Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 8 hours 57 min ago

Details Surface on Unpatched KCodes NetUSB Bug

Tue, 05/19/2015 - 14:41
KCodes NetUSB, a Linux kernel module that provides USB services over IP, contains unpatched vulnerabilities according to an alert from CERT/CC and Sec Consult

St. Louis Federal Reserve Falls Victim to DNS Hijack

Tue, 05/19/2015 - 13:57
The Federal Reserve Bank of St. Louis confirmed this week that it fell victim to a DNS hijack last month that may have redirected users to bogus webpages and exposed customers to phishing, malware and other attacks.

Google Fixes Sandbox Escape in Chrome

Tue, 05/19/2015 - 13:19
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities […]

Malvertising Leads to Magnitude Exploit Kit, Ransomware Infection

Tue, 05/19/2015 - 12:38
Researchers from ZScaler have uncovered a new scheme where criminals are using malversting to redirect to pages hosting the Magnitude exploit kit and the CryptoWall ransomware.

Address-Spoofing Bug Haunts Android Stock Browser

Tue, 05/19/2015 - 10:29
There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem […]

President Urged to Reject Mandatory Backdoors

Tue, 05/19/2015 - 09:56
A coalition of 150 tech companies and privacy champions sent a letter to President Obama urging him to reject any proposals mandating backdoor access to software and devices.

Researchers, IEEE Release Medical Device Security Guidelines

Mon, 05/18/2015 - 16:36
A collection of research scientists, with help from the IEEE Cybersecurity Initiative, have released a new set of guidelines for developers to take into account to ensure security figures into how medical devices are coded.

APT Group Embeds Command and Control Data on TechNet Pages

Mon, 05/18/2015 - 15:03
The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources.

Penn State Offline Following Advanced Two-Year Cyberattack

Mon, 05/18/2015 - 12:46
Penn State announced that its school of engineering was the victim of a more than two-year long cyberattack perpetuated by advanced persistent threat groups.

Oracle Patches VENOM Vulnerability

Mon, 05/18/2015 - 10:49
Oracle on Saturday released its patch for the VENOM vulnerability, a guest escape flaw that affects many virtualization platforms.

TeslaCrypt Ransomware Taking a Toll on Victims

Mon, 05/18/2015 - 10:44
The attackers behind the TeslaCrypt ransomware, which is one of the newer entries on the scene, may not be making as much money yet as some of their more experienced competitors, but researchers say that their malware is having a profound effect on victims. Like many other pieces of ransomware, TeslaCrypt often spreads with the […]

Researchers Disclose Further Vulnerabilities in Google App Engine

Fri, 05/15/2015 - 12:44
A group of Polish researchers is claims there are still several outstanding vulnerabilities in Google App Engines, including three complete Java sandbox escapes.

Threatpost News Wrap, May 15, 2015

Fri, 05/15/2015 - 11:34
Dennis Fisher and Mike Mimoso talk about the VENOM vulnerability, the idea of marketing bugs, Microsoft's new Edge browser security features and the awesome CSI: Cyber finale.

Google Changes Policy on Chrome Extensions

Fri, 05/15/2015 - 11:17
Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store. The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome users, depending upon their tolerance […]

Several Factors Mitigate VENOM’s Utility for Attackers

Fri, 05/15/2015 - 10:45
Proof of concept code exploiting the VENOM vulnerability has surfaced. Its author says mitigating factors make VENOM difficult to exploit at scale.

House Vote Slams NSA Records Collection; Senate Next as 215 Deadline Looms

Thu, 05/14/2015 - 14:27
The U.S. House voted 388-88 to end the NSA's bulk collection of phone call metadata business records.

Cisco Patches Flaws in TelePresence

Thu, 05/14/2015 - 11:58
Cisco patched command injection, authentication bypass, and denial of service vulnerabilities in a number of its TelePresence products.

The Triumphant Finale of CSI: Cyber

Thu, 05/14/2015 - 11:32
It's been a couple of months since we left our heroes on CSI: Cyber, and boy, have they been busy.

Dan Kaminsky on VENOM

Wed, 05/13/2015 - 15:43
Dennis Fisher talks with Dan Kaminsky about the VENOM bug, the value of virtual machine escapes, why everyone wants to make every bug the worst one of all time or just a bunch of hype and what the Avengers have to do with vulnerability disclosure.

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

Wed, 05/13/2015 - 15:30
SAP SE has fixed security vulnerabilities in a pair of compression algorithms used by a number of the company's popular business management software programs.