Threatpost for B2B
The First Stop For Security News
Updated: 12 hours 34 min ago
Dennis Fisher and DigiCert's Jeremy Rowley discuss the company's certificate issuance for Facebook's .onion site, the challenge of key protection in today's environment and what the near future holds for PKI.
A serious vulnerability in a popular Belkin router could be exploited by a local, unauthenticated attacker to gain full control over affected devices.
LAS VEGAS–The Internet that we use today was not designed as a cohesive network. It was put together from found bits and pieces over the course of the last few decades, and, as major bugs such as Heartbleed and others have shown, it’s a frighteningly fragile construction. Attackers know this as well as anyone, and […]
A Windows version of the WireLurker malware has been discovered, and like the Mac OS X version, it too is believed to have been shut down.
Home Depot revealed that hackers used credentials stolen from a third-party vendor to steal 53 million email addresses in addition to 56 million payment card numbers.
DigiCert explains why it issued a signed certificate to Facebook's .Onion Tor domain, noting it may offer more hidden services certs in the future.
Microsoft is expected to release 16 bulletins next week, including five rated critical, as part of its November 2014 Patch Tuesday updates.
Researchers at Palo Alto Networks discovered a new family of Mac OS X malware that was capable of also infecting iOS devices. The command infrastructure supporting WireLurker has been shut down.
Former DHS secretary Michael Chertoff laid out a game plan for enterprise network security, one heavy on risk management and prioritization in the context of current threats and vulnerabilities, and potential consequences.
Panelists at the Advanced Cyber Security Center annual conference discuss how readiness for the next Internet-scale bug is no longer a luxury.
Samsung this week fired back at NIST who warned last month that the company's Find My Mobile service could be exploited.
Facebook’s latest transparency report shows that U.S law enforcement agencies requested more user information from the social network in the first six months of this year than ever before.
When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it’s typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs […]
The new Backoff variant ROM has tweaks that help the malware better evade detection and hinder the analysis process.
Researchers have developed malware called AirHopper that decodes radio frequencies emitted from a computer monitor, video card or cable, in order to steal data from an air-gapped machine.
Hacking Team joins the choir of critics, including GCHQ and the FBI, rallying against anti-surveillance and privacy advocates, who, they say, aid criminals and terrorists.
Linksys released updates for routers running its SMART Wi-Fi firmware, patching vulnerabilities leading to credential theft and information disclosure. Two popular models, however, remain unpatched.
The last year has produced a rogues’ gallery of vulnerabilities in transport layer security implementations and new attacks on the key protocols, from Heartbleed to the Apple gotofail flaw to the recent POODLE attack. To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a […]
A new study examines how many device owners choose to leave their phones locked versus unlocked – and why.
American Express announced its new American Express Token Service which brings tokenization to payment card transactions.