Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 1 hour 14 min ago

Podcast: Wendy Nather on the Black Hat Buzz

Thu, 08/07/2014 - 11:54
Dennis Fisher talks with Wendy Nather of 451 Research about the happenings on day one of Black Hat, the possibility of the US government disrupting the vulnerability market and software liability.​

Epic Operation Kicks Off Multistage Turla APT Campaign

Thu, 08/07/2014 - 10:00
Researchers at Kaspersky Lab have cracked the means by which the Turla APT campaign compromises its victims, using a precursor called Epic.

Legal Divide Between Security Research and Cybercrime Remains Murky

Thu, 08/07/2014 - 07:00
The line between criminal hacking and well-meaning security research is a thin, hazy one according to a panel discussion at Black Hat.

Oracle Database Redaction ‘Trivial to Bypass’

Wed, 08/06/2014 - 19:09
LAS VEGAS–David Litchfield for many years was one of the top bug hunters in the game and specialized in causing large-scale headaches for Oracle. When he decided to retire and go scuba diving, there likely were few tears shed in Redwood City. Litchfield recently decided to resurface, which is good news for the security community […]

Car Hacking Enters Remote Exploitation Phase

Wed, 08/06/2014 - 17:42
Researchers Charlie Miller and Chris Valasek today at Black Hat talked about their research on the remote attack surfaces present in popular automobiles.

Pervasive OTA Carrier Controls Exploitable on a Massive Scale

Wed, 08/06/2014 - 16:33
Las Vegas - Researchers at the Black Hat security conference claimed in a presentation that they can exploit pervasive carrier controls to wrest complete control of billions of consumer devices.

Mobile Broadband Modems Seen as Easy Targets for Attackers

Wed, 08/06/2014 - 15:09
LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market for these devices is […]

Dan Geer: Security at the Forefront of Policy Decisions

Wed, 08/06/2014 - 14:24
Dan Geer's Black Hat 2014 keynote featured 10 proposals to address shortcomings in security, in the context of government surveillance and eroding privacy.

Another Bypass Identified in PayPal 2FA

Tue, 08/05/2014 - 13:00
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and […]

Call Center Phone Fraud for Fun and Profit at Black Hat

Tue, 08/05/2014 - 10:00
Researchers will discuss a study into the effectiveness of telephone fraud against enterprise call centers, and how these attacks are sometimes combine with hacks or malware attacks.

Podcast: Threatpost Previews Black Hat 2014

Tue, 08/05/2014 - 08:00
In this special edition of the Digital Underground Podcast, Dennis Fisher interviews fellow Threatpost editor Mike Mimoso and also Threatpost reporter Brian Donohue about the Black Hat security conference, which begins this week in Las Vegas. Topics of discussion include Chris Valasek and Charlie Miller hacking automobiles, Jeff Forristal's briefing on what promises to be a devastating Android vulnerability, why it's dumb to host Black Hat in Las Vegas in the dead of summer, and more.

In the Wake of the Snowden Revelations, A Wave of Innovation

Tue, 08/05/2014 - 06:15
It was an absurd scene. Keith Alexander, the director of the NSA and a four-star general in the Army, stood alone on the stage, squinting through the floodlights as members of the standing-room-only crowd shouted insults and accusations. Armed men in dark suits roamed the area in front of the stage, eyeing the restless crowd. […]

Samba Patches Heap Overflow Bug in Current Versions

Mon, 08/04/2014 - 12:34
A remote code execution vulnerability has been patched in Samba, open source software that enables file and print server interoperability for Windows clients with Linux and UNIX servers.

RAT Malware Communicating Via Yahoo Mail

Mon, 08/04/2014 - 11:55
The IcoScript remote access Trojan evades network detection by communicating via Yahoo Mail.

Twitter ‘Weighing Legal Options’ On Publishing National Security Requests Data

Mon, 08/04/2014 - 09:37
Twitter officials are pushing the United States government for more freedom to publish specific numbers about national security information requests, and said the company is considering its legal options if the government doesn’t allow more data to be made public. In its latest transparency report, Twitter said that officials had met with the FBI and […]

Developers Told to Change Passwords After ‘Accidental’ Mozilla Password Dump

Mon, 08/04/2014 - 09:05
Mozilla Developer Network members are advised to change their passwords after an accidental password dump to a public server was discovered.

Denial of Service Vulnerability Fixed in SCADA Server

Fri, 08/01/2014 - 12:25
A hole has been fixed in an industrial control system data management server that if left unpatched could result in a remotely exploitable DoS condition.

Citadel Malware Variant Allows Attackers Remote Access, Even After Removal

Fri, 08/01/2014 - 10:06
A new variant of the Citadel banking Trojan has been discovered where the attackers are using Windows remote shell commands to be enable Remote Desktop Protocol access, even if the malware is discovered and removed.

Twitter Gains Team From Password Management Company Mitro

Fri, 08/01/2014 - 09:40
Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The passwords are stored in encrypted form on Mitro’s servers, […]

New Backoff PoS Malware Identified in Several Attacks

Thu, 07/31/2014 - 15:14
A new breed of point-of-sale malware has been found in several recent attacks, and experts say that the tool, known as Backoff, has extensive data stealing and exfiltration capabilities, including keylogging, memory scraping and injection into running processes.