Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/02/10 3:16 p.m.145 views

Intel Squashes High-Severity Graphics Driver Flaws

Intel has issued fixes for five high-severity vulnerabilities in its graphics drivers. Attackers can exploit these flaws to launch an array of malicious attacks – such as escalating their privileges, stealing sensitive data or launching denial-of-service attacks. The graphics driver is software...

7.9AI score0.00359EPSS
Exploits0References14
ThreatPost
ThreatPost
added 2020/07/29 7:53 p.m.145 views

Billions of Devices Impacted by Secure Boot Bypass

Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 which stands for the GRand Unified Bootloader version 2 is the default bootloader for the majority of computing systems. Its job is to manage part of th...

4.6CVSS8.7AI score0.26869EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/17 5:6 p.m.145 views

Ransomware 'Remediation' Firm Exposed; Researchers Weigh in on Paying

A company that claimed to use technology tools to help victims with ransomware cleanup was found to secretly be paying the ransom, while collecting a premium from their clients, according to an expose out this week. The situation brings the core dilemma of business-focused ransomware directly int...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/02/07 8:47 p.m.145 views

Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update

Apple has patched a major flaw in its Group FaceTime feature that allowed callers to eavesdrop on people they called even if they never picked up. It also said it would pay a reward to the teen that identified the bug. The update comes along with a slew of other fixes in its release of iOS 12.1.4...

9.3CVSS8.3AI score0.15705EPSS
Exploits2References6
ThreatPost
ThreatPost
added 2018/08/20 4:39 p.m.145 views

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

Researchers have discovered that the Darkhotel APT is exploiting a recently-patched zero-day vulnerability impacting Microsoft VBScript. Researchers at Trend Micro recently disclosed the flaw in Microsoft Visual Basic Scripting Engine VBScript, an active scripting language developed by Microsoft...

7.6CVSS7.7AI score0.87814EPSS
Exploits9References6
ThreatPost
ThreatPost
added 2017/06/22 11:25 a.m.145 views

GhostHook Attack Bypasses Windows 10 PatchGuard

A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particula...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2016/07/18 6:0 p.m.145 views

CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack

An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy...

6.8CVSS8AI score0.55724EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2015/09/24 1:37 p.m.145 views

China PLA Unit 78020 Cyberespionage Naikon APT

Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up? Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers...

9.3CVSS0.1AI score0.99966EPSS
Exploits12References5
ThreatPost
ThreatPost
added 2022/03/10 2:10 p.m.144 views

Russia May Use Ransomware Payouts to Avoid Sanctions

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine. The Financial...

8.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/12/22 5:59 p.m.144 views

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...

9.8CVSS10AI score0.9927EPSS
Exploits49References14
ThreatPost
ThreatPost
added 2021/12/15 11:18 p.m.144 views

Relentless Log4j Attacks Include State Actors, Possible Worm

Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning. Researchers manning...

10CVSS9.7AI score0.99999EPSS
Exploits351References15
ThreatPost
ThreatPost
added 2020/10/29 11:15 p.m.144 views

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

7.5CVSS1.1AI score0.26869EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2019/03/20 10:20 p.m.144 views

Mac-Focused Malvertising Campaign Abuses Google Firebase DBs

A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...

Exploits0References5
ThreatPost
ThreatPost
added 2019/02/13 3:20 p.m.144 views

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

10CVSS0.8AI score0.61075EPSS
Exploits10References6
ThreatPost
ThreatPost
added 2021/11/08 4:38 p.m.143 views

Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...

10CVSS10AI score0.9896EPSS
Exploits10References23
ThreatPost
ThreatPost
added 2021/05/04 4:7 p.m.143 views

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code...

7.5CVSS0.3AI score0.57474EPSS
Exploits26References5
ThreatPost
ThreatPost
added 2020/04/30 9:2 p.m.143 views

Microsoft Sway Abused in Office 365 Phishing Attack

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/12/11 1:0 p.m.143 views

Lazarus APT Collaborates with Trickbot's Anchor Project

Researchers have found evidence of a link between global crimeware organization Trickbot and North Korean APT group Lazarus, observing direct collaboration via an all-in-one attack framework developed by Trickbot called Anchor Project. The move appears to be the first time an APT group has aligne...

Exploits0References14
ThreatPost
ThreatPost
added 2019/09/13 12:50 p.m.143 views

News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit

Threatpost editors break down the biggest news stories of this week ended Sept. 13, including: Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors A Telnet backdoor opened more than 1 million Imperial Dabman IoT...

7.3AI score0.00786EPSS
Exploits0References15
ThreatPost
ThreatPost
added 2019/08/22 2:16 p.m.143 views

Spyware App on Google Play Gets Boot, Returns Days Later

A music-streaming app offered on Google Play, harboring spyware that stole victims’ contacts, files and SMS messages, made its way onto the official Android app marketplace not once, but twice. The spyware was hidden in an app called Radio Balouch also known as RB Music. The app itself was actual...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/03/29 2:13 p.m.143 views

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

A critical denial-of-service DoS vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 drive component...

10CVSS1.3AI score0.99999EPSS
Exploits48References7
ThreatPost
ThreatPost
added 2019/03/12 8:48 p.m.143 views

ThreatList: Phishing Attacks Doubled in 2018

Phishing attempts more than doubled in 2018, as bad actors sought to trick victims into handing over their credentials. They used both old tricks – such as scams tied to current events – as well as other stealthy, fresher tactics. Researchers with Kaspersky Lab said in a Tuesday report that durin...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References14
ThreatPost
ThreatPost
added 2019/02/08 3:31 p.m.143 views

FireOS Flaw Allowed Limited Content Injection in Amazon Tablets

A vulnerability in the operating system of Amazon’s Fire Tablets could allow a hacker to inject malicious content into Settings, Legal and Compliance, Terms of Use and Privacy sections of the device. The bug could also allow an adversary to capture the serial number of the tablet. The Fire Tablet...

5.8CVSS7.4AI score0.00691EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2016/04/30 7:25 a.m.143 views

Slack Plugs Token Security Hole

Popular collaboration and communication firm Slack rushed to plugged a security hole in its platform Thursday that was leaking some of its users’ private chats and files for anyone to access. Slack, a leading tool used by companies to communicate internally, was alerted by security firm Detectify...

0.1AI score0.99993EPSS
Exploits41References2
ThreatPost
ThreatPost
added 2016/04/19 7:0 a.m.143 views

APT Threat Targets Tibetans, Journalists and Human Rights Workers

Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File RTF documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back ...

9.3CVSS7.5AI score0.99966EPSS
Exploits13References2
ThreatPost
ThreatPost
added 2021/11/10 6:24 p.m.142 views

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

A critical security bug in the Citrix Application Delivery Controller ADC and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products formerly the NetScaler ADC and Gateway are used for application-aware traffi...

7.5CVSS8.1AI score0.00894EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/04/05 3:52 p.m.142 views

15 Cybersecurity Pitfalls and Fixes for SMBs

Small- to medium-sized businesses SMBs, those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. The good news is that there are many things they can do, with extraordinarily little added investment, that will help IT managers lock down...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/02/24 9:52 p.m.142 views

Tax Season Ushers in Quickbooks Data-Theft Spike

Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. Attackers use email to deliver the malware, which the ThreatLocker’s CEO Danny Jenkins told Threatpost is a simple, 15-line pie...

0.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/08/03 1:5 p.m.142 views

Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup “group,” access the group’s member details and even redirect Meetup payments to an attacker-owned PayPal account. Meetup is a service...

8.7AI score0.0552EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2019/10/01 5:40 p.m.142 views

Hackers Turn to OpenDocument Format to Avoid AV Detection

Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because the...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/06/17 10:7 p.m.142 views

Irked Researcher Discloses Facebook WordPress Plugin Flaws

UPDATE A WordPress security researcher claims he has found two WordPress plugins developed by Facebook called Facebook for WooCommerce and Messenger Customer Chat. The researcher claims both have cross-site request forgery flaws. The researcher published the bugs on the Plugin Vulnerabilities...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/06/17 5:28 p.m.142 views

A Spate of University Breaches Highlight Email Threats in Higher Ed

Oregon State University announced Friday that hackers potentially made off with 636 student records and family records of students containing personally identifiable information PII, after a successful email attack in early May. This comes on the heels of email-based breaches at Graceland...

0.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2015/03/11 1:1 p.m.142 views

Details Surface on Stuxnet Patch Bypass

It took 10 hours to find what had eluded others for close to five years. German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and...

9.3CVSS0.7AI score0.99945EPSS
Exploits62References6
ThreatPost
ThreatPost
added 2014/11/17 9:30 a.m.142 views

Issues Arise With MS14-066 Schannel Patch

Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometim...

9.3CVSS2.6AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2012/06/14 11:33 a.m.142 views

Microsoft Releases Automatic Updater for Certificate Revocation Lists, Plans to Invalidate Short RSA Keys

As part of its response to the Flame malware and its usage of a forged Microsoft certificate to sign malicious files, Microsoft has changed the way that Windows handles certificates, releasing an automatic updater function that will recognize and flag untrusted certificates. The new functionality...

9.3CVSS8.2AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2020/12/04 2:25 p.m.141 views

Vancouver Metro Disrupted by Egregor Ransomware

The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. Translink, the Canadian city’s public...

6.7AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/02/19 8:29 p.m.141 views

BlueKeep Flaw Plagues Outdated Connected Medical Devices

While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol RDP flaw. Researchers said they found tha...

10CVSS0.4AI score0.99999EPSS
Exploits123References16
ThreatPost
ThreatPost
added 2019/08/14 3:0 p.m.141 views

Windows Users at Risk From High-Severity Intel Software Flaw

Intel is warning of a high-severity vulnerability existing in its software that identifies the specification of Intel processors in Windows systems. The flaw could have an array of malicious impacts on affected systems, such as opening systems up to information disclosure or denial of service...

4.6CVSS8.1AI score0.00377EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2019/05/17 7:28 p.m.141 views

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

For the second time this month a patch has been issued for the WordPress add-on called WP Live Chat Support Plugin. This time around it’s a cross-site scripting XSS vulnerability. The WP Live Chat Support is a popular WordPress plugin that allows users to install a pop-up “chat” plugin to their...

7.5CVSS0.3AI score0.05062EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2019/03/22 7:33 p.m.141 views

Drones are Quickly Becoming a Cybersecurity Nightmare

Drones are a growing threat for law enforcement and business security officers. In the run-up to Christmas 2018, rogue drones grounded planes at London Gatwick, the UK’s second-busiest airport. But, increasingly it’s not just the air traffic controllers sounding the alarms over drones, it’s also...

6.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2022/03/17 1:0 p.m.140 views

Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast

You know that hazy window that’s been obscuring the cyber threat landscape, leaving the feds squinting to try to see what’s really going on? The government has recently pulled out some squeegees. Case in point: the government spending deal that President Biden signed into law on Friday. The bill...

8.6AI score
Exploits0References11
ThreatPost
ThreatPost
added 2022/03/08 3:14 p.m.140 views

Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

Three critical security vulnerabilities in widely used smart uninterruptible power supply UPS devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. Researchers a...

9.8CVSS9.8AI score0.1226EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2021/07/19 5:49 p.m.140 views

Protecting Phones From Pegasus-Like Spyware Attacks

Pegasus spyware from the Israeli firm NSO Group is nearly invisible. It sends messages to compromise targeted phones without setting off any alarm bells to the phone’s user. There’s little you can do to protect yourself, say experts. But little isn’t nothing. Our guest today is Adam Weinberg, whi...

6.8AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/14 12:0 p.m.140 views

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

Zero-day disclosures, those known bugs without a fix, can have potentially catastrophic results. One of the best ways to combat them is by discovering them before the bad guys do. Some of the biggest tech brands on the planet have been pummeled by a rash of high-profile zero-day exploits. In the...

5.7AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/02/02 2:0 p.m.140 views

Identity Theft Spikes Due to COVID-19 Relief

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission FTC, which received about 1.4 million reports of...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/11/24 3:57 p.m.140 views

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Researchers have discovered a new backdoor written in the Go programming language Golang, which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access...

7.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/10/07 12:24 p.m.140 views

Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says

A group of hackers tied to Iran has been attempting to break into accounts associated with the 2020 reelection campaign of President Trump, researchers have discovered. Researchers from the Microsoft Threat Intelligence Center said they first observed activity from a group called Phosphorus in...

1.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/08/14 5:56 p.m.140 views

Lenovo Warns of ThinkPad Bugs, One Unpatched

Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched. The most severe of the three bugs is a...

7.2CVSS8.8AI score0.02691EPSS
Exploits2References9
ThreatPost
ThreatPost
added 2019/08/14 1:24 p.m.140 views

Norman Cryptominer Employs Sophisticated Obfuscation Tactics

A never-before-seen cryptomining variant, dubbed “Norman” after one of its executable files, has been spotted in the wild using various techniques to hide and avoid discovery. The levels of obfuscation are notable for their sheer depth, according to an analysis. Varonis uncovered an initial sampl...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/02/22 9:23 p.m.140 views

Reddit Gold: Alice and Bob, Caught in a Web of Lies

Alice and Bob, the beloved or not-so-beloved, depending placeholder characters often used in cryptography examples, have been spotted in the middle of a web of deceit and intrigue by eagle-eyed Redditers. Think lies. Broken hearts. Even…murder. Yep, you heard that right. It all starts with the...

7.3AI score
Exploits0References6
Total number of security vulnerabilities5000