Threatpost for B2B
The First Stop For Security News
Updated: 13 hours 24 min ago
Business email compromise scams trick corporate executives, employees and clients into transferring business funds to criminal bank accounts in China.
FreeBSD has patched a handful of vulnerabilities in its kernel code that could have enabled an attacker to crash the system, execute arbitrary code, or disclose sensitive kernel memory.
Silent Circle patched a serious memory corruption vulnerability in the Silent Text application bundled with the secure Blackphone as well as in the standalone iOS and Android apps.
Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a serious flaw […]
The National Football League's NFL Mobile application leaks unencrypted credentials putting personal user information at risk.
The U.S. House of Representatives Subcommittee on Commerce, Manufacturing and Trade today held preliminary hearings on drafting federal data breach notification legislation.
A critical remote code execution vulnerability in the GNU C library glibc affects all Linux systems going back to 2000.
Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by Google. As part of […]
The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have […]
Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents.
In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.
Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that patching older versions of the OS […]
Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exploits for which have been included in the notorious Angler Exploit Kit.
Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found. The vulnerability is the result of Marriott’s system failing to use any kind of authentication on requests, meaning that an attacker who knew […]
Siemens has patched a web vulnerability in its SIMATIC PLC family of products that could have led unsuspecting users to malicious sites
Dennis Fisher and Mike Mimoso talk about all of the zero days that were dropped this week on Adobe and Apple, the Oracle backdoor drama and the upcoming Kaspersky Security Analyst Summit in Cancun. Then, Dennis calls Brian Donohue to talk about the wonders of the Blackhat movie and Brian's dog makes a special appearance, too!
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to remote code execution in some cases. “Sapi/cgi/cgi_main.c in […]
UPDATE: Thousands of U.S. gas stations contain internet-connected fuel gauges that don't require passwords and could be remotely shut down by hackers.
Three unpatched Apple OS X vulnerabilities were disclosed by Google's Project Zero research team. Project Zero discloses if a bug is not patched within 90 days of reporting it to the affected vendor.