Threatpost for B2B
The First Stop For Security News
Updated: 2 hours 46 min ago
A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of […]
Oracle is expected to release 113 patches across its product lines as part of its quarterly Critical Patch Updates.
An early version of LibreSSL, a fork of OpenSSL developed by the OpenBSD Foundation, was released for a number of platforms beyond OpenBSD.
LastPass, the popular password manager for most of the top Web browsers, has fixed a couple of vulnerabilities that could have allowed an attacker to target users and generate his own one-time passwords for the victim’s account. The company said that its security team hasn’t seen any active attacks exploiting these vulnerabilities and doesn’t think that […]
It’s only been a little more than a month since the FBI and Europol took down the GameOver Zeus botnet, taking control of its command-and-control infrastructure and effectively cutting off the malware’s head. But researchers say that there are some indications that a new strain of the malware may already be active again. GameOver Zeus […]
The Electronic Frontier Foundation and other NGOs have published a guide with advice on secure communication, DDoS and malware mitigation and more for activists, journalists and others targeted for surveillance.
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit. Tinba performs many […]
The botnet particularly targeted poorly implemented remote desktop protocol setups that were storing payment card information.
The GAO issued a scathing report criticizing the lack of risk assessments and cybersecurity funding at shipping ports and other maritime facilities.
The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA’s root certificate to a handful of domains in a future Chrome release. Google’s security team […]
Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware.
It’s been a weird couple of weeks for Microsoft. On June 30 the company announced its latest malware takedown operation, which included a civil law suit against Vitalwerks, a small Nevada hosting provider, and the seizure of nearly two dozen domains the company owned. Now, 10 days later, Microsoft has not only returned all of the seized […]
A pair of Android vulnerabilities in ever version prior to KitKat could give an attacker the ability to make and end phone calls and send USSD codes using a malicious application.
Yokogawa Electric Corp., of Japan patched critical buffer overflow flaws in its CENTUM and Exaopac production control system software.
In response to a FOIA request for information about the Operation Aurora attack on Google the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier
Facebook disclosed that it carried out its first botnet takedown of a Greek operation called Lecpetex. The botnet victimized 250,000 computers, stole Facebook and other credentials, and dropped Litecoin mining software.
The Director of National Intelligence and the Department of Justice have denied a report based on leaked documents from Edward Snowden that United States intelligence and law enforcement agencies conduct surveillance of Americans based on their ethnicity, religious affiliation or political stances.
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.