Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 23 hours 57 min ago

Critical Holes in OAuth, OpenID Could Leak Information, Redirect Users

Fri, 05/02/2014 - 13:42
A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.

PHP Updated to Fix OpenSSL Flaws, Other Bugs

Fri, 05/02/2014 - 10:48
The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL.

Adobe Beefs Up Security in ColdFusion 11

Fri, 05/02/2014 - 10:29
Adobe is calling out a number of security enhancements built into ColdFusion 11, including new OWASP tools, profile controls and crypto upgrades to existing APIs.

Yahoo Drops Support for Do Not Track

Fri, 05/02/2014 - 09:22
Yahoo, one of the first large Web companies to recognize the Do Not Track header from browsers on its properties, has now backtracked and said it will no longer support DNT.

Apple Fixes Critical Hole in Developer Center

Thu, 05/01/2014 - 15:38
Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners.

Google to Stop Scanning Student Accounts

Thu, 05/01/2014 - 14:16
Google announced it will no longer allow ads to be displayed in the accounts of Apps for Education users nor will it scan those accounts for advertising purposes.

Windows XP Systems Also Get Out-of-Band IE Zero-Day Patch

Thu, 05/01/2014 - 12:56
Microsoft released an out-of-band emergency security update for a zero day in Internet Explorer. The patch is available to unsupported Windows XP machines as well.

Facebook Enhances Privacy Settings with Anonymous Login

Thu, 05/01/2014 - 12:37
Facebook announced new authentication changes yesterday, including Anonymous Login which gives users the option of using an application without sharing personal data stored with Facebook.

Google Fixes XSS Flaw in Search Appliance

Thu, 05/01/2014 - 11:38
There’s a remotely exploitable vulnerability in several versions of the Google Search Appliance that could allow an unauthenticated attacker to execute a cross-site scripting attack and run a script in the context of the user’s browser. The Google Search Appliance is an enterprise product that enables users to search for content from a wide variety […]

Bug Bounties Expanding to Individual Developers

Thu, 05/01/2014 - 09:36
Bug bounties once were restricted mainly to large software companies such as Mozilla and Google. But the success of these programs has led many other infrastructure and product companies, including Yahoo, Facebook, Barracuda, PayPal and even Microsoft, to launch their own reward systems. Now, the phenomenon has spread to individual developers. Looking at the list […]

UltraDNS Dealing with DDoS Attack

Wed, 04/30/2014 - 15:11
DNS provider UltraDNS has been under a DDoS attack for much of the day.

Researchers Find IE VGX Components Likely Exploited in Zero-Day Attacks

Wed, 04/30/2014 - 13:23
Researchers used crash reports sent via Windows Error Reporting to uncover two components likely being exploited by the latest Internet Explorer zero day vulnerability.

Target Accelerates Chip-and-Pin Roll Out, Hires New CIO

Wed, 04/30/2014 - 12:13
Target is accelerating plans to move to a full chip-and-pin system for its branded credit and debit cards.

Hacking Traffic Systems for Fun and Chaos

Wed, 04/30/2014 - 11:29
The devices that control traffic lights and electronic signs in many cities are vulnerable to a number of attacks, can be exploited quite easily and used to spread malware from device to device.

Mozilla Redesigns Firefox Browser, Fixes Security Vulnerabilities

Wed, 04/30/2014 - 11:25
Mozilla yesterday released the substantially redesigned version 29 of its Firefox browser, including fixes for a number of critical and highly rated security vulnerabilities.

Vishing Attacks Targeting Dozens of Banks

Tue, 04/29/2014 - 17:45
A recent VoIP phishing campaign has been netting the payment card information of up to 250 Americans per day.

Senate Draft Bill to Protect Threat Information Sharing

Tue, 04/29/2014 - 15:59
A proposed bill would promote public-private information sharing by protecting private entities seeking to share cyber threat information with the government.

Volume of NTP Amplification Attacks Getting Louder

Tue, 04/29/2014 - 13:03
NTP amplification attacks account for the majority of DDoS attacks that exceed 100 Gbps, according to Arbor Networks.

The White House and Zero Day Sleight of Hand

Tue, 04/29/2014 - 10:50
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except that it mostly doesn’t matter.

Click-Fraud Sefnit Variant Shuns Tor for SSH

Tue, 04/29/2014 - 09:26
Facebook security researchers discovered a new variant of the Sefnit click-fraud malware. Unlike previous versions that used Tor for communication, this one uses SSH over port 443.