SecurityWeek

A vulnerability in the Web Proxy Auto-Discovery (WPAD) protocol can be exploited by malicious actors to launch man-in-the-middle (MitM) attacks against enterprise users, researchers warned.

Think of Microsoft and you think of Satya Nadella. Think of Google and you think of, well, who? While Microsoft has a single guiding vision for the future, Google does not. Microsoft intends to dominate the corporate cloud, and everything it does is based on that intention. Google, however, seems to have lost its way.

As ransomware authors continue to increase their presence on the threat landscape, the group behind the DMA Locker malware is getting ready for massive distribution, Malwarebytes researchers warn.

An update released by Adobe for its Connect web conferencing software addresses over two dozen functionality bugs and one security flaw.

A threat group first analyzed more than two years ago has continued to improve its malware arsenal and was recently observed targeting personnel at Indian embassies worldwide.

Microsoft has detailed some of the steps it is taking to combat terrorism, which include removing terrorist content from its services and partnering with others to meet the challenges presented by terrorists’ use of the Internet.

The recent cyber espionage attack aimed at Swiss defense firm RUAG was carried out by the Russia-linked threat group known as Turla, according to a report commissioned by the Swiss government.

Google on Friday announced a new version of its Safe Browsing API and a focus on maximizing protection for both mobile and desktop users.

A Critical Elevation of Privilege (EoP) vulnerability in the Qualcomm Secure Execution Environment (QSEE) affects around 60 percent of all Android devices around the world, despite being already fixed, researchers warn. 

A manhunt is underway for criminals who looted millions from Japan's cash machines nationwide in an hours-long heist, officials and reports said Monday.

The authors of the Magnitude exploit kit have already started integrating an exploit for a recently patched Adobe Flash Player vulnerability.

The Department of Justice announced on Friday that a Macedonian citizen charged with crimes related to operating a cybercrime marketplace has been extradited to the United States.

Cybercriminals using Ransomware appear to be leveraging infected machines for additional nefarious purposes, such as launching distributed denial of service (DDoS) attacks, researchers at Invincea warn.

A researcher received a $5,000 bounty from Facebook after finding two vulnerabilities that could have allowed hackers to brute-force Instagram account passwords.

Thomas Rid, Professor in the Department of War Studies at King’s College London, joins Ryan Naraine on the podcast to discuss his new book, the lack of nuance in the crypto debate and the future of global cyber conflict.

Researchers discovered that Siemens’ SIPROTEC protection relays are plagued by a couple of medium severity information disclosure vulnerabilities. Firmware updates have been released by the vendor for some of the affected products.

Ubiquiti Networks has warned its customers about a worm that has been targeting the company’s products by exploiting a critical vulnerability that was patched nearly one year ago.

Symantec researchers this week detailed what they say is a China-based advanced persistent threat (APT) group that has been launching numerous attacks against high-profile entities since April 2014. 

Serious security holes found in one of LG’s older network-attached storage (NAS) products allow hackers to remotely access devices, researchers warned on Thursday.

The operations of TeslaCrypt, one of the largest ransomware threats over the past months, appear to have shut down, with its authors already releasing a master decryption key, researchers at ESET report.