Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 52 min 17 sec ago

Up to 18.8 Million Non-Anthem Customers Affected in Breach

Thu, 02/26/2015 - 13:40
In addition to roughly 80 million Anthem customers, nearly 20 million more individuals who aren’t customers of the health insurer could ultimately wind up implicated in this month’s massive data breach.

DDoS Exploit Targets Open Source Rejetto HFS

Thu, 02/26/2015 - 11:01
An automated attack targeting users of the open source Rejetto webserver and file-sharing application tried to inject the IptabLes DDoS tool.

Firefox 36 Arrives With Patches For Three Critical Flaws

Thu, 02/26/2015 - 10:41
Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video […]

Ransomware Looming As Major Long-Term Threat

Thu, 02/26/2015 - 09:00
On May 30, 2014, law enforcement officials from the FBI and Europol seized a series of servers that were being used to help operate the GameOver Zeus botnet, an especially pernicious and troublesome piece of malware. The authorities also began an international manhunt for a Russian man they said was connected to operating the botnet, […]

Facebook Bug Bounty Submissions Climb in 2014

Wed, 02/25/2015 - 14:25
Facebook released final numbers on 2014 submissions and payouts from its bug bounty program, showing continued growth in both areas.

More than 1 Million WordPress Sites Open to SQL Injection Attacks

Wed, 02/25/2015 - 14:22
More than one million different WordPress sites may be vulnerable to a critical plugin issue that could lead to SQL injections and in turn, total site takeover.

Gemalto Officials Say SIM Infrastructure Not Compromised

Wed, 02/25/2015 - 11:05
Despite leaked documents from the NSA showing otherwise, officials at Gemalto on Wednesday said the company has found no evidence that its SIM card infrastructure was compromised several years ago by the NSA and GCHQ. The company identified a handful of what it called sophisticated attacks in the timeframe in questions, but said none of […]

Ramnit Botnet Shut Down

Wed, 02/25/2015 - 10:31
Europol and several private technology companies announced the overnight takedown of the command and control infrastructure supporting the Ramnit botnet.

Google Pwnium Program Now Open All Year

Tue, 02/24/2015 - 16:04
Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest at CanSecWest every spring. The Pwn2Own contest has been the origin of […]

Attacks Against Critical Infrastructure Seek Operational Intelligence

Tue, 02/24/2015 - 15:22
Advanced attacks against industrial control systems are intelligence gathering operations in order to learn the inner workings of ICS infrastructure to facilitate sabotage.

NSA Could Be Hoping For Clipper Chip Redux

Tue, 02/24/2015 - 14:59
The NSA has a new director, a slew of new challenges and any number of new capabilities at its disposal. But it seems that the agency is intent on fighting the same old battles. Even as fresh revelations about the extent of the NSA’s efforts to get access to encryption keys for mobile communications continue to […]

Cloudflare Deploys New Form of Encryption Across Sites

Tue, 02/24/2015 - 14:46
Cloudflare has deployed a new level of encryption on its service that hardens and speeds up users' experience, especially when accessing domains via mobile browsers.

Google Broadens Scope of Unwanted Software Warnings

Tue, 02/24/2015 - 12:38
Google is now warning users of its Chrome browser about questionable downloads before they even browse to the site peddling the malware.

Gemalto: ‘SIM Products Are Secure’

Tue, 02/24/2015 - 11:34
Gemalto officials say that while they are still in the process of investigating whether the company was compromised by the NSA and GCHQ to access the encryption keys for its SIM cards, they say they believe their products and platforms are secure. In a statement issued Monday, Gemalto officials said they are still trying to […]

Kris McConkey on Hacker OpSec Failures

Tue, 02/24/2015 - 11:29
At last week's Security Analyst Summit Kris McConkey, part of PricewaterhouseCoopers' UK Cyber Threat Operations team, discusses OpSec failures: How attackers are still humans and make mistakes like sometimes using personal email addresses and real names in their campaigns.

PrivDog Adware Poses Bigger Risk Than Superfish

Tue, 02/24/2015 - 10:50
Another shady piece of adware called PrivDog has been unearthed with a similar Superfish-type vulnerability that breaks SSL connections.

NSA Director: We Need Frameworks for Cyber, Circumventing Crypto

Mon, 02/23/2015 - 16:24
NSA director Mike Rogers spoke about creating legal frameworks for crypto-subversion and law enforcement intelligence gathering at Cybersecurity for a New America.

Mike Mimoso on SAS 2015

Mon, 02/23/2015 - 15:55
Dennis Fisher and Mike Mimoso discuss their takeaways from the SAS 2015 conference, including the Equation Group APT analysis, hacking car washes, indexing the dark web and hacking home appliances.

Komodia Website Under DDoS Attack

Mon, 02/23/2015 - 15:53
Komodia.com, home of the SSL module at the heart of the Superfish scandal, is offline because of a DDoS attack.

Gemalto Hack May Have Far-Reaching Effects

Mon, 02/23/2015 - 12:14
Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported […]