Threatpost News Wrap, April 15, 2016

Mike Mimoso and Chris Brook recap the news of the week, including the Badlock bust, encryption legislation, and cryptoworm ransomware. Mike also discusses last week's Infiltrate Con. Source: Threadpost

AG Nominee Backs Law Enforcement’s Ability to ‘Overcome’ Encryption

President Trump’s attorney general pick Jeff Sessions says law enforcement should be able to “overcome” encryption in criminal investigations. Source: Threadpost

Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack

Cisco has issued an advisory warning its customers that products running its IOS software are vulnerable to attacks disclosed by the ShadowBrokers Source: Threadpost

New Windows Patch Policy At Odds With Acceptable Risk

Microsoft’s switch to rollup patching for Windows 7/8.1 will have an impact on security, one expert says. Source: Threadpost

Passcode Bypass Bugs Trouble iOS 9.1 and Later

Apple has yet to patch a series of bypass vulnerabilities in iOS that could let an attacker sidestep the passcode authorization screen on iPhones and iPads. Source: Threadpost

New Mirai Variant Targets Routers, Knocks 900,000 Offline

Attackers are targeting DSL routers this week with what's being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month. Source:...

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Widespread reports of reboot issues on some Intel systems force the chip giant to pump the brakes on rolling out patches for side-channel vulnerabilities. Source: Threadpost

Encryption Bypass Vulnerability Impacts Half of Android Devices

More than half of Android devices are vulnerable to encryption bypass attack, say researchers. Source: Threadpost

IBM Backup Bug Gets Workaround Fix After Nine Months of Exposure

IBM quietly released a workaround fix for a vulnerability in its Spectrum Protect enterprise backup software it has known about since September 2016. Source: Threadpost

Robots Rife With Cybersecurity Holes

IOActive Labs released a report Wednesday warning that consumer, industrial, and service robots in use today have serious security vulnerabilities. Source: Threadpost
- Advertisement -

APLICATIONS

Popular iOS Apps Vulnerable to TLS Interception Attacks

More than 70 iOS apps are vulnerable to man-in-the-middle attacks where TLS connections can be intercepted and sensitive data stolen. Source: Threadpost