Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 13 hours 35 min ago

A Spam Trinity: Email Harvesters, Botmasters, Spammers

Wed, 06/18/2014 - 12:55
Researchers at the University of California Santa Barbara and Aachen University in Germany examined the relationship between spammers, botmasters and email harvesters in order to improve antispam systems.

Flaws Found in USCIS RFID Card Production System

Wed, 06/18/2014 - 11:42
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]

Belkin Patches Directory Traversal Bug in Wireless Router

Wed, 06/18/2014 - 10:42
There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router. The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version […]

Microsoft Warns of Denial-of-Service Bug in Malware Protection Engine

Tue, 06/17/2014 - 15:05
Microsoft released a security advisory today warning users of a denial of service vulnerability in its Malware Protection Engine which ships with a number of Microsoft security products.

Asprox Malware Borrowing Stealth from APT Campaigns

Tue, 06/17/2014 - 12:01
The Asprox botnet has evolved to include APT characteristics that help it evade detection by security software.

Android Root Access Vulnerability Affecting Most Devices

Tue, 06/17/2014 - 10:47
Geohot's latest Android rooting tool relies on a privilege root access, escalation vulnerability affecting the majority of commercial Android builds.

AT&T Warns Customers of Data Breach

Tue, 06/17/2014 - 10:34
AT&T has notified some of its mobile customers that employees of one of its contractors accessed some customer information, including birth dates and Social Security numbers, in an effort to generate codes that could be used to unlock devices. The company did not specify how many customers were affected by the breach, and it doesn’t appear […]

Ten Years Later, Cabir Worm’s Place in History is Unique

Mon, 06/16/2014 - 15:56
It’s difficult to remember now–and seems quaint even if you can recall it–but there was a time in the not-so-distant past when industry analysts and security experts were worried about the coming mobile malware apocalypse. Self-replicating malware would soon be flooding our phones, deleting our coveted ringtones and preventing us all from playing Snake. Mobile phones […]

Hackers Breach Domino’s France, Demand Ransom Payment

Mon, 06/16/2014 - 11:27
A hacker group is demanding a €30,000 ransom payment after compromising systems belonging to Domino's in France and Belgium and stealing 600,000 customer records.

Dyreza Banker Trojan Seen Bypassing SSL

Mon, 06/16/2014 - 10:52
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the […]

Scans Quantify Vulnerable OpenSSL Servers

Fri, 06/13/2014 - 14:05
Qualys director of engineering Ivan Ristic published data that indicates about half of servers running OpenSSL are vulnerable to CVE-2014-0224.

Microsoft Privacy Policy Promises No Targeted Advertisements

Fri, 06/13/2014 - 11:19
Microsoft doubles down on claims it does not scan user files or monitor user communication in order to target advertisements to its customer.

ISC Patches Critical DoS Vulnerability in BIND

Fri, 06/13/2014 - 11:10
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.

U.S. Marshals Auctioning Off Seized Silk Road Bitcoins

Fri, 06/13/2014 - 10:41
If any further evidence was required that up is down and black is white, the United States government is now in the business of selling Bitcoins. At least for one day.

Hot, Cold Reactions to New Google Play App Permissions

Thu, 06/12/2014 - 14:51
Google Play's new app permissions arrive with some privacy concerns.

Versatility of Zeus Framework Encourages Criminal Innovation

Thu, 06/12/2014 - 14:30
Ever since the Zeus source code leaked in late 2010, criminals have been creating highly customized, difficult-to-detect versions of it that target very specific services.

Facebook Set to Let Users Edit Own Advertising Info

Thu, 06/12/2014 - 13:15
Facebook announced it will soon be rolling out a new feature to give its users more control when it comes to the types of advertisements they see on the site.

A Day To Forget For Teen At Center Of TweetDeck Shutdown

Thu, 06/12/2014 - 12:19
An Austrian teen at the center of yesterday's TweetDeck security incident explains how things went wrong and what the last 24 hours have been like.

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable

Thu, 06/12/2014 - 09:38
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products.

TweetDeck Taken Down in Wake of XSS Attacks

Wed, 06/11/2014 - 13:45
TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.