Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 22 hours 5 min ago

MongoDB Patches Remote Denial-of-Service Vulnerability

Tue, 03/31/2015 - 11:46
Popular NoSQL database MongoDB has released an update that patches a critical denial-of-service vulnerability.

DDoS Attack on GitHub Linked to Earlier One Against

Tue, 03/31/2015 - 10:35
The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project Officials at GreatFire said that the attack on their infrastructure began on March 17 and involved […]

Volatile Cedar APT Group First Operating Out of Lebanon

Tue, 03/31/2015 - 09:00
An APT group with its sights on selective targets, most of those in Israel, has been using an elusive malware implant to steal data from groups with state and political interests.

British Airways Suspends Some Accounts Following Unauthorized Activity

Mon, 03/30/2015 - 15:22
British Airways, one of the U.K's biggest airlines, suspended users' frequent flier accounts this weekend after an apparent breach recently hit the company.

eBay Fixes File Upload and Path Disclosure Bugs

Mon, 03/30/2015 - 13:41
eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by […]

Hackers Selling Uber Credentials on Underground Market

Mon, 03/30/2015 - 12:57
Uber user credentials are on sale on underground hacking forums, but the alternative taxi company says it has found no evidence of a breach of its systems.

DDoS Attack Against GitHub Continues After More Than Four Days

Mon, 03/30/2015 - 10:55
More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content. In the evening hours of March 25, DDoS attack […]

Ad Networks Ripe for Abuse Via Malvertising

Mon, 03/30/2015 - 10:05
Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Fri, 03/27/2015 - 14:56
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.

Slack Discloses Breach of Its User Profile Database, Implements 2FA

Fri, 03/27/2015 - 14:49
Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.

FBI Pleads For Crypto Subversion in Congressional Budget Hearing

Fri, 03/27/2015 - 13:49
FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.

GitHub Hit With DDoS Attack

Fri, 03/27/2015 - 11:54
A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.

Threatpost News Wrap, March 27, 2015

Fri, 03/27/2015 - 11:50
Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company's crypto efforts.

Schneider Electric Patches Easily Exploitable Bugs in HMI Products

Fri, 03/27/2015 - 11:01
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric's HMI products, and an attacker who exploits them may be able to run arbitrary code.

Hotel Internet Gateways Patched Against Remote Exploit

Thu, 03/26/2015 - 14:50
A critical vulnerability in a popular hotel and convention center Internet gateway from AntLabs called InnGate has been patched. The flaw allows attackers read and write access to the devices from the Internet.

MIT Researchers Debut Debugger for Integer Overflows

Thu, 03/26/2015 - 14:38
Students from M.I.T. have devised a new way to scour raw code for integer overflows.

U.S. Government Requests for Yahoo User Data Drop

Thu, 03/26/2015 - 13:17
Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases.

Denial of Service and Memory Vulnerabilities Patched in Cisco IOS

Thu, 03/26/2015 - 12:15
Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.

GE Fixes Buffer Overflow Bug in DTM Library

Thu, 03/26/2015 - 09:57
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as […]

Default Setting in Windows 7, 8.1 Could Allow Privilege Escalation, Sandbox Escape

Wed, 03/25/2015 - 15:42
A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes.