Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 2 hours 46 min ago

Staples Confirms 1.2 Million Cards Lost in Breach

Mon, 12/22/2014 - 15:04
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.

DHS Releases Destover Wiper Malware Indicators of Compromise

Mon, 12/22/2014 - 12:43
A US-CERT advisory describes the malware used in the destructive Sony hack, including indicators of compromise and command and control server IP addresses.

Tor Project Warns of Possible Upcoming Attack on Network

Mon, 12/22/2014 - 10:27
The Tor Project is warning that an unnamed attacker is planning to try to cripple the network by seizing directory authorities, the servers that help Tor clients find Tor relays in the network.

How I Got Here: Andrew Jaquith

Mon, 12/22/2014 - 09:25
Dennis Fisher talks with Andrew Jaquith of SilverSky about his days running networks in the transportation industry, being there at the birth of @stake during his time at Cambridge Technology Partners, helping to kickstart the security metrics movement and what's next for him.

FBI Officially Blames North Korea in Sony Hacks

Fri, 12/19/2014 - 13:44
The FBI has officially stated that North Korea is in fact responsible for the recent cyberattack targeting Sony Pictures Entertainment.

Exploits Circulating for Remote Code Execution Flaws in NTP Protocol

Fri, 12/19/2014 - 13:33
Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used […]

GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately

Fri, 12/19/2014 - 12:37
GitHub is encouraging Mac and Windows users to immediately install an update that resolves a serious arbitrary code execution vulnerability.

Dave Aitel on the Sony Hack

Fri, 12/19/2014 - 11:58
Dennis Fisher and security expert Dave Aitel discuss the Sony hack and why it makes sense for North Korea to be responsible for it.

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

Fri, 12/19/2014 - 10:10
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an […]

USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds

Fri, 12/19/2014 - 07:00
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]

12 Million Home Routers Vulnerable to Takeover

Thu, 12/18/2014 - 12:23
Check Point has disclosed few details on a cookie vulnerability in the RomPager webserver running inside 12 million embedded devices. The flaw puts home routers at risk to attack.

Critical Remotely Exploitable Bugs Found in Schneider Electric ProClima Software

Thu, 12/18/2014 - 10:58
There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions […]

Ryan Olson on the CoolReaper Backdoor

Thu, 12/18/2014 - 10:01
Dennis Fisher talks with Ryan Olson of Palo Alto Networks about their discovery and analysis of the CoolReaper backdoor on some Coolpad Android devices sold in China.

White House to Blame Sony Hack on North Korea

Thu, 12/18/2014 - 09:57
The White House reportedly will attribute the Sony hack to North Korea, but will hold off on a public announcement until it figures out a response.

Attackers Compromise ICANN, Access Zone Files System

Wed, 12/17/2014 - 19:46
Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names.

Google Releases End-To-End Chrome Extension to Open Source

Wed, 12/17/2014 - 13:57
Google announced that it was making the source code for its End-to-End Chrome Extension available for review on GitHub. End-to-End encrypts and signs Gmail messages.

Manufacturer’s Backdoor Found on Popular Chinese Android Smartphone

Wed, 12/17/2014 - 11:59
Chinese smartphones from Coolpad contain a backdoor, dubbed CoolReaper by Palo Alto researchers, is being used to install apps without user consent.

Google Adds Content Security Policy Support to Gmail

Wed, 12/17/2014 - 10:32
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that's designed to help mitigate cross-site scripting and other common Web-based attacks.

Sony: Employee Health Information May Have Been Compromised

Tue, 12/16/2014 - 11:12
Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November.

Researchers Go Inside Illegal Underground Hacking Markets

Tue, 12/16/2014 - 10:50
Researchers at Dell SecureWorks have looked at services and pricing available inside illegal online marketplaces selling crimeware, stolen identities, credit cards, and hacking services.