Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 18 hours 35 min ago

Google Engineers Critical of Aviator Browser Security

Fri, 01/09/2015 - 17:42
Google security engineers have criticized the security and privacy of WhiteHat Security's Aviator browser, after finding a remote code execution vulnerability within hours of Aviator's release as open source.

Zappos Settles, Pays Out $106K Following Data Breach

Fri, 01/09/2015 - 12:55
Online retailer Zappos settled with attorneys general in nine states, stemming from a data breach in 2012 that exposed 24 million customers’ information.

Schneider Patches Buffer Overflow in Wonderware Server

Fri, 01/09/2015 - 09:52
The Industrial Control System CERT released two advisories warning of serious vulnerabilities in Schneider Electric and Emerson industrial gear. Public exploits are available for one flaw.

Inside North Korea’s Naenara Browser

Fri, 01/09/2015 - 07:00
Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North […]

Root Command Execution Flaw Haunts ASUS Routers

Thu, 01/08/2015 - 16:21
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]

Credit Union Watchdog Shoots Down Data Encryption Rule

Thu, 01/08/2015 - 15:36
A trade association in charge of overseeing the needs of credit unions has shrugged off the idea of implementing a data encryption rule.

Microsoft Limits Advanced Patch Notifications to Premier Customers

Thu, 01/08/2015 - 14:50
Microsoft pulled the plug on its Advanced Notification Service (ANS), offering it going forward only to paying Premier customers.

First Public Mac OS X Firmware Bootkit Unleashed

Thu, 01/08/2015 - 12:59
At the recent 31C3 event, researcher Trammel Hudson unveiled the first public Mac OS X firmware bootkit that can be delivered over Thunderbolt peripheral devices.

FBI Director: Attribution Detractors ‘Don’t Have All the Facts’

Thu, 01/08/2015 - 11:41
FBI Director James Comey said at the International Conference on Cyber Security North Korea got sloppy with its proxies and revealed themselves in the Sony hack.

OpenSSL Fixes Eight Security Vulnerabilities

Thu, 01/08/2015 - 11:40
The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other […]

FTC Urges IoT Privacy, Security-by-Design at CES

Wed, 01/07/2015 - 15:54
The head of the Federal Trade Commissioned warned of a future where data collection has gone awry and avoid it at the Consumer Electronics Show.

Backdoors Found Leveraging Pastebin

Wed, 01/07/2015 - 13:12
Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.

Dridex Banking Trojan Spreading Via Office Macros

Wed, 01/07/2015 - 12:15
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.

New Emomet Variant Targets Banking, Email Credentials

Wed, 01/07/2015 - 10:35
Security researchers are tracking a new version of the Emomet malware that is targeting users’ banking credentials and also has the ability to steal email usernames and passwords, which are then used to send spam from compromised accounts. The new variant of Emomet has mostly been seen targeting users in Germany, but researchers at Microsoft […]

Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients

Tue, 01/06/2015 - 16:19
Morgan Stanley says it has fired an employee who allegedly stole information from 10 percent of the firm's wealth management clients with the intent of selling that data online.

Malvertising Campaign Uses AOL Ad Network, Leads to Exploit Kit

Tue, 01/06/2015 - 14:25
Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit.

Inside Cryptowall 2.0 Ransomware

Tue, 01/06/2015 - 13:36
An analysis of Cryptowall 2.0 reveals that the ransomware relies on complex encryption routines and sandbox detection capabilities to survive. It also uses Tor for command and control, and can execute on 32- and 64-bit systems.

Users Report Malicious Ads in Skype

Tue, 01/06/2015 - 11:01
Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update.

Moonpig API Vulnerability Exposes Payment Card Data

Tue, 01/06/2015 - 10:32
A researcher has called out U.K.-based personalized greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk.

CERT Warns of UEFI Hardware Vulnerabilities

Mon, 01/05/2015 - 16:11
The CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University issued three advisories today warning of serious UEFI vulnerabilities.