Feed aggregator

WordPress Symposium Plug-In Plagued by File Upload Vulnerability

Threatpost for B2B - Wed, 12/31/2014 - 12:23
Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.

Payment Cards Exposed in Possible Chik-fil-A Data Breach

Threatpost for B2B - Wed, 12/31/2014 - 12:18
Reports emerge suggesting a data breach may have occurred, compromising the payment card data of customers who dined at Chik-fil-A.

Seven Things to Watch for in 2015

Threatpost for B2B - Wed, 12/31/2014 - 10:00
A new year begins at midnight and Threatpost highlights seven things you're bound to contend with in 2015.

XXE Bug Patched in Facebook Careers Third-Party Service

Threatpost for B2B - Tue, 12/30/2014 - 16:06
A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook’s careers page.

Majority of 4G USB Modems, SIM Cards Exploitable

Threatpost for B2B - Tue, 12/30/2014 - 15:20
Researchers at the Chaos Computer Club conference in Hamburg presented research on the woeful state of security in 4G USB modems.

Cellular Privacy, SS7 Security Shattered at 31C3

Threatpost for B2B - Tue, 12/30/2014 - 14:15
Researchers Tobias Engel and Karsten Nohl demonstrated serious vulnerabilities in the SS7 protocol for cellular service, putting the privacy of phone calls and users' location data at risk for intercept.

Internet Systems Consortium Site Redirects to Angler Exploit

Threatpost for B2B - Mon, 12/29/2014 - 13:52
UPDATE: The website of the Internet Systems Consortium, the developers of the BIND DNS software deployed all over the Web, was reportedly infected with malware last week.

Two-Factor Snafu Opened Door to JPMorgan Breach

Threatpost for B2B - Wed, 12/24/2014 - 11:00
Published reports say hackers found a server unprotected by two-factor authentication in order to break in to JPMorgan over the summer and make off with data belonging to 76 million households and seven million businesses.

HP’s Zero Day Initiative Changes Bug-Buying Guidelines

Threatpost for B2B - Wed, 12/24/2014 - 10:55
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inception several years ago, has decided that it will […]

Apple Patches NTP Vulnerabilities in First Automated Patch

Threatpost for B2B - Tue, 12/23/2014 - 12:23
Apple pushed its first automated patch, fixing recently uncovered vulnerabilities in the Network Time Protocol (NTP).

2014 Year in Review

Threatpost for B2B - Tue, 12/23/2014 - 11:00
Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.

SoakSoak Malware Campaign Evolves

Threatpost for B2B - Tue, 12/23/2014 - 11:00
The attackers behind the SoakSoak malware campaign are continuing to modify their tactics and have infected a new group of Web sites. The Javascript code that the attackers target with the malware has also changed. Last week, Google took the step of blacklisting thousands of sites that had been infected by SoakSoak. The malware is targeting WordPress […]

North Korea Internet Restored Amid ‘Proportional Response’ Speculation

Threatpost for B2B - Tue, 12/23/2014 - 10:06
North Korea's Internet connectivity resumed last night after a 10-hour outage amid speculation the country was under a U.S.-sponsored DDoS attack in retaliation for the Sony hack.
Syndicate content