Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 9 hours 36 min ago

Facebook Transparency Report: US Data Requests Dip Slightly

Mon, 03/16/2015 - 12:59
Facebook's Transparency Report for the latter half of 2014 shows slightly fewer U.S. government requests for user data; the company also updates its Community Standards.

Yahoo Previews End-To-End Email Encryption Extension

Mon, 03/16/2015 - 09:37
Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption extension has been released to GitHub for review.

Threatpost News Wrap, March 13, 2015

Fri, 03/13/2015 - 14:20
Dennis Fisher and Mike Mimoso discuss the new patch for the fiver-year-old LNK vulnerability used by Stuxnet, the new iOS patches and the other news of the week.

Mozilla Releases Open Source Masche Forensics Tool

Fri, 03/13/2015 - 11:11
Mozilla has released an open source memory forensics tool that some college students designed and built during the company’s recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. […]

Google Apps ‘Defect’ Leaks Private WHOIS Data Of 280,000

Fri, 03/13/2015 - 09:54
A Google Apps bug leaked hidden WHOIS registrant information in the clear, putting close to 300,000 domain owners at risk for identity theft, phishing scams and more.

Adobe Patches 11 Critical Vulnerabilities in Flash Player

Thu, 03/12/2015 - 19:45
Adobe released an updated Flash Player with patches for 11 critical vulnerabilities, most of which lead to remote code execution.

After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices

Thu, 03/12/2015 - 16:21
Samsung patched a vulnerability last month in SNS Provider that if exploited could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter.

CryptoLocker Variant Coming After Gamers

Thu, 03/12/2015 - 15:57
A variant of CryptoLocker ransomware is targeting gamers, encrypting files associated with more than 20 popular titles in exchange for a Bitcoin payment.

BlackBerry Warns Many Products Vulnerable to FREAK Attack

Thu, 03/12/2015 - 14:28
BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from BlackBerry says that there are no workarounds for the […]

SQL Injection Bug Fixed in Popular WordPress SEO Plug-In

Thu, 03/12/2015 - 13:28
Popular search engine optimization plugin, SEO by Yoast fixed a blind SQL injection vulnerability yesterday that could be exploited to take control of affected sites.

Obama Administration Seeks More Legal Power to Disrupt Botnets

Thu, 03/12/2015 - 10:31
The federal government is seeking more legal power to step in and shut down botnets through an amendment to the existing criminal law, which would allow the Department of Justice to obtain injunctions to disrupt these malicious networks. The Obama administration has proposed an amendment to existing United Stated federal law that would give it […]

Microsoft SHA-2 Advisory Causing ‘Infinite Loop’ Issues

Thu, 03/12/2015 - 10:16
Windows users are having issues with a security update issued this week meant to add SHA-2 code-signing and verification support to Windows 7 and Windows Server 2008 R2 machines.

Dropbox Patches Remotely Exploitable Vulnerability in SDK

Wed, 03/11/2015 - 14:56
Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the user's consent.

Details Surface on Stuxnet Patch Bypass

Wed, 03/11/2015 - 13:01
HP's Zero Day Initiative published details of a bypass for a five-year-old Windows patch for the .LNK vulnerability exploited by Stuxnet.

Facebook Issues Present Possible Threat to Users

Wed, 03/11/2015 - 11:39
UPDATE–A security researcher has identified a pair of security issues in Facebook, one of which can be used to to upload an arbitrary file to the site, and the other of which can allow an attacker to gain control of a victim’s machine under some limited circumstances with user interaction. The more serious of the vulnerabilities, which […]

Equation APT Group Attack Platform A Study in Stealth

Wed, 03/11/2015 - 07:00
The EquationDrug cyberespionage platform is a complicated system that is used selectively against only certain target machines, one that can be extended via a collection of 116 malware plug-ins, researchers at Kaspersky Lab said.

Microsoft Patches Old Stuxnet Bug, FREAK Vulnerability

Tue, 03/10/2015 - 14:24
Microsoft's March 2015 Patch Tuesday security bulletins include patches for an old Stuxnet LNK vulnerability and the FREAK SSL vulnerability.

Patched Windows Machines Exposed to Stuxnet LNK Flaw All Along

Tue, 03/10/2015 - 13:00
Microsoft released a new patch for the LNK vulnerability exploited by Stuxnet after it learned original patch from 2010 failed and left Windows machines exposed.

CloudFlare Aims to Defeat Massive DDoS Attacks with Virtual DNS

Tue, 03/10/2015 - 11:13
DDoS attacks have been a persistent problem for the the better part of 20 years, and as ISPs and enterprises have adjusted their defenses, attackers have adapted their tactics. One of the more effective tools in the attackers’ arsenal now is the use of botnets to generate massive numbers of DNS queries for a target […]

Apple Fixes FREAK Bug, iCloud Flaw in iOS 8.2

Tue, 03/10/2015 - 10:28
Apple has patched the FREAK SSL vulnerability, along with a nasty bug that could’ve allowed a remote attacker to restart a user’s iPhone via SMS, with the release of iOS 8.2. The new version of Apple’s mobile operating system contains a number of vulnerability fixes, with the FREAK patch being the most prominent among them. […]