Air Force security hackathon leads to record payout

The US Air Force's second security hackathon has paid dividends... both for the military and the people finding holes in its defenses. HackerOne has revealed the results of the Hack the Air Force 2.0 challenge from the end of 2017, and it led to vol...

Intel expands bug bounty to catch more Spectre-like security flaws

To say Intel was caught flat-footed by the Meltdown and Spectre flaws would be an understatement. However, it has a potential solution: enlist more people for help. It's widening its bug bounty program to both include more researchers and offer mor...

Attackers used Telegram to deliver cryptocurrency-mining malware

Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users' computers. The zero-day exploit was used to trick Telegram users into downloading m...

Lenovo’s fingerprint manager left passwords vulnerable

A slew of Lenovo devices have left users' systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to b...

Intel told Chinese firms of Meltdown flaws before the US government

Intel may have been working with many tech industry players to address the Meltdown and Spectre flaws, but who it contacted and when might have been problematic. Wall Street Journal sources have claimed that Intel initially told a handful of custome...

Apple releases Meltdown patches for older versions of macOS

Today, Apple released updates that will protect some older operating systems against the Meltdown vulnerability. Patches for High Sierra were released earlier this month and now Sierra and El Capitan will be protected as well.

Blizzard games were vulnerable to a remote hijacking exploit

Fans of Blizzard games might have dodged a bullet. Google security researcher Tavis Ormandy has revealed that virtually all the developer's titles (including Overwatch and World of Warcraft) were vulnerable to a DNS rebinding flaw that let sites hij...

Uber security flaw compromised two-factor authentication

Two-factor authentication only works if it's strictly enforced in software, and it sounds like Uber might have fallen short of that goal for a while. In a chat with ZDNet, security researcher Karan Saini has revealed a flaw in Uber's two-factor verif...