Feed aggregator

IETF To Mitigate Pervasive Monitoring In Future Protocols

Threatpost for B2B - Thu, 05/15/2014 - 12:06
The IETF released RFC7258 which defines pervasive monitoring of Internet traffic and surveillance of online activity as an attack to be mitigated in all future IETF protocols.

Five Year Old Security Vulnerability Patched in Linux Kernel

Threatpost for B2B - Thu, 05/15/2014 - 11:05
A critical security vulnerability that existed in the Linux kernel for five years has now been fixed, but could cause system crashes, code execution, and privilege escalation.

Blog: When paying taxes, don't pay twice

Secure List feed for B2B - Thu, 05/15/2014 - 09:43
Malicious campaign targeting tax payers from Colombia accusing them of tax fraud and stealing they passwords and money.

The Emerging Threat to Satellite Communications

Threatpost for B2B - Thu, 05/15/2014 - 09:32
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the […]

Google Fixes Three Critical Chrome Vulnerabilities

Threatpost for B2B - Wed, 05/14/2014 - 16:06
Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.

Zeus’ Reach Expands With New Webinjects

Threatpost for B2B - Wed, 05/14/2014 - 15:14
The peer-to-peer version of Zeus was especially busy in the first quarter with infections reported by banks in 10 countries that previously had eluded Zeus’ reach.

Microsoft Giving .NET Users The Option to Shed RC4

Threatpost for B2B - Wed, 05/14/2014 - 13:21
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.

NSF Awards $15M for New Secure Internet Architecture

Threatpost for B2B - Wed, 05/14/2014 - 12:35
The NSF is awarding $15 million worth of grants to researchers who can implement new Internet architectures that move toward a more robust and secure Internet.

Buffer Overflows Patched in Yokogawa Control System Products

Threatpost for B2B - Wed, 05/14/2014 - 11:06
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.

Mozilla Asks CAs for Details on Subordinate Certificate Controls

Threatpost for B2B - Wed, 05/14/2014 - 00:13
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, […]

Microsoft, Adobe Issue Critical Fixes for May 2014 Patch Tuesday

Threatpost for B2B - Tue, 05/13/2014 - 16:15
Microsoft pushed its largest batch of Patch Tuesday updates so far this year today - eight bulletins, two critical – addressing important 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework.

BlackBerry Updates Products Affected by Heartbleed

Threatpost for B2B - Tue, 05/13/2014 - 16:12
BlackBerry released an advisory today that its updates are available for its products affected by the Heartbleed OpenSSL vulnerability.

Iranian Hackers Target US Defense Contractors

Threatpost for B2B - Tue, 05/13/2014 - 14:07
The Ajax Security Team of Iran has been linked to attacks against the U.S. defense industrial base and Iranian dissidents inside and outside of the country, FireEye said.

SMTP STARTTLS Deployments Better than Expected, Facebook Says

Threatpost for B2B - Tue, 05/13/2014 - 13:30
Facebook dug into the prevalence of SMTP STARTTLS deployments for email encryption and found that 58 percent of messages are sent encrypted and certificate validation happened without a hitch.

Bitly Developing Two Factor Authentication Following Compromise

Threatpost for B2B - Tue, 05/13/2014 - 12:45
Link-shortening service Bitly announced that it’s ramping up its development of two-factor authentication following a compromise that leaked user information on Thursday.

Another DNS Provider Targeted in DDoS Attack

Threatpost for B2B - Mon, 05/12/2014 - 15:35
DNS providers PointDNS is back online after mitigating a massive DDoS attack last week.

Regulators Planning Cybersecurity Assessments for Banks

Threatpost for B2B - Mon, 05/12/2014 - 14:45
The Federal Financial Institutions Examination Council (FFIEC) announced last week that it will work harder to try to identify vulnerabilities in smaller community banks and is planning to better raise awareness when it comes to cyber threats.

Researchers Quantify Fake Certificates Used in SSL Connections

Threatpost for B2B - Mon, 05/12/2014 - 13:20
Engineers at Facebook and Carnegie Mellon University quantified the number of forged certificates used in 3.5 million SSL connections with Facebook during a four-month period.
Syndicate content