Feed aggregator

IRS Hack Exposes 100,000 Taxpayer Records

Threatpost for B2B - Tue, 05/26/2015 - 17:13
Users of the Internal Revenue Service’s Get Transcript service are at risk for identity theft after hackers accessed tax records belonging to more than 100,000.

POS Malware Nitlove Seen Spreading Through Spam Campaign

Threatpost for B2B - Tue, 05/26/2015 - 14:15
Nitlove and several new versions of PoSeidon can be added to the growing heap of point-of-sale (POS) malware discovered this year.

Researchers Exploit Patched Windows Group Policy Bug

Threatpost for B2B - Tue, 05/26/2015 - 13:25
Researchers from Core Security were able to exploit a security vulnerability in Windows' group policy -- MS15-011 -- that was patched by Microsoft in February.

Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings

Threatpost for B2B - Tue, 05/26/2015 - 11:05
French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.

Synology Fixes File-Takeover Flaw in Cloud Station OS X Client

Threatpost for B2B - Tue, 05/26/2015 - 10:46
There is a vulnerability in some versions of Synology’s Cloud Station client for OS X that can enable any user to take over system files and gain complete control of the machine. Cloud Station is a system that allows users to sync files across a number of devices. The system saves changes to files on […]

Threatpost News Wrap, May 22, 2015

Threatpost for B2B - Fri, 05/22/2015 - 12:19
Dennis Fisher and Mike Mimoso talk about the Logjam attack, the proposed Wassenaar export rules on exploits, and the letter to the president decrying crypto back doors.

Sendio Email Platform Patches Remote Security Bypass Vulnerability

Threatpost for B2B - Fri, 05/22/2015 - 12:01
Email security vendor Sendio has patched a pair of remotely exploitable security bypass vulnerabilities in its Sendio ESP, or Email Security Platform, product.

eBay Fixes Reflected File Download Flaw

Threatpost for B2B - Fri, 05/22/2015 - 11:01
For many years, eBay has been one of the bigger targets for phishers and many other kinds of attackers and they have been honing their tactics and improving them along the way. Much of their effectiveness depends on convincing users that they’re on the real eBay site and the site recently fixed a vulnerability that […]

Shoddy Android Factory Reset Exposes Private Data, Encryption Keys

Threatpost for B2B - Fri, 05/22/2015 - 10:18
Researchers from Cambridge University uncovered weaknesses in the Android Factory Reset feature that puts improperly sanitized data at risk.

Ersatz Scheme Deceives Hackers, Protects Stored Passwords

Threatpost for B2B - Thu, 05/21/2015 - 14:35
Researchers at Purdue University have developed a scheme that protects stolen passwords from offline cracking.
Syndicate content