Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 7 hours 35 min ago

Yahoo Patches Critical eCommerce, Small Business Vulnerabilities

Tue, 03/10/2015 - 07:17
Yahoo has fixed a handful of vulnerabilities that could have given an attacker free reign over all of its user-run eCommerce websites and caused multiple headaches for small business owners.

Rowhammer Hardware Exploit Poses Threat to DRAM Memory in Many Laptops, PCs

Tue, 03/10/2015 - 06:00
Software, from web apps, to operating systems to firmware, has been abused and exploited every which way from Sunday for decades by both researchers and attackers. Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some DRAM memory devices that can allow […]

New Technique Complicates Mutex Malware Analysis

Mon, 03/09/2015 - 14:26
A recent malware sample dynamically generates the name of a mutex object by using Windows product ID, lessening its predictability and complicating detection.

Seagate Confirms NAS Zero Day, Won’t Patch Until May

Mon, 03/09/2015 - 10:52
Seagate confirmed a publicly disclosed vulnerability in one of its network attached storage products, but said it won't have a patch available until May.

TextSecure to Drop Support for Encrypted SMS

Mon, 03/09/2015 - 10:09
Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security and performance issues inherent […]

Dridex Banking Trojan Spreading Via Macros in XML Files

Fri, 03/06/2015 - 14:38
A phishing campaign that spiked this week is pushing the Dridex banking Trojan via malicious macros embedded in XML file attachments.

Threatpost News Wrap, March 6, 2015

Fri, 03/06/2015 - 12:50
Dennis Fisher and Mike Mimoso talk about the FREAK SSL vulnerability and the glorious debut of CSI: Cyber!

Confusion Reigns Over FBI’s Plans for National Security Letter Gag Orders

Fri, 03/06/2015 - 12:28
The way that National Security Letters are approved and used is one of the government’s more opaque processes. Now, you can add some more confusion into the mix, courtesy of some new comments from the FBI about when recipients are able to disclose the fact that they have received an NSL. More than a year […]

Adobe Starts Vulnerability Disclosure Program on HackerOne

Fri, 03/06/2015 - 10:49
Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.

Anthem Refusing Security Audit Following Breach

Fri, 03/06/2015 - 08:00
Anthem has refused to undergo vulnerability scans and configuration compliance tests in the aftermath of a breach that may have leaked the personal information of nearly 100,000 customers and non-customers.

Microsoft Warns Schannel Vulnerable to FREAK Attacks

Thu, 03/05/2015 - 17:19
Microsoft issued an advisory that its Schannel implementation of SSL is vulnerable to FREAK downgrade attacks.

EFF, ACLU, Other NGOs Urging U.N. to Create Privacy Watchdog

Thu, 03/05/2015 - 15:19
EFF, ACLU, Amnesty International, Human Rights Watch and others are calling on the U.N. to create a special privacy watchdog.

New Analytics Tool Defines Language Used By Malicious Domains

Thu, 03/05/2015 - 14:56
OpenDNS went public with a new analytics tool that can be used to detect malicious domains used in APT and cybercrime campaigns.

Mandarin Oriental Confirms Data Breach at U.S., European Hotels

Thu, 03/05/2015 - 12:10
The Mandarin Oriental luxury hotel chain is investigating a data breach that affects credit cards used in an “isolated number” of its hotels in the United States and Europe. Company officials said that the attack involved “undetectable” malware on some of its systems and emphasized that only credit card data, and no other personal information, […]

CSI: Cyber: We Watched So You Didn’t Have To

Thu, 03/05/2015 - 10:45
As a public service, the Threatpost team, Mike Mimoso, Dennis Fisher, Brian Donohue and Chris Brook, watched the first episode of CSI: Cyber and kept a running chat log of the "action". Enjoy.

Google Fixes 51 Bugs in Chrome 41

Wed, 03/04/2015 - 14:58
Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.

D-Link Working on Firmware Updates for Three Critical Bugs

Wed, 03/04/2015 - 13:20
D-Link is in the midst of pushing out firmware updates for eight of its home router models, addressing three serious remote code injection vulnerabilities.

Patrick Gray on the State of Security and State Security

Wed, 03/04/2015 - 12:32
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we're making any progress in the fight against attackers.

Firefox 37 to Include New OneCRL Certificate Blocklist

Wed, 03/04/2015 - 11:47
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]

Domain Shadowing Latest Angler Exploit Kit Evasion Technique

Tue, 03/03/2015 - 17:30
The Angler Exploit Kit has begun using domain shadowing as a technique to avoid detection and blocking, researchers at Cisco Talos said.