Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 11 hours 40 min ago

Remote Code Execution in Popular Hikvision Surveillance DVR

Mon, 11/24/2014 - 12:48
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.

Costin Raiu on the Regin APT Malware

Mon, 11/24/2014 - 11:05
Denis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT Team about the discovery of the Regin APT malware, the threat's targets and tactics, its ability to compromise GSM base stations and its other capabilities.

Regin Cyberespionage Platform Also Spies on GSM Networks

Mon, 11/24/2014 - 10:09
Kaspersky Lab researchers have learned that the Regin cyberespionage platform also targets GSM telecommunications networks.

EFF, Privacy Groups Say NIST Crypto Standards Must be Free From Backdoors

Mon, 11/24/2014 - 09:24
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create "a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities."

FTC Shutters $120 Million Tech Support, Bogus Software Scam

Fri, 11/21/2014 - 16:09
The FTC and a Florida federal court issued temporary restraining orders against a number of organizations and individuals involved in a massive telemarketing operating selling bogus software and support.

Threatpost News Wrap, November 21, 2014

Fri, 11/21/2014 - 13:20
In this week's news wrap podcast, Threatpost editors discuss an out-of-band Microsoft patch, the compromised Joomla and WordPress plug-inattack campaign and the Detekt anti-surveillance tool.​

Buffer Overflow Haunts Advantech WebAccess SCADA Product

Fri, 11/21/2014 - 11:00
The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution. Advantech WebAccess is a SCADA and human-machine interface product that’s accessible over the Web. It’s used in a variety of industries, including energy, manufacturing, government and the commercial sector. The vulnerability affects […]

WordPress 4.0.1 Update Patches Critical XSS Vulnerability

Fri, 11/21/2014 - 09:52
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.

Most Targeted Attacks Exploit Privileged Accounts

Thu, 11/20/2014 - 16:51
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.

Detekt Tool Puts Surveillance Spyware on Notice

Thu, 11/20/2014 - 14:08
Civil rights activists and hacker Claudio Guarnieri along with partners such as the EFF and Amnesty International released Detekt, open source security software targeting activists and oppressed people that scans Windows machines for dangerous spyware.

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Thu, 11/20/2014 - 10:54
Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013. […]

Drupal Patches Denial of Service Vulnerability; Details Disclosed

Thu, 11/20/2014 - 10:03
Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue.

Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440

Thu, 11/20/2014 - 08:02
Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit’s arsenal. This is a common tactic for exploit […]

Citadel Variant Targets Password Managers

Wed, 11/19/2014 - 14:54
Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools.

FREEDOM Act Rejection Should Keep ‘Encrypt Everything’ Bandwagon Rolling

Wed, 11/19/2014 - 13:11
The U.S. Senate failed to pass the USA FREEDOM Act last night, but that should matter little to security and technology companies rolling out encryption everywhere.

Nasty Security Bug Fixed in Android Lollipop 5.0

Wed, 11/19/2014 - 10:54
A bug was recently fixed in Android Lollipop that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances.

Tor Reins in Concerns After Academic Paper on De-Anonymization

Tue, 11/18/2014 - 14:33
Leaders at the Tor Project call for calm after an academic paper spells out how funded hackers could use NetFlow data from Cisco routers to de-anonymize Tor users.

Google Removes SSLv3 Fallback Support From Chrome

Tue, 11/18/2014 - 13:42
Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month.

EFF, Others Plan to Make Encrypting the Web Easier in 2015

Tue, 11/18/2014 - 13:40
A new coalition, Let's Encrypt, announced today they will grant free HTTPS certificates to any site that needs one in 2015.

Google Releases Open Source Tool for Testing Web App Security Scanners

Tue, 11/18/2014 - 12:17
Google today released to open source security scanning tool called Firing Range, which is designed to test for cross-site scripting (XSS) and other vulnerabilities on a massive scale.