Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 22 hours 54 min ago

China Hackers Compromise Iraq Experts at National Security Think Tanks

Tue, 07/08/2014 - 10:53
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.

Phishers Use Luis Suarez Bite as Bait

Tue, 07/08/2014 - 10:23
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant […]

Motives Behind Havex ICS Malware Campaign Remain a Mystery

Mon, 07/07/2014 - 15:36
Experts question whether the Havex malware campaign targeting three European industrial control system software vendors is merely a dry run for something bigger.

Hard-Coded Password Vulnerability Plagues Some Netgear Switches

Mon, 07/07/2014 - 14:01
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware.

Expect IE Rollup, Azure Service Bus Update on Patch Tuesday

Mon, 07/07/2014 - 10:10
Microsoft will release two critical bulletins tomorrow as part of its July 2014 Patch Tuesday security updates.

All Seized Domains Returned to No-IP

Mon, 07/07/2014 - 10:04
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.

Threatpost News Wrap, July 4, 2014

Fri, 07/04/2014 - 09:00
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil.

Remote Access Hack Compromises POS Vendor

Thu, 07/03/2014 - 13:07
A popular point of sale vendor may have suffered a data breach earlier this year that could affect the customers of a handful of restaurants.

Miniduke APT Campaign Returns with New Targets, Hacking Tools

Thu, 07/03/2014 - 13:00
The Miniduke APT campaign is back in business with new tools to steal data from new targets in an assortment of countries from all over the globe.

Brazilian Payment Fraud Campaign Targets Boletos, Steals Millions

Thu, 07/03/2014 - 10:04
A fraud ring targeting Brazil's Boleto payment method has pulled off hundreds of thousands of bogus transactions valued at $3.75 billion.

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

Thu, 07/03/2014 - 09:52
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a root user.

FireEye Uncovers Android Remote Access Malware

Wed, 07/02/2014 - 16:26
A new piece of Android malware leaks data, steals banking credentials, hijacks bank accounts, and serves as a remote access tool.

Critical Vulnerability in WordPress Plugin Could Allow Site Takeover

Wed, 07/02/2014 - 11:51
Wordpress users that have the MailPoet newsletter plugin installed are being cautioned to upgrade immediately.

Microsoft Says ‘Technical Error’ Led to Legitimate No-IP Customers Losing Service

Wed, 07/02/2014 - 09:59
Microsoft admits that it made a technical mistake as part of its No-IP.com malware operation takedown, errors that resulted in legitimate customers of the site losing service.

EFF Sues NSA, ODNI Over Zero-Day Disclosure Processes

Wed, 07/02/2014 - 08:00
The EFF filed a FOIA lawsuit against the NSA and ODNI looking for more information on the government's use and disclosure of zero-day vulnerabilities.

Microsoft Expands TLS, Forward Secrecy Support

Tue, 07/01/2014 - 14:42
Microsoft announced TLS support on Outlook.com and that OneDrive cloud storage now supports Perfect Forward Secrecy.

NSA Searched Section 702 Content Data for U.S. Identifiers 198 Times in 2013

Tue, 07/01/2014 - 14:35
The U.S. intelligence community historically has been loathe to release virtually any information about the way that its agencies operates, to the point that the existence of some of those agencies themselves was secret for decades. But in the wake of the Snowden leaks, more and more information is beginning to trickle out, and the […]

Following Controversy, PayPal Unfreezes Secure E-mail Startup’s Account

Tue, 07/01/2014 - 13:57
PayPal unfroze the account of Swiss secure email upstart ProtonMail late this morning, freeing at least $275,000 the service had raised left in limbo.

Apple Patches Security Vulnerabilities in Mavericks, iOS, Safari

Tue, 07/01/2014 - 13:20
Apple updates Mavericks, iOS, Safari, and AppleTV with a long list of patches for critical security vulnerabilities.

Cridex Variant Geodo Part Trojan, Part Email Worm

Tue, 07/01/2014 - 12:22
A variant of the Cridex malware, called Geodo, steals data from compromised machines and comes with a self-replicating feature built from a list of 50,000 stolen SMTP credentials.