Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 3 hours 28 min ago

Joomla Re-Issues Security Update After Patches Glitch

Wed, 10/01/2014 - 14:49
A security update for the Joomla content management system was pulled and re-issued after problems with the first set of patches for a remote file inclusion and denial of service vulnerability were discovered.

VMware Begins to Patch Bash Issues Across Product Line

Wed, 10/01/2014 - 14:43
VMware issued a progress report on fixes for four different types of products as they relate to the Bash vulnerability.

Xsser Trojan Spies on Jailbroken iOS Devices

Wed, 10/01/2014 - 13:32
An iOS espionage Trojan has been discovered spying on jailbroken Apple devices, primarily used against pro-democracy protestors in Hong Kong.

Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products

Wed, 10/01/2014 - 11:01
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine. The flaw allows attackers to bypass the authentication mechanism on the server and get access to resources that should be protected. Security researcher Billy Rios, a frequent […]

DARPA Working on Provably Secure Embedded Software

Wed, 10/01/2014 - 10:19
DARPA is the birthplace of the network that eventually became today’s Internet, and the agency has spent the decades since it released that baby out into the world trying to find new ways defend it.  That task has grown ever more complex and difficult, and now DARPA is working on a new kind of software that […]

Google Ups Chrome Bug Bounty, Offers More Money For Exploits

Tue, 09/30/2014 - 14:10
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]

OpenVPN Vulnerable to Shellshock Bash Vulnerability

Tue, 09/30/2014 - 12:47
OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it's pre-authentication in OpenVPN.

New Signed Version of CryptoWall Ransomware On the Loose

Tue, 09/30/2014 - 10:37
Researchers have discovered a variant of the CryptoWall ransomware that has a valid digital signature and is being distributed through malicious ads on several top-ranked Alexa Web sites. CryptoWall is one of the more successful ransomware strains in recent memory, with researchers estimating last month that the malware had grossed more than $1 million for […]

Apple Patches Shellshock Vulnerability in Bash for OS X

Mon, 09/29/2014 - 18:34
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.

WPScan Vulnerability Database a New WordPress Security Resource

Mon, 09/29/2014 - 16:31
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It's available for pen-testers, WordPress administrators and developers.

RadEditor Web Editor Vulnerable To XSS Attacks

Mon, 09/29/2014 - 12:15
All versions of an HTML editor used in several Microsoft properties, including ASP.NET, suffer from a high-risk cross-site scripting (XSS) vulnerability.

CloudFlare Rolls Out Free SSL

Mon, 09/29/2014 - 11:29
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available […]

FBI to Open Up Malware Investigator Portal to External Researchers

Mon, 09/29/2014 - 10:22
SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. […]

Apple: OS X Safe By Default Against Bash Vulnerability

Fri, 09/26/2014 - 14:14
Apple said it is working on a patch for OS X to counter the Bash vulnerability, but in the meantime is telling users the OS is safe by default.

Government Requests for Yahoo Data Down Slightly

Fri, 09/26/2014 - 10:34
Yahoo published its third Transparency Report, which reveals that it fielded fewer requests for user data than the previous reporting period, and that it also received between 0-999 National Security Letters.

Honeypot Snares Two Bots Exploiting Bash Vulnerability

Thu, 09/25/2014 - 16:30
Two malware samples trying to exploit the Bash vulnerability, both DDoS bots, were snared in a honeypot belonging to AlienVault Labs.

Patching Bash Vulnerability a Challenge for ICS, SCADA

Thu, 09/25/2014 - 14:34
Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS

Thu, 09/25/2014 - 12:41
Users of Mozilla products should update Firefox, NSS, SeaMonkey and Thunderbird in order to obtain fixes for a bug that could let an attacker forge RSA certificates and perform man-in-the-middle attacks.

Bash Exploit Reported, First Round of Patches Incomplete

Thu, 09/25/2014 - 11:41
Reports of the first in-the-wild exploits targeting the Bash vulnerability have surfaced, as have complaints the first patches for the bug are incomplete.

Home Hacking Made Simple

Thu, 09/25/2014 - 09:12
David Jacoby looked at all of the Web-enabled devices in his house--TV, game console, network storage device--and found a handful of exploitable bugs in them.