Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 16 hours 8 min ago

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

Wed, 06/25/2014 - 11:39
There's a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim's account to any recipient he chooses.

Crowdsourcing Finding its Security Sweet Spot

Wed, 06/25/2014 - 09:41
Private and commercial businesses are starting to find some comfort in crowdsourcing security research into application vulnerabilities,.

Luuuk Fraud Campaign Steals €500K From Bank in One Week

Wed, 06/25/2014 - 08:27
A fraud campaign stole more than half a million dollars from a European bank in a week earlier this year, researchers with Kaspersky Lab announced this week.

Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks

Tue, 06/24/2014 - 11:39
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.

AskMen Site Compromised by Nuclear Pack Exploit Kit

Tue, 06/24/2014 - 09:10
Users who visit AskMen.com, a men’s entertainment and lifestyle portal, are being hit with malicious code – possibly stemming from the Nuclear Pack exploit kit - researchers announced today.

Researchers Go Inside HackingTeam Mobile Malware, Command Infrastructure

Tue, 06/24/2014 - 09:03
Researchers from Kaspersky Lab and Citizen Lab released a report today with extensive details on the HackingTeam's controversial RCS spyware, in particular its extensive global command infrastructure and mobile malware.

OpenSSL Heartbleed Patch Progress Slowing Two Months Later

Mon, 06/23/2014 - 16:51
More than two months after it emerged, more than 300,000 machines on port 443 remain vulnerable to the OpenSSL Heartbleed security vulnerability.

Threatpost News Wrap, June 23, 2014

Mon, 06/23/2014 - 15:17
Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digital_underground_156.mp3 Music by Chris Gonsalves  

Google’s BoringSSL Latest OpenSSL Fork to Surface

Mon, 06/23/2014 - 11:06
Google announced its fork of OpenSSL called BoringSSL, a version of the crypto libraries that will now import changes from OpenSSL.

Cisco Releases Open Source FNR Cipher

Mon, 06/23/2014 - 10:57
Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new cipher–called Flexible Naor and […]

Microsoft to Preview Interflow Information Sharing Platform

Mon, 06/23/2014 - 09:03
A private preview of Microsoft's new Interflow security threat information-sharing platform opens this week. Interflow, built on industry standards such as STIX and TAXII, automates information sharing across industries.

House Amendment Limits Funding for NSA Surveillance

Fri, 06/20/2014 - 13:27
The House of Representatives yesterday passed an amendment that reins in NSA surveillance by cutting Department of Defense funds.

FBI, NYPD Form Financial Cybercrime Task Force

Fri, 06/20/2014 - 10:08
The FBI has formed a new cybercrime task force with the New York Police Department and the Metropolitan Transit Authority whose job will be to go after high-level financial cyber crimes, employing a model of interagency cooperation that the bureau and other federal law enforcement agencies have used with notable success in other areas. The […]

Plaintext Supermicro IPMI Credentials Exposed

Fri, 06/20/2014 - 09:28
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.

Google, Microsoft to Implement Mobile ‘Kill Switch’

Thu, 06/19/2014 - 13:58
Google and Microsoft will implement 'kill switches' into their mobile offering in response to petitions from elected officials claiming that a similar Apple feature has deterred theft and violent crime.

Research Project Pays People to Download, Run Executables

Thu, 06/19/2014 - 11:57
Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences.

Possible TrueCrypt Fork in the Works

Thu, 06/19/2014 - 11:08
Although the developers behind the TrueCrypt encryption software have given up the ghost and decided to no longer maintain the application, interest in the project has never been higher. But, one of the developers says that a nascent effort to fork TrueCrypt is unlikely to succeed. Matthew Green, a cryptographer and professor at Johns Hopkins […]

Hacker Puts Hosting Service Code Spaces Out of Business

Wed, 06/18/2014 - 17:09
Cloud-based code-hosting service Code Spaces announced today it was going out of business after a hacker deleted most of its machines, customer data and backups.

Hacker Exploits NAS Vulnerabilities to Mine $620K in Dogecoin

Wed, 06/18/2014 - 15:01
A hacker exploiting vulnerabilities in Synology network attached storage boxes was able to mine $620,000 in Dogecoin.

FTC Asking DEF CON to Help Catch Robocallers

Wed, 06/18/2014 - 13:01
The FTC is seeking help from hackers at DEF CON to help lure and identify the perpetrators of illegal robocalling scams, whether they are criminal or corporate.