Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 1 hour 16 min ago

Previewing RSA 2015 with Brian Donohue

Mon, 04/20/2015 - 09:22
Dennis Fisher talks with Brian Donohue in advance of Brian's first visit to the RSA Conference this week. They discuss what to expect in terms of the content, the chaos and the suit-to-civilian ratio at the show.

Google Moving Toward Encrypted Ad Services

Fri, 04/17/2015 - 11:42
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive […]

Threatpost News Wrap, April 17, 2015

Fri, 04/17/2015 - 11:36
Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google's decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.

Active DoS Exploits for MS15-034 Under Way

Fri, 04/17/2015 - 11:06
Public denial-of-service exploits for a critical vulnerability in Microsoft's implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.

Ransomware Teslacrypt Still Targeting Gamers

Thu, 04/16/2015 - 14:19
Teslacrypt, the fairly new strain of ransomware that's been targeting gamers, is continuing to make the rounds online.

Virginia Voting Machines Exposed to Simple, Potentially Election-Altering Hacks Since 2004

Thu, 04/16/2015 - 13:16
Voting machines in Virginia are hopelessly vulnerable to scores of low level hacks, calling into question the integrity of recent elections there.

Google Shuts Off NPAPI in Chrome

Thu, 04/16/2015 - 10:27
With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of nowhere. Google warned developers and users about it […]

Dropbox Launches Bounty Program on HackerOne

Wed, 04/15/2015 - 13:59
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including the Dropbox and Carousel iOS and Android applications; the Dropbox and Carousel […]

Oracle CPU Delivers 98 Fixes Across Product Line

Wed, 04/15/2015 - 13:26
Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products,

Report Recommends Series of Cybersecurity Changes at FAA

Wed, 04/15/2015 - 11:47
The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by the General Accounting Office. The report is the result of a review of the FAA’s security practices […]

SearchBlox Fixes XSS, File Upload Flaws

Wed, 04/15/2015 - 10:32
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at […]

AirDroid Patches Web App Hijacking Vulnerability

Wed, 04/15/2015 - 09:53
Researchers at Bishop Fox disclose details on a patched authentication vulnerability in the AirDroid web application that could give attackers remote control over Android devices.

Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices

Tue, 04/14/2015 - 15:02
Apple recently fixed a cookie vulnerability that existed in all versions of Safari - iOS, OS X, and Windows - that may have affected 1 billion devices.

Microsoft Patches Critical HTTP.sys Vulnerability

Tue, 04/14/2015 - 14:49
Microsoft and Adobe released security bulletins addressing critical vulnerabilities in their respective products.

Dell Threat Report Claims 100 Percent Increase in SCADA Attacks

Tue, 04/14/2015 - 14:46
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.

Google Fixes Dozens of Bugs in Chrome 42

Tue, 04/14/2015 - 14:44
Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous security researcher a reward of $7,500 from Google. In all, […]

Verizon DBIR Challenges Data Breach Cost Estimates

Tue, 04/14/2015 - 13:34
Data breaches are expensive to victim organizations, but that cost is going down, according to Verizon, which today released its annual Data Breach Investigations Report.

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

Tue, 04/14/2015 - 12:26
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]

US-CERT Warns of Issues With DNS Zone Transfer Requests

Tue, 04/14/2015 - 10:48
The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue. The problem […]

Zero-Day Market Economics Favor Incentives for Defensive Tools

Tue, 04/14/2015 - 09:00
Research on the economics of the zero-day market conducted by HackerOne, MIT, Harvard and Facebook will be presented at RSA Conference.