Friday, September 04, 2015
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
UPnP Trouble Puts Devices Behind Firewall at Risk Networked devices behind a firewall are at risk to attack because of poor authentication in the UPnP protocol in most home routers.
In Wake of Cyberattacks, U.S. Readies Sanctions Against China The U.S. government is purportedly readying economic sanctions against China and is prepared to call out several Chinese companies and individuals for cyber espionage.
CERT Warns of Slew of Bugs in Belkin N600 Routers The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with […]
KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims. The KeyRaider malware was discovered by researchers at Palo Alto Networks, who […]

Latest News

Feds Change Policy to Require Warrant for Use of Stingrays

The Department of Justice has established a new policy that requires federal law enforcement agents–and state and local agencies working with the department–to obtain search warrants in order to use Stingray devices. The change is a major one, as agents will now need to show probable cause before deploying one of the devices, which simulate […]

Threatpost News Wrap, September 4, 2015

Dennis Fisher and Mike Mimoso talk about the potential US sanctions against China over cyberespionage, the browser vendors dumping RC4, the trouble at Mobile Pwn2Own and more security news of the week.

Citing Wassenaar, HP Pulls out of Mobile Pwn2Own

HP, a longtime sponsor of the Pwn2Own hacking contests, has decided it will not participate in November’s Mobile Pwn2Own event in Japan because of concerns over the country’s implementation of the Wassenaar Arrangement rules.

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The company has fixed the bug in new versions of the software, […]

New Android Ransomware Communicates over XMPP

A new strain of Android ransomware disguised as a video player app uses an instant messaging protocol called XMPP to receive commands and communicate with the command and control server.

How I Got Here: Window Snyder

Dennis Fisher talks with Window Snyder of Fastly about her early interest in technology, what it was like meeting the L0pht crew at the MIT Flea as a teenager, her time at @stake, working on XP SP2 at Microsoft, Apple's security evolution and much more.

New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe

New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed. Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the […]

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.

Victims of June OPM Hack Still Haven’t Been Notified

Millions of government workers whose information was implicated in this year’s expansive Office of Personnel Management hack still haven’t been notified, the agency revealed this week.

Google Patches Critical Vulnerabilities in Chrome 45

Google promoted Chrome 45 to a stable release, patching 29 security vulnerabilities. It has also started pausing ads running Flash.