Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 6 hours 1 min ago

Sandbox Escape Bug in Adobe Reader Disclosed

Mon, 12/01/2014 - 10:26
Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that made it […]

New Google Security Dashboard Manages Device Activity

Wed, 11/26/2014 - 14:04
Google released a new Devices and Activity Dashboard, along with a new security wizard for Google for Work accounts.

Siemens Patches WinCC Vulnerabilities Likely Being Exploited

Wed, 11/26/2014 - 10:04
Siemens has patched two critical vulnerabilities in the WinCC application in a number of its products; the flaws are likely being exploited, ICS-CERT and Siemens said.

Home Depot Breach Cost Company $43 Million in Third Quarter

Wed, 11/26/2014 - 08:18
The massive Home Depot data breach disclosed earlier this fall involved the theft of 56 million credit and debit card numbers, and now the company has revealed that the incident so far has cost it $43 million. The costs are the result of both the investigation into the data breach as well as the recovery […]

Sony Pictures Dealing With Apparent Network Compromise

Tue, 11/25/2014 - 14:40
Sony Pictures Entertainment is still in the process of trying to recover from an apparent compromise of some of the company’s computer systems. The attack first came to light on Monday, and the extent of the incident is still emerging. The compromise appears to affect just the networks at SPE, a division of Sony. Reports […]

Adobe Releases Emergency Flash Player Patch

Tue, 11/25/2014 - 13:22
Adobe released an emergency out-of-band Flash Player security bulletin, revising a patch released in October with an additional CVE addressing a memory corruption vulnerability.

Brain Science and Browser Warnings

Tue, 11/25/2014 - 12:22
Computer users will click through browser warnings and security alerts in order to complete a task, but once they're hacked, their behaviors change, a recent BYU study learned.

Experts Question Legality of Use of Regin Malware by Intel Agencies

Tue, 11/25/2014 - 10:51
Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there's no legal basis for the operation.

Craigslist Back Online Following DNS Hijack

Mon, 11/24/2014 - 17:11
The popular classified website Craigslist is back online today following a DNS attack that forced it offline for several hours Sunday evening.

Remote Code Execution in Popular Hikvision Surveillance DVR

Mon, 11/24/2014 - 12:48
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.

Costin Raiu on the Regin APT Malware

Mon, 11/24/2014 - 11:05
Denis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT Team about the discovery of the Regin APT malware, the threat's targets and tactics, its ability to compromise GSM base stations and its other capabilities.

Regin Cyberespionage Platform Also Spies on GSM Networks

Mon, 11/24/2014 - 10:09
Kaspersky Lab researchers have learned that the Regin cyberespionage platform also targets GSM telecommunications networks.

EFF, Privacy Groups Say NIST Crypto Standards Must be Free From Backdoors

Mon, 11/24/2014 - 09:24
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create "a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities."

FTC Shutters $120 Million Tech Support, Bogus Software Scam

Fri, 11/21/2014 - 16:09
The FTC and a Florida federal court issued temporary restraining orders against a number of organizations and individuals involved in a massive telemarketing operating selling bogus software and support.

Threatpost News Wrap, November 21, 2014

Fri, 11/21/2014 - 13:20
In this week's news wrap podcast, Threatpost editors discuss an out-of-band Microsoft patch, the compromised Joomla and WordPress plug-inattack campaign and the Detekt anti-surveillance tool.​

Buffer Overflow Haunts Advantech WebAccess SCADA Product

Fri, 11/21/2014 - 11:00
The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution. Advantech WebAccess is a SCADA and human-machine interface product that’s accessible over the Web. It’s used in a variety of industries, including energy, manufacturing, government and the commercial sector. The vulnerability affects […]

WordPress 4.0.1 Update Patches Critical XSS Vulnerability

Fri, 11/21/2014 - 09:52
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.

Most Targeted Attacks Exploit Privileged Accounts

Thu, 11/20/2014 - 16:51
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.

Detekt Tool Puts Surveillance Spyware on Notice

Thu, 11/20/2014 - 14:08
Civil rights activists and hacker Claudio Guarnieri along with partners such as the EFF and Amnesty International released Detekt, open source security software targeting activists and oppressed people that scans Windows machines for dangerous spyware.

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Thu, 11/20/2014 - 10:54
Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013. […]