Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 21 hours 12 min ago

Threatpost News Wrap, May 8, 2015

Fri, 05/08/2015 - 12:12
Dennis Fisher and Mike Mimoso talk about the end of the Patch Tuesday era for most Microsoft customers, the appeals court ruling on Section 215 metadata collection and Dennis’s idea for a security industry commission.

WordPress Sites Backdoored, Leaking Credentials

Fri, 05/08/2015 - 11:37
Zscaler has discovered a number of WordPress sites that have been backdoored and sending credentials to a hacker-controlled website.

Rockwell Automation Patches Buffer Overflow in ICS App

Fri, 05/08/2015 - 11:09
There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments. The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely […]

Security Updates Coming for Adobe Reader, Acrobat

Fri, 05/08/2015 - 09:50
Adobe released pre-notification of security updates coming next week for its Reader and Acrobat products. The updates will address critical vulnerabilities in both products, Adobe said.

Weak Homegrown Crypto Dooms Open Smart Grid Protocol

Thu, 05/07/2015 - 14:58
Researchers in Europe have published research examining weak, homegrown cryptography used in the Open Smart Grid Protocol.

Cisco Patches Remote Code Execution Bugs in UCS Central

Thu, 05/07/2015 - 14:21
Cisco has patched a critical input validation vulnerability in its UCS Central software.

Vulnerabilities Identified in Two WordPress Plugins

Thu, 05/07/2015 - 12:38
Two vulnerabilities in two different WordPress plugins - an Arbitrary Variable Overwrite vulnerability in eShop, and an XSS vulnerability in Jetpack - were identified this week.

Appeals Court Rules NSA Metadata Collection Not Authorized by Section 215

Thu, 05/07/2015 - 10:58
The United States Court of Appeals for the Second Circuit ruled Thursday that the Patriot Act does not authorize the bulk collection of phone records by the NSA. The ruling undermines the key foundation upon which the federal government’s phone metadata surveillance program is built, Section 215 of the Patriot Act. That program was the […]

Apple Fixes WebKit Vulnerabilities in Safari Browser

Thu, 05/07/2015 - 10:49
Apple has issued a series of bulletins for its Safari browser fixing various security vulnerabilities in its WebKit rendering engine.

Lenovo Patches Vulnerabilities in System Update Service

Wed, 05/06/2015 - 14:20
IOActive researchers disclosed details on three patched vulnerabilities in Lenovo's System Update mechanism.

NSA Whistleblowers, Civil Liberties Groups Urge Congress to Oppose USA Freedom Act

Wed, 05/06/2015 - 14:15
Aletter has been sent to members of Congress by a long list of privacy, civil liberties, and human rights organizations asking the legislators to oppose the proposed USA Freedom Act, which would extend Section 215.

Patch Tuesday Facelift End of an Era

Wed, 05/06/2015 - 13:10
Microsoft's introduction of Windows Update for Business puts an end to Patch Tuesday security updates as we know them.

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem

Wed, 05/06/2015 - 10:36
More than five percent of all unique IP addresses accessing Google sites included some kind of ad injector software, and there are more than 50,000 of those injector browser extensions in use today, according to new research from Google.

Vulnerability-Riddled Drug Pumps Open to Takeover

Tue, 05/05/2015 - 14:34
Hospira's Lifecare PCA3 Drug Infusion pumps are susceptible to multiple remotely exploitable vulnerabilities that could not only brick the device but allow an attacker to run commands and put lives in jeopardy.

Microsoft LAPS Tool Tackles Common Local Admin Password Problem

Tue, 05/05/2015 - 13:23
Experts are concerned that Microsoft's new Local Administrator Password Solution only partially addresses the problem of identical passwords on computers in a domain.

ICU Project Overflow Vulnerabilities Patched

Tue, 05/05/2015 - 11:21
Buffer and integer overflow vulnerabilities have been patched in the ICU Project ICU4C library, used in hundreds of open source and enterprise software packages.

Usbkill Script Can Render Computers Useless

Tue, 05/05/2015 - 11:17
The idea of needing to disable a computer quickly as the police--or another potential adversary--comes through the door typically has been the concern of criminals. But in today's climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, and that's where usbkill comes in.

Angler Exploit Kit, Bedep Malware Inflating Video Views

Tue, 05/05/2015 - 08:00
Cybercriminals are using the Angler exploit kit to infect users with the Bedep Trojan, which then uses their computer resources to perform click-fraud and artificially inflate video views.

Netflix Releases FIDO Incident Response Tool

Tue, 05/05/2015 - 07:11
Engineers at Netflix have released another one of the company's bespoke security tools as an open-source application, this time an incident-response system known as FIDO.

Rombertik Malware Can Overwrite MBR if Audited

Mon, 05/04/2015 - 16:26
Cisco Talos reports a new strain of spyware called Rombertik that escalates its anti-detection capabilities by destroying the Master Boot Record if the code is audited.