Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 1 hour 17 min ago

Analysis of Flash Zero Day Shows Layers of Obfuscation

Tue, 01/27/2015 - 09:56
The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have […]

Researchers Link Regin to Malware Disclosed in Recent Snowden Documents

Tue, 01/27/2015 - 07:00
Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents.

Thunderstrike Patch Slated for New OS X Build

Mon, 01/26/2015 - 15:06
In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.

Android Wi-Fi Direct Vulnerability Details Disclosed

Mon, 01/26/2015 - 14:40
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.

Google Engineer Explains Company’s Decision Not to Patch Bug in Older Android Versions

Mon, 01/26/2015 - 14:32
Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that patching older versions of the OS […]

Adobe Begins Auto-Update Patching of Second Flash Player Zero Day

Mon, 01/26/2015 - 12:17
Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exploits for which have been included in the notorious Angler Exploit Kit.

Marriott Fixes Simple Bug in Web Service That Could Expose Customer Data

Mon, 01/26/2015 - 11:21
Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found. The vulnerability is the result of Marriott’s system failing to use any kind of authentication on requests, meaning that an attacker who knew […]

Siemens Fixes Web Vulnernability in SIMATIC PLC

Fri, 01/23/2015 - 14:45
Siemens has patched a web vulnerability in its SIMATIC PLC family of products that could have led unsuspecting users to malicious sites

Threatpost News Wrap, January 23, 2015

Fri, 01/23/2015 - 12:28
Dennis Fisher and Mike Mimoso talk about all of the zero days that were dropped this week on Adobe and Apple, the Oracle backdoor drama and the upcoming Kaspersky Security Analyst Summit in Cancun. Then, Dennis calls Brian Donohue to talk about the wonders of the Blackhat movie and Brian's dog makes a special appearance, too!

PHP 5.6.5 Released With Several Security Fixes

Fri, 01/23/2015 - 12:02
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to remote code execution in some cases. “Sapi/cgi/cgi_main.c in […]

Thousands of US Gas Stations Vulnerable to Remote Hacks

Fri, 01/23/2015 - 11:54
UPDATE: Thousands of U.S. gas stations contain internet-connected fuel gauges that don't require passwords and could be remotely shut down by hackers.

Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures

Fri, 01/23/2015 - 10:05
Three unpatched Apple OS X vulnerabilities were disclosed by Google's Project Zero research team. Project Zero discloses if a bug is not patched within 90 days of reporting it to the affected vendor.

Following Credential Leak, Microsoft Confirms Mojang Not Hacked

Thu, 01/22/2015 - 15:35
Microsoft confirmed this week that despite 2000 Mojang user credentials leaking online, the gaming firm has not been hacked.

Chrome 40 Patches 62 Security Vulnerabilities, Pays Bounties Aplenty

Thu, 01/22/2015 - 13:45
Google released version 40 of the Chrome browser, patching 62 vulnerabilities, including close to two-dozen critical memory corruption flaws.

Details on Regin Malware Modules Disclosed

Thu, 01/22/2015 - 12:55
Researchers at Kaspersky Lab today released a detailed analysis of two modules belonging to the Regin malware platform, one for lateral movement, the other a backdoor.

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week

Thu, 01/22/2015 - 12:43
UPDATE–Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is […]

Firefox Meta Referrer A Move Toward Browser Privacy

Wed, 01/21/2015 - 13:57
Mozilla announced the availability of a meta referrer header in Firefox 36 beta. The meta referrer provides users with policy options limiting the personal data sent in web requests.

Exploit for Flash Zero Day Appears in Angler Exploit Kit

Wed, 01/21/2015 - 12:53
The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability.

Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE

Wed, 01/21/2015 - 12:40
A researcher has developed a bypass for Microsoft's latest memory corruption mitigations in Internet Explorer, Heap Isolation and Delay Free.

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

Wed, 01/21/2015 - 11:17
Two flaws in Schneider Electric's ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device's FTP server and configuration file.