Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 23 hours 22 min ago

Microsoft Expands TLS, Forward Secrecy Support

Tue, 07/01/2014 - 14:42
Microsoft announced TLS support on and that OneDrive cloud storage now supports Perfect Forward Secrecy.

NSA Searched Section 702 Content Data for U.S. Identifiers 198 Times in 2013

Tue, 07/01/2014 - 14:35
The U.S. intelligence community historically has been loathe to release virtually any information about the way that its agencies operates, to the point that the existence of some of those agencies themselves was secret for decades. But in the wake of the Snowden leaks, more and more information is beginning to trickle out, and the […]

Following Controversy, PayPal Unfreezes Secure E-mail Startup’s Account

Tue, 07/01/2014 - 13:57
PayPal unfroze the account of Swiss secure email upstart ProtonMail late this morning, freeing at least $275,000 the service had raised left in limbo.

Apple Patches Security Vulnerabilities in Mavericks, iOS, Safari

Tue, 07/01/2014 - 13:20
Apple updates Mavericks, iOS, Safari, and AppleTV with a long list of patches for critical security vulnerabilities.

Cridex Variant Geodo Part Trojan, Part Email Worm

Tue, 07/01/2014 - 12:22
A variant of the Cridex malware, called Geodo, steals data from compromised machines and comes with a self-replicating feature built from a list of 50,000 stolen SMTP credentials.

Latest Microsoft Malware Takedown Causes Waves in Security Community

Tue, 07/01/2014 - 10:24
Microsoft's latest takedown of a malware operation, announced Monday and involving the infrastructure of several malware families, has, like many of the company's actions, elicited strong opinions on both sides of the issue from security researchers, activists and others with a stake in the game

Targeted Paerls Campaign Includes Old-School Word Macro Attack

Mon, 06/30/2014 - 15:41
Cisco's String of Paerls attack involves targeted phishing emails spiked with old-school Microsoft Word Macro malware that connects to more trouble at a Dropbox link.

Google Patches Shared Links Vulnerability in Drive

Mon, 06/30/2014 - 14:59
Google has fixed a security vulnerability in it's cloud storage service, Drive, which could have leaked sensitive data to third parties.

Microsoft Will Resume Email Security Notifications This Week

Mon, 06/30/2014 - 13:37
Microsoft announced this afternoon that it would resume sending security email notifications, reversing course on a decision it had made to suspend the practice.

ICS Malware Found on Vendors’ Update Installers

Mon, 06/30/2014 - 10:30
The Havex RAT has infected the software update installers of three known industrial control system vendors, according to an advisory for ICS-CERT.

PHP Fixes OpenSSL Flaws in New Releases

Mon, 06/30/2014 - 09:56
The PHP Group has released new versions of the popular scripting language that fix a number of bugs, including two in OpenSSL. The flaws fixed in OpenSSL don’t rise to the level of the major bugs such as Heartbleed that have popped up in the last few months. But PHP 5.5.14 and 5.4.30 both contain fixes […]

New Oil and Natural Gas ISAC Launches

Fri, 06/27/2014 - 14:54
A new information sharing group popped up this week in the oil and natural gas industries that hopes to formalize the trade of threat intelligence and indicators of compromise

FBI Issued More Than 19k National Security Letters in 2013

Fri, 06/27/2014 - 14:06
The United States federal government issued more than 19,000 National Security Letters--perhaps its most powerful tool for domestic intelligence collection--in 2013, and those NSLs contained more than 38,000 individual requests for information.

20-Year Old Vulnerability Patched in LZO Compression Algorithm

Fri, 06/27/2014 - 13:31
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer (LZO) compression algorithm was finally patched this week.

Zero-Day Patched in TimThumb WordPress Script

Fri, 06/27/2014 - 11:02
A zero-day vulnerability has been patched in the PHP-based image resizer TimThumb, popular in WordPress themes, after it was publicly disclosed this week.

PayPal 2FA Bypass Shows Difficulty of Getting Authentication Right

Fri, 06/27/2014 - 10:00
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is […]

Patched Code Execution Bug Affects Most Android Users

Thu, 06/26/2014 - 13:22
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

Massachusetts Supreme Court Rules Defendant Must Decrypt Data

Thu, 06/26/2014 - 10:45
Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones and portable drives. […]

Cloned Android Banking App Hides Phishing Scheme

Wed, 06/25/2014 - 14:49
A cloned banking application targeting customers of a large bank in Israel has been removed from Google Play after it was discovered to be stealing users' log-in credentials.

VMware Patches Apache Struts Flaws in vCOPS

Wed, 06/25/2014 - 13:59
VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.