Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 17 hours 36 min ago

Android Outlook App Could Expose Emails, Attachments

Thu, 05/22/2014 - 15:25
There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments.

eBay Hack Raises Password ‘Encryption’ Questions

Thu, 05/22/2014 - 15:25
eBay did not enjoy its finest hour responding to and communicating about a breach of its password database.

Microsoft Working on Patch for IE 8 Zero Day

Thu, 05/22/2014 - 13:57
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup […]

Adobe Shockwave Lugging Around Hobbled, Vulnerable Version of Flash

Thu, 05/22/2014 - 13:15
Adobe promises that its next Shockwave update will bring its bundled Flash Player patch levels up to date; in the meantime, Shockwave offers hackers a large attack surface to target.

Better Security, ‘Progressive Encryption’ in Silent Text 2.0

Wed, 05/21/2014 - 15:33
Silent Circle has released a new version of its private text messaging and secure file transfer service for Android and iOS mobile devices.

Researchers Find Serious Problems in Chip and PIN EMV Implementation, Protocol

Wed, 05/21/2014 - 15:11
Researchers at Cambridge University published a paper describing security vulnerabilities in the EMV chip-and-PIN protocol and implementation.

Samsung Eyes Iris Recognition for New Phones

Wed, 05/21/2014 - 14:43
Samsung announced this week that to bolster security, it will incorporate biometric sensors such as iris scanners into more of its products in the near future.

Another Internet Explorer Zero Day Surfaces

Wed, 05/21/2014 - 14:04
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero […]

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Day

Wed, 05/21/2014 - 11:08
Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year's Pwn2Own contest. The bug was patched in March, one week after the contest.

eBay Compromised in Data Breach, Urges Password Change

Wed, 05/21/2014 - 10:49
eBay will ask customers to change their passwords today because of an attack that breached a server containing encrypted passwords and other information.

ICS-CERT Confirms Public Utility Compromised Recently

Wed, 05/21/2014 - 10:31
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT, […]

Companies Better at Containing Data Breaches

Wed, 05/21/2014 - 09:00
For all that gets written about how poorly organizations have responded to data breaches as of late, believe it or not, one new study has deduced that companies are getting better.

Chrome 35 Fixes 23 Security Flaws

Tue, 05/20/2014 - 14:11
Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities, […]

Enterprises Still Lax on Privileged User Access Controls

Tue, 05/20/2014 - 12:42
The results of a survey commissioned by Raytheon demonstrate that enterprises still don't have a firm grasp on privileged users and their activities on corporate networks.

The U.S., China and Internet Glass Houses

Tue, 05/20/2014 - 11:50
That was quite a show the government put on Monday. The dramatic press conference featuring Attorney General Eric Holder, the coordinated press leaks ahead of the announcement, the strong statements about the sanctity of American commerce and how the United States will prosecute those who conduct cyberespionage against American targets. There were even cyber-wanted posters. […]

More than 90 Arrested in Blackshades RAT Takedown

Tue, 05/20/2014 - 09:44
The FBI, Justice Department and law enforcement in 19 countries announced the takedown of the Blackshades operation, responsible for dissemination of the Blackshades RAT.

XMPP Mandating Encryption on Messaging Service Operators

Mon, 05/19/2014 - 16:07
Beginning today, operators of instant massaging services that rely on the extensible messaging and presence protocol (XMPP) are expected to deploy encryption into the messaging platforms they maintain.

Malvertising Redirecting to Microsoft Silverlight Exploits

Mon, 05/19/2014 - 15:04
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.

Facebook Takes Tougher Stand Against BREACH Attack

Mon, 05/19/2014 - 13:30
Facebook disclosed today how it has beefed up cross-site request forgery (CSRF) tokens in order to ward off the BREACH attack.

U.S. Indicts Five Chinese Army Officers for Alleged Cyberespionage Operations

Mon, 05/19/2014 - 11:30
The United States government on Monday made an unprecedented move in its efforts to combat cyberespionage operations against American companies, efforts that until now had mainly consisted of strongly worded statements and diplomacy. The Department of Justice indicted five officers of the Chinese People’s Liberation Army for allegedly hacking into networks run by companies such […]