Threatpost for B2B
The First Stop For Security News
Updated: 1 hour 24 min ago
Researchers from Kaspersky Lab and Citizen Lab released a report today with extensive details on the HackingTeam's controversial RCS spyware, in particular its extensive global command infrastructure and mobile malware.
More than two months after it emerged, more than 300,000 machines on port 443 remain vulnerable to the OpenSSL Heartbleed security vulnerability.
Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digital_underground_156.mp3 Music by Chris Gonsalves
Google announced its fork of OpenSSL called BoringSSL, a version of the crypto libraries that will now import changes from OpenSSL.
Cisco has released a new open-source block cipher called FNR that is designed for encrypting small chunks of data, such as MAC addresses or IP addresses. The cipher is still in the experimental stage, but Cisco has released the source code and a demo application. The company suggests that the new cipher–called Flexible Naor and […]
A private preview of Microsoft's new Interflow security threat information-sharing platform opens this week. Interflow, built on industry standards such as STIX and TAXII, automates information sharing across industries.
The House of Representatives yesterday passed an amendment that reins in NSA surveillance by cutting Department of Defense funds.
The FBI has formed a new cybercrime task force with the New York Police Department and the Metropolitan Transit Authority whose job will be to go after high-level financial cyber crimes, employing a model of interagency cooperation that the bureau and other federal law enforcement agencies have used with notable success in other areas. The […]
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.
Google and Microsoft will implement 'kill switches' into their mobile offering in response to petitions from elected officials claiming that a similar Apple feature has deterred theft and violent crime.
Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences.
Although the developers behind the TrueCrypt encryption software have given up the ghost and decided to no longer maintain the application, interest in the project has never been higher. But, one of the developers says that a nascent effort to fork TrueCrypt is unlikely to succeed. Matthew Green, a cryptographer and professor at Johns Hopkins […]
Cloud-based code-hosting service Code Spaces announced today it was going out of business after a hacker deleted most of its machines, customer data and backups.
A hacker exploiting vulnerabilities in Synology network attached storage boxes was able to mine $620,000 in Dogecoin.
The FTC is seeking help from hackers at DEF CON to help lure and identify the perpetrators of illegal robocalling scams, whether they are criminal or corporate.
Researchers at the University of California Santa Barbara and Aachen University in Germany examined the relationship between spammers, botmasters and email harvesters in order to improve antispam systems.
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]
There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router. The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version […]
Microsoft released a security advisory today warning users of a denial of service vulnerability in its Malware Protection Engine which ships with a number of Microsoft security products.
The Asprox botnet has evolved to include APT characteristics that help it evade detection by security software.