Threatpost for B2B
The First Stop For Security News
Updated: 13 hours 35 min ago
Researchers at the University of California Santa Barbara and Aachen University in Germany examined the relationship between spammers, botmasters and email harvesters in order to improve antispam systems.
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]
There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router. The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version […]
Microsoft released a security advisory today warning users of a denial of service vulnerability in its Malware Protection Engine which ships with a number of Microsoft security products.
The Asprox botnet has evolved to include APT characteristics that help it evade detection by security software.
Geohot's latest Android rooting tool relies on a privilege root access, escalation vulnerability affecting the majority of commercial Android builds.
AT&T has notified some of its mobile customers that employees of one of its contractors accessed some customer information, including birth dates and Social Security numbers, in an effort to generate codes that could be used to unlock devices. The company did not specify how many customers were affected by the breach, and it doesn’t appear […]
It’s difficult to remember now–and seems quaint even if you can recall it–but there was a time in the not-so-distant past when industry analysts and security experts were worried about the coming mobile malware apocalypse. Self-replicating malware would soon be flooding our phones, deleting our coveted ringtones and preventing us all from playing Snake. Mobile phones […]
A hacker group is demanding a €30,000 ransom payment after compromising systems belonging to Domino's in France and Belgium and stealing 600,000 customer records.
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the […]
Qualys director of engineering Ivan Ristic published data that indicates about half of servers running OpenSSL are vulnerable to CVE-2014-0224.
Microsoft doubles down on claims it does not scan user files or monitor user communication in order to target advertisements to its customer.
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
If any further evidence was required that up is down and black is white, the United States government is now in the business of selling Bitcoins. At least for one day.
Google Play's new app permissions arrive with some privacy concerns.
Ever since the Zeus source code leaked in late 2010, criminals have been creating highly customized, difficult-to-detect versions of it that target very specific services.
Facebook announced it will soon be rolling out a new feature to give its users more control when it comes to the types of advertisements they see on the site.
An Austrian teen at the center of yesterday's TweetDeck security incident explains how things went wrong and what the last 24 hours have been like.
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products.
TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.