Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Read more

Microsoft said Wednesday it would no longer impose a time limit for its Edge bug bounty program. The Redmond, Wash. based company announced the Edge on Windows Insider Preview (WIP) program in August 2016 as a means to incentivize researchers to find and report vulnerabilities in the browser. Read more

In an example of just how persistent modern cyberthreats can be, automaker Honda Motors had to temporarily stop production at its Sayama plant in Japan this week after being hit by WannaCry, a malware threat the company thought it had mitigated just one month ago. The nearly 48-hour shutdown impacted production of about 1,000 vehicles

More than a hundred security researchers and computer science experts have warned in a letter to lawmakers that not enough is being done to ensure the integrity of state and federal elections. The letter, published Wednesday, argues many US states are “inadequately prepared” to respond to cybersecurity risks with upcoming elections. Read more

Honda, one of the largest automobile manufacturers in the world, announced Wednesday that it was forced to shut down production at one of its Japanese plants after it was hit by the WannaCry ransomware. The manufacturer said it powered down a plant on Monday in Sayama, a city in the Saitama prefecture, roughly an hour

NEW YORK–President Donald Trump’s Cybersecurity Executive Order needs an overhaul, specifically a shift from planning and proposals to the pragmatic. According to Ed Amoroso, former AT&T CSO, there are dire consequences to the U.S. critical infrastructure if the U.S. government pursues its current cybersecurity status quo Read more

Internet telephony company Avaya has patched a high-severity vulnerability in its Aura Application Enablement Services product that put phone call and API data running through the server at risk for interception. Researchers at Digital Defense found a vulnerability where an attacker could, without authentication, abuse Remote Procedure Calls (RPC) into the server and modify input

OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after private disclosures in May and June by researcher Guido Vranken of the Netherlands. Vranken said

If you’ve been following the news, you might have heard about Philando Castile. On July 6, 2016, he was shot and killed by an officer after being pulled over for resembling a suspect in a robbery. The officer, Jeronimo Yanez, asked Castile for his license and registration. While reaching for it (and pulling his arm

More organizations appear to be heeding the advice to implement capabilities for detecting intrusions sooner, at least based on an analysis of data from breach investigations that security vendor Trustwave conducted for clients last year. Trustwave’s analysis showed that the median number of days from an intrusion to initial detection of the compromise fell sharply