Average Patching Time for SCADA Flaws Is 150 Days: Report

Supervisory control and data acquisition (SCADA) systems, particularly human-machine interfaces (HMI), can be a tempting target for malicious actors, but it takes vendors, on average, 150 days to patch vulnerabilities in these types of products, according to a new report from Trend Micro and the Zero Day Initiative (ZDI).
read more

Russian Hackers Infected 1 Million Phones With Banking Trojan

Russia Dismantles Major Cybercrime Operation Targeting Bank Accounts via Android Malware
The Russian Interior Ministry announced on Monday that authorities dismantled a major cybercrime gang that had stolen nearly $900,000 from bank accounts after infecting more than one million Android smartphones with a Trojan.
read more

Yahoo Ditching ImageMagick Highlights Issues in Bug Responsibility Ecosystem

ImageMagick, an open source command line graphics file editor, has been retired by one of its major consumers: Yahoo. The product has been beset by flaws and bugs for several years, but this appears to have been one too many for Yahoo. Following discovery of a bleed vulnerability, Yahoo fixed it by retiring the product.
read more