Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2022/03/08 2:52 p.m.243 views

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers from Huawei – Yiqi Sun and Kevin Wang – have discovered a vulnerability in the “control groups” feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary...

8.4CVSS10AI score0.88106EPSS
Exploits120References11
ThreatPost
ThreatPost
added 2021/04/23 7:44 p.m.243 views

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials — they think they’re about to stream Oscar-nominated films, but the reality turns out to be much different. Prior to the winners being announced...

7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/12/28 5:21 p.m.243 views

Hackers Amp Up COVID-19 IP Theft Attacks

Attackers are looking to the healthcare space as a rich repository of intellectual property IP now more than ever, as critical research of COVID-19 therapeutics are developed and Pfizer, Moderna and other biotech firms begin to mass produce vaccines. Several incidents show that nation-states are...

6.7AI score
Exploits0References16
ThreatPost
ThreatPost
added 2019/05/03 7:14 p.m.243 views

News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams

A slew of strange security news stories made headlines this week, from scams to hacks. The Threatpost team breaks down the top stories that made everyone scratch their heads, including: –Cartoon Network streaming websites being hacked to play Brazilian stripper videos. – A Catholic church in...

7.4AI score
Exploits0References12
ThreatPost
ThreatPost
added 2022/03/24 5:11 p.m.242 views

HubSpot Data Breach Ripples Through Crytocurrency Industry

A rogue employee working at HubSpot – used by more than 135,000 and growing customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the...

8.8AI score
Exploits0References22
ThreatPost
ThreatPost
added 2021/06/25 9:3 p.m.242 views

PS3 Players Ban: Victims of Surging Gaming Attacks

A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform. This is just the latest in a shocking spike in attacks on unsuspecting gamers. Sony reportedly left a folder with every PS3...

7.6AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/09/30 2:12 p.m.242 views

Critical Exim Flaw Opens Servers to Remote Code Execution

A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...

7.5CVSS1.4AI score0.99961EPSS
Exploits28References10
ThreatPost
ThreatPost
added 2019/07/05 9:29 p.m.242 views

Data Breach Lessons from the Trenches

In this webcast Threatpost editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. He shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against futu...

1.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/06/24 10:0 a.m.241 views

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

UPDATE A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to an analysis from Eclypsium, the...

7.5CVSS7.7AI score0.00626EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2010/08/24 2:47 p.m.241 views

DLL Hijacking Exploit Code Posted for PowerPoint, Other Apps

A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some application...

9.3CVSS1.1AI score0.99945EPSS
Exploits33References15
ThreatPost
ThreatPost
added 2021/07/22 4:18 p.m.240 views

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

iPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren’t getting a...

10CVSS10AI score0.03653EPSS
Exploits2References5
ThreatPost
ThreatPost
added 2021/04/19 6:1 p.m.240 views

Ransomware: A Deep Dive into 2021 Emerging Cyber-Risks

Ransomware has been a growing scourge for years, but recent attacks illustrate a growing sophistication by attackers within this slice of the cybercrime underbelly. Snowballing assaults against the business sector, schools and government organizations are now a primary cybersecurity concern. Maki...

0.3AI score0.47172EPSS
Exploits9References16
ThreatPost
ThreatPost
added 2020/11/25 4:55 p.m.240 views

Critical MobileIron RCE Flaw Under Active Attack

Advanced persistent threat APT groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question CVE-2020-15505 is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it...

9.3CVSS0.4AI score0.99737EPSS
Exploits79References8
ThreatPost
ThreatPost
added 2021/10/12 9:51 p.m.239 views

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three...

9.6CVSS9.1AI score0.86132EPSS
Exploits74References20
ThreatPost
ThreatPost
added 2020/08/24 9:31 p.m.239 views

Google Fixes High-Severity Chrome Browser Code Execution Bug

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week. The flaw CVE-2020-6492 is a use-after-free vulnerability in the WebGL We...

4.3CVSS1.9AI score0.26869EPSS
Exploits6References7
ThreatPost
ThreatPost
added 2017/08/08 4:34 p.m.239 views

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres...

10CVSS9AI score0.99933EPSS
Exploits43References7
ThreatPost
ThreatPost
added 2015/02/10 9:0 a.m.239 views

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

9.3CVSS7AI score0.99966EPSS
Exploits22References6
ThreatPost
ThreatPost
added 2022/03/09 9:10 p.m.238 views

APT41 Spies Broke Into 6 US State Networks via a Livestock App

USAHerds – an app used PDF by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by...

10CVSS10AI score0.99999EPSS
Exploits381References25
ThreatPost
ThreatPost
added 2021/03/31 7:43 p.m.238 views

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data – they do anyway. “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas...

7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/09/22 6:44 p.m.238 views

Google Chrome Bugs Open Browsers to Attack

Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures. Overall, Google’s release of Chrome 85.0.4183.121 for...

6.8CVSS9.2AI score0.0552EPSS
Exploits5References9
ThreatPost
ThreatPost
added 2020/05/08 3:36 p.m.238 views

Report: Microsoft’s GitHub Account Gets Hacked

Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports. A group that calls itself Shiny Hunters claims it stole and then leaked the data, which did not appear to include...

7.5AI score
Exploits0References22
ThreatPost
ThreatPost
added 2019/06/12 3:51 p.m.238 views

RAMBleed Side-Channel Attack Exposes Privileged Memory

A team of academic researchers has discovered a follow-on to the Rowhammer class of attacks that allows attackers to read memory data on a target Windows computer, without actually accessing the memory itself. The method is dubbed RAMBleed. Andrew Kwong and Daniel Genkin at the University of...

2.1CVSS1.5AI score0.00386EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2022/03/28 6:28 p.m.237 views

Okta Says It Goofed in Handling the Lapsus$ Attack

On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover ATO at one of its...

8.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2022/01/20 6:39 p.m.237 views

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws. This is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing...

10CVSS9.5AI score0.99999EPSS
Exploits351References12
ThreatPost
ThreatPost
added 2021/04/16 8:27 p.m.237 views

BazarLoader Malware Abuses Slack, BaseCamp Clouds

The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts fr...

9.8AI score0.47172EPSS
Exploits9References8
ThreatPost
ThreatPost
added 2020/07/16 12:33 p.m.237 views

Threat Actors Introduce Unique ‘Newbie’ Hacker Forum

A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals. Digita...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/07/26 6:37 p.m.237 views

Gamers Are Easy Prey for Credential Thieves

Gamers are soft targets for credential-thieving hackers who see them as young, naive and playing it fast and loose with security. “A 14-year-old kid’s gaming credentials are worth more than you think,” said Mike Wilson, CTO at Enzoic. He said credentials tied to Fortnite, Minecraft and RuneScape...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/07/29 9:22 p.m.236 views

Critical Magento Flaws Allow Code Execution

Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...

8.5CVSS1.5AI score0.26869EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2019/06/18 6:43 p.m.236 views

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

Multiple TCP-based remote denial-of-service vulnerabilities have been uncovered in the FreeBSD and Linux kernels by Netflix researchers. Exploitation would interrupt TCP connections and therefore streaming content flows to vulnerable Linux-based PCs putting a crimp in binge-watching, for instance...

7.8CVSS7.9AI score0.98745EPSS
Exploits4References12
ThreatPost
ThreatPost
added 2022/02/16 1:39 p.m.235 views

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its...

8.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2022/02/07 6:49 p.m.235 views

QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug

ForcedEntry – the exploit of a zero-click iMessage zero day that circumvented Apple’s then-brand-new BlastDoor security feature starting a year ago – was picked apart not just by NSO Group with its Pegasus spyware but also by a newly uncovered, smaller smartphone-hacking toolmaker named QuaDream...

8.3AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/07/07 2:11 p.m.235 views

Why I Love (Breaking Into) Your Security Appliances

Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...

10CVSS9.7AI score0.04362EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2019/08/29 2:6 p.m.235 views

Critical Cisco VM Bug Allows Remote Takeover of Routers

A critical remote authentication-bypass vulnerability – with the highest possible severity level of 10 out of 10 on the CvSS scale – has been found in the Cisco REST API virtual service container for Cisco IOS XE Software. The bug CVE-2019-12643 affects the following hardware if running the REST...

10CVSS1.3AI score0.05324EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/01/13 12:55 p.m.235 views

Gitrob Combs Github Repositories for Secret Company Data

Free online code repositories such as GitHub provide a valuable collaboration service for enterprise developers. But it’s also a trove of potentially sensitive company and project information that’s likely to warrant attention from hackers. An application security specialist from Berlin has...

8.3AI score0.99993EPSS
Exploits41References5
ThreatPost
ThreatPost
added 2021/08/11 3:27 p.m.234 views

SAP Patches Nine Critical & High-Severity Bugs

SAP has released 19 new and updated security patches, three of them rated as “HotNews” critical and six as high-priority. “HotNews” is the severity rating that SAP gives to critical vulnerabilities. Two of this month’s sizzlers have a CVSS score of 9.9 and affect SAP Business One and SAP NetWeave...

9.9CVSS8.5AI score0.67699EPSS
Exploits5References7
ThreatPost
ThreatPost
added 2021/06/23 3:11 p.m.234 views

REvil Ransomware Code Ripped Off by Rivals

They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit CTU found that it...

6.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/05/03 8:56 p.m.233 views

New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago. A paper published on Friday by a team of computer scientists from the...

7.5CVSS0.47172EPSS
Exploits9References11
ThreatPost
ThreatPost
added 2021/03/31 12:48 p.m.233 views

APT Charming Kitten Pounces on Medical Researchers

Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBloo...

0.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/01/14 1:28 p.m.233 views

Ring Adds End-to-End Encryption to Quell Security Uproar

Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they s...

9.3CVSS8.4AI score0.99512EPSS
Exploits75References18
ThreatPost
ThreatPost
added 2020/04/27 5:21 a.m.233 views

Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply...

0.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/01/23 8:27 p.m.233 views

Redaman Spams Russian Banking Customers with Rotating Tactics

The Redaman banking trojan ramped up its activity in the last part of 2018, employing ongoing back-end changes in order to evade detection, according to a new Wednesday report. Redaman as a malware first came on the scene in 2015, and since then has consistently targeted victims that use Russian...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2017/01/11 1:1 p.m.233 views

Second Try at LSASS Patch Addresses Vulnerability

Microsoft’s second try at patching a vulnerability in a critical Windows process apparently is more successful than its first attempt. Yesterday, as part of its monthly Patch Tuesday release of security bulletins, Microsoft sent out an update that fixed a denial-of-service vulnerability in the...

9.3CVSS1.2AI score0.99945EPSS
Exploits35References6
ThreatPost
ThreatPost
added 2022/01/07 4:14 p.m.232 views

QNAP: Get NAS Devices Off the Internet Now

Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...

10CVSS9.6AI score0.78395EPSS
Exploits0References15
ThreatPost
ThreatPost
added 2020/11/11 2:45 p.m.232 views

High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers ASR. The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System IOS. The OS powers the Cisco ASR 9000 serie...

8.3CVSS2AI score0.11685EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2019/05/23 3:10 p.m.232 views

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day

On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning. On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation LPE, by importing legacy tasks from other...

7.2CVSS7.2AI score0.414EPSS
Exploits20References15
ThreatPost
ThreatPost
added 2021/08/13 8:8 p.m.231 views

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

Could a cyberattack spark the next financial crisis? Following the calamitous, widespread SolarWinds attacks in April, that’s exactly what the New York State Department of Financial Services DFS has suggested. “This incident confirms that the next great financial crisis could come from a...

7.1AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/04/02 4:45 p.m.231 views

From PowerShell to Payload: An Analysis of Weaponized Malware

UPDATE Click, and boom, your network is compromised. All a hacker needs is one successful exploit and you could have a very bad day. Recently we uncovered one artifact that we would like to break down and showcase. We will get “into the weeds” here and really deep-dive on the technical details, s...

6.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/12/09 2:56 p.m.231 views

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw

Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...

1.4AI score0.02275EPSS
Exploits0References13
ThreatPost
ThreatPost
added 2020/05/28 9:10 p.m.231 views

Inside the Hoaxcalls Botnet: Both Success and Failure

The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service DDoS attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise. Researchers, however, have discovered th...

10CVSS10AI score0.9995EPSS
Exploits18References7
ThreatPost
ThreatPost
added 2011/09/22 6:3 p.m.231 views

DroidSheep Android App Hijacks Sessions in One Click, Developer Meant Well

Following the success of the Firesheep application, a new Android application called DroidSheep allows users to hijack Web sessions of popular online services over insecure Wifi connections. DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including...

0.2AI score
Exploits0References5
Total number of security vulnerabilities5000