Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 5 hours 33 min ago

Katie Moussouris on Starting a Bug Bounty Program

Mon, 02/23/2015 - 12:02
In this video from last week's Security Analyst Summit, HackerOne's Katie Moussouris explains the main thing companies that want to start a bounty program or vulnerability incentive program need to know: There is no one size fits all.

Trey Ford on Mapping the Internet with Project Sonar

Fri, 02/20/2015 - 12:28
Trey Ford from Project Sonar describes the group's initiative at Kaspersky's Security Analyst Summit. The Rapid 7 service scans public-facing networks for apps, software, and hardware, then analyzes that cache of information to gain insight to trends and common vulnerabilities.

Costin Raiu on the Equation Group APT

Fri, 02/20/2015 - 10:22
Dennis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT team about the researcher behind the Equation Group campaign, the group's capabilities and why they seem to have gone dark now.

Lenovo Superfish Certificate Password Cracked

Thu, 02/19/2015 - 14:07
Researcher Rob Graham has cracked the certificate password for Superfish adware pre-installed on Lenovo laptops.

TrueCrypt Audit Stirs Back To Life

Thu, 02/19/2015 - 13:15
The organizers of the TrueCrypt audit expect the cryptanalysis of the open source encryption software to begin shortly; phase two will be handled by NCC Group's Cryptography Services practice.

‘Yes, Your Car Wash Is On Facebook’

Thu, 02/19/2015 - 08:47
Looking in one of the more obscure corners of the web, Billy Rios discovered how to hack automated car wash equipment.

Christofer Hoff on Mixed Martial Arts, Active Defense, and Security

Wed, 02/18/2015 - 12:10
In a talk Monday Christofer Hoff stressed that in security and martial arts alike, it's hard to be a skilled defender if you don't understand how your adversaries pull off the attacks.

Tracking Malware That Uses DNS for Exfiltration

Tue, 02/17/2015 - 17:59
Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.

BadUSB Vulnerabilities Live in ICS Gear Too

Tue, 02/17/2015 - 16:24
BadUSB-style attacks against industrial control systems are theoretically possible, but bear watching according to Michael Toecker today at the Security Analyst Summit.

Indexing the Dark Web One Hacking Forum At A Time

Tue, 02/17/2015 - 15:27
Staffan Truve spoke Monday at the Kaspersky Analyst Summit about the efforts his company Recorded Future is taking to index the dark web, or what he called the underbelly.

Encryption and Silence Can be Targets’ Best Assets

Tue, 02/17/2015 - 12:45
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security. Secure communications among researchers who know one another […]

First Arabic Cyberespionage Operation Uncovered

Tue, 02/17/2015 - 12:40
The Desert Falcons gang is the first Arabic APT group, according to researchers at Kaspersky Lab.

Inside nls_933w.dll, the Equation APT Persistence Module

Tue, 02/17/2015 - 12:01
The persistence module used by the Equation APT Group uncovered by researchers at Kaspersky Lab has been called the ultimate cyberattack tool.

APT Groups Emerging in Middle East

Tue, 02/17/2015 - 11:22
CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well. In 2013, Adrian […]

Examining the Risks and Advantages of Biohacking

Mon, 02/16/2015 - 18:47
At the Security Analyst Summit, expert Hannes Sjoblad described the potential uses for NFC implants as authenticators and transaction verifiers.

Preventing Silent Data Exits a Workable Problem for Businesses

Mon, 02/16/2015 - 17:45
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent […]

Massive, Decades-Long Cyberespionage Framework Uncovered

Mon, 02/16/2015 - 15:02
CANCUN--Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.

Don’t Build a Bounty Program; Build an Incentive Program

Mon, 02/16/2015 - 14:59
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.

Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence

Mon, 02/16/2015 - 14:18
Dan Kaminsky insisted that there's a cost to doing security crypto through DNS at Kaspersky Lab's 2015 Security Analyst Summit Monday.

Hackers’ Op-Sec Failures Important Clues to Uncover APT Gangs

Mon, 02/16/2015 - 13:06
At the Security Analyst Summit, a researcher from PwC explained how some huge operational security failures on the part of APT gangs helped uncover those behind attacks.