Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 15 hours 18 min ago

Audit Project Releases Verified Repositories of TrueCrypt 7.1a

Tue, 06/10/2014 - 13:59
As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development. The team behind the Open Crypto Audit […]

Attacks Against Space, Satellite Companies Linked to Second Chinese PLA Unit

Tue, 06/10/2014 - 13:01
Espionage attacks against aerospace and satellite companies in the U.S. and Europe have been linked to a Chinese People's Liberation Army unit, security company Crowdstrike said.

Cisco Patches XSS Flaw in Security Appliances

Tue, 06/10/2014 - 10:47
There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and the Content Security Management Appliance. Cisco has released updated software to fix […]

New Pandemiya Banking Trojan Written From Scratch

Tue, 06/10/2014 - 09:52
A new banking Trojan called Pandemiya is for sale in hacker forums. The malware took a year to write from scratch, RSA Security said, in order to avoid detection and analysis.

‘Red Button’ Attack Could Compromise Some Smart TVs

Mon, 06/09/2014 - 15:33
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.

RIG Exploit Kit Pushing Cryptowall Ransomware

Mon, 06/09/2014 - 14:04
The RIG Exploit Kit is using malvertising to infect victims with Cryptowall ransomware, including one tiny New Hampshire town that proved backup is king when confronting ransomware.

Android Ransomware First to Encrypt Data on Mobile Devices

Mon, 06/09/2014 - 12:28
Researchers at Kaspersky Lab reported the first strain of Android ransomware that encrypts the contents of a device. The malware communicates either over Tor, or via HTTP and SMS.

ICS-CERT Warns of Easily Hackable Road Signs

Mon, 06/09/2014 - 11:38
ICS-CERT has issued an alert warning that a certain software that manages electronic highways signs contains a vulnerability that makes such signs susceptible to hacking.

iOS 8 Will Randomize MAC Addresses to Help Stop Tracking

Mon, 06/09/2014 - 10:41
Apple enthusiasts have been poring over the feature list for iOS 8, due out this fall, geeking out over the tighter integration among all iOS devices, the improved mail app and myriad other bells and whistles. But perhaps the most important change is a subtle one hidden beneath the covers that will help prevent much […]

Vodafone Transparency Report Sheds Light on Global Surveillance

Fri, 06/06/2014 - 15:18
Vodafone released its first transparency report today revealing that a small number of countries have a direct link to its network in order to collect data.

Debian Urging Users Patch Linux Kernel Flaw

Fri, 06/06/2014 - 13:40
Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation.

WordPress Promises SSL on All Domains by End of 2014

Fri, 06/06/2014 - 12:16
WordPress announced on Reset the Net day that it would encrypt all of its subdomains with SSL by the end of 2014.

Threatpost News Wrap, June 6, 2014

Fri, 06/06/2014 - 09:54
Dennis Fisher and Mike Mimoso discuss the changes in the year since the first stories broke regarding Edward Snowden and the NSA and the new OpenSSL vulnerability.​

‘Placebo’ Security Apps Booted From Google Play, Amazon

Thu, 06/05/2014 - 16:09
A handful of apps purporting to specialize in virus detection and scanning were recently removed from both Google Play and Amazon after being deemed fake.

Microsoft Expected to Patch IE 8 Zero Day on Patch Tuesday

Thu, 06/05/2014 - 14:30
Microsoft said it will patch a zero-day vulnerability in Internet Explorer in its June 2014 Patch Tuesday security updates.

On Snowden Anniversary, Microsoft Calls for Surveillance Reform

Thu, 06/05/2014 - 14:25
Microsoft general counsel Brad Smith lays out five areas where the U.S. government needs to make positive strides in reforming surveillance.

Vulnerabilities in IPMI Protocol Have Long Shelf Life

Thu, 06/05/2014 - 14:17
Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn't good.

Linksys E4200 Vulnerability Enables Authentication Bypass

Thu, 06/05/2014 - 14:05
Linksys router contains an authentication bypass vulnerability that could give an attacker full administrative privileges on affected devices.

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

Thu, 06/05/2014 - 09:30
There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers.

COPA-DATA Patches DNP3 SCADA Vulnerability

Wed, 06/04/2014 - 15:19
A SCADA vulnerability could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability is left unpatched.