Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/07/17 1:26 p.m.155 views

StrongPity APT Returns with Retooled Spyware

UPDATE The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples first...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/06/05 2:8 p.m.155 views

Why Election Trust is Dwindling in a Post-Cambridge Analytica World

LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...

6.8AI score
Exploits0References4
ThreatPost
ThreatPost
added 2013/11/12 4:7 p.m.155 views

Microsoft Warns Customers Away From RC4, SHA-1

The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2022/03/21 7:18 p.m.154 views

Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware. That’s according to researchers at Pradeo, who said the a...

8.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/03/09 2:7 p.m.154 views

Russian APTs Furiously Phish Ukraine – Google

While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat APT groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. Researchers from...

8.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2022/02/22 6:0 p.m.154 views

Xenomorph Malware Burrows into Google Play Users, No Facehugger Required

An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned. For anyone who downloaded the “Fast Cleaner” app, it’s time to nuke it from orbit. According to a ThreatFabric analysis, Xenomorph has a...

8.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/07/06 8:10 p.m.154 views

Android Users Hit with 'Undeletable' Adware

UPDATE A healthy percentage of Android users targeted by mobile malware or mobile adware last year suffered a system partition infection, making the malicious files virtually undeletable. That’s according to research from Kaspersky, which found that 14.8 percent of its users who suffered such...

Exploits0References5
ThreatPost
ThreatPost
added 2019/08/09 8:18 p.m.154 views

Hack of High-End Hotel Smart Locks Shows IoT Security Fail

LAS VEGAS – A vulnerability in a popular IoT lock key – used chiefly by a high-end hotel in Europe – allowed researchers to break into hotel rooms. The locks in question are dubbed “mobile keys” because of their reliance on mobile phones as opposed to card-based access such as those based on...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/07/25 7:24 p.m.154 views

New Loader Variant Behind Widespread Malware Attacks

Behind a recent wave of cyberattacks, pelting PCs with FormBook, LokiBot, SmokeLoader malware, is an updated version of a malware-loading technique called TxHollower. It is described as a new “significant threat”, according to researchers, who added, attacks using TxHollower have “spread like...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/06/17 8:3 p.m.154 views

5,000 Twitter Accounts Linked to Disinformation Campaigns

Twitter has removed six sets of accounts that the site has deemed to be devoted to coordinated, state-backed propaganda activities – totaling about 5,000 accounts in all. “We believe that people and organizations with the advantages of institutional power and which consciously abuse our service a...

0.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/04/16 6:1 p.m.154 views

Wipro Confirms Hack and Supply Chain Attacks on Customers

IT systems consulting behemoth Wipro Ltd. has confirmed that its network was hacked and used for mounting attacks on its customers. After multiple unnamed sources independently told Brian Krebs that a “multi-month intrusion” occurred and is likely the work of an advanced persistent threat APT act...

7.5CVSS0.9927EPSS
Exploits45References6
ThreatPost
ThreatPost
added 2019/01/18 7:58 p.m.154 views

Fallout EK Retools for a Fresh New 2019 Look

A new version of the Fallout exploit kit EK has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware. The development shows that EKs have a lot of life yet left in them, researchers say. The Fallout EK generally finds its victims by way of malvertising campaigns,...

10CVSS9.8AI score0.81971EPSS
Exploits13References5
ThreatPost
ThreatPost
added 2022/02/15 10:31 p.m.153 views

SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming

SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...

8.9AI score
Exploits0References16
ThreatPost
ThreatPost
added 2020/03/17 3:7 p.m.153 views

APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...

9.3CVSS0.99933EPSS
Exploits29References12
ThreatPost
ThreatPost
added 2019/11/11 11:14 p.m.153 views

DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure

The last 30 days has seen a renewed increase in distributed denial-of-service DDoS activity, according to researchers, who said that they have observed a number of criminal campaigns mounting TCP reflection DDoS attacks against corporations. Researchers at Radware said that the list of victims...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/09/12 12:37 p.m.153 views

UNICEF Leaks Personal Data of 8,000 Users via Email Blunder

The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and...

0.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/07/14 7:54 p.m.153 views

68% of Overwhelmed IT Managers Say They Can't Keep Up with Cyberattacks

IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm. That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers...

7.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/03/20 9:36 p.m.153 views

Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats

In the era of the cloud, enterprises house sensitive corporate data outside of the traditional perimeter; employees can access this from any endpoint, including mobile devices, and from any network. This presents a host of new challenges for companies looking to protect their sensitive informatio...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/09 5:16 p.m.153 views

Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday

Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday release. Researchers with FireEye who uncovered the three vulnerabilities said the bugs were actively being exploited by threat actors Turla and APT28. Two of the zero day vulnerabilities...

9.3CVSS8.4AI score0.80734EPSS
Exploits4References14
ThreatPost
ThreatPost
added 2016/03/04 5:35 p.m.153 views

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

9.3CVSS0.99966EPSS
Exploits12References2
ThreatPost
ThreatPost
added 2020/07/21 3:6 p.m.152 views

Critical Adobe Photoshop Flaws Patched in Emergency Update

Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices. Overall,...

6.8CVSS2.3AI score0.0552EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2020/06/22 3:37 p.m.152 views

AMD: Fixes For High-Severity SMM Callout Flaws Upcoming

Three high-severity vulnerabilities have been disclosed in AMD’s client and embedded processors that came out between 2016 and 2019. An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware. AMD...

0.02115EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2019/05/20 8:8 p.m.152 views

Sharing Threat Intelligence: Time for an Overhaul

Most organizations don’t really have a good way of sharing threat-related data outside of their own industry verticals. Sure, there are Information Sharing and Analysis Centers ISACs; i.e. FS-ISACs for the financial-services industry. But the information still tends to stay in industry-specific...

6.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/04/09 6:35 p.m.152 views

Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...

9.3CVSS0.5AI score0.99945EPSS
Exploits47References6
ThreatPost
ThreatPost
added 2014/04/04 3:41 p.m.152 views

IE 12 to Support HSTS Encryption Protocol

Microsoft confirmed today it will support HTTPS Strict Transport Protocol HSTS in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol. Browsers supporting HSTS force any sessions sent over HTTP to be sent instead over HTTPS, encrypting...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2011/09/13 6:8 p.m.152 views

Microsoft Releases Five Bulletins For September Patch Tuesday

Microsoft on Tuesday released again the five security bulletins for its September Patch Tuesday. None of the fixes being released today is rated critical, with all five being rated important. Three of the bulletins fix flaws that could result in code execution. Microsoft also updated the security...

9.3CVSS1AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2021/08/18 12:7 p.m.151 views

Unpatched Fortinet Bug Allows Firewall Takeovers

UPDATE An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall WAF platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said. FortiWeb is a cybersecurity defense platform, aimed at...

9.8CVSS9.9AI score0.99999EPSS
Exploits25References10
ThreatPost
ThreatPost
added 2021/03/19 3:21 p.m.151 views

Bogus Android Clubhouse App Drops Credential-Swiping Malware

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can...

0.6AI score
Exploits0References16
ThreatPost
ThreatPost
added 2020/10/05 7:47 p.m.151 views

Black-T Malware Emerges From Cryptojacker Group TeamTNT

Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras. TeamTNT is known for its targeting of Amazon Web Services AWS credentials, to break into the cloud and...

0.1AI score0.26869EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/08/20 3:39 p.m.151 views

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege EoP bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows. Of note, both flaws were...

7.6CVSS8.3AI score0.41131EPSS
Exploits2References10
ThreatPost
ThreatPost
added 2020/01/31 10:29 p.m.151 views

Advanced Obfuscation Marks Widespread Info-Stealing Campaign

A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format RTF documents that act as...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/10/31 6:55 p.m.151 views

Calypso APT Emerges from the Shadows to Target Governments

A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India 34 percent, Brazil and Kazakhstan 18 percent respectively, Russia and Thailand 12 percent respective...

9.3CVSS0.6AI score0.93307EPSS
Exploits47References9
ThreatPost
ThreatPost
added 2019/09/04 3:1 p.m.151 views

BRATA Android RAT Steals Banking Info in Real Time

A powerful Android remote access tool RAT family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for the instant messaging...

7.5CVSS0.3AI score0.39166EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2019/08/10 9:0 p.m.151 views

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack

LAS VEGAS – Researchers at Check Point have identified a new class of vulnerabilities targeting SQLite, outside the context of a browser for the first time. The new attack techniques exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code...

7.5CVSS8.5AI score0.19963EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/04/24 4:55 p.m.151 views

Adware-Ridden Apps in Google Play Infect 30 Million Android Users

More than 50 malicious apps have been discovered on the Google Play app marketplace, peddling adware to millions of Android victims. The 50 adware apps, which have been since removed, include fitness, photoshopping and gaming apps, and were installed a total of 30 million times, researchers at...

0.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/02/15 5:15 p.m.151 views

Trickbot Malware Goes After Remote Desktop Credentials

The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...

0.8AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/02/12 3:9 p.m.151 views

Adobe Fixes 43 Critical Acrobat and Reader Flaws

Adobe issued patches for 43 critical vulnerabilities in Acrobat and Reader – including a fix for a zero-day flaw that researchers at 0patch temporarily fixed on Monday. That bug could enable bad actors to steal victims’ hashed password values. Overall, Adobe patched 75 important and critical...

10CVSS0.8AI score0.25704EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2018/10/05 9:23 p.m.151 views

Sony Smart TV Bug Allows Remote Access, Root Privileges

As the number of smart TVs grows, so does the number of vulnerabilities inside of them. On Thursday, security researchers revealed that eight Sony Bravia smart TV models are vulnerable to three separate bugs, one rated critical. The flaws – a stack buffer overflow, a directory traversal and a...

8.3CVSS8.3AI score0.00913EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2018/05/28 12:21 p.m.151 views

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

9.3CVSS8.6AI score0.99945EPSS
Exploits50References4
ThreatPost
ThreatPost
added 2016/04/28 10:44 a.m.151 views

Office 365 Vulnerability Exposed Any Federated Account

A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in position to have access to any account and data, including email messages and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5,...

9.3CVSS8.2AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2015/04/17 11:6 a.m.151 views

Active DoS Exploits for MS15-034 Under Way

UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop. In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack,...

9.3CVSS0.3AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2014/04/04 12:13 p.m.151 views

Windows XP End of Life Breeding FUD, Legit Concerns

For those of you anticipating the start of a Walking Dead-style malware apocalypse next Tuesday, calm yourselves. The official end of security support for Windows XP is upon us, but it’s important to check some anxiety at the door and keep some perspective. “I’ve been a forensics investigator 14...

9.3CVSS9.1AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2022/01/18 8:21 p.m.150 views

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

10CVSS9.8AI score0.99999EPSS
Exploits351References9
ThreatPost
ThreatPost
added 2021/01/05 3:26 p.m.150 views

Major Gaming Companies Hit with Ransomware Linked to APT27

A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat APT is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says...

1.9CVSS6.2AI score0.84138EPSS
Exploits13References12
ThreatPost
ThreatPost
added 2020/10/06 7:28 p.m.150 views

Male Chastity Device Comes with Massive Security Flaws

Researchers at Pen Test Partners recently uncovered concerning security issues with a connected male chastity device and are calling on the entire connected sex toy industry — known as “teledildonics” — to make security a priority. The Qiui Cellmate chastity cage has a Bluetooth lock that could...

7.1AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/05/01 1:12 p.m.150 views

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act FMLA to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently. Recent analysis from spam honeypots set by IBM X-Force discovered actors...

Exploits0References12
ThreatPost
ThreatPost
added 2019/05/23 8:21 p.m.150 views

Calibration Attack Drills Down on iPhone, Pixel Users

A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse acros...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/05/20 1:42 p.m.150 views

ZombieLoad Pioneer: The Story Behind Intel’s Latest Side Channel Flaw

The release of a new speculative execution vulnerability called ZombieLoad last week follows a similar disclosure path as Meltdown and Spectre. Threatpost caught up with one of the researchers behind the discovery of ZombieLoad to find out how. ZombieLoad was discovered and reported by Michael...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2013/11/25 10:26 a.m.150 views

Grand Theft Auto Panda APT Espionage Attack Platform

Researchers have discovered a mature attack platform that’s enjoyed great success eluding detection and made good use of an exploit present in a number of espionage campaigns. The attacks have concentrated largely on the automotive industry, hitting large companies primarily in Asia and only afte...

9.3CVSS0.1AI score0.99966EPSS
Exploits12References6
ThreatPost
ThreatPost
added 2012/01/04 8:41 p.m.150 views

Microsoft Sues British Electronic Dealer in Alleged Counterfeit Scam

Microsoft announced today it is suing Britain’s second-largest electronics retailer Comet for allegedly creating and selling more than 94,000 back-up discs of its Windows Vista and Windows XP product. Comet Group PLC allegedly produced counterfeit versions of the software in a factory in Hampshir...

9.3CVSS1.4AI score0.99945EPSS
Exploits33References3
Total number of security vulnerabilities5000