Feed aggregator

White House Calls for Transparency from Data Brokers

Threatpost for B2B - Fri, 05/02/2014 - 16:03
A White House report on big data calls for greater transparency from data brokers and technology companies about how they process consumers' data and how that information is treated.

Researchers Say Accelerometers are Perfect for Pervasive Tracking

Threatpost for B2B - Fri, 05/02/2014 - 14:10
Mobile device accelerometers emit uniquely identifiable data that could be used to track users without permission.

Critical Holes in OAuth, OpenID Could Leak Information, Redirect Users

Threatpost for B2B - Fri, 05/02/2014 - 13:42
A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.

PHP Updated to Fix OpenSSL Flaws, Other Bugs

Threatpost for B2B - Fri, 05/02/2014 - 10:48
The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL.

Adobe Beefs Up Security in ColdFusion 11

Threatpost for B2B - Fri, 05/02/2014 - 10:29
Adobe is calling out a number of security enhancements built into ColdFusion 11, including new OWASP tools, profile controls and crypto upgrades to existing APIs.

Yahoo Drops Support for Do Not Track

Threatpost for B2B - Fri, 05/02/2014 - 09:22
Yahoo, one of the first large Web companies to recognize the Do Not Track header from browsers on its properties, has now backtracked and said it will no longer support DNT.

Apple Fixes Critical Hole in Developer Center

Threatpost for B2B - Thu, 05/01/2014 - 15:38
Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners.

Google to Stop Scanning Student Accounts

Threatpost for B2B - Thu, 05/01/2014 - 14:16
Google announced it will no longer allow ads to be displayed in the accounts of Apps for Education users nor will it scan those accounts for advertising purposes.

Blog: Microsoft Updates Internet Explorer against Highly Targeted 0day Distributing Pirpi

Secure List feed for B2B - Thu, 05/01/2014 - 14:08

The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such a large vendor on this issue!

Windows XP Systems Also Get Out-of-Band IE Zero-Day Patch

Threatpost for B2B - Thu, 05/01/2014 - 12:56
Microsoft released an out-of-band emergency security update for a zero day in Internet Explorer. The patch is available to unsupported Windows XP machines as well.

Facebook Enhances Privacy Settings with Anonymous Login

Threatpost for B2B - Thu, 05/01/2014 - 12:37
Facebook announced new authentication changes yesterday, including Anonymous Login which gives users the option of using an application without sharing personal data stored with Facebook.

Google Fixes XSS Flaw in Search Appliance

Threatpost for B2B - Thu, 05/01/2014 - 11:38
There’s a remotely exploitable vulnerability in several versions of the Google Search Appliance that could allow an unauthenticated attacker to execute a cross-site scripting attack and run a script in the context of the user’s browser. The Google Search Appliance is an enterprise product that enables users to search for content from a wide variety […]

Bug Bounties Expanding to Individual Developers

Threatpost for B2B - Thu, 05/01/2014 - 09:36
Bug bounties once were restricted mainly to large software companies such as Mozilla and Google. But the success of these programs has led many other infrastructure and product companies, including Yahoo, Facebook, Barracuda, PayPal and even Microsoft, to launch their own reward systems. Now, the phenomenon has spread to individual developers. Looking at the list […]

Blog: Securmatica XXV.

Secure List feed for B2B - Thu, 05/01/2014 - 02:26

The twenty-fifth edition of Securmática was held in Madrid (Spain) on April 22, 23 and 24, 2014. Although its content is not usually highly technical, it is a really interesting event for catching-up with the cybersecurity industry at an “institutional” level.

Syndicate content