Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/02/07 8:21 p.m.140 views

ThreatList: Latest DDoS Trends by the Numbers

Fresh statistics reveal a mix bag of good news and bad when it comes to distributed denial-of-service attacks in Q4 2018. According to the latest numbers available, the sheer number of attacks are down, but the length of time those attacks last have reached record lengths. The numbers come from...

7.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2016/09/21 9:29 a.m.140 views

Picking Up Where Neutrino Left Off: RIG Pushing CrypMIC Ransomware

When an exploit kit fades away, it usually doesn’t take long for another to take its place in the limelight, especially when the kit is an integral part of the ransomware ecosystem. That’s exactly what’s happened over the past few weeks as researchers say they’ve seen an uptick in RIG Exploit Kit...

10CVSS0.3AI score0.94354EPSS
Exploits16References8
ThreatPost
ThreatPost
added 2012/03/29 3:56 p.m.140 views

Fortune Favors the Bold? Man Steals Microsoft Founder's Identity, Credit Card

When one Pennsylvanian man couldn’t foot his bills, he opted to steal the identity of someone that could – one of the world’s richest men, Microsoft co-founder and billionaire Paul Allen. An AWOL solider from Pittsburgh swiped Allen’s Citibank credit card account information earlier this year to...

9.3CVSS0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2022/07/05 11:54 a.m.139 views

Google Patches Actively Exploited Chrome Bug

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year. Chrome 103...

8.8CVSS9.2AI score0.70461EPSS
Exploits3References11
ThreatPost
ThreatPost
added 2021/07/13 6:55 p.m.139 views

Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader

Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. In a Tuesday security bulletin, which included...

9.3CVSS7.6AI score0.66052EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/06/08 5:2 p.m.139 views

‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800

Law enforcement agencies have been selling encrypted phones to organized crime gangs for years, monitoring their conversations in what’s being called the biggest law enforcement sting ever. Since 2018, agencies have been overseeing the distribution of hardened, encrypted devices that have enabled...

6.9AI score
Exploits0References16
ThreatPost
ThreatPost
added 2020/11/23 5:15 p.m.139 views

Manchester United: IT Systems Disrupted in Cyberattack

The Manchester United football club in the U.K. has confirmed that the team fell victim to a cyberattack on its systems. Man U., one of the most popular soccer teams in the world, said that it was suffering ongoing IT disruptions. “The club has taken swift actions to contain the attack and is...

7.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/10/06 3:51 p.m.139 views

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft is warning that an Iranian nation-state actor is now actively exploiting the Zerologon vulnerability CVE-2020-1472, adding fuel to the fire as the severe flaw continues to plague businesses. The advanced persistent threat APT actor, which Microsoft calls MERCURY also known as MuddyWater...

9.3CVSS0.2AI score0.99913EPSS
Exploits104References18
ThreatPost
ThreatPost
added 2020/08/14 8:18 p.m.139 views

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...

Exploits0References5
ThreatPost
ThreatPost
added 2020/06/18 4:18 p.m.139 views

Cisco Webex, Router Bugs Allow Code Execution

Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products,...

9.3CVSS0.9AI score0.0552EPSS
Exploits1References17
ThreatPost
ThreatPost
added 2019/12/05 4:6 p.m.139 views

OpenBSD Hit with Authentication, LPE Bugs

An authentication bypass and three local privilege-escalation LPE bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections. The most severe of the vulnerabilities is the bypass CVE-2019-19521, which is remotely exploitable. OpenBSD uses BS...

7.5CVSS1AI score0.02736EPSS
Exploits8References7
ThreatPost
ThreatPost
added 2019/09/11 2:24 p.m.139 views

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session SSH; but, luckily, such an attack would be difficult to...

2.9CVSS0.1AI score0.00753EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2019/06/25 3:1 p.m.139 views

Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files

An ongoing spam campaign has been spotted using ISO disk image file attachments to disguise various information-stealing trojans, including LokiBot and NanoCore. Researchers said that they first spotted the malware-laced spam emails being distributed in April 2019. Spam sent to victims claim to b...

0.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/14 6:1 p.m.139 views

Intel CPUs Impacted By New Class of Spectre-Like Attacks

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling MDS, consist o...

4.7CVSS0.2AI score0.01553EPSS
Exploits0References19
ThreatPost
ThreatPost
added 2016/03/28 11:45 a.m.139 views

Badlock Bug in Samba SMB Protocol

Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website. Nonetheless, we have a little more than two week...

9.3CVSS8.6AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2014/06/23 9:3 a.m.139 views

Microsoft Interflow Information-Sharing Platform Preview Open

Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2022/03/25 9:25 p.m.138 views

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The U.S. Department of Justice DOJ has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in...

9.4AI score
Exploits0References17
ThreatPost
ThreatPost
added 2021/07/16 3:55 p.m.138 views

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The private company, called variously Candiru, Grindavik, Saito Tech and Taveta and dubbed “Sourgum” by...

7.8CVSS8.8AI score0.06255EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/12/15 4:43 p.m.138 views

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology OT gear and internet of things IoT, respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armi...

8.3CVSS0.4AI score0.11685EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2020/11/23 8:38 p.m.138 views

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 advanced persistent threat APT actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. TA416, which is also known as “Mustang Panda” and “RedDelta,” was spott...

0.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/09/08 8:40 p.m.138 views

Microsoft's Patch Tuesday Packed with Critical RCE Bugs

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said. The most severe issue in the bun...

9.3CVSS9.5AI score0.99965EPSS
Exploits65References15
ThreatPost
ThreatPost
added 2020/01/07 8:50 p.m.138 views

Google Fixes Critical Android RCE Flaw

Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Compared to last year’s monthly tally, the number of CVEs patched this month were relatively few. The...

9.3CVSS9.3AI score0.03017EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2019/12/10 9:21 p.m.138 views

Microsoft Zaps Actively Exploited Zero-Day Bug

Microsoft has issued fixes for 36 CVEs for December 2019 Patch Tuesday across a range of products, with seven of them rated critical in severity – and one that’s already being exploited in the wild as a zero-day bug. The computing giant’s scheduled security update this month is relatively light,...

9.3CVSS8.8AI score0.74438EPSS
Exploits12References12
ThreatPost
ThreatPost
added 2019/06/11 2:55 p.m.138 views

Troy Hunt Looks to Sell Have I Been Pwned

Citing overwhelming demands on his time, Troy Hunt is looking for a buyer for his site, Have I Been Pwned HIBP. HIBP offers a free service for consumers wanting to know if their user names and passwords have been compromised in a data breach; it also offers commercial services that include alerts...

0.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2017/06/16 12:0 p.m.138 views

On Microsoft's XP Patches, Hidden Cobra, MacRansom, and More

Mike Mimoso and Chris Brook discuss the news of the week, including Microsoft’s XP patches, Hidden Cobra, a Nigerian BEC campaign, MacRansom, and more. Download: ThreatpostNewsWrapJune162017.mp3 Music by Chris Gonslaves...

9.3CVSS2.4AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2010/12/21 5:21 p.m.138 views

Microsoft Withdraws Outlook Update After Gmail Conflicts

Microsoft says a recent patch for Outlook 2007 after it caused slow performance and problems with third party e-mail services. Microsoft withdrew a software update released last week after reports that the update, to its Outlook 2007 e-mail product, was causing problems for customers connecting t...

9.3CVSS1.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2020/12/24 4:31 p.m.137 views

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 CVE-2020-0986 exists in the Print Spooler API. It could allow a local attack...

7.2CVSS1.1AI score0.15932EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2020/06/05 5:37 p.m.137 views

Electrolux, Others Conned Out of Big Money by BEC Scammer

A 64-year-old business email compromise BEC guru has plead guilty in Houston to bilking appliance giant Electrolux and one other company out of a combined half a million dollars — in addition to other fraud schemes. Kenenty Hwan Kim a.k.a. Myung Kim admitted in federal court the Southern District...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/08/07 1:55 p.m.137 views

New SWAPGS Side-Channel Attack Bypasses Spectre and Meltdown Defenses

Millions of newer Intel microprocessors manufactured after 2012 are vulnerable to a new type of side-channel attack dubbed SWAPGS. SWAPGS is similar to existing side-channel attacks such as Spectre and Meltdown and similarly could allow a hacker to gain access to sensitive data such as passwords...

2.1CVSS6.6AI score0.04521EPSS
Exploits4References10
ThreatPost
ThreatPost
added 2019/05/17 11:37 a.m.137 views

News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws

This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including: A WhatsApp zero-day vulnerability being exploited in...

7.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/03/12 9:52 p.m.137 views

Microsoft Patches Two Win32k Bugs Under Active Attack

Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way...

7.6CVSS8.8AI score0.6285EPSS
Exploits19References18
ThreatPost
ThreatPost
added 2014/04/08 6:3 a.m.137 views

Unpatched Bugs, Windows XP End of Life and Public Disclosure

Windows XP security support ends Tuesday and until now, most of the public hand-wringing over XP’s end-of-life has been about the potential for malware outbreaks against unpatched vulnerabilities that have been stockpiled by hackers anxiously awaiting April 8, 2014. But what about vulnerabilities...

9.3CVSS8.7AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2022/02/07 10:9 p.m.136 views

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...

8.8AI score
Exploits0References15
ThreatPost
ThreatPost
added 2021/10/01 12:36 p.m.136 views

New APT ChamelGang Targets Russian Energy, Aviation Orgs

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm...

10CVSS9.3AI score0.99999EPSS
Exploits32References11
ThreatPost
ThreatPost
added 2021/07/02 4:7 p.m.137 views

Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps...

7.3AI score
Exploits0References20
ThreatPost
ThreatPost
added 2020/12/18 4:32 p.m.136 views

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

Threat actors continue to take advantage of the hype surrounding the release of the videogame Cyberpunk 2077 in a variety of ways. The latest twist is ransomware targeting Android devices disguised as a legitimate download of the new open-world game. Kaspersky researcher Tatyana Shishkova...

7.4AI score
Exploits0References24
ThreatPost
ThreatPost
added 2020/09/01 8:19 p.m.136 views

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import Magmi plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the model...

7.5CVSS9.1AI score0.23897EPSS
Exploits0References21
ThreatPost
ThreatPost
added 2020/04/22 6:28 p.m.136 views

Connected Home Hubs Open Houses to Full Remote Takeover

Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit CCU2 and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle MiTM attacks and unauthenticated remote code execution RCE,...

0.1AI score0.26869EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/02/07 11:0 a.m.136 views

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

UPDATE A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Over the past few weeks, the group h...

8.3AI score0.0552EPSS
Exploits1References14
ThreatPost
ThreatPost
added 2019/09/26 5:45 p.m.136 views

Rash of Exploits Targets Critical vBulletin RCE Bug

A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...

7.5CVSS10AI score0.99728EPSS
Exploits27References7
ThreatPost
ThreatPost
added 2019/07/22 8:52 p.m.136 views

Critical RCE Flaw in Palo Alto Gateways Hits Uber

A remote code-execution RCE vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companie...

6.8CVSS8.4AI score0.39317EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2019/07/02 8:28 p.m.136 views

IBM Patches Critical, High-Severity Flaws in Spectrum Protect

IBM has disclosed critical and high-severity vulnerabilities in Spectrum Protect, Big Blue’s security tool under the umbrella of its Spectrum data storage software branding. The most severe of these flaws could cause a remote attacker to execute arbitrary code on impacted systems. Overall, IBM...

10CVSS8.2AI score0.06959EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2019/04/09 6:8 p.m.136 views

Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player

Adobe has fixed 24 critical arbitrary code execution vulnerabilities across multiple products, including Acrobat Reader, Adobe Flash, and Adobe Shockwave Player. Overall, Adobe issued fixes for 43 different CVE numbers across eight different products, Tuesday, as part of a regularly-scheduled...

10CVSS0.6AI score0.67091EPSS
Exploits3References12
ThreatPost
ThreatPost
added 2019/03/06 9:30 p.m.136 views

RSA Conference 2019: BleedingBit Flaws Continue to Plague Firms

UPDATE SAN FRANCISCO – Mobile key platform UniKey has patched vulnerabilities related to the infamous BleedingBit attack in its platform. BleedingBit is an issue in Bluetooth Low-Energy chips made by Texas Instruments and used in millions of wireless access points, which was disclosed in November...

5.8CVSS0.6AI score0.02981EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2019/02/15 10:30 p.m.136 views

Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps

In a week full of cyber-incidents and marked by the Valentine’s Day holiday, data breach news was surging. Equifax may have been hacked by spies, two huge credential spills on the Dark Web did their part to endanger people online and several companies admitted to data exposures, data breaches and...

0.2AI score
Exploits0References21
ThreatPost
ThreatPost
added 2022/05/11 11:12 a.m.135 views

Actively Exploited Zero-Day Bug Patched by Microsoft

Microsoft has revealed 73 new patches for May’s monthly update of security fixes, including a patch for one flaw–a zero-day Windows LSA Spoofing Vulnerability rated as “important”—that is currently being exploited with man-in-the-middle attacks. The software giant’s monthly update of patches that...

10CVSS9.2AI score0.91316EPSS
Exploits17References16
ThreatPost
ThreatPost
added 2021/03/11 9:52 p.m.135 views

Ransomware Attack Strikes Spain’s Employment Agency

The Spanish State Employment Service SEPE in Spain has been hit by a cyberattack, suspending its communications systems across hundreds of offices and delaying thousands of appointments. SEPE is an “autonomous body” in Spain that manages and controls unemployment benefits. The cyberattack hit...

0.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/11/12 2:10 p.m.135 views

2 More Google Chrome Zero-Days Under Active Exploitation

Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to compromise an affected system via the web. And both are being actively exploited in the...

6.8CVSS1.3AI score0.48574EPSS
Exploits3References11
ThreatPost
ThreatPost
added 2020/08/04 6:11 p.m.135 views

Newsletter WordPress Plugin Opens Door to Site Takeover

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...

0.26869EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2020/01/17 9:3 p.m.135 views

Mobile Carrier Customer Service Ushers in SIM-Swap Fraud

Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found. SIM swapping is a form of fraud that allows crooks to bypass SMS-based two-factor authentication 2FA and crack online banking or other high-value accounts...

7.3AI score
Exploits0References11
Total number of security vulnerabilities5000