Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 6 hours 58 min ago

Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape

Fri, 12/05/2014 - 09:19
Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Google's Project Zero released details and exploit code earlier this week.

DOJ Launches New Cyber Unit, Claims Privacy is Mission Critical

Fri, 12/05/2014 - 08:42
The United States Department of Justice yesterday announced the creation of a new cybercrime unit within its Computer Crime and Intellectual Property Section.

Details Emerge on Sony Wiper Malware Destover

Thu, 12/04/2014 - 16:24
Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul.

Ransomware is the Future of Consumer Cybercrime

Thu, 12/04/2014 - 16:02
WASHINGTON D.C. - Panelists at a Georgetown Law's conference agreed that ransomware schemes will be the malware of choice on the Internet of things.

Missing Exchange Patch Expected Among December Patch Tuesday Bulletins

Thu, 12/04/2014 - 14:04
Microsoft's December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.

Critical Remote Code Execution Flaw Found in WordPress Plugin

Thu, 12/04/2014 - 13:05
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site. The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could […]

Apple Pulls Latest Round of Safari Patches

Thu, 12/04/2014 - 11:11
Apple has pulled a batch of security updates for Safari that it initially released yesterday.

Of GPG Collisions and UX Security

Thu, 12/04/2014 - 10:36
Researchers have found a way to generate GPG key collisions in just four seconds, and put out a call for GPG to harden its UX.

Google No CAPTCHA Simple for Humans, Tough on Bots

Wed, 12/03/2014 - 13:21
Google has reworked its reCAPTCHA authentication system with a new API that relies on reputation checking, and presents safe users with a simplified CAPTCHA.

Employee Healthcare, Salary Info Leaked in Sony Breach

Wed, 12/03/2014 - 12:55
As expected, the Sony breach has apparently unearthed more than just unreleased movies: A slew of sensitive employee information is now making the rounds online.

Elipse SCADA Patches Denial-of-Service Vulnerability

Wed, 12/03/2014 - 10:56
Elipse, a Brazilian SCADA software developer, patched a serious denial-of-service vulnerability in the DNP Master Driver deployed in its SCADA web-based application.

Mozilla Critical Security Updates for Firefox, ESR, Thunderbird

Wed, 12/03/2014 - 10:18
Mozilla issued nine security updates for exploitable vulnerabilities in Firefox, Firefox extended support release and its Thunderbird email client.

Avoiding Data Breaches with Context Aware Behavioral Analytics

Wed, 12/03/2014 - 08:22
Avivah Litan of Gartner explains how context aware behavioral analytics may have prevented recent retail breaches and the Snowden, NSA surveillance saga.

OpenVPN Patches Denial of Service Vulnerability

Tue, 12/02/2014 - 13:58
Open source VPN software providers OpenVPN released an update Monday that patches a critical denial-of-service vulnerability.

IBM Fixes Serious Code Execution Bug in Endpoint Manager Product

Tue, 12/02/2014 - 13:49
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]

Report Connects Iran to Critical Infrastructure Hacks Worldwide

Tue, 12/02/2014 - 10:08
New research connects Iranian state-sponsored hackers to attacks against critical infrastructure worldwide.

FBI Warns US Businesses of Possible Wiper Malware Attacks

Tue, 12/02/2014 - 08:01
The FBI sent security professionals at US businesses a five-page confidential flash warning, alerting them to destructive malware attacks that overwrite hard drives leaving them inoperable.

Payment Card Data Accessed in Parking Management Provider Breach

Mon, 12/01/2014 - 17:05
SP+, a parking facilities management company, reported that it had been breached and hackers used malware to access payment card data.

Researcher Releases Database of Known-Good ICS and SCADA Files

Mon, 12/01/2014 - 14:20
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]

F.B.I., Mandiant, Investigating Sony Pictures Breach

Mon, 12/01/2014 - 13:07
Officials from the Federal Bureau of Investigation (F.B.I.) and Mandiant have begun to investigate the Sony Pictures breach.