Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 20 hours 32 min ago

Dyre Banking Trojan Jumps Out of Sandbox

Fri, 05/01/2015 - 09:48
Researchers at Seculert have found a new version of the Dyre banking malware, one that is adept at avoiding sandbox detection.

Unpatched Router Vulnerability Could Lead to Code Execution

Thu, 04/30/2015 - 14:07
A critical vulnerability in popular household routers such as D-Link and Trendnet could be exploited by attackers to run arbitrary code on devices.

New Spam Campaign Pushing CTB-Locker Ransomware

Thu, 04/30/2015 - 13:28
The SANS Institute reports a new strain of CTB-Locker ransomware moving this week via spam messages.

MySQL Bug Can Strip SSL Protection From Connections

Thu, 04/30/2015 - 10:59
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some […]

Congress, Crypto and Craziness

Thu, 04/30/2015 - 07:34
A Congressional hearing on encryption and "frontdoors" produced a generous amount of the usual "crazy" from lawmakers and law enforcement.

WordPress Ecommerce Plugin Vulnerability Details Disclosed

Wed, 04/29/2015 - 14:28
Details on a number of unpatched vulnerabilities in a popular WordPress ecommerce plugin called CartPress were disclosed.

A Year Later, XSS Vulnerability Still Exists in eBay

Wed, 04/29/2015 - 14:27
A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.

OpenSSL Past, Present and Future

Wed, 04/29/2015 - 13:06
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.

Google Releases Password Alert Extension for Chrome

Wed, 04/29/2015 - 12:14
Google is rolling out a new extension for Chrome that will monitor users’ logins and warn them if they enter a Google password on a non-Google page, a move designed to help protect users against phishing attacks. The new extension, called Password Alert, works for both consumer accounts and Google Apps for Work accounts. Company […]

Macro-Enabled Malware Making a Comeback

Wed, 04/29/2015 - 10:28
Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of […]

How I Got Here: Jennifer Leggio

Wed, 04/29/2015 - 08:54
Dennis Fisher talks with Jennifer Leggio, a longtime player in security PR and marketing, about her start as an obituary writer in Southern California, her move into tech in the Bay Area, what she loves about working in security and what makes for successful startups.

Criminal Group Using Dynamic Gate System to Infect with Fiesta EK

Tue, 04/28/2015 - 14:47
Criminal group is utilizing a changing series of Internet protocol addresses, domains and gates in order to infect its victims with the Fiesta exploit kit.

SendGrid Admits Broader Hack of Email Service

Tue, 04/28/2015 - 14:31
Email delivery service provider SendGrid admitted that hackers had accessed several internal systems, refuting reports earlier this month that the attack was an isolated incident.

WordPress Patches Zero-Day Vulnerability

Tue, 04/28/2015 - 13:12
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS' core engine.

Authentication Vulnerabilities Identified in Projector Firmware

Tue, 04/28/2015 - 11:42
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.

Mozilla to Remove Turkish CA From Firefox Trust Store

Tue, 04/28/2015 - 10:15
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]

New Utility Decrypts Data Lost to TeslaCrypt Ransomware

Mon, 04/27/2015 - 14:38
Cisco published an analysis of TeslaCrypt and a decryptor tool that recovers files lost to the ransomware.

Details on WordPress Zero Day Disclosed

Mon, 04/27/2015 - 11:56
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

Mon, 04/27/2015 - 11:38
A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library […]

Siemens Patches Ghost Flaw in Simatic Product

Mon, 04/27/2015 - 10:51
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an […]