Feed aggregator

MySQL Bug Can Strip SSL Protection From Connections

Threatpost for B2B - Thu, 04/30/2015 - 10:59
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some […]

Congress, Crypto and Craziness

Threatpost for B2B - Thu, 04/30/2015 - 07:34
A Congressional hearing on encryption and "frontdoors" produced a generous amount of the usual "crazy" from lawmakers and law enforcement.

WordPress Ecommerce Plugin Vulnerability Details Disclosed

Threatpost for B2B - Wed, 04/29/2015 - 14:28
Details on a number of unpatched vulnerabilities in a popular WordPress ecommerce plugin called CartPress were disclosed.

A Year Later, XSS Vulnerability Still Exists in eBay

Threatpost for B2B - Wed, 04/29/2015 - 14:27
A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.

OpenSSL Past, Present and Future

Threatpost for B2B - Wed, 04/29/2015 - 13:06
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.

Google Releases Password Alert Extension for Chrome

Threatpost for B2B - Wed, 04/29/2015 - 12:14
Google is rolling out a new extension for Chrome that will monitor users’ logins and warn them if they enter a Google password on a non-Google page, a move designed to help protect users against phishing attacks. The new extension, called Password Alert, works for both consumer accounts and Google Apps for Work accounts. Company […]

Macro-Enabled Malware Making a Comeback

Threatpost for B2B - Wed, 04/29/2015 - 10:28
Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of […]

How I Got Here: Jennifer Leggio

Threatpost for B2B - Wed, 04/29/2015 - 08:54
Dennis Fisher talks with Jennifer Leggio, a longtime player in security PR and marketing, about her start as an obituary writer in Southern California, her move into tech in the Bay Area, what she loves about working in security and what makes for successful startups.

Criminal Group Using Dynamic Gate System to Infect with Fiesta EK

Threatpost for B2B - Tue, 04/28/2015 - 14:47
Criminal group is utilizing a changing series of Internet protocol addresses, domains and gates in order to infect its victims with the Fiesta exploit kit.

SendGrid Admits Broader Hack of Email Service

Threatpost for B2B - Tue, 04/28/2015 - 14:31
Email delivery service provider SendGrid admitted that hackers had accessed several internal systems, refuting reports earlier this month that the attack was an isolated incident.

WordPress Patches Zero-Day Vulnerability

Threatpost for B2B - Tue, 04/28/2015 - 13:12
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS' core engine.

Authentication Vulnerabilities Identified in Projector Firmware

Threatpost for B2B - Tue, 04/28/2015 - 11:42
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.
Syndicate content