Feed aggregator

Google Moving Toward Encrypted Ad Services

Threatpost for B2B - Fri, 04/17/2015 - 11:42
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive […]

Threatpost News Wrap, April 17, 2015

Threatpost for B2B - Fri, 04/17/2015 - 11:36
Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google's decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.

Active DoS Exploits for MS15-034 Under Way

Threatpost for B2B - Fri, 04/17/2015 - 11:06
Public denial-of-service exploits for a critical vulnerability in Microsoft's implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.

Ransomware Teslacrypt Still Targeting Gamers

Threatpost for B2B - Thu, 04/16/2015 - 14:19
Teslacrypt, the fairly new strain of ransomware that's been targeting gamers, is continuing to make the rounds online.

Virginia Voting Machines Exposed to Simple, Potentially Election-Altering Hacks Since 2004

Threatpost for B2B - Thu, 04/16/2015 - 13:16
Voting machines in Virginia are hopelessly vulnerable to scores of low level hacks, calling into question the integrity of recent elections there.

Google Shuts Off NPAPI in Chrome

Threatpost for B2B - Thu, 04/16/2015 - 10:27
With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of nowhere. Google warned developers and users about it […]

Dropbox Launches Bounty Program on HackerOne

Threatpost for B2B - Wed, 04/15/2015 - 13:59
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including the Dropbox and Carousel iOS and Android applications; the Dropbox and Carousel […]

Oracle CPU Delivers 98 Fixes Across Product Line

Threatpost for B2B - Wed, 04/15/2015 - 13:26
Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products,

Report Recommends Series of Cybersecurity Changes at FAA

Threatpost for B2B - Wed, 04/15/2015 - 11:47
The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by the General Accounting Office. The report is the result of a review of the FAA’s security practices […]

SearchBlox Fixes XSS, File Upload Flaws

Threatpost for B2B - Wed, 04/15/2015 - 10:32
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at […]

AirDroid Patches Web App Hijacking Vulnerability

Threatpost for B2B - Wed, 04/15/2015 - 09:53
Researchers at Bishop Fox disclose details on a patched authentication vulnerability in the AirDroid web application that could give attackers remote control over Android devices.
Syndicate content