Feed aggregator

OpenSSL Past, Present and Future

Threatpost for B2B - Wed, 04/29/2015 - 13:06
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.

Google Releases Password Alert Extension for Chrome

Threatpost for B2B - Wed, 04/29/2015 - 12:14
Google is rolling out a new extension for Chrome that will monitor users’ logins and warn them if they enter a Google password on a non-Google page, a move designed to help protect users against phishing attacks. The new extension, called Password Alert, works for both consumer accounts and Google Apps for Work accounts. Company […]

Macro-Enabled Malware Making a Comeback

Threatpost for B2B - Wed, 04/29/2015 - 10:28
Malware that uses macros as part of its infection method has been around for more than a decade, and was one of the first major techniques to drive changes at software vendors such as Microsoft. The tactic has been making a comeback of late, and Microsoft is seeing a major spike in the volume of […]

How I Got Here: Jennifer Leggio

Threatpost for B2B - Wed, 04/29/2015 - 08:54
Dennis Fisher talks with Jennifer Leggio, a longtime player in security PR and marketing, about her start as an obituary writer in Southern California, her move into tech in the Bay Area, what she loves about working in security and what makes for successful startups.

Criminal Group Using Dynamic Gate System to Infect with Fiesta EK

Threatpost for B2B - Tue, 04/28/2015 - 14:47
Criminal group is utilizing a changing series of Internet protocol addresses, domains and gates in order to infect its victims with the Fiesta exploit kit.

SendGrid Admits Broader Hack of Email Service

Threatpost for B2B - Tue, 04/28/2015 - 14:31
Email delivery service provider SendGrid admitted that hackers had accessed several internal systems, refuting reports earlier this month that the attack was an isolated incident.

WordPress Patches Zero-Day Vulnerability

Threatpost for B2B - Tue, 04/28/2015 - 13:12
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS' core engine.

Authentication Vulnerabilities Identified in Projector Firmware

Threatpost for B2B - Tue, 04/28/2015 - 11:42
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.

Mozilla to Remove Turkish CA From Firefox Trust Store

Threatpost for B2B - Tue, 04/28/2015 - 10:15
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]

New Utility Decrypts Data Lost to TeslaCrypt Ransomware

Threatpost for B2B - Mon, 04/27/2015 - 14:38
Cisco published an analysis of TeslaCrypt and a decryptor tool that recovers files lost to the ransomware.

Details on WordPress Zero Day Disclosed

Threatpost for B2B - Mon, 04/27/2015 - 11:56
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
Syndicate content