Twitter notifies some 10,000 subscribers that a password recovery bug may have exposed their personal information last week. Twitter also says it immediately fixed the vulnerability, and warns users not to attempt exploitation.
FireEye fixes a whitelisting issue in its NX, FX, EX, and AX products, and Google issues an update for Chrome.
Google's Project Zero says that some Comodo products are accompanied by a weakly secured VCN associated with a technical support program.
Sucuri warns that the pingback feature in older WordPress sites is being used to execute layer 7 DDoS attacks against servers. They recommend disabling pingback.
Observers fear that Hollywood Presbyterian's payment of $17,000 ransom to free its systems may incentivize other ransomware crime. But others note that the hospital was in a tough spot — they had, after all, an obligation to recover and resume patient care.
Locky ransomware continues to spread. Researchers note that it's targeting German-speakers.
Foscam IP security cameras are said to be engaging in a lot of undesirable peer-to-peer chatter. It may prove difficult for most users to disable the baked-in P-2-P functionality.
IOActive reports an inexpensive proof-of-concept exploit that could disable sensors networked in SimpliSafe's home security system.
In the US, industry and tech groups remain unhappy with the Wassenaar cyber arms control accord. They're pressing the Secretary of State to renegotiate the agreement.
Apple and the FBI remain at loggerheads over a court order that would compel Apple's help in unlocking the San Bernardino jihadists' iPhone. Observers see uncharted legal waters.