Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 19 hours 1 min ago

Microsoft Publishes Information Sharing Guidelines

Thu, 01/29/2015 - 13:58
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.

Schneider Electric Patches Buffer Overflow in ICS Products

Thu, 01/29/2015 - 12:09
There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider products, including the Unity Pro development software, the […]

GitHub Doubles Down on Maximum Bug Bounty Payouts

Thu, 01/29/2015 - 11:21
GitHub announced that it has doubled the maximum payouts possible via its bug bounty program to $10,000.

FCC Warns Businesses WiFi Blocking is Illegal

Thu, 01/29/2015 - 09:52
In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of $600,000 to settle an FCC enforcement action […]

Of Ghost glibc Vulnerability Patching and Exploits

Wed, 01/28/2015 - 13:28
Experts urge system administrators to patch the Ghost vulnerability in glibc immediately, but counter that as well that exploiting the bug may be challenging.

FBI: Business Email Compromise Scams Steal $214m in 2014

Wed, 01/28/2015 - 12:47
Business email compromise scams trick corporate executives, employees and clients into transferring business funds to criminal bank accounts in China.

FreeBSD Patches Code Execution, Memory Corruption Bugs

Wed, 01/28/2015 - 12:32
FreeBSD has patched a handful of vulnerabilities in its kernel code that could have enabled an attacker to crash the system, execute arbitrary code, or disclose sensitive kernel memory.

Memory Corruption Bug Patched in Blackphone Silent Text App

Wed, 01/28/2015 - 11:12
Silent Circle patched a serious memory corruption vulnerability in the Silent Text application bundled with the secure Blackphone as well as in the standalone iOS and Android apps.

Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS

Wed, 01/28/2015 - 10:06
Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a serious flaw […]

NFL Mobile App Leaks Unencrypted Credentials

Wed, 01/28/2015 - 08:00
The National Football League's NFL Mobile application leaks unencrypted credentials putting personal user information at risk.

House Takes First Steps on Federal Data Breach Law

Tue, 01/27/2015 - 13:08
The U.S. House of Representatives Subcommittee on Commerce, Manufacturing and Trade today held preliminary hearings on drafting federal data breach notification legislation.

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems

Tue, 01/27/2015 - 12:55
A critical remote code execution vulnerability in the GNU C library glibc affects all Linux systems going back to 2000.

Venafi to Launch Certificate Transparency Log

Tue, 01/27/2015 - 10:25
Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by Google. As part of […]

Analysis of Flash Zero Day Shows Layers of Obfuscation

Tue, 01/27/2015 - 08:56
The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have […]

Researchers Link Regin to Malware Disclosed in Recent Snowden Documents

Tue, 01/27/2015 - 06:00
Kaspersky Lab has found shared code and functionality between the Regin malware platform and a keylogger described in recently disclosed Snowden documents.

Thunderstrike Patch Slated for New OS X Build

Mon, 01/26/2015 - 14:06
In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.

Android Wi-Fi Direct Vulnerability Details Disclosed

Mon, 01/26/2015 - 13:40
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.

Google Engineer Explains Company’s Decision Not to Patch Bug in Older Android Versions

Mon, 01/26/2015 - 13:32
Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that patching older versions of the OS […]

Adobe Begins Auto-Update Patching of Second Flash Player Zero Day

Mon, 01/26/2015 - 11:17
Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exploits for which have been included in the notorious Angler Exploit Kit.

Marriott Fixes Simple Bug in Web Service That Could Expose Customer Data

Mon, 01/26/2015 - 10:21
Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found. The vulnerability is the result of Marriott’s system failing to use any kind of authentication on requests, meaning that an attacker who knew […]