Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/07/13 8:10 p.m.127 views

Guess Fashion Deals With Data Loss, Post-Ransomware

A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...

6.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/11 2:45 p.m.127 views

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack

Threat actors behind last week’s Colonial Pipeline ransomware attack that crippled a major U.S. oil pipeline said that financial gain–not political, economic or social disruption–is the goal of their nefarious activities, vowing to choose their targets more carefully in the future. Join Threatpos...

5.7AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/12/04 7:23 p.m.127 views

Novel Online Shopping Malware Hides in Social-Media Buttons

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/09/25 11:19 a.m.127 views

Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards

Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the...

0.9AI score0.62119EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/04/09 7:20 a.m.127 views

SAS 2019: Genesis Marketplace Peddles 60K Stolen Digital Identities

SINGAPORE – A newly-discovered underground marketplace, dubbed Genesis, is peddling tens of thousands of stolen digital “masks” — i.e., identities — which equip cybercriminals with the tools they need to get away with online fraud. Researchers at Kaspersky Lab’s Security Analyst Summit 2019, whic...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/03/22 9:22 p.m.127 views

Google Play Touts Certs in Quest For Enterprise Security

Google is now touting three new security certifications for Managed Google Play, which the company hopes will serve as a badge of security honor for companies thinking about using its enterprise-focused app marketplace. The move comes as Google continues to try to amp up efforts around the securi...

7.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2018/08/30 8:35 p.m.127 views

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...

7.5CVSS8.2AI score0.99993EPSS
Exploits51References3
ThreatPost
ThreatPost
added 2022/03/24 1:0 p.m.126 views

Tax-Season Scammers Spoof Fintechs, Including Stash, Public

Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. Novel email campaigns are spoofing popular financial technology fintech applications and their tax notifications to try to dupe victims into givin...

8.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/02/17 2:11 p.m.126 views

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops...

8.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/07/20 6:56 p.m.126 views

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s...

6.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/05/17 9:46 p.m.126 views

Magecart Goes Server-Side in Latest Tactics Changeup

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still “very...

9.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/12/18 7:1 p.m.126 views

Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims

More information has come to light about the Sunburst backdoor that could help defenders get a better handle on the scope of the sprawling SolarWinds espionage attack. The campaign is known to have affected six federal departments, Microsoft, FireEye and dozens of others so far. Sunburst, a.k.a...

7.3AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/09/29 6:13 p.m.126 views

Zerologon Attacks Against Microsoft DCs Snowball in a Week

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...

9.3CVSS2.3AI score0.99512EPSS
Exploits75References7
ThreatPost
ThreatPost
added 2020/04/04 1:28 p.m.126 views

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. The flaws, both use-after-free bugs, have been part of “targeted attacks in the wild,” according to a Mozilla Foundation security advisory posted Friday. Both bugs have critical ratings and allow...

6.8CVSS9.2AI score0.06305EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2019/08/26 7:32 p.m.126 views

Apple Fixes iOS Flaw That Opened iPhones to Jailbreaks

Apple has released an emergency patch fixing a kernel vulnerability – for the second time – after it was accidentally unpatched in iOS 12.4. The flaw CVE-2019-8605, a use-after-free issue existing in the kernel, could enable a malicious application to execute arbitrary code with system privileges...

9.3CVSS0.2AI score0.17438EPSS
Exploits6References10
ThreatPost
ThreatPost
added 2019/07/14 7:45 p.m.126 views

Exploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub

Join vulnerability experts Michiel Prins, cofounder of HackerOne, and Greg Ose, GitHub’s application security engineering manager, as Threatpost editor Tom Spring moderates a discussion on the 15 most common vulnerability types. Registration Required Originally presented in March 2019, this webin...

0.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/10 9:14 p.m.126 views

WordPress Sites Worldwide Hit with 'Call-Girl' Search-Engine Pollution

A web spam campaign that targets Koreans is creating problems for site administrators all around the world. Hackers are compromising vulnerable Korean-language WordPress websites, but are also polluting search engine results for non-hacked sites globally. Researchers at Sucuri initially uncovered...

7.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/02/12 10:59 p.m.126 views

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management DRM solution that affects the SICAM 230 process control system. SICAM 230 is used for a broad range of industrial contr...

7.8CVSS1.5AI score0.34329EPSS
Exploits2References8
ThreatPost
ThreatPost
added 2019/02/04 4:0 p.m.127 views

"Collection #1" Data Dump Hacker Identified

UPDATE Researchers say they have identified the threat actor behind the massive “Collection 1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the monikor “C0rpz” has claimed as early...

1.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2015/03/12 10:16 a.m.126 views

Microsoft SHA-2 Advisory Causing 'Infinite Loop' Issues

Problems with a security update issued this week by Microsoft have surfaced on a number of technology forums. Windows users say Microsoft Security Advisory 303929, which adds SHA-2 code-signing and verification support for Windows 7 client machines and Windows Server 2008 R2 boxes, is causing...

9.3CVSS0.9AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2011/12/09 12:57 p.m.126 views

Microsoft Unveils New Windows Defender Offline Tool

Microsoft has released a beta version of a new tool that can help victims of malware attacks recover from ugly infections, even if they don’t have the ability to reach the Internet. The Windows Defender Offline tool enables users to clean their systems of malware from a CD or other removable medi...

9.3CVSS2.3AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2010/06/02 4:37 p.m.126 views

Microsoft Releases Anti-XSS Web Protection Library

Microsoft has released an open-source Web Protection Library WPL to help developers protect web sites from cross-site scripting attacks. The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding...

9.3CVSS0.5AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2022/01/11 12:0 p.m.125 views

Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of popular end-user routers are at risk of remote code execution RCE due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables remote devices to connect to routers over IP and access any USB devices such as printers, speakers, webcams, flash drives and other...

9.8CVSS9.5AI score0.57853EPSS
Exploits2References14
ThreatPost
ThreatPost
added 2021/06/09 4:17 p.m.125 views

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library. Details about the advisories can be foun...

8.1CVSS7.2AI score0.0085EPSS
Exploits2References18
ThreatPost
ThreatPost
added 2021/06/08 7:2 p.m.125 views

Google Patches Critical Android RCE Bug

Google patched more than 90 security vulnerabilities in its Android operating system impacting its Pixel devices and third-party Android handsets, including a critical remote code-execution bug that could allow an attacker to commandeer a targeted vulnerable mobile device. That bug CVE-2021-0507...

9.8CVSS8.3AI score0.06968EPSS
Exploits4References6
ThreatPost
ThreatPost
added 2021/02/08 9:11 p.m.125 views

Critical WordPress Plugin Flaw Allows Site Takeover

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata and edit...

0.2AI score0.01375EPSS
Exploits2References8
ThreatPost
ThreatPost
added 2020/11/30 5:52 p.m.125 views

MacOS Users Targeted By OceanLotus Backdoor

A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...

0.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/07/08 12:50 p.m.125 views

15 Billion Credentials Currently Up for Grabs on Hacker Forums

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the...

7.5AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/11/12 6:13 p.m.125 views

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability. While the company didn’t specify what kinds of potential attacks...

7.5CVSS8.5AI score0.26869EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2019/10/18 3:59 p.m.125 views

Major Airport Malware Attack Shines a Light on OT Security

A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” bu...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/07/02 5:50 p.m.125 views

Google July Android Security Bulletin Fixes 3 Critical RCE Bugs

Google has released fixes for three critical remote code execution bugs in the media framework of its Android operating system. These flaws could allow a remote attacker to execute arbitrary code. The flaws are part of Google’s July Android Security Bulletin, which included fixes for 12 critical...

9.3CVSS1.9AI score0.08926EPSS
Exploits6References6
ThreatPost
ThreatPost
added 2019/06/10 9:18 p.m.125 views

Mozilla Confirms Premium Firefox Browser With Security Features

Mozilla Corporation is launching a premium version of the Firefox browser that will tout improved security features such as virtual private network and secure cloud storage, according to CEO Chris Beard. In a Friday interview with German media publication T3N, Beard said that the premium service,...

0.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/02/26 2:51 p.m.125 views

Critical WinRAR Flaw Found Actively Being Exploited

A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could...

6.8CVSS7.9AI score0.96274EPSS
Exploits13References5
ThreatPost
ThreatPost
added 2019/02/14 12:30 p.m.125 views

Critical OkCupid Flaw Exposed Daters to App Takeovers

A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...

6.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/02/13 8:55 p.m.125 views

ThreatList: Banking Trojans Are Still The Top Big Bad for Email

While APT activity and a raft of malware types continue to capture the notice of researchers and journalists, it turns out that trusty old banking trojans remain the top email-borne threat out there. According to Proofpoint’s latest quarterly report, analyzing trends for the fourth quarter of 201...

7.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2018/05/08 8:42 p.m.125 views

May Patch Tuesday Fixes Two Bugs Under Active Attack

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack. The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website. “A user need only visit a...

7.6CVSS0.4AI score0.87814EPSS
Exploits27References7
ThreatPost
ThreatPost
added 2018/01/17 6:26 p.m.125 views

Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware

Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms. According to FireEye researchers who identified the campaigns, attackers are attempti...

9.3CVSS0.1AI score0.99945EPSS
Exploits47References5
ThreatPost
ThreatPost
added 2021/11/29 5:47 p.m.124 views

Unpatched Windows 10 Zero-Day Allows Privileged File Access

An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation LPE, researchers have warned. The issue CVE-2021-24084 has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security...

7.8CVSS7AI score0.67252EPSS
Exploits11References8
ThreatPost
ThreatPost
added 2021/08/06 6:54 p.m.124 views

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...

7.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/06/28 7:11 p.m.124 views

Attackers Breach Microsoft Customer Service Accounts

The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...

7.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/11/18 7:56 p.m.124 views

LAPD Bans Facial Recognition, Citing Privacy Concerns

The Los Angeles Police Department LAPD has banned the use of commercial facial-recognition services – citing “public trust” considerations. The move comes in the wake of a report that showed that more than 25 employees of the department had performed 475 searches so far using the Clearview AI, an...

0.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/11/11 1:1 p.m.124 views

Encrypted Emails on macOS Found Stored in Unprotected Way

A database on Apple’s macOS computers is storing emails that are supposed to be protected with encryption as readable files, a problem of which the company has been aware for months and still has yet to solve, according to a researcher. Apple IT specialist Bob Gendler discovered the problem while...

6.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/08/21 8:40 p.m.124 views

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban

A researcher has disclosed a zero-day privilege-escalation vulnerability for the Steam gaming client after he said he was barred from the bug bounty program of Steam’s owner, Valve. The vulnerability is the second zero-day privilege-escalation vulnerability that has been released by independent...

7.2CVSS7.4AI score0.00616EPSS
Exploits3References11
ThreatPost
ThreatPost
added 2019/07/17 5:29 p.m.124 views

Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University. An academic team at BU uncovered the flaws, which exi...

0.9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/07/10 9:15 p.m.124 views

Bug in Anesthesia Respirators Allows Cyber-Tampering

A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...

5CVSS0.8AI score0.01336EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2019/03/03 3:26 p.m.124 views

How the Dark Web Data Bazaar Fuels Enterprise Attacks

It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privac...

0.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/02/01 3:38 p.m.124 views

Cybercriminals Aim for the Super Bowl Goal Posts

Ah, the Super Bowl. For some, this Sunday’s show down between the Los Angeles Rams and the New England Patriots will be about gathering family and friends around for a great American pastime: The Super Bowl party. Some are just in it for the commercials. Some see a gambling opportunity; and for...

0.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2013/03/19 7:4 p.m.124 views

Attacks on SCADA, ICS Honeypots Modified Critical Operations

With antiquated gear running the country’s industrial control systems that oversee critical infrastructure, it’s no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment. A researcher decided to put that theory to a practical test...

9.3CVSS0.3AI score0.99966EPSS
Exploits12References2
ThreatPost
ThreatPost
added 2012/06/07 5:29 p.m.124 views

Microsoft to Fix 28 Vulnerabilities in June Patch Tuesday

Microsoft has been busy of late, what with the scramble surrounding the Flame malware and the forged certificate that the attackers were able to use to spread the malware via a fake Windows Update service. Now, the company is planning to release seven bulletins next Tuesday covering 28...

9.3CVSS1.9AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2012/05/03 6:46 p.m.124 views

Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak

Two months after exploit code the Microsoft RDP MS12-020 vulnerability made its way into the open before the company released a patch, Microsoft has put the blame for the leak on a Chinese security company, Hangzhou DPTech Technologies. Microsoft said Thursday that it has removed the company from...

9.3CVSS0.2AI score0.99998EPSS
Exploits75References2
Total number of security vulnerabilities5000