Feed aggregator

ICS-CERT Confirms Public Utility Compromised Recently

Threatpost for B2B - Wed, 05/21/2014 - 10:31
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT, […]

Companies Better at Containing Data Breaches

Threatpost for B2B - Wed, 05/21/2014 - 09:00
For all that gets written about how poorly organizations have responded to data breaches as of late, believe it or not, one new study has deduced that companies are getting better.

Chrome 35 Fixes 23 Security Flaws

Threatpost for B2B - Tue, 05/20/2014 - 14:11
Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities, […]

Enterprises Still Lax on Privileged User Access Controls

Threatpost for B2B - Tue, 05/20/2014 - 12:42
The results of a survey commissioned by Raytheon demonstrate that enterprises still don't have a firm grasp on privileged users and their activities on corporate networks.

The U.S., China and Internet Glass Houses

Threatpost for B2B - Tue, 05/20/2014 - 11:50
That was quite a show the government put on Monday. The dramatic press conference featuring Attorney General Eric Holder, the coordinated press leaks ahead of the announcement, the strong statements about the sanctity of American commerce and how the United States will prosecute those who conduct cyberespionage against American targets. There were even cyber-wanted posters. […]

More than 90 Arrested in Blackshades RAT Takedown

Threatpost for B2B - Tue, 05/20/2014 - 09:44
The FBI, Justice Department and law enforcement in 19 countries announced the takedown of the Blackshades operation, responsible for dissemination of the Blackshades RAT.

Analysis: Spam and online gambling - a surefire loser

Secure List feed for B2B - Tue, 05/20/2014 - 06:00
Who hasn’t dreamt of Lady Luck smiling on them and bestowing untold wealth without having to make the slightest effort?

XMPP Mandating Encryption on Messaging Service Operators

Threatpost for B2B - Mon, 05/19/2014 - 16:07
Beginning today, operators of instant massaging services that rely on the extensible messaging and presence protocol (XMPP) are expected to deploy encryption into the messaging platforms they maintain.

Malvertising Redirecting to Microsoft Silverlight Exploits

Threatpost for B2B - Mon, 05/19/2014 - 15:04
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.

Facebook Takes Tougher Stand Against BREACH Attack

Threatpost for B2B - Mon, 05/19/2014 - 13:30
Facebook disclosed today how it has beefed up cross-site request forgery (CSRF) tokens in order to ward off the BREACH attack.

U.S. Indicts Five Chinese Army Officers for Alleged Cyberespionage Operations

Threatpost for B2B - Mon, 05/19/2014 - 11:30
The United States government on Monday made an unprecedented move in its efforts to combat cyberespionage operations against American companies, efforts that until now had mainly consisted of strongly worded statements and diplomacy. The Department of Justice indicted five officers of the Chinese People’s Liberation Army for allegedly hacking into networks run by companies such […]

Retailers Form ISAC to Share Threat Data

Threatpost for B2B - Mon, 05/19/2014 - 10:33
From the beginning of the cybercrime epidemic, retailers have been among the most frequent targets, and the last year has seen some of the larger compromises in history. The Target data breach is at the top of that list, involving more than 100 million customers, and after years of increasingly serious compromises the retail industry […]

Blog: The Bitcoin 2014 Conference - Are Crypto-Currencies Reaching Maturity?

Secure List feed for B2B - Sat, 05/17/2014 - 10:12
As the Bitcoin 2014 conference is unwinding here in Amsterdam today, I have to admit that I am impressed by how the crypto-currency community is making rapid steps towards reaching maturity.

Embedded Devices Leak Authentication Data Via SNMP Community String

Threatpost for B2B - Fri, 05/16/2014 - 13:55
Rapid7 today disclosed zero-day vulnerabilities in an enterprise-grade load balancer from Brocade and home DSL routers and cable modems that allow a hacker to steal authentication data from the SNMP community string.
Syndicate content