Threatpost for B2B

A buffer overflow could occur in VideoLAN's VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.

read more

NEW YORK--The long list of high-profile cyberespionage and cybercrime attacks that have surfaced in the last couple of years has led to broad discussions in the security community, government circles and elsewhere about the scope of the problem. Those discussions now are just starting to reach into the boardroom, and security experts say that any CEO who isn't concerned about this problem is living in the past.

read more

A new bit of malware is targeting popular apps on Android mobile devices to spew costly spam.

Beijing- and Dallas-based NQ Mobile said at least 600,000 Chinese users have been hit with the malicious code named "Bill Shocker" (a.expense.Extension.a) because it runs up the bills of infected users while sending spam messages using their devices. So far, the infection seems contained to China, but its success may pose an international danger based on current traction.

read more

A number of security vulnerabilities were repaired in the latest version of the Opera browser, which was released today. However, a security researcher says that users who downloaded the browser from Apple’s Mac App Store won’t have access to version 12.13; in fact you’ll be two revs behind as of today.

Graham Cluley of Sophos reported today that Opera 12.11 is the latest version available at the Mac App Store. Version 12.12 was released Dec. 18.

read more

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser.

read more

Outcomes in security tend to be about data loss; stolen pharmaceutical formulas, jet fighter blueprints, patient records, credit card numbers etc. All of these come with a great cost to the victim and make for sexy headlines. But far too little is dissected and analyzed about service disruptions.

read more

An unusual new strain of ransomware makes good on its threat, doing what the majority of other varieties only claim to do. The Trojan actually encrypts data on infected machines, effectively rendering certain files inaccessible to users on compromised computers in order to block removal.

read more

By Dong Yan

In China these days, e-commerce has become an important part of daily life, especially among young people. According to a report from CNNIC (China Internet Network Information Center), the number of Chinese e-commerce users reached 242 million at the end of the December 2012. This is nearly half of all Chinese internet users.

read more

In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks.

read more

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL code, inject and execute arbitrary code and perform a denial of service attack on a Ruby on Rails app.

read more

Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.

read more

Back in the dark days of dial-up connectivity, attackers wouldn’t bother compromising home computers as bots to be used in distributed denial-of-service. The lack of bandwidth made PCs persona non grata in the DDoS world. Instead, attackers targeted Web servers, the only machines with the high-speed broadband connections to make DDoS viable.

In the years since, broadband has literally come home and personal machines have been compromised by the millions for everything from spam to flood attacks against websites and online services.

read more

Dutch and Canadian officials say the popular mobile text messaging app WhatsApp violates their countries' privacy laws because it rifles through users' contacts to find other devices hooked up to the service.

read more

Search giant Google is planning a third iteration of its vulnerability-finding contest, Pwnium. This year’s competition is set to be held alongside next month’s CanSecWest security conference on March 7 in Vancouver, BC. Unlike last year’s inaugural Pwnium, which was parallel to CanSecWest's older Pwn2Own competition, this year Google teamed up with HP’s Zero Day Initiative, the group behind Pwn2Own, to work on the contest’s outlines and “underwrite a portion of the winnings.”

read more

A Virginia appeals court on Friday denied a right-to-access order filed by the Electronic Frontier Foundation and the American Civil Liberties Union on behalf of Icelandic parliamentarian Birgitta Jonsdottir and computer security researchers Jacob Appelbaum and Rop Gonggrijp. The denial confirms a lower court's ruling that neither those individuals nor the public has the right to see the documents a court uses to justify its warrantless acquisition of information.

read more

Government requests for user account information made to Twitter pale in comparison to the number made to Google, but nonetheless, the number is on the rise according to Twitter’s Transparency Report, released today. Twitter’s report said government requests are generally made in conjunction with some kind of criminal investigation; 815 requests came from the United States government and Twitter complied 69 percent of the time; 57 percent worldwide.

read more

Facebook is serious about its new Graph Search feature, which helps users of the social media site narrowly search for friends with common interests in a much more intuitive fashion than a Google search, for example. Founder Mark Zuckerberg had tagged Graph Search the third Facebook pillar, right alongside the site’s news feed and timeline. So why are security and privacy experts nervous? There’s some serious horsepower behind Graph Search, and there are users whose interests aren’t as benign as finding friends of friends in a particular location who happen to like country music, fine wine and yoga.

read more

As the Senate pushes for legislation to improve information-sharing on threats and attacks and President Barack Obama prepares to issue an executive order on cybersecurity, the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend the country's private and public networks.

read more