Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/04/23 5:15 p.m.161 views

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

6.8CVSS0.99946EPSS
Exploits31References13
ThreatPost
ThreatPost
added 2021/02/01 4:59 p.m.161 views

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...

0.1AI score
Exploits0References16
ThreatPost
ThreatPost
added 2019/05/29 1:0 p.m.161 views

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u​ campaign named due to a text file...

7.2CVSS0.1AI score0.87042EPSS
Exploits22References6
ThreatPost
ThreatPost
added 2019/05/21 3:15 p.m.161 views

HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak

IT services provider HCL Technologies has inadvertently exposed passwords, sensitive project reports and other private data of thousands of customers and internal employees on various public HCL subdomains. HCL, an $8 billion conglomerate with more than 100,000 employees, specializes in...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/04/10 3:11 a.m.161 views

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/02/26 11:58 a.m.161 views

The Dark Sides of Modern Cars: Hacking and Data Collection

Like an unstoppable incoming tide, connectivity has quietly inundated the automobiles we so love to drive. In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the sta...

Exploits0References25
ThreatPost
ThreatPost
added 2016/11/02 2:24 p.m.161 views

Mitigations Available for PanelShock Vulnerabilities in Schneider HMIs

One week after addressing a critical vulnerability in its industrial controller management software, Schneider Electric is in the midst of handling two more serious flaws in a number of its Magelis HMI products. HMI is short for human machine interface, a graphical visualization of an industrial...

7.8CVSS0.1AI score0.04301EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2012/08/06 6:9 p.m.161 views

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2021/06/21 8:21 p.m.160 views

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Flaws impacting millions of internet of things IoT devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service DoS attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of...

8.2CVSS7AI score0.00256EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2021/02/24 8:50 p.m.160 views

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

The Mozilla Foundation has released its latest version of the Firefox browser, which comes with new privacy protections to squash cross-site cookie tracking, as well as a slew of security vulnerability fixes. Firefox 86, released on Tuesday, includes what it touts as a privacy-bolstering feature...

0.8AI score0.01212EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/07/29 6:2 p.m.160 views

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Remote code-execution vulnerabilities in virtual private network VPN products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to...

10CVSS0.9AI score0.02905EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/01/14 3:42 p.m.160 views

Adobe Patches Five Critical Illustrator CC Flaws

Adobe has released patches for five critical vulnerabilities in Adobe Illustrator CC, its popular vector graphics editor tool, which if exploited could enable arbitrary code execution. Overall Adobe patched nine vulnerabilities as part of its regularly-scheduled updates on Tuesday, including five...

9.3CVSS1.1AI score0.17186EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2019/05/10 6:48 p.m.160 views

News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras

From a massive data-breach report that showed surprising – and disturbing – cybercrime trends, to an op-ed in the New York Times that took aim at Facebook and CEO Mark Zuckerberg, Threatpost editors Lindsey O’Donnell and Tom Spring break down this week’s biggest news. This weeks topics include:...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/01/22 6:45 p.m.160 views

How Web Apps Can Turn Browser Extensions Into Backdoors

Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by an adversary that can steal sensitive browser data and plant arbitrary files on targeted...

1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/10/13 6:8 p.m.160 views

Microsoft Releases New Regex Fuzzer

Microsoft has released a new fuzzing tool designed specifically to find mistakes in regular expressions in application code that could be vulnerable to attack. The SDL Regex Fuzzer identifies problematic lines that might cause an application to be susceptible to attacks that consume huge amounts ...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2019/05/06 9:42 p.m.159 views

WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

A WordPress plugin vulnerability found in WP Live Chat could allow an attacker to upload arbitrary malicious files to vulnerable systems, according to researchers. WP Live Chat is a plugin for WordPress that equips websites with a small pop-up chat support window that site owners can use to...

7.5CVSS10AI score0.05062EPSS
Exploits2References10
ThreatPost
ThreatPost
added 2019/03/19 8:40 p.m.159 views

Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack

Norway-based Norsk Hydro announced on Tuesday morning it was victim to a ransomware attack, which forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning. The cyberattack, first detected by the company’...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/07/01 7:9 p.m.158 views

Defeating Ransomware-as-a-Service? Think Intel-Sharing

The Colonial Pipeline ransomware attack put a glaring spotlight on the ransomware scourge – and, in particular, on the rise of ransomware-as-a-service RaaS. That attack was perpetrated by DarkSide, a RaaS platform that purportedly first surfaced last August. While the group now claims they’re don...

7AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/10/16 8:47 p.m.158 views

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

Microsoft has issued out-of-band patches for two “important” severity vulnerabilities, which if exploited could allow for remote code execution. One flaw CVE-2020-17023 exists in Microsoft’s Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other...

9.3CVSS8.4AI score0.05365EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2020/09/10 9:30 a.m.158 views

CDRThief Malware Targets VoIP Gear in Carrier Networks

A malware dubbed CDRThief is targeting voice over IP VoIP softswitches inside the networks of large telecom carriers. According to ESET researchers, the malware was custom-developed to attack the Linknat VOS2009 and VOS3000 softswitches, which run on standard Linux servers. The code is capable of...

7.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/07/08 8:12 p.m.158 views

Advertising Plugin for WordPress Threatens Full Site Takeovers

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version v.1.5.6, which site...

0.2AI score0.26869EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/03/13 8:53 p.m.158 views

WordPress Plugin Bug in Popup Builder Threatens 100K Websites

Two vulnerabilities – including a high-severity flaw – have been patched in a popular WordPress plugin called Popup Builder. The more severe flaw could enable an unauthenticated attacker to infect malicious JavaScript into a popup – potentially opening up more than 100,000 websites to takeover...

6.5CVSS8.1AI score0.0552EPSS
Exploits3References8
ThreatPost
ThreatPost
added 2019/06/24 1:52 p.m.158 views

Iran Targeting U.S. With Destructive Wipers, Warns DHS

The Department of Homeland Security is warning that Iranian hackers are targeting U.S. agencies with destructive “wiper” malware. The statement comes as tensions continue to build between the U.S. and Iran. Christopher Krebs, the director of the Department of Homeland Security DHS Cybersecurity a...

0.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/05/09 7:8 p.m.158 views

Hackers Take Over IoT Devices to 'Click' on Ads

By 2025 there will be 25 billion internet of things IoT connections, according to GSMA Intelligence. And if hackers have it their way, many of those IoT devices will be hijacked and recruited into online pay-per-click advertising scams. At the Security Analyst Summit 2019, Threatpost sat down wit...

Exploits0
ThreatPost
ThreatPost
added 2018/04/26 6:21 p.m.158 views

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

The ShadowBrokers’ release of a trove of National Security Agency exploits last year appears to be the gift that keeps on giving, to the hacker community at least: A fresh malware that uses the EternalRomance tool has hit the scene, with Monero-mining as the stated goal. However, more damaging...

9.3CVSS9.2AI score0.9923EPSS
Exploits56References7
ThreatPost
ThreatPost
added 2012/03/26 12:5 p.m.158 views

Microsoft, Financial Groups Execute Takedown of Zeus Botnet Servers

Microsoft has gone after another botnet, this time targeting some of the command-and-control infrastructure behind the Zeus network with a takedown effort that included seizing two IP addresses used for C&C servers and filing suit against 39 unnamed defendants. The action against Zeus is the late...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2009/04/14 5:56 p.m.158 views

Microsoft plugs gaping holes in IE, Excel, Windows

Microsoft today released its April batch of security patches: 8 bulletins with patches for at least 20 documented holes in popular software products. The most serious of the flaws could lead to remote code execution attacks that give a malicious hacker complete ownership of a vulnerable machine...

9.3CVSS7.5AI score0.43063EPSS
Exploits14References13
ThreatPost
ThreatPost
added 2022/03/15 7:47 p.m.157 views

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’

Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service DDoS attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate to briefly declare a state of...

6.8AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/09/27 8:29 p.m.157 views

5 Steps to Securing Your Network Perimeter

When it comes to security, some of tomorrow’s biggest threats will come from yesterday’s vulnerabilities. In that regard, the network perimeter is a primary concern. Network security has been discussed for years, and many best practices are well documented. And yet, according to Positive...

8.1CVSS8.7AI score0.99999EPSS
Exploits37References8
ThreatPost
ThreatPost
added 2021/01/15 4:19 p.m.157 views

Google Boots 164 Apps from Play Marketplace for Shady Ad Practices

Google has removed 164 apps, downloaded a total of 10 million times, from its Google Play marketplace because they were delivering “disruptive” ads, considered malicious. Last year, the tech giant banned apps that delivered this type of advertising, called out-of-context ads. But the problem...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/08/10 1:0 p.m.157 views

DEF CON 2019: MacOS Gets a Malware Beatdown in Attack Demo

LAS VEGAS – On Friday, Mac security researcher Patrick Wardle showed how an attacker can repurpose someone else’s Mac malware, create false attribution flags and sidestep Mac anti-malware defenses with ease. The attack scenarios were his own and meant to serve as cautionary examples and reasons w...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/05/10 3:43 p.m.157 views

Nvidia Warns Windows Gamers on GPU Driver Flaws

Graphics chipmaker Nvidia has issued three patches for high-severity vulnerabilities in its GPU display driver, which could lead to information disclosure, escalation of privileges and denial of service DoS in impacted Windows gaming devices. Nvidia’s graphics driver for Windows is used in device...

1.2AI score0.00516EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/02/08 5:44 p.m.157 views

Theory: 'Simple Hack' Behind Bezos’ Alleged Compromising Images

Researchers are shooing away theories of an elaborate “deep state” hacking plot against Jeff Bezos tied to the alleged tawdry images of him and girlfriend Lauren Sanchez. They say, alleged images that Bezos claims that the National Enquirer is threatening to release were likely obtained via a...

7.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/02/01 7:35 p.m.157 views

Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware

UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service BITS mechanism over HTTP. Meanwhile th...

8.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/02/13 5:1 p.m.157 views

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update

Microsoft issued 50 security fixes as part of its February Patch Tuesday release, covering vulnerabilities in Windows, Office, Internet Explorer, Edge and its JavaScript engine ChakraCore. Fourteen of the vulnerabilities are labeled as critical, 34 as important and two as moderate. Two notable...

9.3CVSS0.8AI score0.2043EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2022/05/10 12:35 p.m.156 views

Hackers Actively Exploit F5 BIG-IP Bug

Threat actors have started exploiting a critical bug in the application service provider F5’s BIG-IP modules after a working exploit of the vulnerability was publicly made available. The critical vulnerability, tracked as CVE-2020-1388, allows unauthenticated attackers to launch “arbitrary system...

9.8CVSS9.7AI score0.99956EPSS
Exploits63References15
ThreatPost
ThreatPost
added 2021/04/08 9:7 p.m.156 views

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote users to hijack targeted equipment and gain elevated privileges within effected systems. The three Cisco router models...

10CVSS1AI score0.95707EPSS
Exploits17References10
ThreatPost
ThreatPost
added 2021/03/22 3:49 p.m.156 views

Adobe Fixes Critical ColdFusion Flaw in Emergency Update

In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. The security alert comes two weeks after Adobe’s regularly-scheduled updates. During these updates, the tech company issued patches for a slew of critica...

1.8AI score0.37095EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/11/06 7:42 p.m.156 views

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

0.2AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/11/27 3:28 p.m.156 views

IoT Smartwatch Exposes Kids' Personal, GPS Data

Researchers are warning parents that a children’s connected smartwatch has vulnerabilities that leak users’ personal and GPS data, and allow attackers to listen in on and manipulate conversations. Worse, the smartwatch in question, SMA M2, is currently used by 5,000 children worldwide. Chinese...

0.2AI score
Exploits0References17
ThreatPost
ThreatPost
added 2019/11/04 4:38 p.m.156 views

Critical Remote Code Execution Flaw Found in Open Source rConfig Utility

Two bugs in the network configuration utility rConfig have been identified, both allowing remote code execution on affected systems. Worse, one is rated critical and allows for a user to attack a system remotely – sans authentication. RConfig is a free open-source configuration management utility...

10CVSS10AI score0.97702EPSS
Exploits11References10
ThreatPost
ThreatPost
added 2019/09/26 4:33 p.m.156 views

5G and IoT: How to Approach the Security Implications

When it comes to the next generation of mobile networks, 5G promises a more Internet of Things-friendly ecosystem with vast improvements over the current capabilities of 4G – however, its intersection with IoT will also raise the stakes on cybersecurity. The benefits of 5G are myriad: Not only wi...

7.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/08/16 7:5 p.m.156 views

News Wrap: DejaBlue Bugs and Biometrics Data Breaches

On the heels of Black Hat USA 2019 and DEF CON, Threatpost editors break down the biggest news of this past week ended Aug. 16, from Patch Tuesday craziness to publicly-exposed databases. That includes: Microsoft’s August Patch Tuesday release featuring four BlueKeep-like critical remote...

0.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/06/24 1:0 p.m.156 views

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2022/03/24 8:21 p.m.155 views

Microsoft Azure Developers Awash in PII-Stealing npm Packages

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information PII in a large-scale typosquatting attack against Microsoft Azure cloud users. That’s according to the JFrog Security Research team,...

8.9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/06/18 3:18 p.m.155 views

Carnival Cruise Cyber-Torpedoed by Cyberattack

Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew. Carnival has quite the armada: Its cruise brand...

7.3AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/09/23 3:32 p.m.155 views

Critical Industrial Flaws Pose Patching Headache For Manufacturers

While patch management already presents challenges for enterprises, it’s even more of a headache for manufacturers and other industrial firms – who may even need to shut down entire factory operations in order to apply fixes. Sharon Brizinov, the principal vulnerability researcher with Claroty, h...

0.0552EPSS
Exploits1References15
ThreatPost
ThreatPost
added 2020/07/23 4:4 p.m.155 views

ASUS Home Router Bugs Open Consumers to Snooping Attacks

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices – and eavesdrop on all of the traffic and data that flows through them. The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality...

4.3CVSS0.7AI score0.26869EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2020/06/02 5:10 p.m.155 views

Two Critical Android Bugs Open Door to RCE

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution RCE on Android mobile devices. The critical bugs CVE-2020-0117 and CVE-2020-8597 exist in the Android System area, and would allow a remote attacker using a specially crafted transmissio...

10CVSS0.3AI score0.19431EPSS
Exploits5References7
ThreatPost
ThreatPost
added 2019/10/11 12:37 p.m.155 views

Iran-Linked 'Charming Kitten' Touts New Spearphishing Tactics

An Iran-linked advanced persistent threat APT group tied to attacks on President Trump’s 2020 re-election campaign has added new spearphishing techniques to its arsenal in an apparent ramp-up in operations. Charming Kitten—which goes by a number of names, including APT35, Ajax Security Team,...

0.4AI score
Exploits0References7
Total number of security vulnerabilities5000