Feed aggregator

Vulnerability in Viber Allows Intercept of Images, Videos

Threatpost for B2B - Fri, 04/25/2014 - 14:48
UPDATE - Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information.

Exploiting Facebook Notes to Launch DDoS

Threatpost for B2B - Fri, 04/25/2014 - 13:30
It is possible for an attacker to exploit image tags in Facebook Notes to launch DDoS attacks against external sources.

Threatpost News Wrap, April 25, 2014

Threatpost for B2B - Fri, 04/25/2014 - 10:00
Dennis Fisher and Mike Mimoso discuss the Apple OSX and iOS patches, the continuing OpenSSL Heartbleed soap opera and the Verizon DBIR report.

Google Changes Ciphers in OpenSSL for Chrome on Android

Threatpost for B2B - Fri, 04/25/2014 - 09:50
The emergence of mobile platforms such as iOS and Android have presented a number of challenges in terms of security. Not much can be done about some of these, like users leaving their phones in bars. But engineers at Google have been working on one of the thornier ones of late–how to provide solid encryption […]

Apache Warns of Faulty Zero Day Patch for Struts

Threatpost for B2B - Thu, 04/24/2014 - 15:48
UPDATE - The Apache Software Foundation will re-issue at patch for a ClassLoader manipulation zero-day vulnerability in Struts. The fix is expected to be ready within 72 hours; a workaround is available.

NetSupport Manager Vulnerability Could Lead to Data Leakage

Threatpost for B2B - Thu, 04/24/2014 - 14:29
A vulnerability in NetSupport Manager could yield sensitive configuration settings and lead to compromise.

DDoS Attacks an Increasing Cover for Theft, Fraud

Threatpost for B2B - Thu, 04/24/2014 - 14:03
DDoS attacks are growing in scale and volume, and experts say attackers are also using them as a cover for secondary attacks resulting in financial fraud or loss of intellectual property.

Mozilla Offers Bug Bounty for New Certificate Verification Library

Threatpost for B2B - Thu, 04/24/2014 - 12:17
Mozilla is offering a $10,000 bug bounty for serious security vulnerabilities in a new cryptography library it plans to release along with Firefox 31.

Group Backed by Google, Microsoft to Help Fund OpenSSL and Other Open Source Projects

Threatpost for B2B - Thu, 04/24/2014 - 10:08
After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL Foundation, along with a number of other […]

Analysis: Spam report: March 2014

Secure List feed for B2B - Thu, 04/24/2014 - 06:41
In March, spammers weren’t content to stick with traditional holiday-related advertising; they also used holiday-themed messages to con personal information from users of social networks.

Blog: CeCOS VIII - Hong Kong

Secure List feed for B2B - Thu, 04/24/2014 - 04:59
The eighth annual Counter-eCrime Operations Summit (CeCOS VIII) was held in Hong Kong on April 8th, 9th and 10th, 2014. The event brings together global leaders from financial services, technology, government, law enforcement, communications sectors and research centers.

New NIST Tool Streamlines Government App Vetting

Threatpost for B2B - Wed, 04/23/2014 - 15:19
Developers who produce apps intended for use on internal networks at government agencies are getting a vetting process of their own called AppVet.

Google Adding Security Checks to Non-OAuth 2.0 Compliant Apps

Threatpost for B2B - Wed, 04/23/2014 - 14:49
Google announced it will add additional security checks to log-in attempts from applications or devices that do not support OAuth 2.0.
Syndicate content