Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/11/01 3:35 p.m.135 views

Google Discloses Chrome Flaw Exploited in the Wild

UPDATE Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers. The flaw CVE-2019-13720, discovered by security researchers Anton Ivanov and Alexey Kulaev at Kaspersky, exists in Google Chrome’s audio...

6.8CVSS8.9AI score0.72977EPSS
Exploits4References18
ThreatPost
ThreatPost
added 2019/10/04 2:36 p.m.135 views

Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier

LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/07/19 9:30 p.m.135 views

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From...

0.7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/31 2:13 p.m.135 views

Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers

Nvidia, which makes gaming-friendly graphics processing units GPUs, has patched two high-severity flaws in its GeForce Experience software, which could allow denial of service, information disclosure and privilege escalation on impacted systems. GeForce Experience is software for gamers utilizing...

7.5CVSS1.9AI score0.94928EPSS
Exploits14References5
ThreatPost
ThreatPost
added 2019/01/31 7:38 p.m.135 views

Prepare to Defend Your Network Against Swarm-as-a-Service

The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, has arisen due to dramatic advances in swarm-based...

7.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/06/17 11:15 a.m.135 views

On xDedic, a Flash Zero Day, Facial Recognition, and More

Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: ThreatpostNewsWrapJune172016.mp3 Music by Chris Gonsalves...

2.7AI score0.99993EPSS
Exploits41References2
ThreatPost
ThreatPost
added 2013/09/25 4:30 p.m.135 views

Icefog Targeted APT Attacks Hit South Korea, Japan

An espionage campaign featuring precise targeting of victims and malware that allows the attackers one-on-one interaction with compromised systems has been uncovered. Government agencies, manufacturers, high tech companies and media organizations in South Korea and Japan have been the primary...

10CVSS0.5AI score0.99966EPSS
Exploits60References2
ThreatPost
ThreatPost
added 2021/07/23 9:52 p.m.134 views

Discord CDN and API Abuses Drive Wave of Malware Detections

Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with Discord are at risk. Discord creates servers or specific groups or communities of users who can send voice, text and other media messages between one...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/04/14 8:56 p.m.134 views

Security Bug Allows Attackers to Brick Kubernetes Clusters

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service DoS for the CRI-O and Podman container engines. The bug CVE-2021-20291 affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 4...

7.1CVSS6.9AI score0.01587EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2020/08/31 7:45 p.m.134 views

Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign

Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. The Apple notary service is an automated system on recent macOS versions that scans software ranging from macOS apps, kernel extensions, disk images and installer...

0.0552EPSS
Exploits1References13
ThreatPost
ThreatPost
added 2020/02/19 4:0 p.m.134 views

SMS Attack Spreads Emotet, Steals Bank Credentials

Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its...

0.4AI score
Exploits0References16
ThreatPost
ThreatPost
added 2019/11/21 4:43 p.m.134 views

Linux Webmin Servers Under Attack by Roboto P2P Botnet

Vulnerable Linux Webmin servers are under active attack by a newly-discovered peer-to-peer P2P botnet, dubbed Roboto by researchers. The botnet is targeting a remote code-execution vulnerability CVE-2019-15107 in Webmin, a web-based system configuration tool for Linux servers. CVE-2019-15107 was...

10CVSS9.8AI score0.99766EPSS
Exploits37References11
ThreatPost
ThreatPost
added 2019/07/24 9:55 p.m.134 views

Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns

Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique. The hack...

Exploits0References4
ThreatPost
ThreatPost
added 2019/07/11 12:0 p.m.134 views

Implementing Bug Bounty Programs: The Right and Wrong Approaches

While bug-bounty programs may seem like a cure-all solution for companies looking discover vulnerabilities in their systems more efficiently, the fact remains that a program could overwhelm a firm’s internal security team and cause other major headaches if implemented the wrong way. “You have to...

7.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/05 11:30 a.m.134 views

Newly-Identified BEC Cybergang Targets U.S. Enterprise Victims

LONDON, U.K. – Researchers have identified a highly-sophisticated Nigerian business email compromise gang targeting U.S enterprises and government institutions. The cybercrime group, dubbed Scattered Canary, has evolved over the past 10 years from a one-man shop working Craigslist scams into a...

7.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/03/06 8:1 a.m.134 views

RSAC 2019: TLS Markets Flourish on the Dark Web

SAN FRANCISCO – Thriving marketplaces for TLS certificates have emerged on the Dark Web, which are hawking the certs both as individual goods and packaged with an array of malware and other ancillary services. The research, from Venafi, the University of Surrey and the Evidence-based Cybersecurit...

Exploits0References2
ThreatPost
ThreatPost
added 2019/02/21 3:54 p.m.134 views

Highly Critical Drupal CMS Flaw Affects Millions of Websites

The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...

6.8CVSS8.2AI score0.91919EPSS
Exploits22References7
ThreatPost
ThreatPost
added 2017/04/19 7:20 a.m.134 views

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...

10CVSS9.8AI score0.99999EPSS
Exploits82References14
ThreatPost
ThreatPost
added 2022/02/10 10:13 p.m.133 views

Sharp SIM-Swapping Spike Causes $68M in Losses

SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...

8.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/01/27 6:5 p.m.133 views

ADT Security Camera Flaws Open Homes to Eavesdropping

UPDATE Researchers have publicly disclosed security flaws found in ADT-owned LifeShield security cameras, which, if exploited, could have allowed a local attacker to eavesdrop on victims’ conversations or tap into a live video feed. The LifeShield brand is owned by security giant ADT. Specificall...

9.4AI score0.01219EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/10/30 11:41 a.m.133 views

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed their pleas to businesses and end users to update Windows systems with a patch...

9.3CVSS8.4AI score0.99512EPSS
Exploits75References15
ThreatPost
ThreatPost
added 2019/08/16 7:40 p.m.133 views

Breached Passwords Still in Use By Hundreds of Thousands

Hundreds of thousands of web visitors continue utilizing passwords that have previously been compromised. Worse, they are reusing the breached credentials for some of their most sensitive financial, government and email accounts. That’s according to a new Google study released this week, which wa...

7.1AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/05/17 3:44 p.m.133 views

How Decoding Network Traffic Can Save Your Data Bacon

The number of breaches impacting corporate networks has reached epidemic proportions. This year is currently on track to break all records for breaches. Already this year there have been 1,900 reported breaches in just the past three months, according to Risk Based Security. One of the troubling...

0.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/02/16 12:26 a.m.133 views

Where's the Equifax Data? Does It Matter?

It’s been 17 months since the infamous 2017 Equifax data breach was revealed to have compromised the data of about 147.9 million people i.e., almost every adult in the U.S., with more than 45 percent of the population directly affected by the incident. But an investigative report from CNBC found...

0.6AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/02/12 8:29 p.m.133 views

Critical WordPress Plugin Flaw Allows Complete Website Takeover

A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...

0.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2013/03/29 2:5 p.m.133 views

Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware

Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page. There are several clues something is amiss, namely part of the GUI for the supposed Flash 1...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2011/02/02 2:52 p.m.133 views

Research Reveals Huge Cache of FTP, Email Credentials Stolen by Waledac

Researchers have discovered that the gang behind the once-and-future botnet Waledac has gathered nearly 500,000 stolen passwords for email accounts, along with close to 125,000 sets of pilfered credentials for FTP accounts. The discovery isn’t so surprising in its details, but rather in its scope...

9.3CVSS0.5AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2010/02/18 6:8 p.m.133 views

MS10-015 Restart Issues Are the Result of Rootkit Infection

Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2009/05/28 9:16 p.m.133 views

Microsoft warns of dangerous DirectShow flaw, attacks

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support. The company has activated its security response process to deal with the zero-day attacks has issued a pre-patc...

9.3CVSS2.3AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2022/02/28 9:0 p.m.132 views

Ukraine-Russia Cyber Warzone Splits Cyber Underground

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online. On Monday, vx-underground – an internet collection of malware source code, samples and papers that’s generally...

8.7AI score
Exploits0References22
ThreatPost
ThreatPost
added 2021/07/06 3:42 p.m.132 views

Kaseya Patches Imminent After Zero-Day Exploits

UPDATE 3 The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator VSA platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the...

10CVSS9.8AI score0.85619EPSS
Exploits1References17
ThreatPost
ThreatPost
added 2021/06/14 8:26 p.m.132 views

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Attackers could have stepped through a yawning security hole in Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee by reading and sending email on their behalf. On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microsoft...

6.6AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/02/05 3:17 p.m.132 views

Ransomware Attacks Hit Major Utilities

Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Centrais Eletrica...

0.8AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/11/25 3:25 p.m.132 views

How to Update Your Remote Access Policy – And Why You Should Now

For close to two decades, organizations have allowed privileged employees to work remotely by offering remote access solutions as a part of the daily work environment. But until recently, working remotely was more of a luxury than a necessity. With the rise of COVID-19, many organizations moved...

8.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/07/14 9:32 p.m.132 views

Microsoft Tackles 123 Fixes for July Patch Tuesday

A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft’s July Patch Tuesday list of 123 fixes. The DNS flaw is a remote code-execution bug and is touted as one of the most critical Windows vulnerabilities released this year, earning the highest-severity CVSS score of 10...

10CVSS0.4AI score0.92178EPSS
Exploits21References12
ThreatPost
ThreatPost
added 2019/11/22 10:49 p.m.132 views

ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes

As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/08/14 5:35 p.m.132 views

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

A 20-year-old vulnerability present in all versions of Microsoft Windows could allow a non-privileged user to run code that will give him or her full SYSTEM privileges on a target machine. The bug is notable because of where it resides: In a legacy, omnipresent protocol named Microsoft CTF. First...

7.2CVSS0.00878EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/07/03 3:54 p.m.132 views

Apple Transparency Report Now Includes App Store Takedown Requests

For the first time Apple added to its transparency report the number of App Store takedown requests it has received from governments. The report, released Tuesday, also puts some hard numbers on how often law enforcement and governments request device and user data. App Takedown Request Apple’s...

7.2CVSS7.2AI score0.00829EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2019/05/22 2:56 p.m.132 views

Windows Zero-Day Drops on Twitter, Developer Promises 4 More

UPDATE A Windows zero-day exploit dropped by developer SandboxEscaper would allow local privilege-escalation LPE, by importing legacy tasks from other systems into the Task Scheduler utility. It’s the latest zero-day from SandboxEscaper, who said that she has four more in the hopper that she’d li...

7.8AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/03/09 1:0 p.m.132 views

RSA Conference 2019: The Expanding Automation Platform Attack Surface

SAN FRANCISCO – Automation platforms are increasingly being used to chain multiple IoT devices together to create user-friendly smart applications – but that’s also creating unpredictable attack surfaces that can be hard to manage. A Trend Micro report released at RSA Conference 2019 warns that...

6.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/02/03 8:36 a.m.132 views

Microsoft Waits for Patch Tuesday to Fix SMB Zero Day

Microsoft will not rush out an emergency patch for a zero-day vulnerability disclosed on Wednesday in the Windows implementation of the Server Message Block protocol. Researcher Laurent Gaffie announced in a tweet, below, that he’d found a zero-day vulnerability in SMBv3 and released a...

9.3CVSS8.5AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2014/12/12 9:52 a.m.132 views

Upatre Downloader Spreading Dyreza Banking Trojan

The Upatre downloader is the vehicle that has driven numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost. Microsoft on Thursday warned of a wire-transfer spam campaign that it’s spotted that is spreading Upatre and eventually loading the dangerous...

9.3CVSS1.4AI score0.99945EPSS
Exploits55References7
ThreatPost
ThreatPost
added 2009/09/02 12:30 p.m.132 views

New Unpatched Flaw Surfaces in SQL Server

There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008. The SQL Server vulnerability was discovered last fall by database-security vendor Sentrigo, which then report...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2021/09/16 9:9 p.m.131 views

CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug

The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...

9.8CVSS10AI score0.9896EPSS
Exploits8References10
ThreatPost
ThreatPost
added 2021/06/21 7:56 p.m.131 views

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...

7.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/15 12:39 p.m.131 views

Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

The U.S. Supreme Court has granted LinkedIn another legal option to try to prevent rival hiQ Labs from scraping public information from its user profiles, something the Microsoft-owned professional networking platform has claimed is a violation of user privacy and a misuse of its data. The court...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/31 1:41 p.m.131 views

On the Taxonomy and Evolution of Ransomware

Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...

6.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/03/17 4:18 p.m.131 views

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the...

0.4AI score
Exploits0References21
ThreatPost
ThreatPost
added 2021/01/26 5:15 p.m.131 views

Nefilim Ransomware Gang Hits Jackpot with Ghost Account

A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said. Nefilim a.k.a. Nemty is a ransomware strain that emerged in 2020, with its operators adopting the...

9CVSS0.6AI score0.3026EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2021/01/12 9:45 p.m.131 views

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that allows remote attackers to infect...

3.3CVSS0.8AI score0.39653EPSS
Exploits0References11
Total number of security vulnerabilities5000