Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 12 hours 45 min ago

Dridex Banking Trojan Spreading Via Office Macros

Wed, 01/07/2015 - 13:15
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.

New Emomet Variant Targets Banking, Email Credentials

Wed, 01/07/2015 - 11:35
Security researchers are tracking a new version of the Emomet malware that is targeting users’ banking credentials and also has the ability to steal email usernames and passwords, which are then used to send spam from compromised accounts. The new variant of Emomet has mostly been seen targeting users in Germany, but researchers at Microsoft […]

Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients

Tue, 01/06/2015 - 17:19
Morgan Stanley says it has fired an employee who allegedly stole information from 10 percent of the firm's wealth management clients with the intent of selling that data online.

Malvertising Campaign Uses AOL Ad Network, Leads to Exploit Kit

Tue, 01/06/2015 - 15:25
Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit.

Inside Cryptowall 2.0 Ransomware

Tue, 01/06/2015 - 14:36
An analysis of Cryptowall 2.0 reveals that the ransomware relies on complex encryption routines and sandbox detection capabilities to survive. It also uses Tor for command and control, and can execute on 32- and 64-bit systems.

Users Report Malicious Ads in Skype

Tue, 01/06/2015 - 12:01
Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update.

Moonpig API Vulnerability Exposes Payment Card Data

Tue, 01/06/2015 - 11:32
A researcher has called out U.K.-based personalized greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk.

CERT Warns of UEFI Hardware Vulnerabilities

Mon, 01/05/2015 - 17:11
The CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University issued three advisories today warning of serious UEFI vulnerabilities.

Microsoft Reports Massive Increase in Macros-Enabled Threats

Mon, 01/05/2015 - 15:46
Microsoft is warning of a significant uptick in threats tricking users to enable macros and then infecting them with malicious macros files.

Wifiphisher Wi-Fi Hacking Tool Automates Phishing Attacks

Mon, 01/05/2015 - 14:34
A new Wi-Fi hacking tool, called wifiphisher, automates phishing attacks over WPA networks.

Bitcoin Exchange Bitstamp Offline Following Apparent Compromise

Mon, 01/05/2015 - 13:47
Bitstamp, a Bitcoin exchange based in the United Kingdom, remains offline this morning following what appears to have been a compromise over the weekend.

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack

Mon, 01/05/2015 - 12:42
The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact Linux distribution for servers, appliances and […]

U.S. Sanctions North Korea Defense Agencies, Individuals in Sony Hack

Fri, 01/02/2015 - 16:39
President Obama signed an Executive Order sanctioning three North Korea defense agencies and 10 individuals for the country's alleged role in the Sony hack.

Unpatched Windows Privilege Elevation Vulnerability Details Disclosed

Fri, 01/02/2015 - 12:40
Google's Project Zero disclosed details of a Windows privilege elevation vulnerability. Google said it reported the to Microsoft but it has yet to be patched.

WordPress Symposium Plug-In Plagued by File Upload Vulnerability

Wed, 12/31/2014 - 12:23
Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.

Payment Cards Exposed in Possible Chik-fil-A Data Breach

Wed, 12/31/2014 - 12:18
Reports emerge suggesting a data breach may have occurred, compromising the payment card data of customers who dined at Chik-fil-A.

Seven Things to Watch for in 2015

Wed, 12/31/2014 - 10:00
A new year begins at midnight and Threatpost highlights seven things you're bound to contend with in 2015.

XXE Bug Patched in Facebook Careers Third-Party Service

Tue, 12/30/2014 - 16:06
A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page.

Majority of 4G USB Modems, SIM Cards Exploitable

Tue, 12/30/2014 - 15:20
Researchers at the Chaos Computer Club conference in Hamburg presented research on the woeful state of security in 4G USB modems.

Cellular Privacy, SS7 Security Shattered at 31C3

Tue, 12/30/2014 - 14:15
Researchers Tobias Engel and Karsten Nohl demonstrated serious vulnerabilities in the SS7 protocol for cellular service, putting the privacy of phone calls and users' location data at risk for intercept.