Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 14 hours 18 min ago

Majority of 4G USB Modems, SIM Cards Exploitable

Tue, 12/30/2014 - 15:20
Researchers at the Chaos Computer Club conference in Hamburg presented research on the woeful state of security in 4G USB modems.

Cellular Privacy, SS7 Security Shattered at 31C3

Tue, 12/30/2014 - 14:15
Researchers Tobias Engel and Karsten Nohl demonstrated serious vulnerabilities in the SS7 protocol for cellular service, putting the privacy of phone calls and users' location data at risk for intercept.

Internet Systems Consortium Site Redirects to Angler Exploit

Mon, 12/29/2014 - 13:52
UPDATE: The website of the Internet Systems Consortium, the developers of the BIND DNS software deployed all over the Web, was reportedly infected with malware last week.

Two-Factor Snafu Opened Door to JPMorgan Breach

Wed, 12/24/2014 - 11:00
Published reports say hackers found a server unprotected by two-factor authentication in order to break in to JPMorgan over the summer and make off with data belonging to 76 million households and seven million businesses.

HP’s Zero Day Initiative Changes Bug-Buying Guidelines

Wed, 12/24/2014 - 10:55
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inception several years ago, has decided that it will […]

Apple Patches NTP Vulnerabilities in First Automated Patch

Tue, 12/23/2014 - 12:23
Apple pushed its first automated patch, fixing recently uncovered vulnerabilities in the Network Time Protocol (NTP).

2014 Year in Review

Tue, 12/23/2014 - 11:00
Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.

SoakSoak Malware Campaign Evolves

Tue, 12/23/2014 - 11:00
The attackers behind the SoakSoak malware campaign are continuing to modify their tactics and have infected a new group of Web sites. The Javascript code that the attackers target with the malware has also changed. Last week, Google took the step of blacklisting thousands of sites that had been infected by SoakSoak. The malware is targeting WordPress […]

North Korea Internet Restored Amid ‘Proportional Response’ Speculation

Tue, 12/23/2014 - 10:06
North Korea's Internet connectivity resumed last night after a 10-hour outage amid speculation the country was under a U.S.-sponsored DDoS attack in retaliation for the Sony hack.

2014: A Specious Odyssey

Tue, 12/23/2014 - 09:00
The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it's time to scramble again. In 2014, those small moments of downtime were hard to come by.

Staples Confirms 1.2 Million Cards Lost in Breach

Mon, 12/22/2014 - 16:04
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.

DHS Releases Destover Wiper Malware Indicators of Compromise

Mon, 12/22/2014 - 13:43
A US-CERT advisory describes the malware used in the destructive Sony hack, including indicators of compromise and command and control server IP addresses.

Tor Project Warns of Possible Upcoming Attack on Network

Mon, 12/22/2014 - 11:27
The Tor Project is warning that an unnamed attacker is planning to try to cripple the network by seizing directory authorities, the servers that help Tor clients find Tor relays in the network.

How I Got Here: Andrew Jaquith

Mon, 12/22/2014 - 10:25
Dennis Fisher talks with Andrew Jaquith of SilverSky about his days running networks in the transportation industry, being there at the birth of @stake during his time at Cambridge Technology Partners, helping to kickstart the security metrics movement and what's next for him.

FBI Officially Blames North Korea in Sony Hacks

Fri, 12/19/2014 - 14:44
The FBI has officially stated that North Korea is in fact responsible for the recent cyberattack targeting Sony Pictures Entertainment.

Exploits Circulating for Remote Code Execution Flaws in NTP Protocol

Fri, 12/19/2014 - 14:33
Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]

GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately

Fri, 12/19/2014 - 13:37
GitHub is encouraging Mac and Windows users to immediately install an update that resolves a serious arbitrary code execution vulnerability.

Dave Aitel on the Sony Hack

Fri, 12/19/2014 - 12:58
Dennis Fisher and security expert Dave Aitel discuss the Sony hack and why it makes sense for North Korea to be responsible for it.

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

Fri, 12/19/2014 - 11:10
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an […]

USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds

Fri, 12/19/2014 - 08:00
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]