Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 23 hours 20 min ago

Ersatz Scheme Deceives Hackers, Protects Stored Passwords

Thu, 05/21/2015 - 14:35
Researchers at Purdue University have developed a scheme that protects stolen passwords from offline cracking.

Charter Communications Fixes Website Data Leak Vulnerability

Thu, 05/21/2015 - 13:54
The internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of its customers.

Head-Scratching Begins on Proposed Wassenaar Export Control Rules

Thu, 05/21/2015 - 12:59
Experts point out that the proposed Wassenaar rules in the U.S. leave unanswered questions regarding exploit development and the use of commercial penetration testing tools.

1.1 Million Affected by CareFirst BlueCross BlueShield Breach

Thu, 05/21/2015 - 11:02
CareFirst BlueCross BlueShield announced this week that hackers broke into one of its databases and made off with a variety of sensitive customer information.

Security Questions Not So Secure

Thu, 05/21/2015 - 10:44
The Internet knows a lot about you, including your mother’s maiden name, your favorite food, and what street your first pet grew up on. And, according to some new research from Google, attackers have a good chance of figuring those things out pretty easily, too. The security questions that Google and other companies ask users as […]

Security Researchers Wary of Proposed Wassenaar Rules

Wed, 05/20/2015 - 16:26
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.

Justice Department Charges Six Chinese Nationals with Insider Theft

Wed, 05/20/2015 - 16:00
The Northern District of California has announced the indictment of six Chinese nationals, charging them with theft of trade secrets and economic espionage.

SQL Attack Results in Breach of Telstra-Owned Telecom Pacnet

Wed, 05/20/2015 - 15:55
Telstra's Pacnet, a telecom service provider primarily based in China and Singapore, suffered a breach early last month that may wind up affecting thousands of customers.

How I Got Here: Marcus Ranum

Wed, 05/20/2015 - 12:13
​Dennis Fisher talks with security pioneer Marcus Ranum about writing an early Internet firewall at DEC, the security gold-rush era of the 1990s and early 2000s, why he never patented most of the ideas he has come up with and how he found peace of mind.

Apple Releases Patches For a Watch

Wed, 05/20/2015 - 11:49
What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch. And that’s what Apple has done for the first time, releasing a long list of fixes for security problems with the Apple Watch OS. At least one of the vulnerabilities can […]

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Wed, 05/20/2015 - 07:28
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade 512-bit Diffie-Hellman cryptography. The most serious […]

Details Surface on Unpatched KCodes NetUSB Bug

Tue, 05/19/2015 - 14:41
KCodes NetUSB, a Linux kernel module that provides USB services over IP, contains unpatched vulnerabilities according to an alert from CERT/CC and Sec Consult

St. Louis Federal Reserve Falls Victim to DNS Hijack

Tue, 05/19/2015 - 13:57
The Federal Reserve Bank of St. Louis confirmed this week that it fell victim to a DNS hijack last month that may have redirected users to bogus webpages and exposed customers to phishing, malware and other attacks.

Google Fixes Sandbox Escape in Chrome

Tue, 05/19/2015 - 13:19
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities […]

Malvertising Leads to Magnitude Exploit Kit, Ransomware Infection

Tue, 05/19/2015 - 12:38
Researchers from ZScaler have uncovered a new scheme where criminals are using malversting to redirect to pages hosting the Magnitude exploit kit and the CryptoWall ransomware.

Address-Spoofing Bug Haunts Android Stock Browser

Tue, 05/19/2015 - 10:29
There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem […]

President Urged to Reject Mandatory Backdoors

Tue, 05/19/2015 - 09:56
A coalition of 150 tech companies and privacy champions sent a letter to President Obama urging him to reject any proposals mandating backdoor access to software and devices.

Researchers, IEEE Release Medical Device Security Guidelines

Mon, 05/18/2015 - 16:36
A collection of research scientists, with help from the IEEE Cybersecurity Initiative, have released a new set of guidelines for developers to take into account to ensure security figures into how medical devices are coded.

APT Group Embeds Command and Control Data on TechNet Pages

Mon, 05/18/2015 - 15:03
The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources.

Penn State Offline Following Advanced Two-Year Cyberattack

Mon, 05/18/2015 - 12:46
Penn State announced that its school of engineering was the victim of a more than two-year long cyberattack perpetuated by advanced persistent threat groups.