In-brief: Lookout said it identified an active threat that was using three critical iOS zero-day (that is: previously unknown) vulnerabilities. When exploited, the three vulnerabilities “form an attack chain that subverts even Apple’s strong security environment.”
In-brief: Ars Technica has a good write-up of the ongoing news about how the NSA used tools that exploited known vulnerabilities in networking and security products by Cisco, Juniper, Fortinet and others to spy on customers of those companies.
In-brief: A researcher from the firm Trustwave warns that Trane ComfortLink smart thermostats suffer from a string of security woes, including hard coded administrator credentials.
In-brief: The use of open source software is exploding, but concerns about code quality and security in the open source supply chain persist, according to a report from the firm Sonatype.
In-brief: A vulnerability in software by device maker D-Link is much more widespread than initially believed, affecting hundreds of thousands of Internet connected devices, including cameras, home routers, wireless access points and network attached storage.