Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 16 hours 59 min ago

More Details of Onion/Critroni Crypto Ransomware Emerge

Thu, 07/24/2014 - 14:37
New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity.

Mozilla Improves Malware Blocking in Firefox 31

Thu, 07/24/2014 - 13:54
Attackers have any number of methods for getting their malware onto users’ machines, but one of the easier and more effective ones is through drive-by downloads. Browser vendors have been adding defenses to mitigate this threat for some time, and the newest version of Mozilla Firefox includes an improved defense against malware downloaded through the […]

Phony Googlebots Becoming a Real DDoS Attack Tool

Thu, 07/24/2014 - 12:00
Phony Googlebots are being used with greater frequency to launch and carry out application-layer denial-of-service attacks.

Research Shows Increase in Internet Filtering and Usage of FireChat App in Iraq

Thu, 07/24/2014 - 12:00
Researchers at Citizen Lab have taken a close look at the extent of Internet filtering in Iraq, as well as the security of a popular offline chat app used there, and found an increase in the number of services blocked by the government and identified serious privacy and security problems with the chat app. As tensions […]

Bugcrowd Releases Open Source Vulnerability Disclosure Framework

Thu, 07/24/2014 - 09:01
The problems that come from doing security research on modern Web applications and other software aren’t just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help […]

WordPress Sites Seeing Increased Malware, Brute Force Attacks This Week

Wed, 07/23/2014 - 15:11
A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several days, researchers claim.

Researchers Demo TAILS Flaw Exploit, Disclose Details to Developers

Wed, 07/23/2014 - 14:22
The critical vulnerability in the TAILS operating system discovered by researchers at Exodus Intelligence lies in the I2P software that's bundled with the OS and the company has released some details and a video demonstrating an exploit against the bug.

Firefox 31 Patches 11 Security Flaws

Wed, 07/23/2014 - 09:40
Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues.

Researchers Plan to Disclose Critical Bugs to TAILS Team Soon

Tue, 07/22/2014 - 15:52
There are several security issues that aren't patched in the new release of the OS Tails that have been identified by researchers at Exodus Intelligence.

Trio of Flaws Found in OleumTech Wireless Monitoring System

Tue, 07/22/2014 - 11:11
Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors.

Privacy Badger Extension Blocks Tracking Through Social Icons

Tue, 07/22/2014 - 10:03
Privacy Badger is one of a new generation of tools designed to help users block much of the silent, pervasive tracking that's done on the Web today, a lot of which is accomplished through social media channels.

Third-Party Software Library Risks To Be Scrutinized at Black Hat

Tue, 07/22/2014 - 09:00
Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference.

IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches

Mon, 07/21/2014 - 13:46
IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it.

Researcher Identifies Hidden Data-Acquisition Services in iOS

Mon, 07/21/2014 - 12:22
There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data.

EFF Releases Open Wireless Router Firmware

Mon, 07/21/2014 - 10:30
The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HOPE X conference over the weekend, is […]

Point-of-Sale Dealers Need a Security Sit-Down

Mon, 07/21/2014 - 09:11
Retailers and hospitality vendors are falling victim to point-of-sale hacks, and little is being done to stem the tide. At the upcoming Black Hat conference, a researcher hopes to spur a call to action.

Thousands of Sites Found Tracking Users Through Practically Unblockable ‘Fingerprint’ Mechanism

Mon, 07/21/2014 - 09:00
The rise of sophisticated new online tracking mechanisms, including one known as ‘canvas fingerprinting’ that’s been infiltrating the Internet, could soon raise the ire of privacy conscious users.

CryptoLocker Ransomware Alive and Evolving, Says Researcher

Fri, 07/18/2014 - 15:38
Despite FBI claims that CryptoLocker was neutralized in the GameOver Zeus botnet takedown, a researcher says that the ransomware is alive and evolving new variants.

Siemens Working on Patches for OpenSSL Bugs Under Exploit

Fri, 07/18/2014 - 10:49
OpenSSL vulnerabilities discovered in a number of Siemens industrial control systems are being exploited in the wild. The company has updates available for some, but not all, of the affected products.

Critroni Crypto Ransomware Seen Using Tor for Command and Control

Fri, 07/18/2014 - 10:37
There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control.