Threatpost for B2B
The First Stop For Security News
Updated: 14 hours 15 min ago
Facebook announced new authentication changes yesterday, including Anonymous Login which gives users the option of using an application without sharing personal data stored with Facebook.
There’s a remotely exploitable vulnerability in several versions of the Google Search Appliance that could allow an unauthenticated attacker to execute a cross-site scripting attack and run a script in the context of the user’s browser. The Google Search Appliance is an enterprise product that enables users to search for content from a wide variety […]
Bug bounties once were restricted mainly to large software companies such as Mozilla and Google. But the success of these programs has led many other infrastructure and product companies, including Yahoo, Facebook, Barracuda, PayPal and even Microsoft, to launch their own reward systems. Now, the phenomenon has spread to individual developers. Looking at the list […]
DNS provider UltraDNS has been under a DDoS attack for much of the day.
Researchers used crash reports sent via Windows Error Reporting to uncover two components likely being exploited by the latest Internet Explorer zero day vulnerability.
Target is accelerating plans to move to a full chip-and-pin system for its branded credit and debit cards.
The devices that control traffic lights and electronic signs in many cities are vulnerable to a number of attacks, can be exploited quite easily and used to spread malware from device to device.
Mozilla yesterday released the substantially redesigned version 29 of its Firefox browser, including fixes for a number of critical and highly rated security vulnerabilities.
A recent VoIP phishing campaign has been netting the payment card information of up to 250 Americans per day.
A proposed bill would promote public-private information sharing by protecting private entities seeking to share cyber threat information with the government.
NTP amplification attacks account for the majority of DDoS attacks that exceed 100 Gbps, according to Arbor Networks.
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except that it mostly doesn’t matter.
Facebook security researchers discovered a new variant of the Sefnit click-fraud malware. Unlike previous versions that used Tor for communication, this one uses SSH over port 443.
Google recently removed five bogus wallpaper applications from its Play marketplace after they were found sneakily mining Bitcoins.
AOL said its networks were breached and customer information was stolen to send spoofed spam messages. Users are being told to change their passwords.
Siemens continues to work on patches and provide updates to their ICS and SCADA systems affected by the OpenSSL Heartbleed vulnerability.
A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack on a compromised Syrian government site.
There's a new zero-day vulnerability in many of the current versions of Internet Explorer and is being used in active attacks right now.
UPDATE - Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information.
It is possible for an attacker to exploit image tags in Facebook Notes to launch DDoS attacks against external sources.