Threatpost for B2B
The First Stop For Security News
Updated: 20 hours 2 min ago
Microsoft published its Patch Tuesday advance notification, advising IT shops to be ready for nine bulletins, including three critical patches.
Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers. Rovnix is a malware variant that often has been distributed by other kinds of malware. Last year Microsoft warned users about a […]
SAP recently pushed out patches to address seven vulnerabilities in three different lines of software that could have opened those running the systems up to complete compromise.
Researchers at Malware Must Die published a report that hackers are spreading Mayhem botnet malware in exploits targeting the Shellshock vulnerability in Bash.
The pervasive dragnet surveillance of Americans revealed by the Edward Snowden documents has caused serious damage to the trust that enterprises and citizens had in the United States government and unless that trust is repaired, it could have serious effects on the Internet economy, a panel of prominent technology executives said. In a town hall meeting […]
The Electronic Frontier Foundation and the Justice Department squared off on the topic of National Security Letters in a San Francisco courtroom yesterday. This fight's next stop is likely the Supreme Court.
Researchers who released attack code against vulnerabilities in USB devices followed that up with a patch, that they and researcher Karsten Nohl acknowledge isn't enough to solve the problem.
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those patches–113 of them–fix minor vulnerabilities in the […]
Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free speech by requiring that the company “engage in speech […]
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.
A vulnerability in the account creation process in Bugzilla, bug-tracking software developed and licensed by Mozilla, exposes vulnerabilities collected by the system. Mozilla is expected to patch the vulnerability today.
The changes that both Google and Apple have made to their mobile operating systems to encrypt the data on users' devices have generated praise from the security and privacy communities and vitriol and criticism from the law enforcement and political worlds in equal measure.
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users.
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer.
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]