Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 3 hours 50 min ago

As Ransomware Attacks Evolve, More Potential Victims Are at Risk

Tue, 04/14/2015 - 06:00
In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted […]

Vulnerabilities Identified in NY Banking Vendors

Mon, 04/13/2015 - 14:56
To bolster security, banks in New York are planning to enact new regulations for any third party vendors they do business with.

New SMB Flaw Affects All Versions of Windows

Mon, 04/13/2015 - 10:49
There is a serious vulnerability in all supported versions of Windows that can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP requests, and researchers say it affects […]

Details Disclosed on Darwin Nuke Bug in OS X, iOS

Mon, 04/13/2015 - 10:03
Researchers at Kaspersky Lab disclosed some details on the so-called Darwin Nuke vulnerability in Apple OS X and iOS.

Coordinated Takedown Puts End to Simda Botnet

Mon, 04/13/2015 - 07:08
A coordinated operation between international police and private technology companies shuts down the Simda botnet.

Threatpost News Wrap, April 10, 2015

Fri, 04/10/2015 - 13:31
Dennis Fisher and Mike Mimoso discuss the big Apple news from the week, Cisco and L3 crushing some SSH attacks, the great John Oliver interview of Edward Snowden and the dwindling days before RSA.

Github Attack Perpetrated by China’s Great Cannon Traffic Injection Tool

Fri, 04/10/2015 - 13:06
The Great Firewall's offensive counterpart, the Great Cannon, which inject malicious scripts to reroute traffic, is responsible for recent massive DDoS attacks targeting Github and GreatFire.org.

Older Versions of OS X Remain Vulnerable to Rootpipe ‘Hidden Backdoor API’

Fri, 04/10/2015 - 10:34
Apple said it will not backport fixes for a hidden backdoor API discovered in OS X.

US, European Law Enforcement Carry Out Beebone Botnet Takedown

Thu, 04/09/2015 - 15:53
U.S. and European law enforcement combined resources to take down the Beebone, or AAEH, botnet.

Group Behind SSH Brute Force Attacks Slowed Down

Thu, 04/09/2015 - 13:42
A criminal group whose actions have at times been responsible for one-third of the Internet’s SSH traffic—most of it in the form of SSH brute force attacks—has been cut off from a portion of the Internet.

Apple Fixes Proxy Manipulating Phantom Attack in iOS 8.3

Thu, 04/09/2015 - 11:10
If left unpatched and exploited one of the vulnerabilities fixed in this week’s iOS update could’ve rendered an iPhone near useless.

Apple Patches 80 Bugs in OS X Yosemite 10.10.3

Thu, 04/09/2015 - 11:03
Apple released Yosemite 10.10.3, which included security updates for 80 vulnerabilities in OS X.

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

Thu, 04/09/2015 - 10:57
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released […]

Apple iOS 8.3 Includes Long List of Security Fixes

Thu, 04/09/2015 - 05:00
Apple has released iOS 8.3, a major security upgrade for iPhone and iPad users that includes patches for more than three dozen vulnerabilities. The new version of iOS has security fixes for several vulnerabilities in the mobile operating system’s kernel, a handful of code-execution bugs and a long list of WebKit vulnerabilities. Apple also patched […]

New Coalition Launches Fight Against Patriot Act Section 215

Wed, 04/08/2015 - 14:28
A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new group is calling itself Fight215.org and […]

Two NTP Key Authentication Vulnerabilities Patched

Wed, 04/08/2015 - 11:37
DHS warns of two symmetric key authentication vulnerabilities in the NTP protocol that were patched this week.

New Evasion Techniques Help AlienSpy RAT Spread Citadel Malware

Wed, 04/08/2015 - 10:40
Researchers at Fidelis report a new strain of AlienSpy, a remote access tool that’s being used to deliver the Citadel Trojan to critical industries.

Peristent XSS Vulnerability Plagues WordPress Plugin

Tue, 04/07/2015 - 14:37
A persistent cross-site scripting (XSS) vulnerability exists in some versions of a popular WordPress caching engine plugin.

White House Executive Order Declares Cyber National Emergency

Tue, 04/07/2015 - 13:03
New Obama Administration Executive Order declares a cyber-national emergency and research advocates worry that sanctions could chill security research work.

FBI Warns of Phony Sites Offering Government Services

Tue, 04/07/2015 - 11:53
The FBI has warned consumers about a rash of phony websites posing as government services.