Feed aggregator

ISC Patches Critical DoS Vulnerability in BIND

Threatpost for B2B - Fri, 06/13/2014 - 11:10
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.

U.S. Marshals Auctioning Off Seized Silk Road Bitcoins

Threatpost for B2B - Fri, 06/13/2014 - 10:41
If any further evidence was required that up is down and black is white, the United States government is now in the business of selling Bitcoins. At least for one day.

Hot, Cold Reactions to New Google Play App Permissions

Threatpost for B2B - Thu, 06/12/2014 - 14:51
Google Play's new app permissions arrive with some privacy concerns.

Versatility of Zeus Framework Encourages Criminal Innovation

Threatpost for B2B - Thu, 06/12/2014 - 14:30
Ever since the Zeus source code leaked in late 2010, criminals have been creating highly customized, difficult-to-detect versions of it that target very specific services.

Facebook Set to Let Users Edit Own Advertising Info

Threatpost for B2B - Thu, 06/12/2014 - 13:15
Facebook announced it will soon be rolling out a new feature to give its users more control when it comes to the types of advertisements they see on the site.

A Day To Forget For Teen At Center Of TweetDeck Shutdown

Threatpost for B2B - Thu, 06/12/2014 - 12:19
An Austrian teen at the center of yesterday's TweetDeck security incident explains how things went wrong and what the last 24 hours have been like.

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable

Threatpost for B2B - Thu, 06/12/2014 - 09:38
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products.

Blog: Cybercriminals targeting obsolete Japanese blogging tool

Secure List feed for B2B - Thu, 06/12/2014 - 06:00
Cybercriminals are very actively targeting web sites which are not well-managed, so as to abuse them for their malicious activities. Damage to web sites in Japan has increased since last year, which is alarming to Japanese Internet users. Kaspersky Labs Japan has observed more than 2,800 compromised web sites between January and March 2014. WordPress is a popular blogging tool worldwide, but it is often plagued by vulnerabilities which can result in compromised web sites . A similar Japanese-made tool, “Web Diary Professional” (WDP), also experiences such problems. WDP is widely used in Japan, with its Japanese user interface and tutorials.However, it is no longer supported. A new tool has already been introduced as its successor, and the developers have recommended that people migrate. However, a significant number of web site administrators are still using the obsolete WDP, exposing themselves to the threats of cybercriminals.

TweetDeck Taken Down in Wake of XSS Attacks

Threatpost for B2B - Wed, 06/11/2014 - 13:45
TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.

Token Abuse Exposes Gmail Addresses

Threatpost for B2B - Wed, 06/11/2014 - 13:07
Google patched a vulnerability that a researcher was able to exploit in order to collect every Gmail address.

DDoS Attacks Take Down Feedly, Evernote

Threatpost for B2B - Wed, 06/11/2014 - 10:58
News aggregator Feedly and note-taking service Evernote were both knocked offline by distributed denial of service attacks in the last 24 hours.

Mozilla Patches Seven Flaws in Firefox 30

Threatpost for B2B - Wed, 06/11/2014 - 10:31
Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution.

Analysis: Social network frauds

Secure List feed for B2B - Wed, 06/11/2014 - 10:00
In 2013 phishing sites imitating social network websites were to blame for more than 35% of cases when the Anti-phishing heuristic component was triggered.

Alleged Oleg Pliss iPhone Hackers Arrested in Russia

Threatpost for B2B - Tue, 06/10/2014 - 15:00
The hackers behind last month’s iPhone ransomware campaign – in which many users were asked to pay $100 to unlock their devices – may be behind bars now.

Microsoft Patches IE8 Zero Day, Critical Word Bug

Threatpost for B2B - Tue, 06/10/2014 - 14:09
Microsoft's June 2014 Patch Tuesday security updates patched 66 vulnerabilities, including 59 in a critical Internet Explorer cumulative update.

Audit Project Releases Verified Repositories of TrueCrypt 7.1a

Threatpost for B2B - Tue, 06/10/2014 - 13:59
As the uncertainty surrounding the end of TrueCrypt continues, members of the security community are working to preserve a known-good archive of the last version of the open source encryption software released before the developers inserted a warning about potential unfixed bugs in the software and ended development. The team behind the Open Crypto Audit […]

Blog: Microsoft Updates June 2014 - Almost 60 IE and GDI+/TrueType RCE

Secure List feed for B2B - Tue, 06/10/2014 - 13:34

Microsoft fixes a smaller set of software product code this month for "Critical" vulnerabilities, and a handful for "Important" fixes. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a very long list of memory corruption issues, but one of the IE bugs reports, credited to Peter Van Eeckhoutte, is over 180 days old. The fix and testing effort must have been a large one over the past few months.

Attacks Against Space, Satellite Companies Linked to Second Chinese PLA Unit

Threatpost for B2B - Tue, 06/10/2014 - 13:01
Espionage attacks against aerospace and satellite companies in the U.S. and Europe have been linked to a Chinese People's Liberation Army unit, security company Crowdstrike said.
Syndicate content