Feed aggregator

Firefox Meta Referrer A Move Toward Browser Privacy

Threatpost for B2B - Wed, 01/21/2015 - 13:57
Mozilla announced the availability of a meta referrer header in Firefox 36 beta. The meta referrer provides users with policy options limiting the personal data sent in web requests.

Exploit for Flash Zero Day Appears in Angler Exploit Kit

Threatpost for B2B - Wed, 01/21/2015 - 12:53
The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability.

Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE

Threatpost for B2B - Wed, 01/21/2015 - 12:40
A researcher has developed a bypass for Microsoft's latest memory corruption mitigations in Internet Explorer, Heap Isolation and Delay Free.

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

Threatpost for B2B - Wed, 01/21/2015 - 11:17
Two flaws in Schneider Electric's ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device's FTP server and configuration file.

Oracle Patches Backdoor Vulnerability, Recommends Disabling SSL

Threatpost for B2B - Wed, 01/21/2015 - 10:47
Oracle's January 2015 Critical Patch update includes a fix for a backdoor found in the Oracle E-Business Suite by researcher David Litchfield. The patch is among 169 released in the CPU.

Like a Nesting Doll, Vawtrak Malware Has Many Layers

Threatpost for B2B - Tue, 01/20/2015 - 21:33
Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll.

Ubuntu Patches Several Security Flaws

Threatpost for B2B - Tue, 01/20/2015 - 15:28
Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption vulnerabilities, along with a cross-site request forgery bug and a flaw that could lead to […]

Academics Use Siri to Move Secrets Off Jailbroken iOS Devices

Threatpost for B2B - Tue, 01/20/2015 - 13:01
Researchers describe an attack leverage Siri on jailbroken iOS devices to steal secrets such as credit card numbers or passwords.

Nasty Oracle Vulnerability Leaves Researcher ‘Gobsmacked’

Threatpost for B2B - Tue, 01/20/2015 - 11:46
Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle’s […]

CSRF Vulnerability Patched in GoDaddy Domain Settings

Threatpost for B2B - Tue, 01/20/2015 - 10:50
A cross site request forgery vulnerability in GoDaddy domain settings has been patched two days after it was reported to the domain registrar.

Report: Companies Still Not Patching Security Vulnerabilities

Threatpost for B2B - Tue, 01/20/2015 - 09:00
The Cisco 2015 Annual Security report shows that CISOs and other security personnel are confident about their strategies despite that they are not patching.

Holes in Progressive Dongle Could Lead to Car Hacks

Threatpost for B2B - Mon, 01/19/2015 - 15:19
A device that Progressive sends out to customers to give them a better rate by may be doing more than keeping track of their driving, the devices may be insecure and used to take control of vehicles.

Patched API Flaw Allowed Anyone Access to Verizon Email Accounts

Threatpost for B2B - Mon, 01/19/2015 - 14:52
Verizon patched a vulnerability in an API used by its My FiOS mobile application that allowed any user access to any Verizon email account.

Root Password Found in Ceragon Microwave Bridges

Threatpost for B2B - Mon, 01/19/2015 - 14:47
An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.

Potential Code Execution Flaw Haunts PolarSSL Library

Threatpost for B2B - Mon, 01/19/2015 - 12:14
There is a vulnerability in PolarSSL, an open-source SSL library used in a variety of products, that could enable an attacker to execute arbitrary code under some circumstances. The vulnerability is the result of an uninitialized pointer in the PolarSSL code and researchers said that an attacker with knowledge of the target system may be […]

Memory Corruption Bugs Found in VLC Media Player

Threatpost for B2B - Mon, 01/19/2015 - 10:06
There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines. Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher Veysel Hatas reported the vulnerabilities to VideoLAN in December and published the […]

Spammers Take A Liking to WhatsApp Mobile App

Threatpost for B2B - Fri, 01/16/2015 - 13:41
Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.
Syndicate content