Threatpost for B2B
The First Stop For Security News
Updated: 6 hours 53 min ago
Microsoft is aware of a recently disclosed bug in its latest browser, Internet Explorer 11, and is actively developing a patch for the issue.
There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN switches, including WIN51xx all versions prior to SS4.4.4624.35, WIN52xx: all versions […]
The third Adobe Flash Player zero day in two weeks is also currently under attack. Researchers at Trustwave found an exploit for it in the HanJuan exploit kit, which could be tied to the group behind the Angler kit.
Google and the University of Pennsylvania performed a study intended to determine the effect of best practices on the efficacy of SSL browser warnings.
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
The White House announced the creation of E-Gov Cyber, a unit within OMB, that would oversee federal policy development and enforcement of those mandates.
A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds.
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ransomware family, a kind of malware that encrypts victims’ hard drives and demands a relatively large payment in order […]
In the years since Edward Snowden began putting much of the NSA‘s business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms and other technology providers to let the public know whether they have received any secret orders. But […]
Using a new proof-of-concept, local and public IP addresses can be extracted from candidate messages sent by the API Directory's STUN protocol requests .
Google announced that it will offer research grants to those taking part in its Vulnerability Rewards Program. The program paid out $1.5 million in 2014.
There is a remotely exploitable domain name system hijack vulnerability in D-Link's DSLR2740R router.
A cyberespionage campaign pulled off by pro-Syrian hackers against Assad opposition fighters used social engineering to steal military planning documents.
For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks. Adobe officials released an advisory Monday warning users that attackers are exploiting a new vulnerability in […]
UPDATE: A new piece of malware is making the rounds on Facebook, infecting users after luring them in with a link to a salacious video.
Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions!
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework […]
Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.
Long thought dead, the peer-to-peer (P2P) ZeroAccess botnet has resurfaced and as of just a few weeks ago, has returned to propagating click-fraud scams.