Feed aggregator

Manufacturer’s Backdoor Found on Popular Chinese Android Smartphone

Threatpost for B2B - Wed, 12/17/2014 - 11:59
Chinese smartphones from Coolpad contain a backdoor, dubbed CoolReaper by Palo Alto researchers, is being used to install apps without user consent.

Google Adds Content Security Policy Support to Gmail

Threatpost for B2B - Wed, 12/17/2014 - 10:32
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that's designed to help mitigate cross-site scripting and other common Web-based attacks.

Sony: Employee Health Information May Have Been Compromised

Threatpost for B2B - Tue, 12/16/2014 - 11:12
Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November.

Researchers Go Inside Illegal Underground Hacking Markets

Threatpost for B2B - Tue, 12/16/2014 - 10:50
Researchers at Dell SecureWorks have looked at services and pricing available inside illegal online marketplaces selling crimeware, stolen identities, credit cards, and hacking services.

Two Cisco Products Vulnerable to POODLE Attack on TLS

Threatpost for B2B - Tue, 12/16/2014 - 09:10
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from […]

Google Blacklists WordPress Sites Peddling SoakSoak Malware

Threatpost for B2B - Mon, 12/15/2014 - 14:08
Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign that's pushing malware and multiple exploit kits to the browser.

Mike Mimoso on the Sony Breach

Threatpost for B2B - Mon, 12/15/2014 - 12:25
Dennis Fisher and Mike Mimoso talk about the details of the Sony breach, including the question of attribution, Sony's response to the attack, media outlets publishing the stolen data and the rise of destructive malware attacks.

Google Proposes Marking ‘HTTP’ as Insecure in 2015

Threatpost for B2B - Mon, 12/15/2014 - 12:05
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.

Shellshock Worm Exploiting Unpatched QNAP NAS Devices

Threatpost for B2B - Mon, 12/15/2014 - 11:35
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.

Honeywell PoS Software Vulnerable to Stack Buffer Overflows

Threatpost for B2B - Mon, 12/15/2014 - 10:13
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell […]

Android Malware Installs Pirated Assassin’s Creed App

Threatpost for B2B - Fri, 12/12/2014 - 10:37
A working, pirated version of the Assassin's Creed application for Android is bundled with malware, targeting users trying to download a free version of that game.

Upatre Downloader Spreading Dyreza Banking Trojan

Threatpost for B2B - Fri, 12/12/2014 - 09:52
Microsoft reports it has seen wire transfer spam carrying attachments containing the Upatre downloader which then infects machines with the Dyreza banking Trojan.

Custom Websites Running HD FLV Player Plugin Vulnerable to Attack

Threatpost for B2B - Thu, 12/11/2014 - 14:39
CMS providers Joomla and WordPress have patched an arbitrary file download vulnerability in the HD FLV Player plug-in, but custom websites running the plug-in independently remain at risk.
Syndicate content