Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 16 hours 47 min ago

Parking Services Confirm Payment Card Breaches

Thu, 01/15/2015 - 13:27
Two services that allow users to reserve offsite parking spots at airports over the internet announced this week that they recently suffered breaches and its customers’ data may be at risk.

Marriott Agrees to Stop Blocking Guest WiFi Devices

Thu, 01/15/2015 - 11:24
Marriott, which last year paid a $600,000 fine for blocking customers’ WiFi devices in its hotels, has said that it no longer will prevent guests from using personal hotspots or similar devices. The situation resulted from a complaint by a guest who stayed at Marriott’s Gaylord Opryland hotel in 2013 and found that he couldn’t […]

Government Demands for Verizon Customer Data Drop

Thu, 01/15/2015 - 09:15
The number of subpoenas, total orders and warrants that the United States government delivered to Verizon all dropped in the second half of 2014, according to the company’s latest transparency report. The giant telecom provider released data on Thursday that showed a decrease in subpoenas of about 10 percent from the first half of last […]

Skeleton Key Malware Opens Door to Espionage

Wed, 01/14/2015 - 16:00
The Skeleton Key malware bypasses single-factor authentication on Active Directory domain controllers and paves the way to stealthy cyberespionage.

Phony Oracle Patches Making the Rounds

Wed, 01/14/2015 - 11:42
Attackers are circulating fake fixes for Oracle error messages and the company is warning users not to download any patches that don’t come directly from Oracle.

New Strain of Crowti Ransomware Moving in I2P Network

Wed, 01/14/2015 - 11:35
A new strain of the Crowti ransomware, also dubbed Cryptowall 3.0, is moving on the I2P anonymity network.

NSA Official: Support for Compromised Dual EC Algorithm Was ‘Regrettable’

Wed, 01/14/2015 - 11:29
In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National […]

GE Ethernet Switches Have Hard-Coded SSL Key

Wed, 01/14/2015 - 09:24
There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink […]

Microsoft Patches Vulnerability Under Attack and Google-Disclosed Zero Day

Tue, 01/13/2015 - 14:41
Microsoft issued eight Patch Tuesday security bulletins, including a fix for a vulnerability disclosed by Google and another under active attack.

Report: DHS Not Addressing Cyber Threats to Building Access Control Systems

Tue, 01/13/2015 - 14:00
The Department of Homeland Security is doing an inadequate job assessing and addressing the risk posed by cyber threats to access control systems at federal facilities.

Adobe Patches Nine Vulnerabilities in Flash

Tue, 01/13/2015 - 13:45
Adobe patched Flash Player , addressing nine vulnerabilities in the software including critical bugs that could allow an attacker to take control of an affected system.

Gitrob Combs Github Repositories for Secret Company Data

Tue, 01/13/2015 - 12:55
Gitrob, an open source intelligence tool, helps security analysts search Github organization repositories for files not meant for public consumption.

Encryption is Not the Enemy

Tue, 01/13/2015 - 11:30
David Cameron, speaking in the wake of the terror attack in Paris last week, said at an event Monday that the UK government can't allow any form of communication that can't be read.

How a $10 USB Charger Can Record Your Keystrokes Over the Air

Tue, 01/13/2015 - 07:03
Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.

President Proposes National Breach Notification Standard

Mon, 01/12/2015 - 13:55
President Obama today announced plans to propose a national data breach notification standard, a consumer privacy bill of rights, and privacy protection for students using electronic learning materials.

Microsoft Censures Google For Publishing Windows Vulnerability

Mon, 01/12/2015 - 13:46
Microsoft called Google out over the weekend for publicly disclosing the details of a Windows privilege elevation vulnerability just a week before the company's patch Tuesday release.

Lizard Squad’s DDoS-For-Hire Service Built on Hacked Home Routers

Mon, 01/12/2015 - 13:24
The DDoS attacks that knocked both Xbox Live and the PlayStation Network (PSN) offline around Christmas came at the hands of a botnet comprised largely of hacked home routers.

0-Days Exposed in Several Corel Applications

Mon, 01/12/2015 - 13:18
Researchers from Core Security have disclosed DLL hijacking vulnerabilities in several applications made by Corel Software after the vendor didn't respond to Core's notifications about the flaws.

Google Passes on Older Android Patches; 930 Million Devices Vulnerable

Mon, 01/12/2015 - 12:44
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.

Certificate Transparency Moves Forward With First Independent Log

Mon, 01/12/2015 - 10:35
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by […]