Feed aggregator

Volume of NTP Amplification Attacks Getting Louder

Threatpost for B2B - Tue, 04/29/2014 - 13:03
NTP amplification attacks account for the majority of DDoS attacks that exceed 100 Gbps, according to Arbor Networks.

The White House and Zero Day Sleight of Hand

Threatpost for B2B - Tue, 04/29/2014 - 10:50
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except that it mostly doesn’t matter.

Click-Fraud Sefnit Variant Shuns Tor for SSH

Threatpost for B2B - Tue, 04/29/2014 - 09:26
Facebook security researchers discovered a new variant of the Sefnit click-fraud malware. Unlike previous versions that used Tor for communication, this one uses SSH over port 443.

Google Removes Bitcoin Mining Android Malware from Play

Threatpost for B2B - Mon, 04/28/2014 - 16:26
Google recently removed five bogus wallpaper applications from its Play marketplace after they were found sneakily mining Bitcoins.

AOL Investigating Breach, Urges Users to Change Passwords

Threatpost for B2B - Mon, 04/28/2014 - 14:21
AOL said its networks were breached and customer information was stolen to send spoofed spam messages. Users are being told to change their passwords.

Siemens Update on Heartbleed Patches in ICS, SCADA

Threatpost for B2B - Mon, 04/28/2014 - 12:03
Siemens continues to work on patches and provide updates to their ICS and SCADA systems affected by the OpenSSL Heartbleed vulnerability.

Flash Zero Day Used to Target Victims in Syria

Threatpost for B2B - Mon, 04/28/2014 - 11:43
A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack on a compromised Syrian government site.

Blog: New Flash Player 0-day (CVE-2014-0515) used in watering-hole attacks

Secure List feed for B2B - Mon, 04/28/2014 - 11:25
We received a sample of the first exploit on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a general heuristic signature. There were numerous subsequent detections on April 14 and 16. In other words, we succeeded in detecting a previously unknown threat using heuristics.

New Internet Explorer CVE-2014-1776 Zero Day Used in Targeted Attacks

Threatpost for B2B - Mon, 04/28/2014 - 08:00
There's a new zero-day vulnerability in many of the current versions of Internet Explorer and is being used in active attacks right now.

Vulnerability in Viber Allows Intercept of Images, Videos

Threatpost for B2B - Fri, 04/25/2014 - 14:48
UPDATE - Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information.

Exploiting Facebook Notes to Launch DDoS

Threatpost for B2B - Fri, 04/25/2014 - 13:30
It is possible for an attacker to exploit image tags in Facebook Notes to launch DDoS attacks against external sources.

Threatpost News Wrap, April 25, 2014

Threatpost for B2B - Fri, 04/25/2014 - 10:00
Dennis Fisher and Mike Mimoso discuss the Apple OSX and iOS patches, the continuing OpenSSL Heartbleed soap opera and the Verizon DBIR report.

Google Changes Ciphers in OpenSSL for Chrome on Android

Threatpost for B2B - Fri, 04/25/2014 - 09:50
The emergence of mobile platforms such as iOS and Android have presented a number of challenges in terms of security. Not much can be done about some of these, like users leaving their phones in bars. But engineers at Google have been working on one of the thornier ones of late–how to provide solid encryption […]
Syndicate content