Threatpost for B2B
The First Stop For Security News
Updated: 12 hours 47 min ago
Oracle's January 2015 Critical Patch update includes a fix for a backdoor found in the Oracle E-Business Suite by researcher David Litchfield. The patch is among 169 released in the CPU.
Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll.
Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption vulnerabilities, along with a cross-site request forgery bug and a flaw that could lead to […]
Researchers describe an attack leverage Siri on jailbroken iOS devices to steal secrets such as credit card numbers or passwords.
Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle’s […]
A cross site request forgery vulnerability in GoDaddy domain settings has been patched two days after it was reported to the domain registrar.
The Cisco 2015 Annual Security report shows that CISOs and other security personnel are confident about their strategies despite that they are not patching.
A device that Progressive sends out to customers to give them a better rate by may be doing more than keeping track of their driving, the devices may be insecure and used to take control of vehicles.
Verizon patched a vulnerability in an API used by its My FiOS mobile application that allowed any user access to any Verizon email account.
An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.
There is a vulnerability in PolarSSL, an open-source SSL library used in a variety of products, that could enable an attacker to execute arbitrary code under some circumstances. The vulnerability is the result of an uninitialized pointer in the PolarSSL code and researchers said that an attacker with knowledge of the target system may be […]
There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines. Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher Veysel Hatas reported the vulnerabilities to VideoLAN in December and published the […]
Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.
Dennis Fisher and Mike Mimoso discuss the security news of the past week, including the proposed changes to the CFAA, David Cameron's encryption comments, the NSA's quasi-apology regarding Dual EC and the Microsoft-Google disclosure feud.
Mozilla released the latest version of its flagship browser this week, Firefox 35, fixing nine vulnerabilities, including three critical bugs.
Police in the UK, working in cooperation with the FBI, arrested an 18-year-old man Friday in connection with recent DDoS attacks on the PlayStation Network and Xbox Live services. The authorities arrested the unnamed man in Southport, and he is being held on suspicion of computer crime and unauthorized access to computer material. UK officials […]
Google Project Zero has disclosed a pair of unpatched Windows vulnerabilities after the expiration of its 90-day deadline. Microsoft said it will patch one bug in February, and both sides agree the second does not merit a security bulletin.
Vague language in the White House's proposed amendments to the CFAA leave the door open to a chilling effect on legitimate security research.
Two Google AdWords campaigns have been hijacked by malvertisers and users are being redirected to fraud sites without even clicking the poisoned ads.
Administration files for Pirelli routers, issued by the biggest ISP in Spain, can be accessed from anywhere putting WPA keys, PINs, certificates and more at risk.