Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 22 hours 50 min ago

Square Launches Bug Bounty, Hires Top Security Researcher

Mon, 08/11/2014 - 10:39
The bug bounty phenomenon began mainly with major software vendors and security companies, which were the main targets for security researchers and attackers. But it is now moving to virtually every corner of the Web and software ecosystem, and the latest company to join the party is Square, the mobile payment company. Square’s service allows […]

Google Moves to Boost Search Ranking For HTTPS Sites

Mon, 08/11/2014 - 09:49
In the last couple of years, Google has been making a series of changes to its Web infrastructure to employ encryption more widely and help defeat active attackers. Much of this has gone on in the background, with the company securing the links between its data centers and making other less-noticeable changes. But the most […]

Podcast: Black Hat News Wrap, Day Two

Fri, 08/08/2014 - 11:59
Podcasting day two of Black Hat, including a CryptoLocker working group, a medical device roundtable and overview of the various security and privacy improvements at Yahoo.

IE to Block Older ActiveX Controls, Starting with Java

Fri, 08/08/2014 - 11:55
Microsoft announced that it will block older ActiveX controls in Internet Explorer, starting with Java.

Podcast: Black Hat News Wrap

Thu, 08/07/2014 - 18:42
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day one of Black Hat, including the Dan Geer keynote, attacks on mobile broadband modems and carriers’ control of mobile phones. Download: Black-Hat-Day-One-Podcast.mp3 Music by Chris Gonsalves  

Connected Medical Devices Simultaneously Increase Risk and Safety

Thu, 08/07/2014 - 18:24
LAS VEGAS - It's widely known that embedded medical devices are hackable in dangerous ways, but the true risks to medical device are less well known.

Expert Warns of Chip-and-PIN Pitfalls

Thu, 08/07/2014 - 15:07
Cambridge University researcher Ross Anderson urged experts to take heed of weaknesses in chip-and-PIN payment cards as the inevitable switchover looms in the U.S.

Yahoo to Release End-to-End Encryption for Email Users

Thu, 08/07/2014 - 15:00
LAS VEGAS–Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use. Alex Stamos, CISO at Yahoo, said that the project has been a priority since […]

Behind the CryptoLocker Disruption

Thu, 08/07/2014 - 13:55
LAS VEGAS–The takedown of the GameOver Zeus malware operation in June got more than its share of attention, but it was the concurrent demolition of the CryptoLocker ransomware infrastructure that may prove to have been the most important part of the operation. That outcome was the culmination of months of behind the scenes work by […]

Podcast: Wendy Nather on the Black Hat Buzz

Thu, 08/07/2014 - 11:54
Dennis Fisher talks with Wendy Nather of 451 Research about the happenings on day one of Black Hat, the possibility of the US government disrupting the vulnerability market and software liability.​

Epic Operation Kicks Off Multistage Turla APT Campaign

Thu, 08/07/2014 - 10:00
Researchers at Kaspersky Lab have cracked the means by which the Turla APT campaign compromises its victims, using a precursor called Epic.

Legal Divide Between Security Research and Cybercrime Remains Murky

Thu, 08/07/2014 - 07:00
The line between criminal hacking and well-meaning security research is a thin, hazy one according to a panel discussion at Black Hat.

Oracle Database Redaction ‘Trivial to Bypass’

Wed, 08/06/2014 - 19:09
LAS VEGAS–David Litchfield for many years was one of the top bug hunters in the game and specialized in causing large-scale headaches for Oracle. When he decided to retire and go scuba diving, there likely were few tears shed in Redwood City. Litchfield recently decided to resurface, which is good news for the security community […]

Car Hacking Enters Remote Exploitation Phase

Wed, 08/06/2014 - 17:42
Researchers Charlie Miller and Chris Valasek today at Black Hat talked about their research on the remote attack surfaces present in popular automobiles.

Pervasive OTA Carrier Controls Exploitable on a Massive Scale

Wed, 08/06/2014 - 16:33
Las Vegas - Researchers at the Black Hat security conference claimed in a presentation that they can exploit pervasive carrier controls to wrest complete control of billions of consumer devices.

Mobile Broadband Modems Seen as Easy Targets for Attackers

Wed, 08/06/2014 - 15:09
LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market for these devices is […]

Dan Geer: Security at the Forefront of Policy Decisions

Wed, 08/06/2014 - 14:24
Dan Geer's Black Hat 2014 keynote featured 10 proposals to address shortcomings in security, in the context of government surveillance and eroding privacy.

Another Bypass Identified in PayPal 2FA

Tue, 08/05/2014 - 13:00
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and […]

Call Center Phone Fraud for Fun and Profit at Black Hat

Tue, 08/05/2014 - 10:00
Researchers will discuss a study into the effectiveness of telephone fraud against enterprise call centers, and how these attacks are sometimes combine with hacks or malware attacks.

Podcast: Threatpost Previews Black Hat 2014

Tue, 08/05/2014 - 08:00
In this special edition of the Digital Underground Podcast, Dennis Fisher interviews fellow Threatpost editor Mike Mimoso and also Threatpost reporter Brian Donohue about the Black Hat security conference, which begins this week in Las Vegas. Topics of discussion include Chris Valasek and Charlie Miller hacking automobiles, Jeff Forristal's briefing on what promises to be a devastating Android vulnerability, why it's dumb to host Black Hat in Las Vegas in the dead of summer, and more.