Threatpost for B2B
The First Stop For Security News
Updated: 1 hour 39 min ago
The secret Foreign Intelligence Surveillance Court has authorized a 90-day extension to the Section 215 bulk telephone collection program used by the National Security Agency, giving the agency through the end of February to run the program in the absence of legislation establishing a new authority.
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox.
A Minnesota District Court ruling this week related to the 2013 Target data breach has opened the door for banks to pursue damages from retailers victimized by a data breach.
Troels Oerting, head of Europol's EC3, explains the extreme difficulties law enforcement faces when investigating and prosecuting cybercrime at Georgetown Law's Cybercrime 2020.
Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Google's Project Zero released details and exploit code earlier this week.
The United States Department of Justice yesterday announced the creation of a new cybercrime unit within its Computer Crime and Intellectual Property Section.
Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul.
WASHINGTON D.C. - Panelists at a Georgetown Law's conference agreed that ransomware schemes will be the malware of choice on the Internet of things.
Microsoft's December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site. The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could […]
Apple has pulled a batch of security updates for Safari that it initially released yesterday.
Researchers have found a way to generate GPG key collisions in just four seconds, and put out a call for GPG to harden its UX.
Google has reworked its reCAPTCHA authentication system with a new API that relies on reputation checking, and presents safe users with a simplified CAPTCHA.
As expected, the Sony breach has apparently unearthed more than just unreleased movies: A slew of sensitive employee information is now making the rounds online.
Elipse, a Brazilian SCADA software developer, patched a serious denial-of-service vulnerability in the DNP Master Driver deployed in its SCADA web-based application.
Mozilla issued nine security updates for exploitable vulnerabilities in Firefox, Firefox extended support release and its Thunderbird email client.
Avivah Litan of Gartner explains how context aware behavioral analytics may have prevented recent retail breaches and the Snowden, NSA surveillance saga.
Open source VPN software providers OpenVPN released an update Monday that patches a critical denial-of-service vulnerability.
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]
New research connects Iranian state-sponsored hackers to attacks against critical infrastructure worldwide.