Feed aggregator

President Proposes National Breach Notification Standard

Threatpost for B2B - Mon, 01/12/2015 - 14:55
President Obama today announced plans to propose a national data breach notification standard, a consumer privacy bill of rights, and privacy protection for students using electronic learning materials.

Microsoft Censures Google For Publishing Windows Vulnerability

Threatpost for B2B - Mon, 01/12/2015 - 14:46
Microsoft called Google out over the weekend for publicly disclosing the details of a Windows privilege elevation vulnerability just a week before the company's patch Tuesday release.

Lizard Squad’s DDoS-For-Hire Service Built on Hacked Home Routers

Threatpost for B2B - Mon, 01/12/2015 - 14:24
The DDoS attacks that knocked both Xbox Live and the PlayStation Network (PSN) offline around Christmas came at the hands of a botnet comprised largely of hacked home routers.

0-Days Exposed in Several Corel Applications

Threatpost for B2B - Mon, 01/12/2015 - 14:18
Researchers from Core Security have disclosed DLL hijacking vulnerabilities in several applications made by Corel Software after the vendor didn't respond to Core's notifications about the flaws.

Google Passes on Older Android Patches; 930 Million Devices Vulnerable

Threatpost for B2B - Mon, 01/12/2015 - 13:44
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.

Certificate Transparency Moves Forward With First Independent Log

Threatpost for B2B - Mon, 01/12/2015 - 11:35
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by […]

Google Engineers Critical of Aviator Browser Security

Threatpost for B2B - Fri, 01/09/2015 - 18:42
Google security engineers have criticized the security and privacy of WhiteHat Security's Aviator browser, after finding a remote code execution vulnerability within hours of Aviator's release as open source.

Zappos Settles, Pays Out $106K Following Data Breach

Threatpost for B2B - Fri, 01/09/2015 - 13:55
Online retailer Zappos settled with attorneys general in nine states, stemming from a data breach in 2012 that exposed 24 million customers’ information.

Schneider Patches Buffer Overflow in Wonderware Server

Threatpost for B2B - Fri, 01/09/2015 - 10:52
The Industrial Control System CERT released two advisories warning of serious vulnerabilities in Schneider Electric and Emerson industrial gear. Public exploits are available for one flaw.

Inside North Korea’s Naenara Browser

Threatpost for B2B - Fri, 01/09/2015 - 08:00
Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North […]

Root Command Execution Flaw Haunts ASUS Routers

Threatpost for B2B - Thu, 01/08/2015 - 17:21
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]

Credit Union Watchdog Shoots Down Data Encryption Rule

Threatpost for B2B - Thu, 01/08/2015 - 16:36
A trade association in charge of overseeing the needs of credit unions has shrugged off the idea of implementing a data encryption rule.

Microsoft Limits Advanced Patch Notifications to Premier Customers

Threatpost for B2B - Thu, 01/08/2015 - 15:50
Microsoft pulled the plug on its Advanced Notification Service (ANS), offering it going forward only to paying Premier customers.

First Public Mac OS X Firmware Bootkit Unleashed

Threatpost for B2B - Thu, 01/08/2015 - 13:59
At the recent 31C3 event, researcher Trammel Hudson unveiled the first public Mac OS X firmware bootkit that can be delivered over Thunderbolt peripheral devices.

FBI Director: Attribution Detractors ‘Don’t Have All the Facts’

Threatpost for B2B - Thu, 01/08/2015 - 12:41
FBI Director James Comey said at the International Conference on Cyber Security North Korea got sloppy with its proxies and revealed themselves in the Sony hack.

OpenSSL Fixes Eight Security Vulnerabilities

Threatpost for B2B - Thu, 01/08/2015 - 12:40
The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other […]

Bitcoin value plunges following $5M Bitstamp Heist

Secure List feed for B2B - Thu, 01/08/2015 - 11:02

The new year has started rather badly for the Bitcoin world. On January 4th, a cyber-attack against Bitstamp, one of the biggest bitcoin exchanges in the world, resulted in the loss of almost 19,000 BTC - the equivalent of more than $5 million.

While very little is known at the moment about how the attackers managed to pull off this latest bitcoin heist, Bitstamp is assuring their customers that all of their bitcoins remain safe. The company states that "this breach represents a small fraction of Bitstamp's total bitcoin reserves", so hopefully covering the losses shouldn't be a problem for them.

Because of the irreversible nature of bitcoin transactions, the only thing Bitcoin enthusiasts can do right now is to sit and watch how the attackers are emptying the address used to collect the stolen bitcoins.

You can follow the thieves' transactions by yourself here: https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf

Right now, the attackers are most likely trying to move those bitcoins around through as many addresses as possible, and then will proceed to launder the stolen coins by using so-called "mixing" services

Bitstamp seems to have been much better prepared for such an incident compared to Mt. Gox, so while the price of Bitcoin was of course impacted, the impact was not that big. Part of the reason is that bitcoins are currently trading at prices that haven't been seen since the autumn of 2013 anyway, between $250 and $300 for 1 BTC.


Bitcoin price in 2014 - source: ZeroBlock

Taking into account these cyber attacks, we conclude that in 2015 security will continue to remain the most important thing for Bitcoin exchanges and enthusiasts.

Our advice is to diversify and try and minimize the time in which your bitcoins are hosted by anyone else except yourself. Bitcoin exchanges and third party wallet providers seem to act as a magnet for attackers, so it's better to take the security of your bitcoins in your own hands.

Make sure to check out our tips on How to Keep Your Bitcoins Safe.

FTC Urges IoT Privacy, Security-by-Design at CES

Threatpost for B2B - Wed, 01/07/2015 - 16:54
The head of the Federal Trade Commissioned warned of a future where data collection has gone awry and avoid it at the Consumer Electronics Show.

Backdoors Found Leveraging Pastebin

Threatpost for B2B - Wed, 01/07/2015 - 14:12
Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.

Dridex Banking Trojan Spreading Via Office Macros

Threatpost for B2B - Wed, 01/07/2015 - 13:15
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.
Syndicate content