All the latest blog posts from the most relevant cyber security companies in the business.

Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that…

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too. It’s sneaky hack that’s particularly worrisome, because it can circumvent Google’s 2-step verification, according to security firm Trend Micro. The group, known as…

FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful. Speaking on Thursday, Comey suggested that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.

A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos. The vulnerability was discovered last week by researchers from Check Point Software Technologies and was patched by the WhatsApp and Telegram developers after…

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation. The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab….