Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 16 hours 42 min ago

Adobe Patches 18 Vulnerabilities in Flash

Tue, 11/11/2014 - 14:54
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.

Microsoft Patches OLE Zero Day, Recommends EMET 5.1 Before Applying IE Patches

Tue, 11/11/2014 - 14:07
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.

U.S. Postal Service Breach Affects Employees, Customers

Tue, 11/11/2014 - 12:49
The United States Postal Service is continuing its investigation into how a cyber attack at the agency managed to compromise both employees and customers earlier this year.

Stuxnet’s First Five Victims Provided Path to Natanz

Tue, 11/11/2014 - 12:40
Researchers at Kaspersky Lab published a report identifying by name the first five victims of Stuxnet.

In Wake of Takedown Tor Looking for Answers

Mon, 11/10/2014 - 14:10
Tor said it wasn't clear how or why the Tor Hidden Services were seized but that it was still trying to learn more in the wake of the digital sting.

‘Powerful’ Masque iOS Vulnerability Disclosed

Mon, 11/10/2014 - 13:48
Researchers at FireEye disclosed Masque, a vulnerability in iOS that enabled the WireLurker attacks. It was reported in July, but has yet to be patched by Apple.

New Mozilla Privacy Initiative to Include High-Capacity Tor Relays

Mon, 11/10/2014 - 13:36
Mozilla is starting a new initiative that the company says is designed to incorporate more privacy enhancing features into Firefox and the other Mozilla products. The project, known as Polaris, involves collaboration with The Tor Project and the Center for Democracy and Technology and will involve Mozilla running a group of high-speed Tor relays, as […]

SSL MiTM Vulnerability Among Vulns Patched in Pidgin

Mon, 11/10/2014 - 10:48
Five vulnerabilities were patched in the most recent update to the open source Pidgin instant messaging client.

Darkhotel APT Group Targeting Top Executives in Long-Term Campaign

Mon, 11/10/2014 - 10:41
APT groups tend to be grouped together in a large amorphous blob of sinister intentions and similar targets, but not all APT crews are created equal. Researchers have identified a group that’s been operating in Asia for at least seven years and has been using hotel networks as key infection points to target top executives at […]

Avoiding the Dark Security Future

Fri, 11/07/2014 - 17:47
LAS VEGAS–Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’ augmented reality gear and demanding ransoms to unlock […]

Expanding Use of PKI in Variety of Devices Holds Challenges

Fri, 11/07/2014 - 15:07
LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon […]

​Jeremy Rowley on the Facebook Tor Cert Decision and the Future of PKI

Fri, 11/07/2014 - 15:05
Dennis Fisher and DigiCert's Jeremy Rowley discuss the company's certificate issuance for Facebook's .onion site, the challenge of key protection in today's environment and what the near future holds for PKI.

Serious Root Access Bug in Belkin N750 Router

Fri, 11/07/2014 - 14:32
A serious vulnerability in a popular Belkin router could be exploited by a local, unauthenticated attacker to gain full control over affected devices.

Securing an Internet Made From ‘Duck Tape and Baling Wire’

Fri, 11/07/2014 - 13:35
LAS VEGAS–The Internet that we use today was not designed as a cohesive network. It was put together from found bits and pieces over the course of the last few decades, and, as major bugs such as Heartbleed and others have shown, it’s a frighteningly fragile construction. Attackers know this as well as anyone, and […]

Windows Version of WireLurker Out of Commission Too

Fri, 11/07/2014 - 12:50
A Windows version of the WireLurker malware has been discovered, and like the Mac OS X version, it too is believed to have been shut down.

Home Depot Breached Via Vendor Credentials; 53 Million Email Addresses Also Stolen

Fri, 11/07/2014 - 07:03
Home Depot revealed that hackers used credentials stolen from a third-party vendor to steal 53 million email addresses in addition to 56 million payment card numbers.

DigiCert Considering Certs for Hidden Services Beyond Facebook

Thu, 11/06/2014 - 15:05
DigiCert explains why it issued a signed certificate to Facebook's .Onion Tor domain, noting it may offer more hidden services certs in the future.

Microsoft Ready with 16 Patch Tuesday Bulletins; 5 Critical

Thu, 11/06/2014 - 14:34
Microsoft is expected to release 16 bulletins next week, including five rated critical, as part of its November 2014 Patch Tuesday updates.

WireLurker Mac OS X Malware Shut Down

Thu, 11/06/2014 - 12:13
Researchers at Palo Alto Networks discovered a new family of Mac OS X malware that was capable of also infecting iOS devices. The command infrastructure supporting WireLurker has been shut down.

Chertoff Reminds Enterprises There is Hope in Security

Thu, 11/06/2014 - 09:00
Former DHS secretary Michael Chertoff laid out a game plan for enterprise network security, one heavy on risk management and prioritization in the context of current threats and vulnerabilities, and potential consequences.