Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 14 hours 53 min ago

XMPP Mandating Encryption on Messaging Service Operators

Mon, 05/19/2014 - 16:07
Beginning today, operators of instant massaging services that rely on the extensible messaging and presence protocol (XMPP) are expected to deploy encryption into the messaging platforms they maintain.

Malvertising Redirecting to Microsoft Silverlight Exploits

Mon, 05/19/2014 - 15:04
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.

Facebook Takes Tougher Stand Against BREACH Attack

Mon, 05/19/2014 - 13:30
Facebook disclosed today how it has beefed up cross-site request forgery (CSRF) tokens in order to ward off the BREACH attack.

U.S. Indicts Five Chinese Army Officers for Alleged Cyberespionage Operations

Mon, 05/19/2014 - 11:30
The United States government on Monday made an unprecedented move in its efforts to combat cyberespionage operations against American companies, efforts that until now had mainly consisted of strongly worded statements and diplomacy. The Department of Justice indicted five officers of the Chinese People’s Liberation Army for allegedly hacking into networks run by companies such […]

Retailers Form ISAC to Share Threat Data

Mon, 05/19/2014 - 10:33
From the beginning of the cybercrime epidemic, retailers have been among the most frequent targets, and the last year has seen some of the larger compromises in history. The Target data breach is at the top of that list, involving more than 100 million customers, and after years of increasingly serious compromises the retail industry […]

Embedded Devices Leak Authentication Data Via SNMP Community String

Fri, 05/16/2014 - 13:55
Rapid7 today disclosed zero-day vulnerabilities in an enterprise-grade load balancer from Brocade and home DSL routers and cable modems that allow a hacker to steal authentication data from the SNMP community string.

PayPal Fixes Serious Account Hijacking Bug in Manager

Fri, 05/16/2014 - 11:30
PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin’s account, change their password and steal their personal information -- not to mention their savings.

Snowden, Surveillance Prompt Tech Companies to Re-evaluate Privacy Attitudes

Fri, 05/16/2014 - 11:25
The EFF's annual Who Has Your Back? report praises Apple and Yahoo for its gains in transparency and fighting for users' privacy and civil liberties, while it singles out Snapchat for its shortcomings.

Critical Infrastructure Companies Continue to Patch Heartbleed

Fri, 05/16/2014 - 11:22
Industrial control systems manufacturers are continuing to discover and provide fixes for the OpenSSL Heartbleed vulnerability.

Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes

Fri, 05/16/2014 - 02:39
Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. The company also released a patch for iTunes that fixes a […]

Terror Group’s Choice of Homegrown Crypto Likely Aids US Intelligence

Thu, 05/15/2014 - 15:31
Al Qaeda's choice to develop homegrown encryption, experts say, likely gives U.S. intelligence efforts a leg up against the terrorist organization.

IETF To Mitigate Pervasive Monitoring In Future Protocols

Thu, 05/15/2014 - 12:06
The IETF released RFC7258 which defines pervasive monitoring of Internet traffic and surveillance of online activity as an attack to be mitigated in all future IETF protocols.

Five Year Old Security Vulnerability Patched in Linux Kernel

Thu, 05/15/2014 - 11:05
A critical security vulnerability that existed in the Linux kernel for five years has now been fixed, but could cause system crashes, code execution, and privilege escalation.

The Emerging Threat to Satellite Communications

Thu, 05/15/2014 - 09:32
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the […]

Google Fixes Three Critical Chrome Vulnerabilities

Wed, 05/14/2014 - 16:06
Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.

Zeus’ Reach Expands With New Webinjects

Wed, 05/14/2014 - 15:14
The peer-to-peer version of Zeus was especially busy in the first quarter with infections reported by banks in 10 countries that previously had eluded Zeus’ reach.

Microsoft Giving .NET Users The Option to Shed RC4

Wed, 05/14/2014 - 13:21
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.

NSF Awards $15M for New Secure Internet Architecture

Wed, 05/14/2014 - 12:35
The NSF is awarding $15 million worth of grants to researchers who can implement new Internet architectures that move toward a more robust and secure Internet.

Buffer Overflows Patched in Yokogawa Control System Products

Wed, 05/14/2014 - 11:06
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.

Mozilla Asks CAs for Details on Subordinate Certificate Controls

Wed, 05/14/2014 - 00:13
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate certificates. The company made the policy change last year, […]