Threatpost for B2B
The First Stop For Security News
Updated: 8 hours 24 min ago
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometimes cause processes to hang or become unresponsive from […]
A new piece of ransomware called CoinVault offers to decrypt a single file for free in hopes of encouraging victims to pay the ransom.
Apple responds to the Masque vulnerability, saying that it is unaware of any users affected by the vulnerability, which allows hackers to swap out legitimate iOS apps with malicious ones.
Results from a survey by the Pew Research Center demonstrate that consumers' attitudes about commercial and government data collection have shifted post-Snowden.
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it's ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn't addressed it.
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]
The Senate will vote on the USA Freedom Act, a bill aimed at limiting the NSA surveillance and spying dragnet, in this lame-duck session of Congress.
Researchers successfully took down Apple and Samsung mobile phones using NFC hacks during Mobile Pwn2Own, but were not able to complete compromise Windows Phone or Nexus 5 running Android.
Systems belonging to the National Oceanic and Atmospheric Administration (NOAA) were recently compromised, purportedly by Chinese hackers.
Researchers have published a paper that describes an Internet voting hack that alters PDF ballots in transmission.
Several automakers have agreed on a set of privacy principles that they say will govern the way that they handle personal information generated by vehicles, geolocation data and other sensitive information that is being produced by in-car computers and networks.
The Electronic Frontier Foundation has backed VPN provider Golden Frog's FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
Retail trade groups are urging Congress to pass a law that would enforce data breach notification rules uniformly across industries without exemption.
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.
The United States Postal Service is continuing its investigation into how a cyber attack at the agency managed to compromise both employees and customers earlier this year.
Researchers at Kaspersky Lab published a report identifying by name the first five victims of Stuxnet.
Tor said it wasn't clear how or why the Tor Hidden Services were seized but that it was still trying to learn more in the wake of the digital sting.
Researchers at FireEye disclosed Masque, a vulnerability in iOS that enabled the WireLurker attacks. It was reported in July, but has yet to be patched by Apple.