Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 12 hours 31 min ago

NSA Official: Support for Compromised Dual EC Algorithm Was ‘Regrettable’

Wed, 01/14/2015 - 11:29
In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National […]

GE Ethernet Switches Have Hard-Coded SSL Key

Wed, 01/14/2015 - 09:24
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink […]

Microsoft Patches Vulnerability Under Attack and Google-Disclosed Zero Day

Tue, 01/13/2015 - 14:41
Microsoft issued eight Patch Tuesday security bulletins, including a fix for a vulnerability disclosed by Google and another under active attack.

Report: DHS Not Addressing Cyber Threats to Building Access Control Systems

Tue, 01/13/2015 - 14:00
The Department of Homeland Security is doing an inadequate job assessing and addressing the risk posed by cyber threats to access control systems at federal facilities.

Adobe Patches Nine Vulnerabilities in Flash

Tue, 01/13/2015 - 13:45
Adobe patched Flash Player , addressing nine vulnerabilities in the software including critical bugs that could allow an attacker to take control of an affected system.

Gitrob Combs Github Repositories for Secret Company Data

Tue, 01/13/2015 - 12:55
Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.

Encryption is Not the Enemy

Tue, 01/13/2015 - 11:30
David Cameron, speaking in the wake of the terror attack in Paris last week, said at an event Monday that the UK government can't allow any form of communication that can't be read.

How a $10 USB Charger Can Record Your Keystrokes Over the Air

Tue, 01/13/2015 - 07:03
Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.

President Proposes National Breach Notification Standard

Mon, 01/12/2015 - 13:55
President Obama today announced plans to propose a national data breach notification standard, a consumer privacy bill of rights, and privacy protection for students using electronic learning materials.

Microsoft Censures Google For Publishing Windows Vulnerability

Mon, 01/12/2015 - 13:46
Microsoft called Google out over the weekend for publicly disclosing the details of a Windows privilege elevation vulnerability just a week before the company's patch Tuesday release.

Lizard Squad’s DDoS-For-Hire Service Built on Hacked Home Routers

Mon, 01/12/2015 - 13:24
The DDoS attacks that knocked both Xbox Live and the PlayStation Network (PSN) offline around Christmas came at the hands of a botnet comprised largely of hacked home routers.

0-Days Exposed in Several Corel Applications

Mon, 01/12/2015 - 13:18
Researchers from Core Security have disclosed DLL hijacking vulnerabilities in several applications made by Corel Software after the vendor didn't respond to Core's notifications about the flaws.

Google Passes on Older Android Patches; 930 Million Devices Vulnerable

Mon, 01/12/2015 - 12:44
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.

Certificate Transparency Moves Forward With First Independent Log

Mon, 01/12/2015 - 10:35
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by […]

Google Engineers Critical of Aviator Browser Security

Fri, 01/09/2015 - 17:42
Google security engineers have criticized the security and privacy of WhiteHat Security's Aviator browser, after finding a remote code execution vulnerability within hours of Aviator's release as open source.

Zappos Settles, Pays Out $106K Following Data Breach

Fri, 01/09/2015 - 12:55
Online retailer Zappos settled with attorneys general in nine states, stemming from a data breach in 2012 that exposed 24 million customers’ information.

Schneider Patches Buffer Overflow in Wonderware Server

Fri, 01/09/2015 - 09:52
The Industrial Control System CERT released two advisories warning of serious vulnerabilities in Schneider Electric and Emerson industrial gear. Public exploits are available for one flaw.

Inside North Korea’s Naenara Browser

Fri, 01/09/2015 - 07:00
Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North […]

Root Command Execution Flaw Haunts ASUS Routers

Thu, 01/08/2015 - 16:21
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]

Credit Union Watchdog Shoots Down Data Encryption Rule

Thu, 01/08/2015 - 15:36
A trade association in charge of overseeing the needs of credit unions has shrugged off the idea of implementing a data encryption rule.