Feed aggregator

HackerOne Bug Bounty Platform Lands Top Microsoft Security Expert

Threatpost for B2B - Wed, 05/28/2014 - 18:00
HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft's bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure.

Ominous Warning or Hoax? TrueCrypt Warns Software ‘Not Secure,’ Development Shut Down

Threatpost for B2B - Wed, 05/28/2014 - 17:35
A post on the TrueCrypt page at SourceForge warns that open source encryption software TrueCrypt is not secure and development has shut down.

Microsoft myBulletins Service Customizes Patch Details

Threatpost for B2B - Wed, 05/28/2014 - 16:34
Microsoft's new myBulletins service is a dashboard view of Microsoft products in their environment and any related security bulletins and updates. Some are critical of its lack of security advisories and lack of notifications.

FTC Asking Data Brokers, Congress for Transparency, Regulation

Threatpost for B2B - Wed, 05/28/2014 - 16:03
The Federal Trade Commission called on data brokers to be more transparent and give users more control over their personal information in a comprehensive report issued yesterday.

CryptoLocker Ransomware Competitor May Have Fatal Flaw

Threatpost for B2B - Wed, 05/28/2014 - 14:08
CryptoDefense, a ransomware competitor to CryptoLocker, has an implementation flaw that could allow for recovery of the decryption key from the victim's computer.

Pinterest Launches Bug Bounty Program

Threatpost for B2B - Wed, 05/28/2014 - 13:47
Pinterest has become the latest major Web property to start a bug bounty program, joining the Bugcrowd platform and offering researchers rewards of up to…a shirt. The site, which enables users to post photos, recipes and other information, announced the new reward program Tuesday. Company officials said that Pinterest was looking for more people to […]

Remotely Exploitable Flaws Haunt Lawful Intercept Surveillance Gear

Threatpost for B2B - Wed, 05/28/2014 - 12:50
The small, but growing, group of companies that supply so-called lawful intercept gear to intelligence agencies and law enforcement organizations around the world have operated mostly under the radar until very recently. Their products are used to record and scrutinize the communications of suspected criminals and terrorists, but now they’re finding that their products are […]

Siemens Fixes DoS Flaw in Rugged OS Devices

Threatpost for B2B - Wed, 05/28/2014 - 09:41
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device. […]

Apple Ransomware Targeting iCloud Users Hits Australia

Threatpost for B2B - Wed, 05/28/2014 - 07:27
A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware.

Analysis: Spam in April 2014

Secure List feed for B2B - Wed, 05/28/2014 - 07:00
The percentage of spam in email traffic in April came to 71.1%, which is 7.6 percentage points more than in the March.

LulzSec Hacker Sabu Sentenced to Time Served

Threatpost for B2B - Tue, 05/27/2014 - 14:01
The LulzSec hacker-turned-informant known as Sabu avoided any more jail time and was sentenced to time served on Tuesday for his part in leading several of the group’s attacks on high-profile targets. Hector Monsegur walked out of court in New York a free man, thanks to his cooperation with the FBI in identifying and tracking […]

Spotify Android Application at Issue in Breach

Threatpost for B2B - Tue, 05/27/2014 - 12:35
Streaming music service Spotify reported a breach of its systems and data, and said updates will be limited to only its Android application.

House Committee Initiates NIST-NSA Separation on Crypto Standards

Threatpost for B2B - Tue, 05/27/2014 - 10:54
The House Science and Technology Committee approved an amendment to the FIRST Act that would sever the NSA's relationship with NIST related to the development of cryptography standards.

Blog: Scammer of a Lonely Heart

Secure List feed for B2B - Tue, 05/27/2014 - 10:36
Users in a particular rush to find love online are paying dearly as a popular referral service is flooded with spam bots promising to fulfill fantasies at a deceptively low price.

Zeus-Carberp Hybrid Trojan Pops Up

Threatpost for B2B - Tue, 05/27/2014 - 10:21
Researchers have discovered a new hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It’s not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusively private tools, but the source […]

Executive Agencies Pass on New Cybersecurity Regulations

Threatpost for B2B - Fri, 05/23/2014 - 12:37
Three federal agencies crucial to critical infrastructure protection will be allowed to continue to voluntarily assess cyber risk, rather than force the development and implementation of additional regulations.
Syndicate content