Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug during today’s Virus Bulletin 2017 keynote.
Android receives three remote code execution patches for vulnerabilities rated critical as Google launches a new Pixel/Nexus Security Bulletin.
The credit bureau Equifax said Monday the information of 145.5M Americans, was implicated in this summer’s breach.
A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq.
Netgear patches over a dozen vulnerabilities impacting its routers, switches and NAS devices.
Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom protocol to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administrative actions.
The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.
Researchers at Duo Security are expected today at Ekoparty to reveal data and a paper that shows Mac users are not receiving EFI firmware updates at expected.
Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate.
Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.