Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 2 hours 30 min ago

New Cyber Threat Center May Face Challenges

Tue, 02/10/2015 - 14:16
In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats.

Researcher Tries to Get Ahead of CFAA Changes, Dumps 10M Sanitized Passwords

Tue, 02/10/2015 - 11:37
A dump of 10 million sanitized usernames and passwords was released online, sparking debate over its legality in light of proposed changes to the Computer Fraud and Abuse Act.

Markey Car Security Report Just the Start for Automakers

Tue, 02/10/2015 - 11:17
It turns out that computers and, by extension, things that contain computers, are vulnerable to attackers. That includes cars, something that the United States government has now discovered, and Sen. Edward Markey is now warning consumers that "automakers haven't done their part to protect us from cyber-attacks or privacy invasions."

Creaking Patch Tuesday’s Viability Rests with Quality, Speed

Tue, 02/10/2015 - 09:00
Patch Tuesday provides Windows IT shops with a cadence to their patch management efforts, but evolving threats and internal changes at Microsoft raise questions about its long-term viability.

PlugX, Go-To Malware for Targeted Attacks, More Prominent Than Ever

Tue, 02/10/2015 - 09:00
The popular remote access tool PlugX enjoyed an ascent in popularity in 2014 and is now a go-to malware for attack groups.

Intuit Suspends Turbo Tax e-Filing, Investigating Fraudulent Returns

Mon, 02/09/2015 - 13:23
Intuit last week temporarily suspended its Turbo Tax e-filing service following an increase in fraudulently filed state tax returns.

Cryptowall 3.0 Slims Down, Removes Exploits From Dropper

Mon, 02/09/2015 - 12:00
Research from Cisco on Cryptowall 3.0 ransomware shows that exploits have been removed from the dropper, indicating that the group behind it will rely instead on exploit kits.

Government Requests for Twitter User Data Continue to Grow

Mon, 02/09/2015 - 11:16
The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014.

Siemens Fixes Critical Flaws in Some WinCC Versions

Mon, 02/09/2015 - 08:20
More than two months after the original advisory went out, Siemens has released patches for a pair of critical vulnerabilities in some versions of its Simatic WinCC SCADA product that remained vulnerable. Both of the vulnerabilities are remotely exploitable and have potentially damaging consequences for companies running affected versions of the product. One of the […]

Enterprise Apps in Scope of Ghost glibc Vulnerability

Fri, 02/06/2015 - 12:59
Researchers at Veracode examined whether enterprise applications were also vulnerable to the Ghost vulnerability in glibc.

Analyzing Angler: The World’s Most Sophisticated Exploit Kit

Fri, 02/06/2015 - 12:42
Angler's unique obfuscation, ability to detect antivirus and virtual machines, encrypted payload and fileless infection have some calling it the most sophisticated exploit kit.

Threatpost News Wrap, February 6, 2015

Fri, 02/06/2015 - 11:14
Dennis Fisher and Mike Mimoso discuss the Anthem data breach, the continuing Flash 0-day happy fun times, the expansion of exploit kits and the crowd funding support for GnuPG.

Cheezburgers, Warrant Canaries and Cat Memes

Fri, 02/06/2015 - 11:03
Surveillance, privacy and security are serious subjects. So too, for some people, are cat memes and GIFs of screaming goats. And Cheezburger Inc., the premier purveyor of said memes and GIFs, wants its users to know that the company is standing up for their rights. The folks at Cheezburger have built an online empire on […]

Security, Tech Communities Rally to Support GnuPG

Fri, 02/06/2015 - 07:44
The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After a story on ProPublica Thursday publicized […]

Following Exploits, Zero Day in WordPress Plugin FancyBox Patched

Thu, 02/05/2015 - 13:21
Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added, via an iFrame, to infected sites.

IE Memory Attacks Net ZDI $125,000 Microsoft Bounty

Thu, 02/05/2015 - 10:19
Three HP ZDI researchers won a $125,000 bounty from Microsoft for successful attacks against memory protections introduced last summer into Internet Explorer.

Flash Zero Days Dominate Exploit Landscape

Thu, 02/05/2015 - 07:20
The recent Flash zero-day vulnerabilities and exploits have uncovered the relatively quiet Hanjuan exploit kit, and further exposed the dangers of malvertising.

Anthem Data Breach Could Affect Millions of Consumers

Thu, 02/05/2015 - 07:05
Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers. The company says it is not sure yet how many customers are affected, but Anthem claims to […]

Adobe Begins Patching Third Flash Player Zero Day

Wed, 02/04/2015 - 16:44
Adobe has begun distributing an emergency update for Flash Player that patched the third of three zero-day vulnerabilities under attack.

U.S. Officials Say Chinese Cyberespionage ‘Needs to Stop’

Wed, 02/04/2015 - 12:00
The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country’s continued cyberespionage operations are damaging the two countries’ relationship. In a piece co-authored in Politico with Ambassador Robert Holleyman and Alex Niejelow, the chief […]