Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.

Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program.

Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States.

An Android app that falsely claimed to be a tool for keeping smartphones up-to-date with the latest version of the OS was found surreptitiously tracking the physical location of it users using spyware called SMSVova.

Last Friday’s ShadowBrokers dump, Microsoft ditching passwords, and a new car dongle hack are all discussed.

Microsoft announced this week its giving users a new way to sign into their accounts without long and complicated passwords.

A new ransomware-as-a-service called Karmen appeals to ransomware newbies with a low price, easy setup and developer updates.

A rash of Java-based remote access Trojans is targeting tax filers with bogus IRS attachments.

Mike Mimoso, Tom Spring, and Chris Brook recap Infiltrate Con in Miami last week, and Kaspersky Lab’s Security Analyst Summit in St. Maarten

At the Kaspersky Lab Security Analyst Summit, Android Security Team malware analyst Elena Kovakina explained Google’s strategy for countering ransomware on Android.