Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 6 hours 39 min ago

SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Fri, 04/03/2015 - 12:36
Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites.

VMware Fixes Java Information Disclosure Vulnerability

Fri, 04/03/2015 - 11:03
VMware has issued an update to a number of its products fixing an information disclosure bug in Oracle's Java runtime environment.

Dyre Banking Malware A Million-Dollar Threat

Fri, 04/03/2015 - 10:12
IBM warns banks and corporate officers of a change to the dangerous Dyre banking Trojan that involves the phone scam used to bypass fraud detection, and a DDoS attack that distracts security teams away from big-money transfers.

Threatpost News Wrap, April 2, 2015

Fri, 04/03/2015 - 09:00
Dennis Fisher and Mike Mimoso talk about Google's decision to drop Chinese CA CNNIC from Chrome's trust store, the scope of the malvertising threat and Verizon's super cookie use.

Audit Concludes No Backdoors in TrueCrypt

Thu, 04/02/2015 - 13:50
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.

Google Report Lauds Android Security Enhancements

Thu, 04/02/2015 - 13:22
Google's first Android Security Report puts some hard data behind the effectiveness of the security enhancements it has put into the OS.

Google Awards $5k Bounty for YouTube Video Delete Bug

Thu, 04/02/2015 - 11:23
A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube's Creator Studio.

Google, Mozilla Drop Trust in Chinese Certificate Authority CNNIC

Thu, 04/02/2015 - 07:59
UPDATE–Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused. Mozilla followed suit on Thursday, also removing CNNIC from its trust store. Google officials announced the severe decision on Wednesday, saying that […]

Little Change in Online Behavior Following Snowden Revelations

Wed, 04/01/2015 - 15:15
Pew Research Center survey finds that most Americans have done little or nothing to change their online behaviors nearly two years after the first NSA spying revelations emerged.

Students Build Open Source Web-Based Threat Modeling Tool

Wed, 04/01/2015 - 15:00
Students at St. Mary's University in Canada released to open source a web-based threat modeling tool called Seasponge that they hope will provide an alternative to Microsoft's free tool.

Critical Vulnerabilities Affect JSON Web Token Libraries

Wed, 04/01/2015 - 14:58
Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step.

Verizon Allows Opt Out of UIDH Mobile Supercookie

Wed, 04/01/2015 - 13:30
Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it was exposed last year. […]

Multicast DNS Vulnerability Could Lead to DDOS Amplification Attacks

Wed, 04/01/2015 - 10:54
DHS warned of a serious vulnerability in Multicast DNS devices whereby leaked system information could be leveraged in a DDoS amplification attack.

Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37

Wed, 04/01/2015 - 10:41
Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some forms of monitoring and doesn’t require any setup from users. When […]

Satellite-Based Monitoring Constitutes a Fourth Amendment Search

Tue, 03/31/2015 - 13:53
Supreme Court rules that satellite-based monitoring constitutes a Fourth Amendment protected search in sex offender case but does not rule on whether this particular search is a reasonable one.

Google to Publish Research on Browser Ad Injectors

Tue, 03/31/2015 - 13:38
Google is preparing to release new research on the prevalence of ad injectors, the often-unwanted browser extensions that inject ads onto Web pages, and the numbers will show just how widespread and problematic the software is. Ad injectors belong to that great, amorphous pile of applications that aren’t necessarily classed as malware but exhibit behavior that is […]

MongoDB Patches Remote Denial-of-Service Vulnerability

Tue, 03/31/2015 - 11:46
Popular NoSQL database MongoDB has released an update that patches a critical denial-of-service vulnerability.

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org

Tue, 03/31/2015 - 10:35
The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project GreatFire.org. Officials at GreatFire said that the attack on their infrastructure began on March 17 and involved […]

Volatile Cedar APT Group First Operating Out of Lebanon

Tue, 03/31/2015 - 09:00
An APT group with its sights on selective targets, most of those in Israel, has been using an elusive malware implant to steal data from groups with state and political interests.

British Airways Suspends Some Accounts Following Unauthorized Activity

Mon, 03/30/2015 - 15:22
British Airways, one of the U.K's biggest airlines, suspended users' frequent flier accounts this weekend after an apparent breach recently hit the company.