Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 21 hours 22 min ago

EFF Releases Open Wireless Router Firmware

Mon, 07/21/2014 - 10:30
The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HOPE X conference over the weekend, is […]

Point-of-Sale Dealers Need a Security Sit-Down

Mon, 07/21/2014 - 09:11
Retailers and hospitality vendors are falling victim to point-of-sale hacks, and little is being done to stem the tide. At the upcoming Black Hat conference, a researcher hopes to spur a call to action.

Thousands of Sites Found Tracking Users Through Practically Unblockable ‘Fingerprint’ Mechanism

Mon, 07/21/2014 - 09:00
The rise of sophisticated new online tracking mechanisms, including one known as ‘canvas fingerprinting’ that’s been infiltrating the Internet, could soon raise the ire of privacy conscious users.

CryptoLocker Ransomware Alive and Evolving, Says Researcher

Fri, 07/18/2014 - 15:38
Despite FBI claims that CryptoLocker was neutralized in the GameOver Zeus botnet takedown, a researcher says that the ransomware is alive and evolving new variants.

Siemens Working on Patches for OpenSSL Bugs Under Exploit

Fri, 07/18/2014 - 10:49
OpenSSL vulnerabilities discovered in a number of Siemens industrial control systems are being exploited in the wild. The company has updates available for some, but not all, of the affected products.

Critroni Crypto Ransomware Seen Using Tor for Command and Control

Fri, 07/18/2014 - 10:37
There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control.

Apple Implements Email Encryption in Transit For iCloud

Thu, 07/17/2014 - 13:26
Apple quietly began encrypting virtually all of the email flowing in and out of its servers for its, and domains, a move that throws up an important roadblock for attackers and others attempting to snoop on those transmissions.

Chrome for Android Update Fixes Critical URL Spoofing Bug

Thu, 07/17/2014 - 12:38
The latest update to Chrome on Android fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site.

Cisco Patches Wireless Residential Gateway Vulnerabilities

Thu, 07/17/2014 - 10:20
Cisco patched a critical remote code execution bug in its Cisco Wireless Residential Gateway product.

Five Vulnerabilities Fixed in Apache Web Server

Thu, 07/17/2014 - 09:58
There are five vulnerabilities fixed in the latest release of the Apache Web server, including a buffer overflow and several denial-of-service vulnerabilities. Fixes for these flaws have landed in the developer release of the server, 2.4.10-dev. The buffer overflow vulnerability is rated moderate by the Apache Software Foundation, but it could be used for remote code […]

Content Security Policy Mitigates XSS, Breaks Websites

Wed, 07/16/2014 - 16:20
An easily available and stout defense against cross-site scripting - content security policy - is sparsely deployed because it is not compatible with most websites.

Researchers Say Password Re-Use Isn’t All Bad

Wed, 07/16/2014 - 13:40
A paper published by Microsoft and researchers at Carleton University declare password re-use and weak credentials have their place for users managing multiple accounts.

OpenVPN Warns Customers of CSRF Bug in Access Server Desktop Client

Wed, 07/16/2014 - 11:39
OpenVPN is advising users of its Desktop Client to upgrade as soon as possible to avoid attacks against a CSRF vulnerability that can allow remote code execution. The vulnerability lies in a product that the company no longer supports and considers obsolete. An attacker could exploit the vulnerability if a user running a vulnerable version visits […]

Large-Scale DDoS Attacks Continue to Spike

Wed, 07/16/2014 - 10:05
Although the average size of a given DDoS attack is going down, the number of attacks at the upper end of the scale is increasing, with researchers at Arbor Networks reporting more than 100 attacks of 100 Gbps in the first half of this year. In order for a DDoS attack to be effective, bad […]

‘Overblown’ LibreSSL PRNG Vulnerability Patched

Wed, 07/16/2014 - 08:25
The OpenBSD project patched a vulnerability in the LibreSSL random number generator; both sides of the issue concede the test program used to trigger the flaw was either unusual or unrealistic.

Early Review of LibreSSL Finds Problematic PRNG

Tue, 07/15/2014 - 15:48
A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend.

SSL Black List Aims to Publicize Certificates Associated With Malware

Tue, 07/15/2014 - 13:25
The new SSL Black List is a public list of certificates associated with a variety of malicious operations, including botnets, malware campaigns and banking Trojans.

Google Set to Change Malware, Phishing Warnings Following Study

Tue, 07/15/2014 - 12:40
Google will soon change the way it displays malware and phishing warnings in its Chrome browser to give users a better idea of the risk and to help them make a decision.

New Kronos Banking Malware Advertised On Russian Forums

Tue, 07/15/2014 - 11:30
Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit.

Google Project Zero May Prove a Big Win for Security

Tue, 07/15/2014 - 10:58
Google is focusing some of the sharpest minds it has on a new security initiative known as Project Zero that will dig into the critical software that the Internet and its users depend upon and find new vulnerabilities.