Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 18 hours 3 min ago

Digital First Aid Kit A Guide For Activists, First-Responders

Fri, 07/11/2014 - 13:32
The Electronic Frontier Foundation and other NGOs have published a guide with advice on secure communication, DDoS and malware mitigation and more for activists, journalists and others targeted for surveillance.

Apple Updates OSX Blacklist Following Flash Vulnerability

Fri, 07/11/2014 - 13:07
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.

Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication

Fri, 07/11/2014 - 10:48
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.

Tinba Banker Trojan Source Code Leaked

Fri, 07/11/2014 - 08:10
The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit. Tinba performs many […]

Brute-Forcing Botnet Sniffs Out Lax POS Systems

Thu, 07/10/2014 - 14:54
The botnet particularly targeted poorly implemented remote desktop protocol setups that were storing payment card information.

GAO Hammers Lack of Shipping Port Cybersecurity Measures

Thu, 07/10/2014 - 12:51
The GAO issued a scathing report criticizing the lack of risk assessments and cybersecurity funding at shipping ports and other maritime facilities.

Google Constrains India CCA Root Cert in Wake of Bad Google and Yahoo Certificates Appearing

Thu, 07/10/2014 - 11:11
The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA’s root certificate to a handful of domains in a future Chrome release. Google’s security team […]

International Authorities Take Down Shylock Banking Malware

Thu, 07/10/2014 - 10:07
Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware.

Microsoft Settles With No-IP Over Malware Takedown

Thu, 07/10/2014 - 09:56
It’s been a weird couple of weeks for Microsoft. On June 30 the company announced its latest malware takedown operation, which included a civil law suit against Vitalwerks, a small Nevada hosting provider, and the seizure of nearly two dozen domains the company owned. Now, 10 days later, Microsoft has not only returned all of the seized […]

Android Exploited to Make and End Phone Calls, Send USSD Codes

Wed, 07/09/2014 - 16:11
A pair of Android vulnerabilities in ever version prior to KitKat could give an attacker the ability to make and end phone calls and send USSD codes using a malicious application.

Buffer Overflow Vulnerabilities in Yokogawa ICS Gear Patched

Wed, 07/09/2014 - 15:26
Yokogawa Electric Corp., of Japan patched critical buffer overflow flaws in its CENTUM and Exaopac production control system software.

DHS Releases Hundreds of Documents on Wrong Aurora Project

Wed, 07/09/2014 - 14:26
In response to a FOIA request for information about the Operation Aurora attack on Google the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier

Facebook Carries Out Lecpetex Botnet Takedown

Wed, 07/09/2014 - 11:08
Facebook disclosed that it carried out its first botnet takedown of a Greek operation called Lecpetex. The botnet victimized 250,000 computers, stole Facebook and other credentials, and dropped Litecoin mining software.

DNI, Justice Department Deny Targeting Americans for Surveillance Based on Religion, Politics

Wed, 07/09/2014 - 10:04
The Director of National Intelligence and the Department of Justice have denied a report based on leaked documents from Edward Snowden that United States intelligence and law enforcement agencies conduct surveillance of Americans based on their ethnicity, religious affiliation or political stances.

Yahoo Patches Bugs in Mail, Messenger, Flickr

Tue, 07/08/2014 - 16:49
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.

Microsoft July Patch Tuesday Updates Patch 29 IE Vulnerabilities

Tue, 07/08/2014 - 15:23
Microsoft fixes 29 security vulnerabilities in Windows, Internet Explorer, and Server Software in its July 2014 Patch Tuesday release.

Google Finds, Blocks Unauthorized Certificates

Tue, 07/08/2014 - 14:43
Phony digital certificates for a number of Google domains were discovered and blocked. The certs were issued by the National Informatics Centre of India and were in the Microsoft Root Store.

New Verizon Transparency Report Shows Large Government Appetite for Location, Content Data

Tue, 07/08/2014 - 13:49
The second transparency report from Verizon claims the company received nearly 150,000 total orders in the first half of 2014.

Adobe Patches Flash Vulnerability Exploited by Rosetta Flash Tool

Tue, 07/08/2014 - 13:27
Adobe patched Flash Player today, adding validation checks to the software so that it rejects malicious content from vulnerable JSONP callback APIs.

China Hackers Compromise Iraq Experts at National Security Think Tanks

Tue, 07/08/2014 - 10:53
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.