Feed aggregator

Tor Cloud Shut Down Amid Lack of Support

Threatpost for B2B - Mon, 05/11/2015 - 15:01
The Tor Project is discontinuing its Tor Cloud Project in the face of mounting bugs and a lack of human and financial resources.

MacKeeper Patches Remote Code Execution Zero Day

Threatpost for B2B - Mon, 05/11/2015 - 13:39
The MacKeeper OS X and iOS performance and security utility has been patched against a remote code execution zero day vulnerability.

Elasticsearch Honeypot Snares 8,000 Attacks Against RCE Vulnerability

Threatpost for B2B - Mon, 05/11/2015 - 13:18
Hackers are exploiting a remote code execution vulnerability in Elasticsearch, according to one researcher who published logs from a honeypot he built showing 8,000 attempts to exploit the bug.

Court’s Ruling a ‘Clear Signal’ About Mass Surveillance Programs, Experts Say

Threatpost for B2B - Mon, 05/11/2015 - 11:16
The ruling last week by the Second Circuit Court of Appeals that the NSA’s years-long bulk collection of phone metadata is illegal is a “clear signal” that courts are moving in the direction of striking down some mass surveillance programs, experts say. The decision, issued Thursday, is among the first major rulings to go against […]

Threatpost News Wrap, May 8, 2015

Threatpost for B2B - Fri, 05/08/2015 - 12:12
Dennis Fisher and Mike Mimoso talk about the end of the Patch Tuesday era for most Microsoft customers, the appeals court ruling on Section 215 metadata collection and Dennis’s idea for a security industry commission.

WordPress Sites Backdoored, Leaking Credentials

Threatpost for B2B - Fri, 05/08/2015 - 11:37
Zscaler has discovered a number of WordPress sites that have been backdoored and sending credentials to a hacker-controlled website.

Rockwell Automation Patches Buffer Overflow in ICS App

Threatpost for B2B - Fri, 05/08/2015 - 11:09
There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments. The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely […]

Security Updates Coming for Adobe Reader, Acrobat

Threatpost for B2B - Fri, 05/08/2015 - 09:50
Adobe released pre-notification of security updates coming next week for its Reader and Acrobat products. The updates will address critical vulnerabilities in both products, Adobe said.

Weak Homegrown Crypto Dooms Open Smart Grid Protocol

Threatpost for B2B - Thu, 05/07/2015 - 14:58
Researchers in Europe have published research examining weak, homegrown cryptography used in the Open Smart Grid Protocol.

Cisco Patches Remote Code Execution Bugs in UCS Central

Threatpost for B2B - Thu, 05/07/2015 - 14:21
Cisco has patched a critical input validation vulnerability in its UCS Central software.

Vulnerabilities Identified in Two WordPress Plugins

Threatpost for B2B - Thu, 05/07/2015 - 12:38
Two vulnerabilities in two different WordPress plugins - an Arbitrary Variable Overwrite vulnerability in eShop, and an XSS vulnerability in Jetpack - were identified this week.

Appeals Court Rules NSA Metadata Collection Not Authorized by Section 215

Threatpost for B2B - Thu, 05/07/2015 - 10:58
The United States Court of Appeals for the Second Circuit ruled Thursday that the Patriot Act does not authorize the bulk collection of phone records by the NSA. The ruling undermines the key foundation upon which the federal government’s phone metadata surveillance program is built, Section 215 of the Patriot Act. That program was the […]
Syndicate content