Feed aggregator

Half of Android Users Exposed to Attack via Installation Vulnerability

Threatpost for B2B - Tue, 03/24/2015 - 13:50
Palo Alto Networks researchers say half of all Android devices contain a vulnerability that could allow an attacker to install malware on devices running the Android operating system.

Instagram API Bug Could Allow Malicious File Downloads

Threatpost for B2B - Tue, 03/24/2015 - 12:57
A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust […]

CA Linked to Chinese Registrar Issued Unauthorized Google Certificates

Threatpost for B2B - Mon, 03/23/2015 - 21:04
Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain. Google’s engineers were able to block the fraudulent certificates in the company’s Chrome browser by pushing an […]

CSRF Vulnerability Exposed Hilton Hotel Member Accounts

Threatpost for B2B - Mon, 03/23/2015 - 13:19
A cross-site request forgery (CSRF) vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users personal information.

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch

Threatpost for B2B - Mon, 03/23/2015 - 11:38
A Flash vulnerability that Adobe patched four years ago actually remains exploitable according to a presentation given by a pair of researchers at the TROOPERS security conference.

Cisco Small Business IP Phones Open to Remote Eavesdropping

Threatpost for B2B - Mon, 03/23/2015 - 10:46
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones. Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is […]

Latest Dridex Campaign Evades Detection with AutoClose Function

Threatpost for B2B - Fri, 03/20/2015 - 13:49
Proofpoint discovered that a recent spate of phishing messages contained macros-based attacks that did not execute until the malicious document was closed.

All Major Browsers Fall at Pwn2Own Day 2

Threatpost for B2B - Fri, 03/20/2015 - 11:26
Two researchers took down the four major browsers, Internet Explorer, Firefox, Chrome, and Safari yesterday as Pwn2Own wrapped up in Vancouver.

Yoast Google Analytics Plugin Patches XSS Vulnerability

Threatpost for B2B - Fri, 03/20/2015 - 09:58
Yoast addressed a cross-site scripting vulnerability in its Google Analytics WordPress plugin that allows a hacker to store code in the WordPress administrator dashboard that executes upon viewing.

Flash, Reader, Firefox and IE Fall on Pwn2Own Day 1

Threatpost for B2B - Thu, 03/19/2015 - 11:39
Four different research teams cracked four different products on Wednesday--Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015.

OpenSSL Mystery Patch is No Heartbleed

Threatpost for B2B - Thu, 03/19/2015 - 10:00
The anticipated high severity patch in OpenSSL is for a denial-of-service vulnerability in the recently released version 1.0.2 that can crash a client or server with a malformed certificate.

New BIOS Implant, Vulnerability Discovery Tool to Debut at CanSecWest

Threatpost for B2B - Thu, 03/19/2015 - 07:00
Researchers are expected to present at CanSecWest a BIOS rootkit that automates BIOS vulnerability discovery and implants persistent malware.

Breach at Premera Blue Cross Affects 11 Million

Threatpost for B2B - Wed, 03/18/2015 - 11:17
Hackers wriggled their way into the servers of health insurance provider Premera Blue Cross last year, and potentially exposed the information of 11 million members, employees and other associates.
Syndicate content