Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 54 min 46 sec ago

Potential Code Execution Flaw Haunts PolarSSL Library

Mon, 01/19/2015 - 12:14
There is a vulnerability in PolarSSL, an open-source SSL library used in a variety of products, that could enable an attacker to execute arbitrary code under some circumstances. The vulnerability is the result of an uninitialized pointer in the PolarSSL code and researchers said that an attacker with knowledge of the target system may be […]

Memory Corruption Bugs Found in VLC Media Player

Mon, 01/19/2015 - 10:06
There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines. Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher Veysel Hatas reported the vulnerabilities to VideoLAN in December and published the […]

Spammers Take A Liking to WhatsApp Mobile App

Fri, 01/16/2015 - 13:41
Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.

Threatpost News Wrap, January 16, 2015

Fri, 01/16/2015 - 13:15
Dennis Fisher and Mike Mimoso discuss the security news of the past week, including the proposed changes to the CFAA, David Cameron's encryption comments, the NSA's quasi-apology regarding Dual EC and the Microsoft-Google disclosure feud.

Mozilla Patches Nine Vulnerabilities With Firefox 35

Fri, 01/16/2015 - 12:35
Mozilla released the latest version of its flagship browser this week, Firefox 35, fixing nine vulnerabilities, including three critical bugs.

Teen Arrested in UK for Xbox, PlayStation Attacks

Fri, 01/16/2015 - 11:50
Police in the UK, working in cooperation with the FBI, arrested an 18-year-old man Friday in connection with recent DDoS attacks on the PlayStation Network and Xbox Live services. The authorities arrested the unnamed man in Southport, and he is being held on suspicion of computer crime and unauthorized access to computer material. UK officials […]

Round 2: Google Deadline Closes on Pair of Microsoft Vulnerabilities

Fri, 01/16/2015 - 09:04
Google Project Zero has disclosed a pair of unpatched Windows vulnerabilities after the expiration of its 90-day deadline. Microsoft said it will patch one bug in February, and both sides agree the second does not merit a security bulletin.

Proposed CFAA Amendments Could Chill Security Research

Fri, 01/16/2015 - 08:00
Vague language in the White House's proposed amendments to the CFAA leave the door open to a chilling effect on legitimate security research.

Google AdWords Campaigns Hijacked by Malvertisers

Thu, 01/15/2015 - 17:38
Two Google AdWords campaigns have been hijacked by malvertisers and users are being redirected to fraud sites without even clicking the poisoned ads.

Pirelli Home Broadband Routers Exposed for Two Years

Thu, 01/15/2015 - 16:04
Administration files for Pirelli routers, issued by the biggest ISP in Spain, can be accessed from anywhere putting WPA keys, PINs, certificates and more at risk.

Matthew Green on the NSA and Compromising Crypto Standards

Thu, 01/15/2015 - 15:41
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA's "regret" for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency's influence on crypto standards and the hope for more secure standards in the future.

Parking Services Confirm Payment Card Breaches

Thu, 01/15/2015 - 14:27
Two services that allow users to reserve offsite parking spots at airports over the internet announced this week that they recently suffered breaches and its customers’ data may be at risk.

Marriott Agrees to Stop Blocking Guest WiFi Devices

Thu, 01/15/2015 - 12:24
Marriott, which last year paid a $600,000 fine for blocking customers’ WiFi devices in its hotels, has said that it no longer will prevent guests from using personal hotspots or similar devices. The situation resulted from a complaint by a guest who stayed at Marriott’s Gaylord Opryland hotel in 2013 and found that he couldn’t […]

Government Demands for Verizon Customer Data Drop

Thu, 01/15/2015 - 10:15
The number of subpoenas, total orders and warrants that the United States government delivered to Verizon all dropped in the second half of 2014, according to the company’s latest transparency report. The giant telecom provider released data on Thursday that showed a decrease in subpoenas of about 10 percent from the first half of last […]

Skeleton Key Malware Opens Door to Espionage

Wed, 01/14/2015 - 17:00
The Skeleton Key malware bypasses single-factor authentication on Active Directory domain controllers and paves the way to stealthy cyberespionage.

Phony Oracle Patches Making the Rounds

Wed, 01/14/2015 - 12:42
Attackers are circulating fake fixes for Oracle error messages and the company is warning users not to download any patches that don’t come directly from Oracle.

New Strain of Crowti Ransomware Moving in I2P Network

Wed, 01/14/2015 - 12:35
A new strain of the Crowti ransomware, also dubbed Cryptowall 3.0, is moving on the I2P anonymity network.

NSA Official: Support for Compromised Dual EC Algorithm Was ‘Regrettable’

Wed, 01/14/2015 - 12:29
In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National […]

GE Ethernet Switches Have Hard-Coded SSL Key

Wed, 01/14/2015 - 10:24
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink […]

Microsoft Patches Vulnerability Under Attack and Google-Disclosed Zero Day

Tue, 01/13/2015 - 15:41
Microsoft issued eight Patch Tuesday security bulletins, including a fix for a vulnerability disclosed by Google and another under active attack.