Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 4 hours 20 min ago

Google Adds Warnings About Deceptive Software to Safe Browsing Service

Thu, 08/14/2014 - 13:18
The Google Safe Browsing service has become an integral part of most of the major browsers, integrating malware alerts, warnings about malicious Web sites and suspicious content. The company has been expanding the capabilities of the service steadily over the last few years, and now Google is adding warnings about deceptive software to the service. […]

Apple Patches Series of WebKit Flaws in Safari

Thu, 08/14/2014 - 10:02
Apple has released a new version of Safari that fixes seven security vulnerabilities, all of which are related to the WebKit framework in the browser. The advisory from Apple is typically bare-bones, with almost no information about the vulnerabilities fixed in Safari 6.1.6 and 7.0.6. Apple said that all of the vulnerabilities in WebKit are […]

Study Confirms Uyghur Remain in Crosshairs of Targeted Attacks

Wed, 08/13/2014 - 15:18
A research paper to be delivered next week at USENIX takes a deep look into the reconnaissance nation-states undergo in order to craft email-based attacks against non-governmental organizations.

Disqus Patches CSRF, Other Flaws in Plugin

Wed, 08/13/2014 - 13:35
Disqus, the maker of the popular community commenting plugin, has patched a handful of security flaws, including a CSRF bug.

Google Tweaks Gmail to Help Limit Spam

Wed, 08/13/2014 - 10:23
Google is making a small, but potentially important, change to the way that Gmail handles some special characters in messages as a way to defeat a common tactic used by spammers to confuse recipients and trick them into opening emails.

Microsoft Keeps Focus on IE Security With Patch Tuesday Updates

Tue, 08/12/2014 - 15:09
Microsoft released nine security bulletins today, including a critical Internet Explorer update, as part of its monthly Patch Tuesday release.

Black Hat and DEF CON Wrap Up

Tue, 08/12/2014 - 14:01
Dennis Fisher and Mike Mimoso look back on the news from the last week in Las Vegas at Black Hat and DEF CON, including the Blackphone rooting, the Computrace research and the more upbeat mood at the conferences this year.

Adobe Patches Reader Zero Day Used in Targeted Attacks

Tue, 08/12/2014 - 12:44
Adobe released security updates for Reader, Acrobat and Flash Player. The Reader and Acrobat patches address a zero-day vulnerability being exploited in limited targeted attacks.

Authentication Bypass Bug Fixed in BlackBerry Z10

Tue, 08/12/2014 - 11:15
There's a remotely exploitable authentication bypass vulnerability in the BlackBerry Z10 phone that affects the service that lets users share files with machines on a wireless network. The bug could allow an attacker to steal users' personal data or hit them with targeted malware.

Fog Lifts on Rooted Blackphone Merry-Go-Round

Tue, 08/12/2014 - 09:40
Vulnerabilities in the secure Blackphone reported during DEF CON require unusual circumstances to exploit.

Millions of PCs Affected by Mysterious Computrace Backdoor

Mon, 08/11/2014 - 16:58
Absolute Software's anti-theft Computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable.

Move Over Web Security, Embedded Devices Are Darling of Black Hat

Mon, 08/11/2014 - 13:07
Embedded device security emerged as front page news during the recently wrapped up Black Hat and DEF CON events.

Square Launches Bug Bounty, Hires Top Security Researcher

Mon, 08/11/2014 - 10:39
The bug bounty phenomenon began mainly with major software vendors and security companies, which were the main targets for security researchers and attackers. But it is now moving to virtually every corner of the Web and software ecosystem, and the latest company to join the party is Square, the mobile payment company. Square’s service allows […]

Google Moves to Boost Search Ranking For HTTPS Sites

Mon, 08/11/2014 - 09:49
In the last couple of years, Google has been making a series of changes to its Web infrastructure to employ encryption more widely and help defeat active attackers. Much of this has gone on in the background, with the company securing the links between its data centers and making other less-noticeable changes. But the most […]

Podcast: Black Hat News Wrap, Day Two

Fri, 08/08/2014 - 11:59
Podcasting day two of Black Hat, including a CryptoLocker working group, a medical device roundtable and overview of the various security and privacy improvements at Yahoo.

IE to Block Older ActiveX Controls, Starting with Java

Fri, 08/08/2014 - 11:55
Microsoft announced that it will block older ActiveX controls in Internet Explorer, starting with Java.

Podcast: Black Hat News Wrap

Thu, 08/07/2014 - 18:42
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day one of Black Hat, including the Dan Geer keynote, attacks on mobile broadband modems and carriers’ control of mobile phones. Download: Black-Hat-Day-One-Podcast.mp3 Music by Chris Gonsalves  

Connected Medical Devices Simultaneously Increase Risk and Safety

Thu, 08/07/2014 - 18:24
LAS VEGAS - It's widely known that embedded medical devices are hackable in dangerous ways, but the true risks to medical device are less well known.

Expert Warns of Chip-and-PIN Pitfalls

Thu, 08/07/2014 - 15:07
Cambridge University researcher Ross Anderson urged experts to take heed of weaknesses in chip-and-PIN payment cards as the inevitable switchover looms in the U.S.

Yahoo to Release End-to-End Encryption for Email Users

Thu, 08/07/2014 - 15:00
LAS VEGAS–Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use. Alex Stamos, CISO at Yahoo, said that the project has been a priority since […]