Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 2 hours 4 min ago

New BIOS Implant, Vulnerability Discovery Tool to Debut at CanSecWest

Thu, 03/19/2015 - 07:00
Researchers are expected to present at CanSecWest a BIOS rootkit that automates BIOS vulnerability discovery and implants persistent malware.

Breach at Premera Blue Cross Affects 11 Million

Wed, 03/18/2015 - 11:17
Hackers wriggled their way into the servers of health insurance provider Premera Blue Cross last year, and potentially exposed the information of 11 million members, employees and other associates.

Apple Patches WebKit Vulnerabilities in Safari

Wed, 03/18/2015 - 10:35
Apple released new versions of Safari that patch a number of WebKit vulnerabilities.

Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks

Wed, 03/18/2015 - 10:18
FireEye scanned iOS and Android apps downloaded billions of times in aggregate and determined that, despite the availability of patches, because the apps still connect to vulnerable HTTPS servers, they’re subject to FREAK attacks.

HTTPS Opens Door to Paid Pinterest Bug Bounty

Tue, 03/17/2015 - 14:19
Pinterest announced this week that it would begin paying cash rewards through its bug bounty program, and said that its move to HTTPS paved the way.

Shared Keys Simplify, Cheapen FREAK Attacks

Tue, 03/17/2015 - 10:11
Researchers from Royal Holloway University in London published a paper demonstrating inexpensive ways to crack the 512-bit export-grade RSA keys vulnerable to the FREAK attack.

Microsoft Warns Fraudulent Certificate Could Lead to MiTM Attacks

Tue, 03/17/2015 - 10:09
Microsoft has blacklisted a phony SSL certificate and is warning the certificate could be leveraged to stage man-in-the-middle attacks.

Stealthy, Persistent DLL Hijacking Works Against OS X

Tue, 03/17/2015 - 06:53
Researcher Patrick Wardle of Synack is expected this week at CanSecWest to unveil malicious dylib attacks against Apple’s Mac OS X.

D-Link Patches Two Remotely Exploitable Bugs in Firmware

Mon, 03/16/2015 - 16:13
Router company D-Link has patched two separate vulnerabilities in its firmware that could be exploited remotely and lead to takeover and arbitrary code execution. Devices under the DCS-93xl umbrella, including the following IP cameras with a custom Linux distribution models: DCS-930L, DCS-931L, DCS-932L, and DCS-933L, contain a hole that enabled remote authenticated attackers to upload their […]

Google Aware of Memory Leakage Issue in Android 5.1, Fix Forthcoming

Mon, 03/16/2015 - 13:27
Google is prepping a fix for Android users to address a meddlesome memory leakage issue that’s plagued some device users since the beginning of the year.

Facebook Transparency Report: US Data Requests Dip Slightly

Mon, 03/16/2015 - 12:59
Facebook's Transparency Report for the latter half of 2014 shows slightly fewer U.S. government requests for user data; the company also updates its Community Standards.

Yahoo Previews End-To-End Email Encryption Extension

Mon, 03/16/2015 - 09:37
Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption extension has been released to GitHub for review.

Threatpost News Wrap, March 13, 2015

Fri, 03/13/2015 - 14:20
Dennis Fisher and Mike Mimoso discuss the new patch for the fiver-year-old LNK vulnerability used by Stuxnet, the new iOS patches and the other news of the week.

Mozilla Releases Open Source Masche Forensics Tool

Fri, 03/13/2015 - 11:11
Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. […]

Google Apps ‘Defect’ Leaks Private WHOIS Data Of 280,000

Fri, 03/13/2015 - 09:54
A Google Apps bug leaked hidden WHOIS registrant information in the clear, putting close to 300,000 domain owners at risk for identity theft, phishing scams and more.

Adobe Patches 11 Critical Vulnerabilities in Flash Player

Thu, 03/12/2015 - 19:45
Adobe released an updated Flash Player with patches for 11 critical vulnerabilities, most of which lead to remote code execution.

After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices

Thu, 03/12/2015 - 16:21
Samsung patched a vulnerability last month in SNS Provider that if exploited could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter.

CryptoLocker Variant Coming After Gamers

Thu, 03/12/2015 - 15:57
A variant of CryptoLocker ransomware is targeting gamers, encrypting files associated with more than 20 popular titles in exchange for a Bitcoin payment.

BlackBerry Warns Many Products Vulnerable to FREAK Attack

Thu, 03/12/2015 - 14:28
BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from BlackBerry says that there are no workarounds for the […]

SQL Injection Bug Fixed in Popular WordPress SEO Plug-In

Thu, 03/12/2015 - 13:28
Popular search engine optimization plugin, SEO by Yoast fixed a blind SQL injection vulnerability yesterday that could be exploited to take control of affected sites.