Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 7 hours 3 min ago

DHS Releases Hundreds of Documents on Wrong Aurora Project

Wed, 07/09/2014 - 14:26
In response to a FOIA request for information about the Operation Aurora attack on Google the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier

Facebook Carries Out Lecpetex Botnet Takedown

Wed, 07/09/2014 - 11:08
Facebook disclosed that it carried out its first botnet takedown of a Greek operation called Lecpetex. The botnet victimized 250,000 computers, stole Facebook and other credentials, and dropped Litecoin mining software.

DNI, Justice Department Deny Targeting Americans for Surveillance Based on Religion, Politics

Wed, 07/09/2014 - 10:04
The Director of National Intelligence and the Department of Justice have denied a report based on leaked documents from Edward Snowden that United States intelligence and law enforcement agencies conduct surveillance of Americans based on their ethnicity, religious affiliation or political stances.

Yahoo Patches Bugs in Mail, Messenger, Flickr

Tue, 07/08/2014 - 16:49
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.

Microsoft July Patch Tuesday Updates Patch 29 IE Vulnerabilities

Tue, 07/08/2014 - 15:23
Microsoft fixes 29 security vulnerabilities in Windows, Internet Explorer, and Server Software in its July 2014 Patch Tuesday release.

Google Finds, Blocks Unauthorized Certificates

Tue, 07/08/2014 - 14:43
Phony digital certificates for a number of Google domains were discovered and blocked. The certs were issued by the National Informatics Centre of India and were in the Microsoft Root Store.

New Verizon Transparency Report Shows Large Government Appetite for Location, Content Data

Tue, 07/08/2014 - 13:49
The second transparency report from Verizon claims the company received nearly 150,000 total orders in the first half of 2014.

Adobe Patches Flash Vulnerability Exploited by Rosetta Flash Tool

Tue, 07/08/2014 - 13:27
Adobe patched Flash Player today, adding validation checks to the software so that it rejects malicious content from vulnerable JSONP callback APIs.

China Hackers Compromise Iraq Experts at National Security Think Tanks

Tue, 07/08/2014 - 10:53
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.

Phishers Use Luis Suarez Bite as Bait

Tue, 07/08/2014 - 10:23
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant […]

Motives Behind Havex ICS Malware Campaign Remain a Mystery

Mon, 07/07/2014 - 15:36
Experts question whether the Havex malware campaign targeting three European industrial control system software vendors is merely a dry run for something bigger.

Hard-Coded Password Vulnerability Plagues Some Netgear Switches

Mon, 07/07/2014 - 14:01
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware.

Expect IE Rollup, Azure Service Bus Update on Patch Tuesday

Mon, 07/07/2014 - 10:10
Microsoft will release two critical bulletins tomorrow as part of its July 2014 Patch Tuesday security updates.

All Seized Domains Returned to No-IP

Mon, 07/07/2014 - 10:04
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.

Threatpost News Wrap, July 4, 2014

Fri, 07/04/2014 - 09:00
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil.

Remote Access Hack Compromises POS Vendor

Thu, 07/03/2014 - 13:07
A popular point of sale vendor may have suffered a data breach earlier this year that could affect the customers of a handful of restaurants.

Miniduke APT Campaign Returns with New Targets, Hacking Tools

Thu, 07/03/2014 - 13:00
The Miniduke APT campaign is back in business with new tools to steal data from new targets in an assortment of countries from all over the globe.

Brazilian Payment Fraud Campaign Targets Boletos, Steals Millions

Thu, 07/03/2014 - 10:04
A fraud ring targeting Brazil's Boleto payment method has pulled off hundreds of thousands of bogus transactions valued at $3.75 billion.

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

Thu, 07/03/2014 - 09:52
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a root user.

FireEye Uncovers Android Remote Access Malware

Wed, 07/02/2014 - 16:26
A new piece of Android malware leaks data, steals banking credentials, hijacks bank accounts, and serves as a remote access tool.