Threatpost for B2B

Syndicate content
The First Stop For Security News
Updated: 15 hours 12 min ago

Another Flash Zero Day Emerges

Mon, 02/02/2015 - 09:51
For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks. Adobe officials released an advisory Monday warning users that attackers are exploiting a new vulnerability in […]

Facebook Malware Poses as Flash Update, Infects 110K Users

Fri, 01/30/2015 - 13:34
UPDATE: A new piece of malware is making the rounds on Facebook, infecting users after luring them in with a link to a salacious video.

Threatpost News Wrap, January 30, 2015

Fri, 01/30/2015 - 12:55
Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions!

Army Research Lab Releases Dshell Forensics Framework

Fri, 01/30/2015 - 11:59
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework […]

Reddit Publishes its First Transparency Report

Fri, 01/30/2015 - 11:28
Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.

PHP Applications, WordPress Subject to Ghost glibc Vulnerability

Thu, 01/29/2015 - 16:02
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.

ZeroAccess Botnet Returns, Resumes Click-Fraud Activity

Thu, 01/29/2015 - 15:25
Long thought dead, the peer-to-peer (P2P) ZeroAccess botnet has resurfaced and as of just a few weeks ago, has returned to propagating click-fraud scams.

Microsoft Publishes Information Sharing Guidelines

Thu, 01/29/2015 - 14:58
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.

Schneider Electric Patches Buffer Overflow in ICS Products

Thu, 01/29/2015 - 13:09
There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider products, including the Unity Pro development software, the […]

GitHub Doubles Down on Maximum Bug Bounty Payouts

Thu, 01/29/2015 - 12:21
GitHub announced that it has doubled the maximum payouts possible via its bug bounty program to $10,000.

FCC Warns Businesses WiFi Blocking is Illegal

Thu, 01/29/2015 - 10:52
In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of $600,000 to settle an FCC enforcement action […]

Of Ghost glibc Vulnerability Patching and Exploits

Wed, 01/28/2015 - 14:28
Experts urge system administrators to patch the Ghost vulnerability in glibc immediately, but counter that as well that exploiting the bug may be challenging.

FBI: Business Email Compromise Scams Steal $214m in 2014

Wed, 01/28/2015 - 13:47
Business email compromise scams trick corporate executives, employees and clients into transferring business funds to criminal bank accounts in China.

FreeBSD Patches Code Execution, Memory Corruption Bugs

Wed, 01/28/2015 - 13:32
FreeBSD has patched a handful of vulnerabilities in its kernel code that could have enabled an attacker to crash the system, execute arbitrary code, or disclose sensitive kernel memory.

Memory Corruption Bug Patched in Blackphone Silent Text App

Wed, 01/28/2015 - 12:12
Silent Circle patched a serious memory corruption vulnerability in the Silent Text application bundled with the secure Blackphone as well as in the standalone iOS and Android apps.

Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS

Wed, 01/28/2015 - 11:06
Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a serious flaw […]

NFL Mobile App Leaks Unencrypted Credentials

Wed, 01/28/2015 - 09:00
The National Football League's NFL Mobile application leaks unencrypted credentials putting personal user information at risk.

House Takes First Steps on Federal Data Breach Law

Tue, 01/27/2015 - 14:08
The U.S. House of Representatives Subcommittee on Commerce, Manufacturing and Trade today held preliminary hearings on drafting federal data breach notification legislation.

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems

Tue, 01/27/2015 - 13:55
A critical remote code execution vulnerability in the GNU C library glibc affects all Linux systems going back to 2000.

Venafi to Launch Certificate Transparency Log

Tue, 01/27/2015 - 11:25
Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by Google. As part of […]