Threatpost for B2B
The First Stop For Security News
Updated: 22 hours 32 min ago
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent […]
CANCUN--Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Dan Kaminsky insisted that there's a cost to doing security crypto through DNS at Kaspersky Lab's 2015 Security Analyst Summit Monday.
At the Security Analyst Summit, a researcher from PwC explained how some huge operational security failures on the part of APT gangs helped uncover those behind attacks.
CANCUN--Chris Hoff, vice president and CTO of the security business at Juniper Networks, compares the current enterprise security situation to that of a mixed-martial arts fighter who needs to be proficient in multiple disciplines.
The Carbanak cybercrime gang could be responsible for stealing up to $1 billion from as many as 100 banks in 30 countries, researchers at Kaspersky Lab said.
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla's extension signing plan, plus questions from readers!
Apple extended two-factor authentication (2FA) yesterday to both its iMessage and FaceTime services, adding an extra layer of security to the popular iPhone and iPad apps.
A reseller of the Rig Exploit Kit has leaked some of the source code behind the pack after parting ways with the kit's developer. Experts don't expect a spike in Rig-based attacks.
WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed in all versions of WordPress that […]
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.
Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years.
A Chinese APT group has been linked to a watering hole attack on Forbes.com used to target defense and financial targets.
In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools. […]
Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.
Details were released on two Microsoft Group Policy vulnerabilities affecting all Windows machines going back to Windows Server 2003. The flaws were addressed in separate Patch Tuesday security bulletins.
Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options header, a common defense against clickjacking and other […]
Microsoft released its February 2015 Patch Tuesday security bulletins, including a massive update for Internet Explorer and a patch for a Windows zero day disclosed by Google.