Feed aggregator

Threatpost News Wrap, May 9, 2014

Threatpost for B2B - Fri, 05/09/2014 - 13:08
Dennis Fisher and Mike Mimoso discuss the major news stories of the last couple of weeks, including the proposal in TLS 1.3 to drop RSA key transport, the Snapchat FTC settlement and the end of Windows XP support. And no Heartbleed talk!

Bitly Compromised, Users Urged to Change Passwords

Threatpost for B2B - Fri, 05/09/2014 - 12:02
Link shortening service Bitly informed its users that it believes user credentials – passwords, API keys and OAuth tokens – have been compromised.

Twitter Upgrades Account Security Features

Threatpost for B2B - Fri, 05/09/2014 - 10:41
Twitter has made a couple of changes to the service’s login process to help prevent account takeovers and enable users to reset their passwords in a simpler way. A Twitter account is among the more valuable assets for an attacker who is targeting a specific person. Accounts typically are tied to a user’s main email […]

Digi ICS Gateways Vulnerable to Heartbleed OpenSSL Bug

Threatpost for B2B - Fri, 05/09/2014 - 09:56
Industrial control system wireless gateways from Digi International are vulnerable to Heartbleed, ICS-CERT warns. The vendor has firmware upgrades available and urges immediate updates.

Microsoft to Patch IE Again Next Week; Adobe to Clean Up Reader, Acrobat

Threatpost for B2B - Thu, 05/08/2014 - 15:48
Microsoft will patch Internet Explorer again one week after an out-of-band patch for a zero-day vulnerability in the browser.

Health and Fitness Apps Poor at Protecting Privacy, FTC Says

Threatpost for B2B - Thu, 05/08/2014 - 14:36
A study conducted by the Federal Trade Commission looked at 12 different health apps and found they sent user information to 76 different third parties.

Snapchat Settles With FTC Over Privacy and Security Concerns

Threatpost for B2B - Thu, 05/08/2014 - 14:20
Snapachat, the maker of the popular video and photo chat app, has agreed to settle charges by the Federal Trade Commission that the company misrepresented the supposedly ephemeral nature of the messages users send and failed to take adequate security precautions with the data it collects, leading to a data breach earlier this year that […]

Former NSA Director Alexander Addresses Crypto Standard Subversion

Threatpost for B2B - Thu, 05/08/2014 - 13:19
Former NSA Director Keith Alexander told an Australian publication that the agency's subversion of crypto standards and stockpiling of zero days is part and parcel of its mission.

Judiciary Committee Approves Bill Limiting NSA Surveillance

Threatpost for B2B - Thu, 05/08/2014 - 13:17
The House Judiciary Committee has approved the USA FREEDOM Act, which aims to limit the NSA's surveillance powers and revise the PATRIOT Act and FISA.

Cisco Fixes Remote Code Execution Flaws in Several WebEx Products

Threatpost for B2B - Thu, 05/08/2014 - 12:09
Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at […]

Legal Guidelines Say Apple Can Extract Data From Locked iOS Devices

Threatpost for B2B - Thu, 05/08/2014 - 10:49
If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings.

Regulating User-Generated Health Information, Privacy An Uphill Battle

Threatpost for B2B - Thu, 05/08/2014 - 07:46
Experts discussed the future of consumer generated health information and its privacy implications in a Federal Trade Commission-led panel Wednesday morning.

Sefnit Accomplices Account for Spike in Malware Infections

Threatpost for B2B - Wed, 05/07/2014 - 14:37
Microsoft's latest Security Intelligence Report identifies two malware families, Rotbrow and Brantall, previously thought to be benign that have been dropping the Sefnit botnet.

Chrome Canary Bug Hides URLs A Little Too Well

Threatpost for B2B - Wed, 05/07/2014 - 12:56
A bug in the developer and early adopter version of Google Chrome called Canary fails to display URLs of a certain character length, potentially facilitating phishing attacks.

CryptoLocker Ransomware Moves to Android

Threatpost for B2B - Wed, 05/07/2014 - 10:55
The CryptoLocker ransomware has been wreaking havoc on desktops for months now, demanding that victims pay hundreds of dollars in exchange for the key to decrypt their locked hard drives. Now the malware is expanding its scope, adding the Android platform to its targets. The new mobile version of the malware is being sold by […]

Experts Praise, Express Concern for Revised USA Freedom Act

Threatpost for B2B - Tue, 05/06/2014 - 14:19
House Judicial Committee issues revisions to the USA FREEDOM Act, which will impose limits on the NSA's ability to perform surveillance and spying.

Privacy Coalition Calls For Net Reset in June

Threatpost for B2B - Tue, 05/06/2014 - 14:15
A new alliance composed of privacy and digital rights advocates are encouraging internet users to block mass surveillance and fight back against the National Security Agency on June 5.

Dropbox Patches Shared Links Privacy Vulnerability

Threatpost for B2B - Tue, 05/06/2014 - 14:08
Dropbox has addressed a privacy flaw in its shared links feature that exposed documents to third parties.
Syndicate content