Threatpost for B2B
The First Stop For Security News
Updated: 20 hours 38 min ago
Qualys director of engineering Ivan Ristic published data that indicates about half of servers running OpenSSL are vulnerable to CVE-2014-0224.
Microsoft doubles down on claims it does not scan user files or monitor user communication in order to target advertisements to its customer.
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
If any further evidence was required that up is down and black is white, the United States government is now in the business of selling Bitcoins. At least for one day.
Google Play's new app permissions arrive with some privacy concerns.
Ever since the Zeus source code leaked in late 2010, criminals have been creating highly customized, difficult-to-detect versions of it that target very specific services.
Facebook announced it will soon be rolling out a new feature to give its users more control when it comes to the types of advertisements they see on the site.
An Austrian teen at the center of yesterday's TweetDeck security incident explains how things went wrong and what the last 24 hours have been like.
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products.
TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.
Google patched a vulnerability that a researcher was able to exploit in order to collect every Gmail address.
News aggregator Feedly and note-taking service Evernote were both knocked offline by distributed denial of service attacks in the last 24 hours.
Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution.
The hackers behind last month’s iPhone ransomware campaign – in which many users were asked to pay $100 to unlock their devices – may be behind bars now.
Microsoft's June 2014 Patch Tuesday security updates patched 66 vulnerabilities, including 59 in a critical Internet Explorer cumulative update.
As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development. The team behind the Open Crypto Audit […]
Espionage attacks against aerospace and satellite companies in the U.S. and Europe have been linked to a Chinese People's Liberation Army unit, security company Crowdstrike said.
There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and the Content Security Management Appliance. Cisco has released updated software to fix […]
A new banking Trojan called Pandemiya is for sale in hacker forums. The malware took a year to write from scratch, RSA Security said, in order to avoid detection and analysis.
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.