Feed aggregator

Post-Cryptanalysis, TrueCrypt Alternatives Step Forward

Threatpost for B2B - Mon, 04/06/2015 - 14:11
CipherShed and VeraCrypt developers stand ready to step in for TrueCrypt now that the cryptanalysis phase of the audit is complete and no backdoors were discovered.

Linux Australia Hit With Server Breach

Threatpost for B2B - Mon, 04/06/2015 - 12:14
Linux Australia, a consortium in charge of organizing Linux conferences across the continent, acknowledged over the weekend it was breached by attackers last month.

Snapchat Publishes First Transparency Report

Threatpost for B2B - Mon, 04/06/2015 - 10:58
Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a California company that runs a popular chat and media-sharing service, said in the report […]

SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Threatpost for B2B - Fri, 04/03/2015 - 12:36
Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites.

VMware Fixes Java Information Disclosure Vulnerability

Threatpost for B2B - Fri, 04/03/2015 - 11:03
VMware has issued an update to a number of its products fixing an information disclosure bug in Oracle's Java runtime environment.

Dyre Banking Malware A Million-Dollar Threat

Threatpost for B2B - Fri, 04/03/2015 - 10:12
IBM warns banks and corporate officers of a change to the dangerous Dyre banking Trojan that involves the phone scam used to bypass fraud detection, and a DDoS attack that distracts security teams away from big-money transfers.

Threatpost News Wrap, April 2, 2015

Threatpost for B2B - Fri, 04/03/2015 - 09:00
Dennis Fisher and Mike Mimoso talk about Google's decision to drop Chinese CA CNNIC from Chrome's trust store, the scope of the malvertising threat and Verizon's super cookie use.

Audit Concludes No Backdoors in TrueCrypt

Threatpost for B2B - Thu, 04/02/2015 - 13:50
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.

Google Report Lauds Android Security Enhancements

Threatpost for B2B - Thu, 04/02/2015 - 13:22
Google's first Android Security Report puts some hard data behind the effectiveness of the security enhancements it has put into the OS.

Google Awards $5k Bounty for YouTube Video Delete Bug

Threatpost for B2B - Thu, 04/02/2015 - 11:23
A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube's Creator Studio.

Google, Mozilla Drop Trust in Chinese Certificate Authority CNNIC

Threatpost for B2B - Thu, 04/02/2015 - 07:59
UPDATE–Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused. Mozilla followed suit on Thursday, also removing CNNIC from its trust store. Google officials announced the severe decision on Wednesday, saying that […]

Little Change in Online Behavior Following Snowden Revelations

Threatpost for B2B - Wed, 04/01/2015 - 15:15
Pew Research Center survey finds that most Americans have done little or nothing to change their online behaviors nearly two years after the first NSA spying revelations emerged.

Students Build Open Source Web-Based Threat Modeling Tool

Threatpost for B2B - Wed, 04/01/2015 - 15:00
Students at St. Mary's University in Canada released to open source a web-based threat modeling tool called Seasponge that they hope will provide an alternative to Microsoft's free tool.

Critical Vulnerabilities Affect JSON Web Token Libraries

Threatpost for B2B - Wed, 04/01/2015 - 14:58
Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step.

Verizon Allows Opt Out of UIDH Mobile Supercookie

Threatpost for B2B - Wed, 04/01/2015 - 13:30
Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it was exposed last year. […]

Multicast DNS Vulnerability Could Lead to DDOS Amplification Attacks

Threatpost for B2B - Wed, 04/01/2015 - 10:54
DHS warned of a serious vulnerability in Multicast DNS devices whereby leaked system information could be leveraged in a DDoS amplification attack.
Syndicate content