Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 5 hours 19 min ago

Indexing the Dark Web One Hacking Forum At A Time

Tue, 02/17/2015 - 15:27
Staffan Truve spoke Monday at the Kaspersky Analyst Summit about the efforts his company Recorded Future is taking to index the dark web, or what he called the underbelly.

Encryption and Silence Can be Targets’ Best Assets

Tue, 02/17/2015 - 12:45
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security. Secure communications among researchers who know one another […]

First Arabic Cyberespionage Operation Uncovered

Tue, 02/17/2015 - 12:40
The Desert Falcons gang is the first Arabic APT group, according to researchers at Kaspersky Lab.

Inside nls_933w.dll, the Equation APT Persistence Module

Tue, 02/17/2015 - 12:01
The persistence module used by the Equation APT Group uncovered by researchers at Kaspersky Lab has been called the ultimate cyberattack tool.

APT Groups Emerging in Middle East

Tue, 02/17/2015 - 11:22
CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well. In 2013, Adrian […]

Examining the Risks and Advantages of Biohacking

Mon, 02/16/2015 - 18:47
At the Security Analyst Summit, expert Hannes Sjoblad described the potential uses for NFC implants as authenticators and transaction verifiers.

Preventing Silent Data Exits a Workable Problem for Businesses

Mon, 02/16/2015 - 17:45
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent […]

Massive, Decades-Long Cyberespionage Framework Uncovered

Mon, 02/16/2015 - 15:02
CANCUN--Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.

Don’t Build a Bounty Program; Build an Incentive Program

Mon, 02/16/2015 - 14:59
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.

Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence

Mon, 02/16/2015 - 14:18
Dan Kaminsky insisted that there's a cost to doing security crypto through DNS at Kaspersky Lab's 2015 Security Analyst Summit Monday.

Hackers’ Op-Sec Failures Important Clues to Uncover APT Gangs

Mon, 02/16/2015 - 13:06
At the Security Analyst Summit, a researcher from PwC explained how some huge operational security failures on the part of APT gangs helped uncover those behind attacks.

Evolution and Adaptation in the Security Jungle

Mon, 02/16/2015 - 11:51
CANCUN--Chris Hoff, vice president and CTO of the security business at Juniper Networks, compares the current enterprise security situation to that of a mixed-martial arts fighter who needs to be proficient in multiple disciplines.

Carbanak Ring Steals $1 Billion from Banks

Sun, 02/15/2015 - 20:14
The Carbanak cybercrime gang could be responsible for stealing up to $1 billion from as many as 100 banks in 30 countries, researchers at Kaspersky Lab said.

Google Adds Grace Period to Disclosure Policy

Fri, 02/13/2015 - 16:04
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.

Threatpost News Wrap, February 13, 2015

Fri, 02/13/2015 - 13:18
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla's extension signing plan, plus questions from readers!

Apple Extends 2FA to iMessage, FaceTime

Fri, 02/13/2015 - 12:14
Apple extended two-factor authentication (2FA) yesterday to both its iMessage and FaceTime services, adding an extra layer of security to the popular iPhone and iPad apps.

Spat Leads to Partial Leak of Rig Exploit Kit

Fri, 02/13/2015 - 11:12
A reseller of the Rig Exploit Kit has leaked some of the source code behind the pack after parting ways with the kit's developer. Experts don't expect a spike in Rig-based attacks.

Lack of CSPRNG Threatens WordPress Sites

Thu, 02/12/2015 - 12:47
WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed in all versions of WordPress that […]

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

Thu, 02/12/2015 - 12:28
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.

Ryan Naraine on SAS 2015

Thu, 02/12/2015 - 10:10
Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years.