Feed aggregator

Threatpost News Wrap, May 23, 2014

Threatpost for B2B - Fri, 05/23/2014 - 10:35
Dennis Fisher and Mike Mimoso discuss the US indictments of Chinese army officers for hacking, the Blackshades malware arrests, the new IE 8 zero day and the US prospects in the World Cup.

Apple Patches 22 Safari WebKit Vulnerabilities

Threatpost for B2B - Fri, 05/23/2014 - 09:03
Apple released an update to its Safari web browser that patches 22 vulnerabilities in the Webkit browser engine, including a number of remote code execution and denial of service vulnerabilities.

Android Outlook App Could Expose Emails, Attachments

Threatpost for B2B - Thu, 05/22/2014 - 15:25
There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments.

eBay Hack Raises Password ‘Encryption’ Questions

Threatpost for B2B - Thu, 05/22/2014 - 15:25
eBay did not enjoy its finest hour responding to and communicating about a breach of its password database.

Microsoft Working on Patch for IE 8 Zero Day

Threatpost for B2B - Thu, 05/22/2014 - 13:57
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup […]

Adobe Shockwave Lugging Around Hobbled, Vulnerable Version of Flash

Threatpost for B2B - Thu, 05/22/2014 - 13:15
Adobe promises that its next Shockwave update will bring its bundled Flash Player patch levels up to date; in the meantime, Shockwave offers hackers a large attack surface to target.

Better Security, ‘Progressive Encryption’ in Silent Text 2.0

Threatpost for B2B - Wed, 05/21/2014 - 15:33
Silent Circle has released a new version of its private text messaging and secure file transfer service for Android and iOS mobile devices.

Researchers Find Serious Problems in Chip and PIN EMV Implementation, Protocol

Threatpost for B2B - Wed, 05/21/2014 - 15:11
Researchers at Cambridge University published a paper describing security vulnerabilities in the EMV chip-and-PIN protocol and implementation.

Samsung Eyes Iris Recognition for New Phones

Threatpost for B2B - Wed, 05/21/2014 - 14:43
Samsung announced this week that to bolster security, it will incorporate biometric sensors such as iris scanners into more of its products in the near future.

Another Internet Explorer Zero Day Surfaces

Threatpost for B2B - Wed, 05/21/2014 - 14:04
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero […]

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Day

Threatpost for B2B - Wed, 05/21/2014 - 11:08
Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year's Pwn2Own contest. The bug was patched in March, one week after the contest.

eBay Compromised in Data Breach, Urges Password Change

Threatpost for B2B - Wed, 05/21/2014 - 10:49
eBay will ask customers to change their passwords today because of an attack that breached a server containing encrypted passwords and other information.

ICS-CERT Confirms Public Utility Compromised Recently

Threatpost for B2B - Wed, 05/21/2014 - 10:31
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT, […]
Syndicate content