Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 9 hours 19 min ago

Bitcoin Phishing Campaign Targets 400 Organizations

Wed, 08/20/2014 - 14:56
More than 400 organizations were recently targeted by a Bitcoin phishing campaign that intended to con users into giving away their wallet passwords.

A New Spin on Rogue Antivirus

Wed, 08/20/2014 - 13:59
Rogue antivirus malware is on the decline, but a new, simpler version of that threat that simply redirects users to the site of a fake malware protection service has been infecting users around the world.

Heartbleed Exploit Linked to Community Health Data Breach

Wed, 08/20/2014 - 13:37
Hackers involved in the Community Health Systems data breach used a Heartbleed exploit to access the provider's network and steal 4.5 million patient records, said security firm TrustedSec.

Tor Browser Hardening Features Under Scrutiny

Wed, 08/20/2014 - 12:38
An iSEC Partners report examining hardening features of the Tor Browser recommends moving off Firefox to Chrome, but budget and feature constraints make that unlikely.

U.S. Nuclear Regulator Hacked Three Times in Three Years

Tue, 08/19/2014 - 15:01
Hackers hit the U.S. Nuclear Regulatory Commission (NRC) three separate times over the past three years.

Close to All Facebook Outbound Notification Emails Encrypted

Tue, 08/19/2014 - 13:00
Facebook published numbers today that demonstrate the pervasiveness of encryption on the web; the social network said 95 percent of its notification emails are encrypted with Perfect Forward Secrecy, up from 29 percent in May.

APT Gang Branches Out to Medical Espionage in Community Health Breach

Tue, 08/19/2014 - 10:29
The Community Health Systems data breach has been tied to a Chinese APT gang that has branched out to medical espionage, stealing patient data in an effort to target intelligence on medical device development.

Pro-Syrian Malware Increasing in Number, Complexity

Mon, 08/18/2014 - 15:48
Malware deployed against activists in Syria is increasing as the groups deploying these remote access tools become more sophisticated and utilize more complex tactics.

Microsoft Yet to Deliver Fix for Faulty Patch Tuesday Update

Mon, 08/18/2014 - 15:07
Microsoft said it is still working on a fix for a broken patch released last Patch Tuesday that is causing Blue Screens of Death and system crashes.

Siemens Patches DoS Vulnerability in SIMATIC S7 PLC

Mon, 08/18/2014 - 14:15
Siemens released an update for its SIMATIC S7-1500 CPU last week, patching a denial of service vulnerability in the programmable logic controller.

New Attack Binds Malware in Parallel to Software Downloads

Mon, 08/18/2014 - 12:21
Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application.

Supermarkets Nationwide Affected by Albertsons, SUPERVALU Data Breach

Fri, 08/15/2014 - 13:27
Albertsons and SUPERVALUE, the second and third largest grocery store chains in the U.S., yesterday announced that customer payment information was exposed a month-long data breach earlier this summer.

Cridex Malware Takes Lesson From GameOver Zeus

Fri, 08/15/2014 - 10:05
Researchers have now identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day.

Google Fixes 12 Vulnerabilities in Chrome 36

Fri, 08/15/2014 - 09:23
Google patched its Chrome browser this week, fixing 12 vulnerabilities including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.

Gameover Zeus Botnet Rebuilds

Thu, 08/14/2014 - 16:58
Research from Arbor Networks points to a rejuvenated GameOver Zeus botnet that has grown more than 1,800 percent, confirming it has been rebuilt from scratch.

Easy Pickings at DEF CON Router Hacking Contest

Thu, 08/14/2014 - 14:10
Fifteen zero day vulnerabilities were exploited during the SOHOpelessly Broken router hacking contest at DEF CON.

Google Adds Warnings About Deceptive Software to Safe Browsing Service

Thu, 08/14/2014 - 13:18
The Google Safe Browsing service has become an integral part of most of the major browsers, integrating malware alerts, warnings about malicious Web sites and suspicious content. The company has been expanding the capabilities of the service steadily over the last few years, and now Google is adding warnings about deceptive software to the service. […]

Apple Patches Series of WebKit Flaws in Safari

Thu, 08/14/2014 - 10:02
Apple has released a new version of Safari that fixes seven security vulnerabilities, all of which are related to the WebKit framework in the browser. The advisory from Apple is typically bare-bones, with almost no information about the vulnerabilities fixed in Safari 6.1.6 and 7.0.6. Apple said that all of the vulnerabilities in WebKit are […]

Study Confirms Uyghur Remain in Crosshairs of Targeted Attacks

Wed, 08/13/2014 - 15:18
A research paper to be delivered next week at USENIX takes a deep look into the reconnaissance nation-states undergo in order to craft email-based attacks against non-governmental organizations.

Disqus Patches CSRF, Other Flaws in Plugin

Wed, 08/13/2014 - 13:35
Disqus, the maker of the popular community commenting plugin, has patched a handful of security flaws, including a CSRF bug.