Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 6 hours 28 min ago

Twitter Gains Team From Password Management Company Mitro

Fri, 08/01/2014 - 09:40
Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The passwords are stored in encrypted form on Mitro’s servers, […]

New Backoff PoS Malware Identified in Several Attacks

Thu, 07/31/2014 - 15:14
A new breed of point-of-sale malware has been found in several recent attacks, and experts say that the tool, known as Backoff, has extensive data stealing and exfiltration capabilities, including keylogging, memory scraping and injection into running processes.

Microsoft Releases New Version of EMET Exploit Mitigation Tool

Thu, 07/31/2014 - 14:41
Microsoft announced that the latest version of its Enhanced Mitigation Experience Toolkit, EMET 5.0, was released to general availability today.

New GameOver Zeus Variant Generates 1,000 Domains Daily

Thu, 07/31/2014 - 12:22
A new variant of the GameOver Zeus malware has been spotted with a new domain generation algorithm that now generates 1,000 new domains daily.

Crouching Yeti APT Campaign Stretches Back Four Years

Thu, 07/31/2014 - 10:14
A new analysis of a long-term APT campaign targeting manufacturers, industrial, pharmaceutical, construction and IT companies in several countries has uncovered fresh details of the attack, including identification of nearly 3,000 victims and the unmasking of the command-and-control infrastructure.

Multipath TCP Introduces Security Blind Spot

Wed, 07/30/2014 - 14:50
A talk at Black Hat will expose security weaknesses introduced by multipath TCP, extensions to TCP that bring resilience and efficiency to networking.

ICS-CERT Warns of Flaw in Innominate mGuard Secure Cloud Product

Wed, 07/30/2014 - 14:36
The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the Innominate mGuard product, which is meant to connect operators to […]

Facebook Plans to Fix Instagram Mobile Session Hijack-Eventually

Wed, 07/30/2014 - 14:03
An encryption issue in the Android and iOS versions of the Instagram photo-sharing application could allow for man-in-the-middle attacks and more.

Canada’s National Research Council Hit by Apparent Chinese Cyber Attack

Wed, 07/30/2014 - 13:27
One of Canada’s premier research and technology organizations was hit with an apparent cyber-attack recently that forced the cooperative offline.

Tor Sniffs Out Attacks Trying to Deanonymize Hidden Services Users

Wed, 07/30/2014 - 10:11
Tor is warning users of its hidden services to upgrade relays after attackers were discovered on the network trying to deanonymize users.

Trio of Flaws Fixed in Facebook Android App

Wed, 07/30/2014 - 09:47
Facebook has fixed a vulnerability in its Android app could allow an attacker to cause a denial-of-service condition on a device or run up the victim’s mobile bill by transferring large amounts of data to and from the device. The flaw lies in the way that the Facebook app handles HTTP requests. The app include an HTTP server […]

Secure Microkernel seL4 Code Goes Open-Source

Wed, 07/30/2014 - 09:23
A new and allegedly super secure microkernel was made open source today, a move that could have serious security implications across a number sensitive and increasingly connected fields.

NOAA, Satellite Data, Fraught With Vulnerabilities

Tue, 07/29/2014 - 15:55
The informational systems that the National Oceanic and Atmospheric Administration (NOAA) runs are fraught with vulnerabilities and what the U.S. Department of Commerce deem “significant security deficiencies.”

New Signal App Brings Encrypted Calling to iPhone

Tue, 07/29/2014 - 14:56
Open WhisperSystems today released Signal, a free app that brings encrypted calling to the iPhone.

Leahy Introduces Bill to End Bulk Call Record Collection

Tue, 07/29/2014 - 14:51
Sen. Patrick Leahy has introduced an updated, tougher version of the USA FREEDOM Act that would end the bulk collection of data under Section 215 of FISA.

Threat Intelligence Tool Connects Dots on Pre-Attack Data

Tue, 07/29/2014 - 12:50
Georgia Tech Research Institute has released an open source threat intelligence gathering tool called BlackForest that automates attack-data mining.

Consumer Groups Urge FTC to Halt Facebook Data Collection Program

Tue, 07/29/2014 - 09:53
A collection of privacy and consumer groups from the United States and Europe has asked the Federal Trade Commission to force Facebook to suspend a recently installed program that mines information on sites that users' visit around the Web.

Critical Android FakeID Bug Allows Attackers to Impersonate Trusted Apps

Tue, 07/29/2014 - 08:00
There is a critical vulnerability in millions of Android devices that allows a malicious app to impersonate a trusted application in a transparent way.

Missile Defense Plans Hacked from Israeli Contractors

Mon, 07/28/2014 - 16:30
A new report claims attackers, apparently based in China, were able to hack into three Israeli defense firms to make off with sensitive military data in 2011.

DEF CON Hosting SOHO Wireless Router Hacking Contest

Mon, 07/28/2014 - 16:00
ISE will host a two-tracking hacking contest at DEF CON next week that focuses on the security of home and small office wireless routers.