Threatpost for B2B
The First Stop For Security News
Updated: 22 hours 54 min ago
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant […]
Experts question whether the Havex malware campaign targeting three European industrial control system software vendors is merely a dry run for something bigger.
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware.
Microsoft will release two critical bulletins tomorrow as part of its July 2014 Patch Tuesday security updates.
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil.
A popular point of sale vendor may have suffered a data breach earlier this year that could affect the customers of a handful of restaurants.
The Miniduke APT campaign is back in business with new tools to steal data from new targets in an assortment of countries from all over the globe.
A fraud ring targeting Brazil's Boleto payment method has pulled off hundreds of thousands of bogus transactions valued at $3.75 billion.
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a root user.
A new piece of Android malware leaks data, steals banking credentials, hijacks bank accounts, and serves as a remote access tool.
Wordpress users that have the MailPoet newsletter plugin installed are being cautioned to upgrade immediately.
Microsoft admits that it made a technical mistake as part of its No-IP.com malware operation takedown, errors that resulted in legitimate customers of the site losing service.
The EFF filed a FOIA lawsuit against the NSA and ODNI looking for more information on the government's use and disclosure of zero-day vulnerabilities.
Microsoft announced TLS support on Outlook.com and that OneDrive cloud storage now supports Perfect Forward Secrecy.
The U.S. intelligence community historically has been loathe to release virtually any information about the way that its agencies operates, to the point that the existence of some of those agencies themselves was secret for decades. But in the wake of the Snowden leaks, more and more information is beginning to trickle out, and the […]
PayPal unfroze the account of Swiss secure email upstart ProtonMail late this morning, freeing at least $275,000 the service had raised left in limbo.
Apple updates Mavericks, iOS, Safari, and AppleTV with a long list of patches for critical security vulnerabilities.
A variant of the Cridex malware, called Geodo, steals data from compromised machines and comes with a self-replicating feature built from a list of 50,000 stolen SMTP credentials.