Feed aggregator

Alleged Oleg Pliss iPhone Hackers Arrested in Russia

Threatpost for B2B - Tue, 06/10/2014 - 15:00
The hackers behind last month’s iPhone ransomware campaign – in which many users were asked to pay $100 to unlock their devices – may be behind bars now.

Microsoft Patches IE8 Zero Day, Critical Word Bug

Threatpost for B2B - Tue, 06/10/2014 - 14:09
Microsoft's June 2014 Patch Tuesday security updates patched 66 vulnerabilities, including 59 in a critical Internet Explorer cumulative update.

Audit Project Releases Verified Repositories of TrueCrypt 7.1a

Threatpost for B2B - Tue, 06/10/2014 - 13:59
As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development. The team behind the Open Crypto Audit […]

Blog: Microsoft Updates June 2014 - Almost 60 IE and GDI+/TrueType RCE

Secure List feed for B2B - Tue, 06/10/2014 - 13:34

Microsoft fixes a smaller set of software product code this month for "Critical" vulnerabilities, and a handful for "Important" fixes. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a very long list of memory corruption issues, but one of the IE bugs reports, credited to Peter Van Eeckhoutte, is over 180 days old. The fix and testing effort must have been a large one over the past few months.

Attacks Against Space, Satellite Companies Linked to Second Chinese PLA Unit

Threatpost for B2B - Tue, 06/10/2014 - 13:01
Espionage attacks against aerospace and satellite companies in the U.S. and Europe have been linked to a Chinese People's Liberation Army unit, security company Crowdstrike said.

Cisco Patches XSS Flaw in Security Appliances

Threatpost for B2B - Tue, 06/10/2014 - 10:47
There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and the Content Security Management Appliance. Cisco has released updated software to fix […]

New Pandemiya Banking Trojan Written From Scratch

Threatpost for B2B - Tue, 06/10/2014 - 09:52
A new banking Trojan called Pandemiya is for sale in hacker forums. The malware took a year to write from scratch, RSA Security said, in order to avoid detection and analysis.

‘Red Button’ Attack Could Compromise Some Smart TVs

Threatpost for B2B - Mon, 06/09/2014 - 15:33
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.

RIG Exploit Kit Pushing Cryptowall Ransomware

Threatpost for B2B - Mon, 06/09/2014 - 14:04
The RIG Exploit Kit is using malvertising to infect victims with Cryptowall ransomware, including one tiny New Hampshire town that proved backup is king when confronting ransomware.

Android Ransomware First to Encrypt Data on Mobile Devices

Threatpost for B2B - Mon, 06/09/2014 - 12:28
Researchers at Kaspersky Lab reported the first strain of Android ransomware that encrypts the contents of a device. The malware communicates either over Tor, or via HTTP and SMS.

ICS-CERT Warns of Easily Hackable Road Signs

Threatpost for B2B - Mon, 06/09/2014 - 11:38
ICS-CERT has issued an alert warning that a certain software that manages electronic highways signs contains a vulnerability that makes such signs susceptible to hacking.

iOS 8 Will Randomize MAC Addresses to Help Stop Tracking

Threatpost for B2B - Mon, 06/09/2014 - 10:41
Apple enthusiasts have been poring over the feature list for iOS 8, due out this fall, geeking out over the tighter integration among all iOS devices, the improved mail app and myriad other bells and whistles. But perhaps the most important change is a subtle one hidden beneath the covers that will help prevent much […]

Vodafone Transparency Report Sheds Light on Global Surveillance

Threatpost for B2B - Fri, 06/06/2014 - 15:18
Vodafone released its first transparency report today revealing that a small number of countries have a direct link to its network in order to collect data.

Debian Urging Users Patch Linux Kernel Flaw

Threatpost for B2B - Fri, 06/06/2014 - 13:40
Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation.
Syndicate content