Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 16 hours 35 min ago

Google Provides Detailed Analysis of GitHub Attack Traffic

Fri, 04/24/2015 - 13:46
The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]

Podcast: News From RSA 2015

Thu, 04/23/2015 - 17:52
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news of the week from the RSA Conference.

Active Defense Can Give Pause to Threats

Thu, 04/23/2015 - 17:17
Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.

Bypassing OS X Security Tools is Trivial, Researcher Says

Thu, 04/23/2015 - 14:35
SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]

iOS Vulnerability Could Force Devices Into Endless Reboot Loop

Thu, 04/23/2015 - 13:14
Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.

The Real ‘Next Generation’ of Security Revealed at RSA

Wed, 04/22/2015 - 17:40
During his RSA keynote today, Juniper Networks' Chris Hoff shared the stage with 9-year-old hacker Reuben Paul, in a talk meant to be a call to action for the security industry to teach young programmers security and privacy from the outset.

Microsoft Launches Project Spartan Bounty

Wed, 04/22/2015 - 16:36
Microsoft announced a two-month bug bounty for its new Project Spartan browser.

Privacy Goal: More Controls in Users’ Hands

Wed, 04/22/2015 - 16:10
The chief privacy officers of Microsoft, Facebook and Google today at RSA Conference discussed how their respective companies want to put more privacy controls in users' hands.

White House, State Department Counted Among CozyDuke APT Victims

Wed, 04/22/2015 - 15:09
A data-mining advanced persistent threat hit a handful of high profile targets last year, including the White House’s computer network.

Threat Intelligence Sharing Still Seen as a Challenge

Wed, 04/22/2015 - 15:03
SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat of attacks and data breaches. The benefits of sharing threat intelligence are […]

‘Fully Secure Systems Don’t Exist’

Wed, 04/22/2015 - 12:06
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the years relating […]

Renewed Attention on Android Apps Failing SSL Validation

Tue, 04/21/2015 - 20:12
CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement.

Threat Information Sharing Bill to Become Law, Experts Say

Tue, 04/21/2015 - 20:04
SAN FRANCISCO - The U.S. House of Representatives is likely to pass an information sharing bill this week and that bill is just as likely to become law in the coming months, according to a panel of Experts at the RSA Conference in San Francisco.

Microsoft Data Shows Drop in Remote Code Execution Bugs Being Exploited

Tue, 04/21/2015 - 17:41
SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting that data for […]

DHS Secretary on Recruiting Trip at RSA Conference

Tue, 04/21/2015 - 15:01
DHS Secretary Jeh Johnson pitched RSA Conference attendees on working for the department's NCCIC initiative, as well as providing help on solving the NSA's frontdoor problem.

NetNanny Found Using Shared Private Key, Root CA

Tue, 04/21/2015 - 14:43
An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle (MiTM) attacks, HTTPS spoofing and intercept, researchers warned Monday.

Crypto ‘Front Door’ Debate Likely to Go On For Years

Tue, 04/21/2015 - 14:42
SAN FRANCISCO–Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followed right along with the latest crypto […]

Naval Academy Midshipmen Win NSA Hacking Contest

Tue, 04/21/2015 - 14:01
Cadets from the U.S. Naval Academy have won the NSA's annual hacking contest for the third time in fifteen years.

Jeremiah Grossman on Adapting to a Changing Market

Tue, 04/21/2015 - 10:32
Dennis Fisher talks with Jeremiah Grossman of WhiteHat Security about his RSA Conference talk on the coming change in the security industry regarding guarantees, security insurance and how it will all affect customers.

Remote Code Execution Hole Patched in Magento eCommerce Platform

Mon, 04/20/2015 - 16:12
A nasty remote code execution vulnerability was recently patched in Magento, eBay’s eCommerce platform