Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 20 hours 2 min ago

Microsoft Ready With Nine Bulletins, New Critical IE Patches

Thu, 10/09/2014 - 15:20
Microsoft published its Patch Tuesday advance notification, advising IT shops to be ready for nine bulletins, including three critical patches.

Rovnix Variant Surfaces With New DGA

Thu, 10/09/2014 - 14:17
Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers. Rovnix is a malware variant that often has been distributed by other kinds of malware. Last year Microsoft warned users about a […]

SAP Patches Seven Vulnerabilities in Three Products

Thu, 10/09/2014 - 13:19
SAP recently pushed out patches to address seven vulnerabilities in three different lines of software that could have opened those running the systems up to complete compromise.

Shellshock Exploits Spreading Mayhem Botnet Malware

Thu, 10/09/2014 - 12:36
Researchers at Malware Must Die published a report that hackers are spreading Mayhem botnet malware in exploits targeting the Shellshock vulnerability in Bash.

Wyden: Surveillance is a ‘Clear and Present Danger’ to the Digital Economy

Thu, 10/09/2014 - 10:39
The pervasive dragnet surveillance of Americans revealed by the Edward Snowden documents has caused serious damage to the trust that enterprises and citizens had in the United States government and unless that trust is repaired, it could have serious effects on the Internet economy, a panel of prominent technology executives said. In a town hall meeting […]

EFF Issues Arguments Against National Security Letters

Thu, 10/09/2014 - 09:51
The Electronic Frontier Foundation and the Justice Department squared off on the topic of National Security Letters in a San Francisco courtroom yesterday. This fight's next stop is likely the Supreme Court.

[Bad]USB ‘Patch’ Skirts More Effective Options

Thu, 10/09/2014 - 07:54
Researchers who released attack code against vulnerabilities in USB devices followed that up with a patch, that they and researcher Karsten Nohl acknowledge isn't enough to solve the problem.

Google Fixes 159 Flaws in Chrome

Thu, 10/09/2014 - 07:02
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those patches–113 of them–fix minor vulnerabilities in the […]

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Tue, 10/07/2014 - 14:49
Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.

Arbor: DDoS Attacks Getting Bigger as Reflection Increases

Tue, 10/07/2014 - 14:29
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.

Twitter Files Suit Over Government Restrictions on National Security Letter Data

Tue, 10/07/2014 - 14:16
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free speech by requiring that the company “engage in speech […]

Tyupkin Malware Infects ATMs Worldwide

Tue, 10/07/2014 - 08:54
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.

Yahoo Confirms Infected Servers Unrelated to Shellshock

Mon, 10/06/2014 - 19:56
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.

Bugzilla Vulnerability Puts Bug Collections in Harm’s Way

Mon, 10/06/2014 - 14:13
A vulnerability in the account creation process in Bugzilla, bug-tracking software developed and licensed by Mozilla, exposes vulnerabilities collected by the system. Mozilla is expected to patch the vulnerability today.

Experts Laud Changes to iPhone, Android Encryption

Mon, 10/06/2014 - 13:49
The changes that both Google and Apple have made to their mobile operating systems to encrypt the data on users' devices have generated praise from the security and privacy communities and vitriol and criticism from the law enforcement and political worlds in equal measure.

AT&T Hit By Insider Breach

Mon, 10/06/2014 - 10:32
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users.

Shellshock-like Weakness May Affect Windows

Mon, 10/06/2014 - 08:19
A weakness in Windows, similar to Shellshock, may put Windows Server deployments at risk to remote code execution.

76M Households, 7M Businesses Impacted in JPMorgan Chase Breach

Fri, 10/03/2014 - 13:54
A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer.

Threatpost News Wrap, October 3, 2014

Fri, 10/03/2014 - 13:35
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.

Google Changes SafeSearch Option for Administrators

Fri, 10/03/2014 - 10:07
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]