Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 4 hours 26 min ago

Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440

Thu, 11/20/2014 - 08:02
Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit’s arsenal. This is a common tactic for exploit […]

Citadel Variant Targets Password Managers

Wed, 11/19/2014 - 14:54
Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools.

FREEDOM Act Rejection Should Keep ‘Encrypt Everything’ Bandwagon Rolling

Wed, 11/19/2014 - 13:11
The U.S. Senate failed to pass the USA FREEDOM Act last night, but that should matter little to security and technology companies rolling out encryption everywhere.

Nasty Security Bug Fixed in Android Lollipop 5.0

Wed, 11/19/2014 - 10:54
A bug was recently fixed in Android Lollipop that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances.

Tor Reins in Concerns After Academic Paper on De-Anonymization

Tue, 11/18/2014 - 14:33
Leaders at the Tor Project call for calm after an academic paper spells out how funded hackers could use NetFlow data from Cisco routers to de-anonymize Tor users.

Google Removes SSLv3 Fallback Support From Chrome

Tue, 11/18/2014 - 13:42
Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month.

EFF, Others Plan to Make Encrypting the Web Easier in 2015

Tue, 11/18/2014 - 13:40
A new coalition, Let's Encrypt, announced today they will grant free HTTPS certificates to any site that needs one in 2015.

Google Releases Open Source Tool for Testing Web App Security Scanners

Tue, 11/18/2014 - 12:17
Google today released to open source security scanning tool called Firing Range, which is designed to test for cross-site scripting (XSS) and other vulnerabilities on a massive scale.

WhatsApp Adds Encryption by Default to Android App

Tue, 11/18/2014 - 11:44
WhatsApp, a massively popular messaging app, recently added end-to-end encryption for some mobile clients, a move that brings a high level of security to millions of users. The change is the result of a partnership with Open Whisper Systems, the secure text and mobile OS company started by security researcher Moxie Marlinspike. Twitter acquired Open […]

Matsnu Botnet DGA Discovers Power of Words

Tue, 11/18/2014 - 10:33
The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection.

Microsoft Releases Critical Out-of-Band Patch for Kerberos Bug

Tue, 11/18/2014 - 10:25
Microsoft on Tuesday released a rare out-of-band patch for a critical vulnerability in several versions of Windows and Windows Server, including Windows 8 and 8.1.

Apple iOS 8.1.1 Fixes Several Code-Execution Flaws

Tue, 11/18/2014 - 07:27
Apple has patched 10 vulnerabilities in iOS, including a pair of bugs that allowed arbitrary code execution and one that enables an attacker to run random binaries on a target device.

Cisco Releases Security Analytics Framework to Open Source

Mon, 11/17/2014 - 16:03
Cisco's OpenSOC, a security analytics framework, has been released to open source.

IAB Urges Designers to Make Encryption the Default

Mon, 11/17/2014 - 15:08
The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet's key standards, has recommended that encryption be the default traffic option for protocols.

New Research, Same Old Problems With BadUSB

Mon, 11/17/2014 - 14:16
Karsten Nohl has updated his BadUSB research, looking at the top eight USB controller chips and determining that about half are susceptible to being maliciously reprogrammed.

Visa, MasterCard Removing Passwords from 3D Secure

Mon, 11/17/2014 - 13:17
Visa and MasterCard announce plans to discontinue password use on 3D Secure, Verify by Visa and SecureCode secure payment platforms.

AT&T Drops Controversial Tracking Header

Mon, 11/17/2014 - 11:51
When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble information on their activities. Now, AT&T says it has ended the practice. AT&T officials […]

How I Got Here: Kelly Jackson Higgins

Mon, 11/17/2014 - 09:37
Dennis Fisher talks with Kelly Jackson Higgins of DarkReading about her childhood days creating her own newspapers, her ambitions to be a sportswriter, getting into technology journalism and the fun and craziness of covering the security industry.

Issues Arise With MS14-066 Schannel Patch

Mon, 11/17/2014 - 09:30
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometimes cause processes to hang or become unresponsive from […]

CoinVault Ransomware’s Free File Decrypt A Show of Good Faith

Fri, 11/14/2014 - 13:59
A new piece of ransomware called CoinVault offers to decrypt a single file for free in hopes of encouraging victims to pay the ransom.