Threatpost for B2B
The First Stop For Security News
Updated: 16 hours 59 min ago
Researchers who released attack code against vulnerabilities in USB devices followed that up with a patch, that they and researcher Karsten Nohl acknowledge isn't enough to solve the problem.
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those patches–113 of them–fix minor vulnerabilities in the […]
Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free speech by requiring that the company “engage in speech […]
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.
A vulnerability in the account creation process in Bugzilla, bug-tracking software developed and licensed by Mozilla, exposes vulnerabilities collected by the system. Mozilla is expected to patch the vulnerability today.
The changes that both Google and Apple have made to their mobile operating systems to encrypt the data on users' devices have generated praise from the security and privacy communities and vitriol and criticism from the law enforcement and political worlds in equal measure.
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users.
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer.
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]
Researcher Michal Zalewski published details on two recently discovered Shellshock vulnerabilities in Bash.
A number of cloud service providers like Amazon Web Services and Rackspace had to shut some systems down over the weekend to address a critical Xen security vulnerability.
Two researchers published attack code exploiting weaknesses in USB similar to the BadUSB research presented at this year's Black Hat conference.
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user's browser.
A security update for the Joomla content management system was pulled and re-issued after problems with the first set of patches for a remote file inclusion and denial of service vulnerability were discovered.
VMware issued a progress report on fixes for four different types of products as they relate to the Bash vulnerability.