Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 53 min 51 sec ago

Microsoft Will Resume Email Security Notifications This Week

Mon, 06/30/2014 - 13:37
Microsoft announced this afternoon that it would resume sending security email notifications, reversing course on a decision it had made to suspend the practice.

ICS Malware Found on Vendors’ Update Installers

Mon, 06/30/2014 - 10:30
The Havex RAT has infected the software update installers of three known industrial control system vendors, according to an advisory for ICS-CERT.

PHP Fixes OpenSSL Flaws in New Releases

Mon, 06/30/2014 - 09:56
The PHP Group has released new versions of the popular scripting language that fix a number of bugs, including two in OpenSSL. The flaws fixed in OpenSSL don’t rise to the level of the major bugs such as Heartbleed that have popped up in the last few months. But PHP 5.5.14 and 5.4.30 both contain fixes […]

New Oil and Natural Gas ISAC Launches

Fri, 06/27/2014 - 14:54
A new information sharing group popped up this week in the oil and natural gas industries that hopes to formalize the trade of threat intelligence and indicators of compromise

FBI Issued More Than 19k National Security Letters in 2013

Fri, 06/27/2014 - 14:06
The United States federal government issued more than 19,000 National Security Letters--perhaps its most powerful tool for domestic intelligence collection--in 2013, and those NSLs contained more than 38,000 individual requests for information.

20-Year Old Vulnerability Patched in LZO Compression Algorithm

Fri, 06/27/2014 - 13:31
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer (LZO) compression algorithm was finally patched this week.

Zero-Day Patched in TimThumb WordPress Script

Fri, 06/27/2014 - 11:02
A zero-day vulnerability has been patched in the PHP-based image resizer TimThumb, popular in WordPress themes, after it was publicly disclosed this week.

PayPal 2FA Bypass Shows Difficulty of Getting Authentication Right

Fri, 06/27/2014 - 10:00
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is […]

Patched Code Execution Bug Affects Most Android Users

Thu, 06/26/2014 - 13:22
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

Massachusetts Supreme Court Rules Defendant Must Decrypt Data

Thu, 06/26/2014 - 10:45
Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones and portable drives. […]

Cloned Android Banking App Hides Phishing Scheme

Wed, 06/25/2014 - 14:49
A cloned banking application targeting customers of a large bank in Israel has been removed from Google Play after it was discovered to be stealing users' log-in credentials.

VMware Patches Apache Struts Flaws in vCOPS

Wed, 06/25/2014 - 13:59
VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

Wed, 06/25/2014 - 11:39
There's a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim's account to any recipient he chooses.

Crowdsourcing Finding its Security Sweet Spot

Wed, 06/25/2014 - 09:41
Private and commercial businesses are starting to find some comfort in crowdsourcing security research into application vulnerabilities,.

Luuuk Fraud Campaign Steals €500K From Bank in One Week

Wed, 06/25/2014 - 08:27
A fraud campaign stole more than half a million dollars from a European bank in a week earlier this year, researchers with Kaspersky Lab announced this week.

Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks

Tue, 06/24/2014 - 11:39
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.

AskMen Site Compromised by Nuclear Pack Exploit Kit

Tue, 06/24/2014 - 09:10
Users who visit AskMen.com, a men’s entertainment and lifestyle portal, are being hit with malicious code – possibly stemming from the Nuclear Pack exploit kit - researchers announced today.

Researchers Go Inside HackingTeam Mobile Malware, Command Infrastructure

Tue, 06/24/2014 - 09:03
Researchers from Kaspersky Lab and Citizen Lab released a report today with extensive details on the HackingTeam's controversial RCS spyware, in particular its extensive global command infrastructure and mobile malware.

OpenSSL Heartbleed Patch Progress Slowing Two Months Later

Mon, 06/23/2014 - 16:51
More than two months after it emerged, more than 300,000 machines on port 443 remain vulnerable to the OpenSSL Heartbleed security vulnerability.

Threatpost News Wrap, June 23, 2014

Mon, 06/23/2014 - 15:17
Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digital_underground_156.mp3 Music by Chris Gonsalves