’s scheduled Patch Tuesday release, Adobe pushed out a new version of the maligned Flash Player that addressed 79 CVEs. None of the patched...

Experts believe that the success tied to a recent spate of DDoS-for-hire groups may be because many are copycat collectives operating with a shorter lifespan. Researchers with Recorded Future, a Massachusetts-based firm that tracks real time threat intelligence, said Monday that they’ve noticed an increase in would-be hackers asking for guidance on forums when it comes to...

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption. The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October. Now, anyone...

A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine. Researchers at Kaspersky Lab this morning released their update on...

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a high-profile controversy over an appointment at the prestigious...

In short order, the newest version of Cryptowall has begun showing up in exploit kits. The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that...

Mac malware is a thing. It’s real. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized. Adding further credence, Google-owned online malware scanner VirusTotal this week announced the availability of sandbox execution...