Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/02/24 5:14 p.m.941 views

VMWare Patches Critical RCE Flaw in vCenter Server

Click to Register VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution RCE flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of a...

7.5CVSS9.6AI score0.99999EPSS
Exploits102References10
ThreatPost
ThreatPost
added 2020/04/14 4:7 p.m.940 views

Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines

Recent malware campaigns reveal that cybercriminals aren’t sparing healthcare firms, medical suppliers and hospitals on the frontlines of the coronavirus pandemic. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization...

9.3CVSS7.5AI score0.99966EPSS
Exploits12References18
ThreatPost
ThreatPost
added 2022/03/17 2:36 p.m.920 views

Misconfigured Firebase Databases Exposing Data in Mobile Apps

Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research CPR found that in three months’ time, 2,1...

8.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/10/21 5:21 p.m.914 views

Oracle Kills 402 Bugs in Massive October Patch Update

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update CPU, which fixes 402 vulnerabilities across various product families. Well over half 272 of these vulnerabilities open products up to remote exploitation withou...

7.5CVSS1.3AI score0.80291EPSS
Exploits13References5
ThreatPost
ThreatPost
added 2018/11/06 12:27 p.m.886 views

Apache Struts Warns Users of Two-Year-Old Vulnerability

The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a know...

10CVSS1.1AI score0.99999EPSS
Exploits98References6
ThreatPost
ThreatPost
added 2020/02/03 8:58 p.m.874 views

AZORult Campaign Adopts Novel Triple-Encryption Technique

A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. What makes this campaign unique is...

9.3CVSS8.1AI score0.99933EPSS
Exploits29References8
ThreatPost
ThreatPost
added 2020/11/03 1:57 p.m.851 views

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...

10CVSS0.99997EPSS
Exploits85References25
ThreatPost
ThreatPost
added 2020/09/30 2:34 p.m.841 views

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix. The vulnerability in question CVE-2020-0688 exists in the control panel of Exchange,...

9CVSS8.7AI score0.99965EPSS
Exploits30References15
ThreatPost
ThreatPost
added 2020/10/21 8:31 p.m.825 views

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...

10CVSS9.3AI score0.99999EPSS
Exploits451References21
ThreatPost
ThreatPost
added 2020/07/01 9:2 p.m.818 views

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...

10CVSS0.26869EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2019/04/25 9:13 p.m.815 views

Android-Based Sony Smart-TVs Open to Image Pilfering

Two vulnerabilities in Android-based smart-TVs from Sony, including the flagship Bravia line, could allow attackers to access WiFi passwords and images stored on the devices. The bugs exist in the Photo Sharing Plus feature of Sony smart-TVs going back to 2015. They were uncovered by xen1thLabs i...

9CVSS1.2AI score0.99965EPSS
Exploits34References6
ThreatPost
ThreatPost
added 2022/02/24 3:8 p.m.799 views

Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous...

8.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/05/10 5:37 p.m.799 views

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

10CVSS7.7AI score0.99999EPSS
Exploits189References15
ThreatPost
ThreatPost
added 2021/04/02 7:56 p.m.793 views

FBI: APTs Actively Exploiting Fortinet VPN Bugs

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat APT nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According t...

7.5CVSS10AI score0.99999EPSS
Exploits23References8
ThreatPost
ThreatPost
added 2019/05/01 3:32 p.m.787 views

Cartoon Network Hacked Worldwide to Show Brazilian Stripper Videos

A famous Brazilian male stripper greeted Cartoon Network viewers worldwide when they tried to stream shows over the weekend – thanks to a pair of hackers that took aim at the cable network’s websites across 16 different regions. In the aftermath, entire Cartoon Network sites and video players hav...

9CVSS1.4AI score0.99965EPSS
Exploits30References8
ThreatPost
ThreatPost
added 2022/03/11 3:3 p.m.779 views

Raccoon Stealer Crawls Into Telegram

A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control C2. A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appear...

9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/08/10 9:17 p.m.779 views

Actively Exploited Windows Zero-Day Gets a Patch

Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17...

9.9CVSS8.8AI score0.99759EPSS
Exploits78References13
ThreatPost
ThreatPost
added 2021/07/29 6:39 p.m.770 views

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards. But at least we have th...

10CVSS10AI score0.99999EPSS
Exploits330References19
ThreatPost
ThreatPost
added 2020/11/02 2:57 p.m.763 views

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, accordin...

7.5CVSS0.4AI score0.9981EPSS
Exploits126References7
ThreatPost
ThreatPost
added 2019/04/29 1:37 p.m.760 views

2 Million IoT Devices Vulnerable to Complete Takeover

Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer P2P communication technolo...

9CVSS0.7AI score0.99965EPSS
Exploits30References7
ThreatPost
ThreatPost
added 2018/11/01 9:50 p.m.755 views

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

Multiple vulnerabilities in the firmware used by the Yi Technology Home Camera version 27US have been found, which could allow remote code-execution on the connected devices. The Yi Home Camera i27US is one of the newer IoT camera models sold in the U.S. It’s an entry-level gadget, which lets...

7.5CVSS0.3AI score0.02655EPSS
Exploits9References13
ThreatPost
ThreatPost
added 2018/10/20 5:9 p.m.750 views

Critical RCE Bugs Patched in Drupal 7 and 8

Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...

7.5CVSS0.9AI score0.99993EPSS
Exploits46References5
ThreatPost
ThreatPost
added 2022/02/25 7:46 p.m.742 views

Microsoft Exchange Server Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open these chinks in victims’ armor as early as last August,...

7.8AI score
Exploits0References11
ThreatPost
ThreatPost
added 2018/10/23 12:31 p.m.741 views

Thousands of Applications Vulnerable to RCE via jQuery File Upload

A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 different software applications at risk for compromise and remote code-execution RCE. jQuery File Upload is a is a user-contributed open-source package for software developer...

7.5CVSS9.8AI score0.97107EPSS
Exploits15References4
ThreatPost
ThreatPost
added 2021/06/23 10:44 a.m.731 views

SonicWall ‘Botches’ October Patch for VPN Bug

UPDATE An October patch for a critical remote code execution RCE bug in a SonicWall VPN appliance turned out to be insufficient. While the patch closed the RCE attack vector, more than 800,000 devices were still vulnerable to an additional memory-leak flaw for months, according to researchers...

9.8CVSS8.2AI score0.26869EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/09/22 5:20 p.m.728 views

Known Citrix Workspace Bug Open to New Attack Vector

A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...

6CVSS1.9AI score0.26869EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2022/03/25 1:19 p.m.723 views

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

North Korean threat actors exploited a remote code execution RCE zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers. Google Threat Analysis Group TAG discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting a...

8.8CVSS9AI score0.23546EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/10/28 8:36 p.m.715 views

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

More than 100,000 Windows systems have not yet been updated to protect against a previously-patched, critical and wormable flaw in Windows called SMBGhost. Microsoft patched the remote code-execution RCE flaw bug tracked as CVE-2020-0796 back in March; it affects Windows 10 and Windows Server 201...

7.5CVSS0.9AI score0.9981EPSS
Exploits125References7
ThreatPost
ThreatPost
added 2018/11/05 4:56 p.m.713 views

PortSmash Side Channel Attack Siphons Data From Intel, Other CPUs

Yet another side-channel attack, this time dubbed PortSmash, has been discovered in CPUs. The attack allows attackers to manipulate a glitch in the simultaneous multithreading SMT architecture used in CPUs — and siphon processed data from chips. Several attacks have popped up over the past year...

1.9CVSS6.1AI score0.03418EPSS
Exploits4References8
ThreatPost
ThreatPost
added 2021/02/17 9:39 p.m.711 views

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years – in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Click to Register The attack is still in operation as of this writing – and due to the...

7.5CVSS9.1AI score0.99993EPSS
Exploits74References13
ThreatPost
ThreatPost
added 2020/03/17 3:7 p.m.711 views

APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...

9.3CVSS0.99933EPSS
Exploits29References12
ThreatPost
ThreatPost
added 2020/10/14 6:43 p.m.702 views

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

UPDATE A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. It could also open the door to remote code execution RCE, researchers said. The flaw CVE-2020-5135 is a stack-based buffer overflow in the SonicWall...

0.1AI score0.26869EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/12/02 1:52 p.m.692 views

iPhone Bug Allowed for Complete Device Takeover Over the Air

Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within...

9.3CVSS8.1AI score0.03475EPSS
Exploits2References11
ThreatPost
ThreatPost
added 2018/10/19 3:24 p.m.689 views

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...

6.8CVSS0.7AI score0.25939EPSS
Exploits13References8
ThreatPost
ThreatPost
added 2019/06/18 1:58 p.m.686 views

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

10CVSS0.5AI score0.99999EPSS
Exploits123References11
ThreatPost
ThreatPost
added 2018/10/11 6:11 p.m.686 views

Adaptable, All-in-One Android Trojan Shows the Future of Malware

A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2021/06/07 6:49 p.m.684 views

Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign

An ongoing surveillance operation has been uncovered that targets a Southeast Asian government, researchers said – using a previously unknown espionage malware. According to Check Point Research, the attack involves spear-phishing emails with malicious Word documents to gain initial access, along...

9.3CVSS9.2AI score0.99945EPSS
Exploits36References8
ThreatPost
ThreatPost
added 2018/10/25 3:13 p.m.683 views

Debunking AI’s Impact on the Cybersecurity Skills Gap

Artificial intelligence is the latest buzzword to take hold of the cybersecurity industry. It is being touted, among other things, as the ultimate solution to the cybersecurity skills gap. But just how accurate is this belief? Will AI be the cure to all of our cybersecurity ailments, as human...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2019/04/30 4:28 p.m.676 views

Researchers Compromise Netflix Content in Widevine DRM Hack

Researchers have used a proof-of-concept PoC side-channel attack to download an unencrypted raw file for Netflix’ Stranger Things, in a format that’s ready to distribute out to any buyer on the internet. This pirate’s booty is the result of breaking open the widely deployed digital rights...

9CVSS8.4AI score0.99965EPSS
Exploits30References10
ThreatPost
ThreatPost
added 2021/05/19 2:35 p.m.671 views

Windows PoC Exploit Released for Wormable RCE

A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...

10CVSS9.2AI score0.99988EPSS
Exploits26References19
ThreatPost
ThreatPost
added 2018/10/26 7:56 p.m.664 views

PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware

A stealthy malware delivery tactic has been uncovered in the way videos are embedded into Microsoft Word Documents, according to researchers. It allows JavaScript code-execution when a user clicks on a weaponized YouTube video thumbnail within a Word document – with no alert message displayed by...

7.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/10/31 4:52 p.m.662 views

Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Bug

UPDATE Apple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. The wide-ranging security fixes came on the same day Apple announced a...

7.5CVSS1.8AI score0.2201EPSS
Exploits13References6
ThreatPost
ThreatPost
added 2018/10/23 2:48 p.m.653 views

Adult Website Hack Exposes 1.2M ‘Wife Lover’ Fans

The database underlying an erotica site known as Wife Lovers has been hacked, making off with user information protected only by a simple-to-crack, outdated hashing technique known as the DEScrypt algorithm. Over the weekend, it came to light that Wife Lovers and seven sister sites, all similarly...

6.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/02/02 10:25 p.m.651 views

KP Snacks Left with Crumbs After Ransomware Attack

KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British company also the purveyor of deeply English treats such as Skips prawn cocktail...

8.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/10/26 10:13 p.m.647 views

ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach

About a fifth of Americans would ditch a business in the wake of a major data breach, new research has found. In a survey of 2,000 adult consumers across the United States by PCI Pal, almost half 44 percent of them have personally suffered the negative consequences of a security breach or hack. S...

0.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/05/14 8:49 p.m.643 views

Microsoft Patches Zero-Day Bug Under Active Attack

Microsoft has released a patch for an elevation-of-privileges vulnerability rated important, which is being exploited in the wild. The bug fix is part of Microsoft’s May Patch Tuesday Security Bulletin. It’s tied to the Windows Error Reporting feature and is being abused by attackers who have...

10CVSS0.5AI score0.99999EPSS
Exploits124References16
ThreatPost
ThreatPost
added 2022/03/02 6:14 p.m.642 views

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...

10CVSS8.8AI score0.99512EPSS
Exploits75References28
ThreatPost
ThreatPost
added 2020/07/23 7:49 p.m.638 views

Cisco Network Security Flaw Leaks Sensitive Data

A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense FTD software, which is part of...

5CVSS0.8AI score0.99992EPSS
Exploits25References7
ThreatPost
ThreatPost
added 2020/04/07 9:19 p.m.637 views

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

9CVSS8.4AI score0.99965EPSS
Exploits31References16
ThreatPost
ThreatPost
added 2020/03/10 8:30 p.m.632 views

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

0.3AI score0.26869EPSS
Exploits0References6
Total number of security vulnerabilities5000