Feed aggregator

Mozilla to Remove Turkish CA From Firefox Trust Store

Threatpost for B2B - Tue, 04/28/2015 - 10:15
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]

New Utility Decrypts Data Lost to TeslaCrypt Ransomware

Threatpost for B2B - Mon, 04/27/2015 - 14:38
Cisco published an analysis of TeslaCrypt and a decryptor tool that recovers files lost to the ransomware.

Details on WordPress Zero Day Disclosed

Threatpost for B2B - Mon, 04/27/2015 - 11:56
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

Threatpost for B2B - Mon, 04/27/2015 - 11:38
A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library […]

Siemens Patches Ghost Flaw in Simatic Product

Threatpost for B2B - Mon, 04/27/2015 - 10:51
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an […]

Google Provides Detailed Analysis of GitHub Attack Traffic

Threatpost for B2B - Fri, 04/24/2015 - 13:46
The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]

Podcast: News From RSA 2015

Threatpost for B2B - Thu, 04/23/2015 - 17:52
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news of the week from the RSA Conference.

Active Defense Can Give Pause to Threats

Threatpost for B2B - Thu, 04/23/2015 - 17:17
Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.

Bypassing OS X Security Tools is Trivial, Researcher Says

Threatpost for B2B - Thu, 04/23/2015 - 14:35
SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]

iOS Vulnerability Could Force Devices Into Endless Reboot Loop

Threatpost for B2B - Thu, 04/23/2015 - 13:14
Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.

The Real ‘Next Generation’ of Security Revealed at RSA

Threatpost for B2B - Wed, 04/22/2015 - 17:40
During his RSA keynote today, Juniper Networks' Chris Hoff shared the stage with 9-year-old hacker Reuben Paul, in a talk meant to be a call to action for the security industry to teach young programmers security and privacy from the outset.

Microsoft Launches Project Spartan Bounty

Threatpost for B2B - Wed, 04/22/2015 - 16:36
Microsoft announced a two-month bug bounty for its new Project Spartan browser.

Privacy Goal: More Controls in Users’ Hands

Threatpost for B2B - Wed, 04/22/2015 - 16:10
The chief privacy officers of Microsoft, Facebook and Google today at RSA Conference discussed how their respective companies want to put more privacy controls in users' hands.

White House, State Department Counted Among CozyDuke APT Victims

Threatpost for B2B - Wed, 04/22/2015 - 15:09
A data-mining advanced persistent threat hit a handful of high profile targets last year, including the White House’s computer network.

Threat Intelligence Sharing Still Seen as a Challenge

Threatpost for B2B - Wed, 04/22/2015 - 15:03
SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat of attacks and data breaches. The benefits of sharing threat intelligence are […]

‘Fully Secure Systems Don’t Exist’

Threatpost for B2B - Wed, 04/22/2015 - 12:06
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the years relating […]
Syndicate content