Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 18 hours 40 min ago

[Bad]USB ‘Patch’ Skirts More Effective Options

Thu, 10/09/2014 - 06:54
Researchers who released attack code against vulnerabilities in USB devices followed that up with a patch, that they and researcher Karsten Nohl acknowledge isn't enough to solve the problem.

Google Fixes 159 Flaws in Chrome

Thu, 10/09/2014 - 06:02
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those patches–113 of them–fix minor vulnerabilities in the […]

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Tue, 10/07/2014 - 13:49
Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.

Arbor: DDoS Attacks Getting Bigger as Reflection Increases

Tue, 10/07/2014 - 13:29
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.

Twitter Files Suit Over Government Restrictions on National Security Letter Data

Tue, 10/07/2014 - 13:16
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free speech by requiring that the company “engage in speech […]

Tyupkin Malware Infects ATMs Worldwide

Tue, 10/07/2014 - 07:54
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.

Yahoo Confirms Infected Servers Unrelated to Shellshock

Mon, 10/06/2014 - 18:56
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.

Bugzilla Vulnerability Puts Bug Collections in Harm’s Way

Mon, 10/06/2014 - 13:13
A vulnerability in the account creation process in Bugzilla, bug-tracking software developed and licensed by Mozilla, exposes vulnerabilities collected by the system. Mozilla is expected to patch the vulnerability today.

Experts Laud Changes to iPhone, Android Encryption

Mon, 10/06/2014 - 12:49
The changes that both Google and Apple have made to their mobile operating systems to encrypt the data on users' devices have generated praise from the security and privacy communities and vitriol and criticism from the law enforcement and political worlds in equal measure.

AT&T Hit By Insider Breach

Mon, 10/06/2014 - 09:32
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users.

Shellshock-like Weakness May Affect Windows

Mon, 10/06/2014 - 07:19
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.

76M Households, 7M Businesses Impacted in JPMorgan Chase Breach

Fri, 10/03/2014 - 12:54
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer.

Threatpost News Wrap, October 3, 2014

Fri, 10/03/2014 - 12:35
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.

Google Changes SafeSearch Option for Administrators

Fri, 10/03/2014 - 09:07
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]

Researcher Takes Wraps off Two Undisclosed Shellshock Vulnerabilities in Bash

Fri, 10/03/2014 - 04:00
Researcher Michal Zalewski published details on two recently discovered Shellshock vulnerabilities in Bash.

Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtime

Thu, 10/02/2014 - 14:17
A number of cloud service providers like Amazon Web Services and Rackspace had to shut some systems down over the weekend to address a critical Xen security vulnerability.

Release of Attack Code Raises Stakes for USB Security

Thu, 10/02/2014 - 13:11
Two researchers published attack code exploiting weaknesses in USB similar to the BadUSB research presented at this year's Black Hat conference.

Second Same-Origin Policy Bypass Flaw Haunts Android Browser

Thu, 10/02/2014 - 09:49
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user's browser.

Joomla Re-Issues Security Update After Patches Glitch

Wed, 10/01/2014 - 13:49
A security update for the Joomla content management system was pulled and re-issued after problems with the first set of patches for a remote file inclusion and denial of service vulnerability were discovered.

VMware Begins to Patch Bash Issues Across Product Line

Wed, 10/01/2014 - 13:43
VMware issued a progress report on fixes for four different types of products as they relate to the Bash vulnerability.