Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 14 hours 15 min ago

Threatpost News Wrap, November 14, 2014

Fri, 11/14/2014 - 11:49
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it's ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn't addressed it.

Microsoft Considering Public-Key Pinning for Internet Explorer

Fri, 11/14/2014 - 07:42
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]

Senate Likely to Vote on NSA-Reforming USA FREEDOM Act

Thu, 11/13/2014 - 16:38
The Senate will vote on the USA Freedom Act, a bill aimed at limiting the NSA surveillance and spying dragnet, in this lame-duck session of Congress.

Windows Phone Sandbox Holds Up at Mobile Pwn2Own

Thu, 11/13/2014 - 15:22
Researchers successfully took down Apple and Samsung mobile phones using NFC hacks during Mobile Pwn2Own, but were not able to complete compromise Windows Phone or Nexus 5 running Android.

NOAA Compromised in Apparent Chinese Attack

Thu, 11/13/2014 - 13:49
Systems belonging to the National Oceanic and Atmospheric Administration (NOAA) were recently compromised, purportedly by Chinese hackers.

Internet Voting Hack Alters PDF Ballots in Transmission

Thu, 11/13/2014 - 12:30
Researchers have published a paper that describes an Internet voting hack that alters PDF ballots in transmission.

Automakers Move to Address Privacy Concerns

Thu, 11/13/2014 - 10:50
Several automakers have agreed on a set of privacy principles that they say will govern the way that they handle personal information generated by vehicles, geolocation data and other sensitive information that is being produced by in-car computers and networks.

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

Wed, 11/12/2014 - 13:18
The Electronic Frontier Foundation has backed VPN provider Golden Frog's FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.

Microsoft Schannel Bug Latest in Long Line of Serious Crypto Flaws

Wed, 11/12/2014 - 08:02
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.

Retail Trade Groups Want Fair Data Breach Reporting Rules

Tue, 11/11/2014 - 16:13
Retail trade groups are urging Congress to pass a law that would enforce data breach notification rules uniformly across industries without exemption.

Adobe Patches 18 Vulnerabilities in Flash

Tue, 11/11/2014 - 14:54
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.

Microsoft Patches OLE Zero Day, Recommends EMET 5.1 Before Applying IE Patches

Tue, 11/11/2014 - 14:07
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.

U.S. Postal Service Breach Affects Employees, Customers

Tue, 11/11/2014 - 12:49
The United States Postal Service is continuing its investigation into how a cyber attack at the agency managed to compromise both employees and customers earlier this year.

Stuxnet’s First Five Victims Provided Path to Natanz

Tue, 11/11/2014 - 12:40
Researchers at Kaspersky Lab published a report identifying by name the first five victims of Stuxnet.

In Wake of Takedown Tor Looking for Answers

Mon, 11/10/2014 - 14:10
Tor said it wasn't clear how or why the Tor Hidden Services were seized but that it was still trying to learn more in the wake of the digital sting.

‘Powerful’ Masque iOS Vulnerability Disclosed

Mon, 11/10/2014 - 13:48
Researchers at FireEye disclosed Masque, a vulnerability in iOS that enabled the WireLurker attacks. It was reported in July, but has yet to be patched by Apple.

New Mozilla Privacy Initiative to Include High-Capacity Tor Relays

Mon, 11/10/2014 - 13:36
Mozilla is starting a new initiative that the company says is designed to incorporate more privacy enhancing features into Firefox and the other Mozilla products. The project, known as Polaris, involves collaboration with The Tor Project and the Center for Democracy and Technology and will involve Mozilla running a group of high-speed Tor relays, as […]

SSL MiTM Vulnerability Among Vulns Patched in Pidgin

Mon, 11/10/2014 - 10:48
Five vulnerabilities were patched in the most recent update to the open source Pidgin instant messaging client.

Darkhotel APT Group Targeting Top Executives in Long-Term Campaign

Mon, 11/10/2014 - 10:41
APT groups tend to be grouped together in a large amorphous blob of sinister intentions and similar targets, but not all APT crews are created equal. Researchers have identified a group that’s been operating in Asia for at least seven years and has been using hotel networks as key infection points to target top executives at […]

Avoiding the Dark Security Future

Fri, 11/07/2014 - 17:47
LAS VEGAS–Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’ augmented reality gear and demanding ransoms to unlock […]