Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 18 hours 46 min ago

Angler Exploit Kit Pushing New, Unnamed Ransomware

Tue, 05/12/2015 - 10:52
The Angler exploit kit is pushing yet another new variant of the TeslaCrypt and AlphaCrypt ransomware. It is similar to Cryptolocker but remains unnamed.

Datapp Sniffs Out Unencrypted Mobile Data

Tue, 05/12/2015 - 09:49
Datapp, a Windows program developed at the University of New Haven, sniffs out unencrypted mobile data sent over HTTP.

Home Automation Software Z-Way Vulnerable to Remote Attacks

Tue, 05/12/2015 - 09:41
A researcher warns users of the extensible Z-Way controller project that a weakness built into the software could easily expose it to attacks.

Ed Felten Joins White House as Deputy CTO

Mon, 05/11/2015 - 15:09
Ed Felten, a professor at Princeton University and a well-respected voice on security and privacy issues, is joining the White House as the deputy CTO. In his new role, Felten will be working under Megan Smith, the CTO of the United States and a former Google vice president. Felten has been at Princeton in various […]

Tor Cloud Shut Down Amid Lack of Support

Mon, 05/11/2015 - 15:01
The Tor Project is discontinuing its Tor Cloud Project in the face of mounting bugs and a lack of human and financial resources.

MacKeeper Patches Remote Code Execution Zero Day

Mon, 05/11/2015 - 13:39
The MacKeeper OS X and iOS performance and security utility has been patched against a remote code execution zero day vulnerability.

Elasticsearch Honeypot Snares 8,000 Attacks Against RCE Vulnerability

Mon, 05/11/2015 - 13:18
Hackers are exploiting a remote code execution vulnerability in Elasticsearch, according to one researcher who published logs from a honeypot he built showing 8,000 attempts to exploit the bug.

Court’s Ruling a ‘Clear Signal’ About Mass Surveillance Programs, Experts Say

Mon, 05/11/2015 - 11:16
The ruling last week by the Second Circuit Court of Appeals that the NSA’s years-long bulk collection of phone metadata is illegal is a “clear signal” that courts are moving in the direction of striking down some mass surveillance programs, experts say. The decision, issued Thursday, is among the first major rulings to go against […]

Threatpost News Wrap, May 8, 2015

Fri, 05/08/2015 - 12:12
Dennis Fisher and Mike Mimoso talk about the end of the Patch Tuesday era for most Microsoft customers, the appeals court ruling on Section 215 metadata collection and Dennis’s idea for a security industry commission.

WordPress Sites Backdoored, Leaking Credentials

Fri, 05/08/2015 - 11:37
Zscaler has discovered a number of WordPress sites that have been backdoored and sending credentials to a hacker-controlled website.

Rockwell Automation Patches Buffer Overflow in ICS App

Fri, 05/08/2015 - 11:09
There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments. The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely […]

Security Updates Coming for Adobe Reader, Acrobat

Fri, 05/08/2015 - 09:50
Adobe released pre-notification of security updates coming next week for its Reader and Acrobat products. The updates will address critical vulnerabilities in both products, Adobe said.

Weak Homegrown Crypto Dooms Open Smart Grid Protocol

Thu, 05/07/2015 - 14:58
Researchers in Europe have published research examining weak, homegrown cryptography used in the Open Smart Grid Protocol.

Cisco Patches Remote Code Execution Bugs in UCS Central

Thu, 05/07/2015 - 14:21
Cisco has patched a critical input validation vulnerability in its UCS Central software.

Vulnerabilities Identified in Two WordPress Plugins

Thu, 05/07/2015 - 12:38
Two vulnerabilities in two different WordPress plugins - an Arbitrary Variable Overwrite vulnerability in eShop, and an XSS vulnerability in Jetpack - were identified this week.

Appeals Court Rules NSA Metadata Collection Not Authorized by Section 215

Thu, 05/07/2015 - 10:58
The United States Court of Appeals for the Second Circuit ruled Thursday that the Patriot Act does not authorize the bulk collection of phone records by the NSA. The ruling undermines the key foundation upon which the federal government’s phone metadata surveillance program is built, Section 215 of the Patriot Act. That program was the […]

Apple Fixes WebKit Vulnerabilities in Safari Browser

Thu, 05/07/2015 - 10:49
Apple has issued a series of bulletins for its Safari browser fixing various security vulnerabilities in its WebKit rendering engine.

Lenovo Patches Vulnerabilities in System Update Service

Wed, 05/06/2015 - 14:20
IOActive researchers disclosed details on three patched vulnerabilities in Lenovo's System Update mechanism.

NSA Whistleblowers, Civil Liberties Groups Urge Congress to Oppose USA Freedom Act

Wed, 05/06/2015 - 14:15
Aletter has been sent to members of Congress by a long list of privacy, civil liberties, and human rights organizations asking the legislators to oppose the proposed USA Freedom Act, which would extend Section 215.

Patch Tuesday Facelift End of an Era

Wed, 05/06/2015 - 13:10
Microsoft's introduction of Windows Update for Business puts an end to Patch Tuesday security updates as we know them.