Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 23 min 5 sec ago

AT&T Hit By Insider Breach

Mon, 10/06/2014 - 10:32
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users.

Shellshock-like Weakness May Affect Windows

Mon, 10/06/2014 - 08:19
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.

76M Households, 7M Businesses Impacted in JPMorgan Chase Breach

Fri, 10/03/2014 - 13:54
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer.

Threatpost News Wrap, October 3, 2014

Fri, 10/03/2014 - 13:35
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.

Google Changes SafeSearch Option for Administrators

Fri, 10/03/2014 - 10:07
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]

Researcher Takes Wraps off Two Undisclosed Shellshock Vulnerabilities in Bash

Fri, 10/03/2014 - 05:00
Researcher Michal Zalewski published details on two recently discovered Shellshock vulnerabilities in Bash.

Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtime

Thu, 10/02/2014 - 15:17
A number of cloud service providers like Amazon Web Services and Rackspace had to shut some systems down over the weekend to address a critical Xen security vulnerability.

Release of Attack Code Raises Stakes for USB Security

Thu, 10/02/2014 - 14:11
Two researchers published attack code exploiting weaknesses in USB similar to the BadUSB research presented at this year's Black Hat conference.

Second Same-Origin Policy Bypass Flaw Haunts Android Browser

Thu, 10/02/2014 - 10:49
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user's browser.

Joomla Re-Issues Security Update After Patches Glitch

Wed, 10/01/2014 - 14:49
A security update for the Joomla content management system was pulled and re-issued after problems with the first set of patches for a remote file inclusion and denial of service vulnerability were discovered.

VMware Begins to Patch Bash Issues Across Product Line

Wed, 10/01/2014 - 14:43
VMware issued a progress report on fixes for four different types of products as they relate to the Bash vulnerability.

Xsser Trojan Spies on Jailbroken iOS Devices

Wed, 10/01/2014 - 13:32
An iOS espionage Trojan has been discovered spying on jailbroken Apple devices, primarily used against pro-democracy protestors in Hong Kong.

Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products

Wed, 10/01/2014 - 11:01
There's a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.

DARPA Working on Provably Secure Embedded Software

Wed, 10/01/2014 - 10:19
DARPA is working on a new kind of software that is provably secure for specific properties.

Google Ups Chrome Bug Bounty, Offers More Money For Exploits

Tue, 09/30/2014 - 14:10
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company's bug bounty program.

OpenVPN Vulnerable to Shellshock Bash Vulnerability

Tue, 09/30/2014 - 12:47
OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it's pre-authentication in OpenVPN.

New Signed Version of CryptoWall Ransomware On the Loose

Tue, 09/30/2014 - 10:37
Researchers have discovered a variant of the CryptoWall ransomware that has a valid digital signature and is being distributed through malicious ads on several top-ranked Alexa Web sites. CryptoWall is one of the more successful ransomware strains in recent memory, with researchers estimating last month that the malware had grossed more than $1 million for […]

Apple Patches Shellshock Vulnerability in Bash for OS X

Mon, 09/29/2014 - 18:34
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.

WPScan Vulnerability Database a New WordPress Security Resource

Mon, 09/29/2014 - 16:31
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It's available for pen-testers, WordPress administrators and developers.

RadEditor Web Editor Vulnerable To XSS Attacks

Mon, 09/29/2014 - 12:15
All versions of an HTML editor used in several Microsoft properties, including ASP.NET, suffer from a high-risk cross-site scripting (XSS) vulnerability.