Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 13 hours 25 min ago

Honeypot Snares Two Bots Exploiting Bash Vulnerability

Thu, 09/25/2014 - 16:30
Two malware samples trying to exploit the Bash vulnerability, both DDoS bots, were snared in a honeypot belonging to AlienVault Labs.

Patching Bash Vulnerability a Challenge for ICS, SCADA

Thu, 09/25/2014 - 14:34
Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS

Thu, 09/25/2014 - 12:41
Users of Mozilla products should update Firefox, NSS, SeaMonkey and Thunderbird in order to obtain fixes for a bug that could let an attacker forge RSA certificates and perform man-in-the-middle attacks.

Bash Exploit Reported, First Round of Patches Incomplete

Thu, 09/25/2014 - 11:41
Reports of the first in-the-wild exploits targeting the Bash vulnerability have surfaced, as have complaints the first patches for the bug are incomplete.

Home Hacking Made Simple

Thu, 09/25/2014 - 09:12
David Jacoby looked at all of the Web-enabled devices in his house--TV, game console, network storage device--and found a handful of exploitable bugs in them.

Small Signs of Progress on DNSSEC

Thu, 09/25/2014 - 07:19
The Internet hasn't been quick to adopt DNSSEC, for a variety of reasons, but experts say that there are some reasons to be optimistic about the progress that's being made on DNSSEC adoption.

Researchers Work to Predict Malicious Domains

Wed, 09/24/2014 - 16:42
Some researchers are trying to stay a step ahead of the game by predicting which domains will be used for malicious purposes.

As Bug Bounties Become the Norm, Challenges Remain

Wed, 09/24/2014 - 15:31
While bounties have now become commonplace, simply offering one doesn't guarantee any level of success for a vendor.

Major Bash Vulnerability Affects Linux, UNIX, Mac OS X

Wed, 09/24/2014 - 15:30
A critical remote code execution vulnerability in Bash, present in almost all Linux, UNIX and Mac OS X deployments, has been discovered. Experts advise immediate patching.

David Jacoby on Hacking His Home

Wed, 09/24/2014 - 15:12
Dennis Fisher talks with David Jacoby of Kaspersky Lab about the research he did on the security of electronics gear in his home, including his smart TV, game console and storage devices, and what the vendors need to do to respond.

More Trouble For jQuery As Second Compromise Reported

Wed, 09/24/2014 - 14:40
The website for JavaScript library jQuery is under attack for the second time in a week.

Travel Site Viator Announces 1.4 M Implicated in Breach

Wed, 09/24/2014 - 14:08
Travel website is in the middle of notifying approximately 1.4 million of its customers that their personal information – payment card data included – may have been compromised.

Health Insurance Marketplaces Could Improve Information Security

Wed, 09/24/2014 - 12:18
The marketplaces set up to provide health insurance to Americans under Obamacare are generally doing a good job of protecting personally identifiable information but can also improve security practices.

Mozilla Latest to Part Ways With SHA-1

Wed, 09/24/2014 - 11:30
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.

Microsoft Starts Online Services Bug Bounty

Tue, 09/23/2014 - 15:52
Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365.

High-Volume, High-Rate DDoS Attacks Persist

Tue, 09/23/2014 - 15:12
A new report illustrates the continued proliferation of both high-volume and high-rate distributed denial of service attacks, like the ones executed via NTP amplification, over the last few months.

JQuery Website Redirecting to RIG Exploit Kit

Tue, 09/23/2014 - 15:01, website for the popular jQuery JavaScript library, is redirecting visitors to a site hosting the RIG exploit kit, security company RiskIQ said.

Blackphone Gets Bug Bounty Program Off Ground

Tue, 09/23/2014 - 12:10
Secure smartphone manufacturer Blackphone announced today that it has launched a bug bounty program hosted on the Bugcrowd platform.

Malware-Laced Emails Appear to Come From LogMeIn

Tue, 09/23/2014 - 11:10
Spam emails pretending to be a security update for LogMeIn users, including a new security certificate countering Heartbleed attacks, are making the rounds, warns the SANS Institute.

Charney on Trustworthy Computing: ‘I Was the Architect of These Changes’

Tue, 09/23/2014 - 08:53
Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about the company’s […]