Threatpost for B2B

It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again last weekend.

read more

After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform.

read more

On Thursday the Chinese government, long considered the aggressor in highly publicized U.S. cyberattacks, publicly spoke about being the victim. Two of its military Web sites were attacked an average of 144,000 per month and two-thirds of those strikes came from the United States, according to a ministry spokesman.

read more

The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations.

read more

SAN FRANCISCO – People who interact with online services have mounting privacy expectations that run in parallel with their need for a full experience with the functionality central to those services. But can users have their privacy cake and eat it too?

read more

SAN FRANCISCO--The discipline of software security has been gaining traction in a lot of organizations both large and small in recent years, thanks in part to the success that vendors such as Microsoft, Adobe and others have had with it. However, for many companies, the time and money spent on software security initiatives could be put to better use simply fixing flaws after products ship or are deployed, an expert said during a constructed debate.

read more

A series of targeted attacks are continuing to bully a signed Nvidia application into dropping a backdoor that lets attackers root their way through the systems of Tibetan sympathizers.

read more

New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.

read more

Researchers on Tuesday said they have proof the Stuxnet worm used to cripple Iran's nuclear program has been in the wild two years longer than first believed. There's also now evidence the military-grade malware's origins date back to 2005, and possibly earlier.

read more

SAN FRANCISCO – Down goes Kelihos—again.

The third version of the prolific peer-to-peer botnet responsible for volumes of pharmaceutical spam, Bitcoin wallet theft and credential harvesting was shut down before a live audience today at RSA Conference 2013.

read more

Adobe released yet another security update for its Flash Player product, it’s third this month, earlier today. The emergency update patches three vulnerabilities, including two critical (CVE-2013-0643 and CVE-2013-0648) that are targeting Flash Player in Mozilla’s Firefox browser and could let an attacker crash and compromise affected systems.

read more

SAN FRANCISCO--In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a "post-cryptography" world.

read more

Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was stolen during the compromise.

read more

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw essentially mimicked the functionality of an authentic Facebook application without actually installing an application to their profile.

read more

The entertainment industry is teaming with five major Internet service providers to this week launch a new Copyright Alert System that will first warn online pirates and then start to strangle bandwidth of repeat offenders.

Dubbed "Six Strikes," the new system began roll out Monday, putting consumers on notice that content owners would be monitoring for illegal downloading or uploading of copyrighted movies, music and televsion shows and notifying participating ISPs such actvitity is detected.

read more

For some time, attackers had the ability to bypass Google's two-step authentication system through access to users' app-specific passwords, giving them full access to victims' Google accounts, including Gmail. The vulnerability that enables this attack, discovered by researchers from DuoSecurity, has been patched by Google.

read more

The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be bypassed.

read more

Dennis Fisher talks with Anup Ghosh of Invincea about the recent wave of companies admitting to being hacked by APT groups, the difference between cyberespionage and cyberwar, what the government can do to encourage more intelligence sharing and whether compromised companies are spending enough time on attribution.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users' photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.

read more

HTC America’s settlement with the U.S. Federal Trade Commission on Friday has the potential to revamp not only how hardware manufacturers handle the security and privacy of mobile devices, but how carriers do so, as well.

read more