Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 14 hours 9 min ago

Researchers Say Password Re-Use Isn’t All Bad

Wed, 07/16/2014 - 13:40
A paper published by Microsoft and researchers at Carleton University declare password re-use and weak credentials have their place for users managing multiple accounts.

OpenVPN Warns Customers of CSRF Bug in Access Server Desktop Client

Wed, 07/16/2014 - 11:39
OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the vulnerability if a user running a vulnerable version visits […]

Large-Scale DDoS Attacks Continue to Spike

Wed, 07/16/2014 - 10:05
Although the average size of a given DDoS attack is going down, the number of attacks at the upper end of the scale is increasing, with researchers at Arbor Networks reporting more than 100 attacks of 100 Gbps in the first half of this year. In order for a DDoS attack to be effective, bad […]

‘Overblown’ LibreSSL PRNG Vulnerability Patched

Wed, 07/16/2014 - 08:25
The OpenBSD project patched a vulnerability in the LibreSSL random number generator; both sides of the issue concede the test program used to trigger the flaw was either unusual or unrealistic.

Early Review of LibreSSL Finds Problematic PRNG

Tue, 07/15/2014 - 15:48
A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend.

SSL Black List Aims to Publicize Certificates Associated With Malware

Tue, 07/15/2014 - 13:25
The new SSL Black List is a public list of certificates associated with a variety of malicious operations, including botnets, malware campaigns and banking Trojans.

Google Set to Change Malware, Phishing Warnings Following Study

Tue, 07/15/2014 - 12:40
Google will soon change the way it displays malware and phishing warnings in its Chrome browser to give users a better idea of the risk and to help them make a decision.

New Kronos Banking Malware Advertised On Russian Forums

Tue, 07/15/2014 - 11:30
Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit.

Google Project Zero May Prove a Big Win for Security

Tue, 07/15/2014 - 10:58
Google is focusing some of the sharpest minds it has on a new security initiative known as Project Zero that will dig into the critical software that the Internet and its users depend upon and find new vulnerabilities.

Five Year Old Phishing Campaign Unveiled

Mon, 07/14/2014 - 16:04
Active for about five years, a campaign in which attackers have pilfered victims’ credentials from Google, Yahoo, Facebook, Dropbox and Skype, was recently revealed.

Outside Panel Finds Over-Reliance on NSA Advice Led to Dual EC Problems

Mon, 07/14/2014 - 13:47
A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of […]

Oracle Clarifies XP Support Ahead of Quarterly Patches

Mon, 07/14/2014 - 12:45
Oracle is expected to release 113 patches across its product lines as part of its quarterly Critical Patch Updates.

First Version of LibreSSL Debuts

Mon, 07/14/2014 - 11:23
An early version of LibreSSL, a fork of OpenSSL developed by the OpenBSD Foundation, was released for a number of platforms beyond OpenBSD.

LastPass Fixes a Pair of Security Flaws

Mon, 07/14/2014 - 09:58
LastPass, the popular password manager for most of the top Web browsers, has fixed a couple of vulnerabilities that could have allowed an attacker to target users and generate his own one-time passwords for the victim’s account. The company said that its security team hasn’t seen any active attacks exploiting these vulnerabilities and doesn’t think that […]

Possible New Version of GameOver Zeus Malware Emerges

Fri, 07/11/2014 - 13:55
It’s only been a little more than a month since the FBI and Europol took down the GameOver Zeus botnet, taking control of its command-and-control infrastructure and effectively cutting off the malware’s head. But researchers say that there are some indications that a new strain of the malware may already be active again. GameOver Zeus […]

Digital First Aid Kit A Guide For Activists, First-Responders

Fri, 07/11/2014 - 13:32
The Electronic Frontier Foundation and other NGOs have published a guide with advice on secure communication, DDoS and malware mitigation and more for activists, journalists and others targeted for surveillance.

Apple Updates OSX Blacklist Following Flash Vulnerability

Fri, 07/11/2014 - 13:07
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.

Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication

Fri, 07/11/2014 - 10:48
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.

Tinba Banker Trojan Source Code Leaked

Fri, 07/11/2014 - 08:10
The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit. Tinba performs many […]

Brute-Forcing Botnet Sniffs Out Lax POS Systems

Thu, 07/10/2014 - 14:54
The botnet particularly targeted poorly implemented remote desktop protocol setups that were storing payment card information.