Security

U.S. auto safety regulators have determined that only infotainment centers from Fiat-Chrysler Automobiles (FCA) had a security flaw that could allow hackers to take control of Jeeps and several other model cars and trucks.

Last summer, Fiat-Chrysler recalled 1.4 million Jeep, Chrysler, Dodge and Ram vehicles that had the security flaw.

After a five-month investigation into cyberhacking vulnerabilities, the National Highway Traffic Safety Administration (NHTSA) said only FCA vehicles, and no others, were vulnerable to the hack.

 Windows 8 is about to get a lot less secure.

After January 12, Microsoft will stop offering security patches for the three-year-old operating system. Users will have to upgrade to either Windows 8.1 or Windows 10 to keep receiving updates.

Hackers seized control of computers at three banks and a pharmaceutical company about a week ago, then demanded a ransom in bitcoins for the decryption keys to unfreeze them.

The attackers accessed the system by compromising IT administrators' computers, people aware of the matter said. In all four cases, the hackers are said to have used the Lechiffre ransomware.

Juniper Networks has announced its own investigations have found none of the "oops ... how did that code get there" trouble in Junos OS and that it will kill off Dual Elliptic Curve (Dual_EC) encryption in ScreenOS.

The company says it hired a "respected security organization" that "undertook a detailed investigation of ScreenOS and Junos OS® source code."

A new study of a cyberattack last month against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers.

Instead, the malware provided a foothold for key access to networks that allowed the hackers to then open circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team.

General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles.

Vulnerability reporting guidelines are stringent; GM agrees not to "pursue claims" against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law.

The bounty launched late last week will be a complex beast for GM given the number of vendors supplying software components to vehicles. Overseeing the program is GM cyber-security boss Jeffrey Massimilla appointed in 2014.

The highly secure device could have been exploited, were it not for the responsible disclosure by a security researcher.

Any modern device is made up of multiple hardware and software components, any one of which could represent a potential risk. That's a reality that secure mobile phone vendor Silent Circle has learned with its Blackphone, thanks to the responsible security disclosure from Tim Strazzere, director of mobile research at SentinelOne.

Drupal installations could be out of date and open to attack thanks to a borked update process that flags unpatched platforms as current.

The popular content management system is used by more than a million sites making it a significant target for hackers.

IOActive research man Fernando Arnaboldi says sites are now at risk of attack because Drupal 7 and 8 platforms are being marked as up-to-date, even if the automated patching process fails due to dead internet links.

iOS 9.2.1 isn’t even out of beta yet, but a well-known iOS hacker is already flaunting a purported jailbreak for the unreleased software. Luca Todesco, better known as @qwertyoruiop, teased an iPhone 6 screenshot of Cydia running on iOS 9.2.1 beta.

Whether the jailbreak is legit is still up for debate, but he’s no slouch when it comes to security research involving iOS. In fact, Todesco was recently credited by Apple in one of its iOS security fix acknowledgements for iOS 9.2.

Will this jailbreak ever see the light of day as a public release?

A top video game cracker says cryptographic anti-reverse engineering technology could put an end to the prolific rate of game piracy.

The Chinese reverser, known affectionately as Bird Sister, Phoenix, or Fifi, has published a short blog noting that the encryption technology protecting the popular Just Cause 3 title.

"Recently, many people have asked for Just Cause 3 cracks, and the answer is that this is a difficult game to crack," she says in a translated blog.