Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 23 hours 32 min ago

Cloudflare Deploys New Form of Encryption Across Sites

Tue, 02/24/2015 - 14:46
Cloudflare has deployed a new level of encryption on its service that hardens and speeds up users' experience, especially when accessing domains via mobile browsers.

Google Broadens Scope of Unwanted Software Warnings

Tue, 02/24/2015 - 12:38
Google is now warning users of its Chrome browser about questionable downloads before they even browse to the site peddling the malware.

Gemalto: ‘SIM Products Are Secure’

Tue, 02/24/2015 - 11:34
Gemalto officials say that while they are still in the process of investigating whether the company was compromised by the NSA and GCHQ to access the encryption keys for its SIM cards, they say they believe their products and platforms are secure. In a statement issued Monday, Gemalto officials said they are still trying to […]

Kris McConkey on Hacker OpSec Failures

Tue, 02/24/2015 - 11:29
At last week's Security Analyst Summit Kris McConkey, part of PricewaterhouseCoopers' UK Cyber Threat Operations team, discusses OpSec failures: How attackers are still humans and make mistakes like sometimes using personal email addresses and real names in their campaigns.

PrivDog Adware Poses Bigger Risk Than Superfish

Tue, 02/24/2015 - 10:50
Another shady piece of adware called PrivDog has been unearthed with a similar Superfish-type vulnerability that breaks SSL connections.

NSA Director: We Need Frameworks for Cyber, Circumventing Crypto

Mon, 02/23/2015 - 16:24
NSA director Mike Rogers spoke about creating legal frameworks for crypto-subversion and law enforcement intelligence gathering at Cybersecurity for a New America.

Mike Mimoso on SAS 2015

Mon, 02/23/2015 - 15:55
Dennis Fisher and Mike Mimoso discuss their takeaways from the SAS 2015 conference, including the Equation Group APT analysis, hacking car washes, indexing the dark web and hacking home appliances.

Komodia Website Under DDoS Attack

Mon, 02/23/2015 - 15:53, home of the SSL module at the heart of the Superfish scandal, is offline because of a DDoS attack.

Gemalto Hack May Have Far-Reaching Effects

Mon, 02/23/2015 - 12:14
Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported […]

Katie Moussouris on Starting a Bug Bounty Program

Mon, 02/23/2015 - 12:02
In this video from last week's Security Analyst Summit, HackerOne's Katie Moussouris explains the main thing companies that want to start a bounty program or vulnerability incentive program need to know: There is no one size fits all.

Trey Ford on Mapping the Internet with Project Sonar

Fri, 02/20/2015 - 12:28
Trey Ford from Project Sonar describes the group's initiative at Kaspersky's Security Analyst Summit. The Rapid 7 service scans public-facing networks for apps, software, and hardware, then analyzes that cache of information to gain insight to trends and common vulnerabilities.

Costin Raiu on the Equation Group APT

Fri, 02/20/2015 - 10:22
Dennis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT team about the researcher behind the Equation Group campaign, the group's capabilities and why they seem to have gone dark now.

Lenovo Superfish Certificate Password Cracked

Thu, 02/19/2015 - 14:07
Researcher Rob Graham has cracked the certificate password for Superfish adware pre-installed on Lenovo laptops.

TrueCrypt Audit Stirs Back To Life

Thu, 02/19/2015 - 13:15
The organizers of the TrueCrypt audit expect the cryptanalysis of the open source encryption software to begin shortly; phase two will be handled by NCC Group's Cryptography Services practice.

‘Yes, Your Car Wash Is On Facebook’

Thu, 02/19/2015 - 08:47
Looking in one of the more obscure corners of the web, Billy Rios discovered how to hack automated car wash equipment.

Christofer Hoff on Mixed Martial Arts, Active Defense, and Security

Wed, 02/18/2015 - 12:10
In a talk Monday Christofer Hoff stressed that in security and martial arts alike, it's hard to be a skilled defender if you don't understand how your adversaries pull off the attacks.

Tracking Malware That Uses DNS for Exfiltration

Tue, 02/17/2015 - 17:59
Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.

BadUSB Vulnerabilities Live in ICS Gear Too

Tue, 02/17/2015 - 16:24
BadUSB-style attacks against industrial control systems are theoretically possible, but bear watching according to Michael Toecker today at the Security Analyst Summit.

Indexing the Dark Web One Hacking Forum At A Time

Tue, 02/17/2015 - 15:27
Staffan Truve spoke Monday at the Kaspersky Analyst Summit about the efforts his company Recorded Future is taking to index the dark web, or what he called the underbelly.

Encryption and Silence Can be Targets’ Best Assets

Tue, 02/17/2015 - 12:45
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security. Secure communications among researchers who know one another […]