Threatpost for B2B
The First Stop For Security News
Updated: 8 hours 29 min ago
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]
New research connects Iranian state-sponsored hackers to attacks against critical infrastructure worldwide.
The FBI sent security professionals at US businesses a five-page confidential flash warning, alerting them to destructive malware attacks that overwrite hard drives leaving them inoperable.
SP+, a parking facilities management company, reported that it had been breached and hackers used malware to access payment card data.
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]
Officials from the Federal Bureau of Investigation (F.B.I.) and Mandiant have begun to investigate the Sony Pictures breach.
A criminal hacking group, well versed on Wall Street, is targeting healthcare and pharmaceutical M&A intelligence.
Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that made it […]
Google released a new Devices and Activity Dashboard, along with a new security wizard for Google for Work accounts.
Siemens has patched two critical vulnerabilities in the WinCC application in a number of its products; the flaws are likely being exploited, ICS-CERT and Siemens said.
The massive Home Depot data breach disclosed earlier this fall involved the theft of 56 million credit and debit card numbers, and now the company has revealed that the incident so far has cost it $43 million. The costs are the result of both the investigation into the data breach as well as the recovery […]
Sony Pictures Entertainment is still in the process of trying to recover from an apparent compromise of some of the company’s computer systems. The attack first came to light on Monday, and the extent of the incident is still emerging. The compromise appears to affect just the networks at SPE, a division of Sony. Reports […]
Adobe released an emergency out-of-band Flash Player security bulletin, revising a patch released in October with an additional CVE addressing a memory corruption vulnerability.
Computer users will click through browser warnings and security alerts in order to complete a task, but once they're hacked, their behaviors change, a recent BYU study learned.
Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there's no legal basis for the operation.
The popular classified website Craigslist is back online today following a DNS attack that forced it offline for several hours Sunday evening.
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.
Denis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT Team about the discovery of the Regin APT malware, the threat's targets and tactics, its ability to compromise GSM base stations and its other capabilities.
Kaspersky Lab researchers have learned that the Regin cyberespionage platform also targets GSM telecommunications networks.
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create "a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities."