Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/03/24 6:39 p.m.104 views

Ransomware Attack Foils IoT Giant Sierra Wireless

A ransomware attack on leading internet-of-things IoT manufacturer Sierra Wireless this week ground its production activity to a halt and froze various other internal operations. The Canadian multinational manufacturer creates a broad array of communications equipment – from gateways to routers,...

1.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/01/22 9:55 p.m.104 views

Amazon Kindle RCE Attack Starts with an Email

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices...

0.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/03/23 6:27 p.m.104 views

Microsoft Warns of Critical Windows Zero-Day Flaws

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/11/28 1:0 p.m.104 views

ThreatList: Healthcare Breaches Spike in October

October experienced a 44.44 percent month-over-month increase in healthcare data breaches, resulting in 661,830 healthcare records exposed or stolen during the month. That’s according to the Health and Human Services HHS Office for Civil Rights’ monthly report reported via HIPAA Journal. The...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/05/30 4:46 p.m.104 views

AI, the Mandatory Element of 5G Mobile Security

THE HAGUE, Netherlands – Artificial intelligence will be a requirement for securing carrier 5G networks – which is shaping up to be a technology juggernaut that presents unique challenges unlike any ever seen in the world of telecom until now. That was the assessment at the GSMA Mobile 360 Securi...

Exploits0References10
ThreatPost
ThreatPost
added 2019/05/22 5:44 p.m.104 views

Critical Flaws in Khan Academy Opened Door to Account Takeovers

Two critical cross-site request forgery CSRF flaws in educational non-profit Khan Academy’s website may have affected some users by allowing account takeover. Khan Academy, a non-profit learning organization, produces short lessons in the form of videos that can be accessed online. The two critic...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/02/06 5:51 p.m.104 views

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

UPDATE Recently-discovered phishing emails scoop up victims’ Facebook and Google credentials and hides its malicious landing page via a novel method – Google Translate. The phishing campaign uses a two-stage attack to target both Google and Facebook usernames and passwords, according to researche...

Exploits0References9
ThreatPost
ThreatPost
added 2017/06/02 2:32 p.m.104 views

EternalBlue Exploit Spreading Gh0st RAT, Nitol

EternalBlue, the exploit used in the WannaCry ransomware outbreak, is now being leveraged to distribute the Nitol backdoor and Gh0st RAT malware. Security researchers at FireEye said, just as WannaCry criminals did, threat actors are leveraging the same Microsoft Server Message Block SMB protocol...

9.3CVSS2AI score0.94996EPSS
Exploits39References6
ThreatPost
ThreatPost
added 2015/01/08 2:50 p.m.104 views

Microsoft Shuts Down Patch Tuesday Advanced Notifications

Microsoft today pulled the plug on its Advanced Notification Service ANS, offering it going forward only to paying Premier customers. ANS preceded the release of Microsoft’s monthly Patch Tuesday security bulletins; on the Thursday prior, Microsoft would provide users via its security website a...

9.3CVSS8.8AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2014/08/18 3:7 p.m.104 views

Microsoft to Fix Broken Patch Tuesday Security Update

Microsoft is still hammering away at a fix for a security update released last week that caused a small number of computers to crash and blue screen. “We are aware of some issues related to the recent updates and we are working on a fix,” a Microsoft representative today told Threatpost. MS14-045...

9.3CVSS0.7AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2011/12/13 8:8 p.m.104 views

Microsoft Patches Windows Flaw Exploited by Duqu

Microsoft on Tuesday released 13 security bulletins, including three for critical flaws in Windows Media and in the Windows kernel-mode drivers. The company had planned on releasing 14 bulletins in December’s Patch Tuesday shipment, but officials said that one of the planned fixes was causing a...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2009/05/01 2:37 p.m.104 views

Microsoft develops secure Windows XP for military

Microsoft has developed an ultra-secure version of Windows XP, with many settings locked down by default. But the hardened OS isn’t for sale to the general public; it’s made specifically for the military. Microsoft built the secure version of XP a few years ago at the direction of the Air Force,...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2009/03/04 2:51 p.m.104 views

Microsoft explains how ActiveX in Office is abused by attackers

On the Microsoft Secure Windows Iniative blog, software engineer Chengyun discusses the default behaviour of ActiveX controls embedded in Office documents. The software giant also provides information on how can an attacker abuse ActiveX and how Office users can change the behavior of ActiveX...

9.3CVSS2.6AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2021/10/12 3:17 p.m.103 views

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution RCE zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the...

9.3CVSS8.7AI score0.28839EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2021/05/26 8:14 p.m.103 views

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Certified portable document format PDF files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of...

7.8CVSS7.6AI score0.10648EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/03/03 9:17 p.m.103 views

Google Patches Actively Exploited Flaw in Chrome Browser

Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw. The vulnerability is one of 47 security fixes that the tech giant rolled out on Tuesday in Chrome 89.0.4389.72, including patches for eight high-severi...

6.8CVSS8.5AI score0.26525EPSS
Exploits5References6
ThreatPost
ThreatPost
added 2020/11/12 2:0 p.m.103 views

From Triton to Stuxnet: Preparing for OT Incident Response

From an irked former contractor in Australia sabotaging a sewage plant in 2000, to the more high-level 2017 Triton malware attacks on Saudi Arabian petrochemical plants, operational technology OT for critical infrastructure has increasingly been a cybersecurity concern. But now, the COVID-19...

0.6AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/10/15 8:8 p.m.103 views

FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft

The hotly anticipated release of blockbuster video game FIFA 21 on Oct. 6, along with the return of professional play, are giving soccer fans reason to celebrate. And, unsurprisingly, cybercriminals are already figuring out how to capitalize. A report from researcher Christopher Boyd at...

7.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/04/24 8:44 p.m.103 views

SAS@Home Virtual Summit Showcases New Threat Intel, Industry Changes

As the COVID-19 pandemic continues to force in-person cybersecurity event cancellations, Kaspersky is forging ahead with a virtual security summit, SAS@home. Topics on the agenda include threat intel on advanced persistent threats APTs, new vulnerability research, and topics related to a...

7.2CVSS8.5AI score0.74438EPSS
Exploits14References11
ThreatPost
ThreatPost
added 2020/01/22 3:47 p.m.103 views

sLoad Malware Revamped as Powerful 'StarsLord' Loader

The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning. After discovering it being used in several campaigns over the holidays, researchers...

0.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/10/24 7:54 p.m.103 views

Religious Website Data Exposed for Months

Religious website service Clover Sites exposed customer data for at least six to seven months, with the dataset found twice in two separate, insecure cloud databases. Clover offers a content management system for building and managing faith-based websites, with a “Clover Donations” module for...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/10/15 9:2 p.m.103 views

Unencrypted Mobile Traffic on Tor Network Leaks PII

Unencrypted, sensitive and confidential user data originating from millions of mobile devices is carried on the Tor network every day. Now researchers say they have devised away to scoop up that data and create personal profiles for specific mobile users, that include GPS coordinates, web...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/10/15 3:55 p.m.103 views

Sudo Bug Opens Root Access on Linux Systems

A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users or groups of users the ability to run commands in...

9CVSS1.3AI score0.63917EPSS
Exploits10References6
ThreatPost
ThreatPost
added 2019/09/26 3:10 p.m.103 views

Phish Uses Google's URL Decoding to Swim Past Defenses

A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...

Exploits0References8
ThreatPost
ThreatPost
added 2019/07/18 4:5 p.m.103 views

Google Triples Some Bug Bounty Payouts

Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...

7.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/05/23 8:24 p.m.103 views

Shade Ransomware Expands to U.S. Targets

Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...

0.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/05/20 2:22 p.m.103 views

Slack Bug Allows Remote File Hijacking, Malware Injection

A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/05/09 5:6 p.m.103 views

Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked

For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8...

10CVSS9.7AI score0.06263EPSS
Exploits2References5
ThreatPost
ThreatPost
added 2019/04/16 7:4 p.m.103 views

RatVermin Spyware Targets Ukraine Gov Agencies

Researchers have uncovered an ongoing spear-phishing campaign, targeting the Ukraine government and military with emails aiming to distribute the RatVermin malware, which carries out various info-gathering activities. Researchers said that an infrastructure analysis of the attack indicates that t...

0.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/04/08 10:51 p.m.103 views

TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack

Two models of TP-Link’s budget routers are vulnerable to zero-day flaws that allow attackers to take control of both. The routers in question are models TP-Link WR940N and TL-WR941ND, according IBM Security, which found the bugs and posted a technical analysis on its discoveries on Monday. “In th...

Exploits0References6
ThreatPost
ThreatPost
added 2018/10/16 6:29 p.m.103 views

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...

0.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2017/10/21 10:0 a.m.103 views

New Magniber Ransomware Targets South Korea, Asia Pacific

Researchers identified a new ransomware family called Magniber that uniquely targets only users in South Korea and the Asia-Pacific regions. The ransomware is primarily being distributed by the Magnitude exploit kit, a primary distribution vehicle in the past for Cerber ransomware. Because of...

7.6CVSS8AI score0.93165EPSS
Exploits10References2
ThreatPost
ThreatPost
added 2017/09/12 9:0 a.m.103 views

Wireless 'BlueBorne' Attacks Target Billions of Bluetooth Devices

Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol. Worse, according to researchers at IoT security firm Armis that fou...

8.3CVSS0.5AI score0.2285EPSS
Exploits28References2
ThreatPost
ThreatPost
added 2015/03/10 1:0 p.m.103 views

Patched Windows Machines Exposed to Stuxnet LNK Flaw All Along

A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability CVE-2015-0096. It is unknown...

9.3CVSS0.7AI score0.91324EPSS
Exploits29References5
ThreatPost
ThreatPost
added 2022/03/24 2:8 p.m.102 views

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...

9AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/08/27 8:54 p.m.102 views

Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April. Parallels Desktop, now...

8.8CVSS8AI score0.00229EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2021/08/16 3:12 p.m.102 views

100m T-Mobile Customer Records Purportedly Up for Sale

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...

6.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/06/17 7:30 p.m.102 views

Cisco Smart Switches Riddled with Security Holes

Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. It also issued fixes for high-severity problems in the AnyConne...

9.3CVSS7.7AI score0.09721EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/11/25 2:40 p.m.102 views

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...

7.5AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/09/16 12:52 p.m.102 views

Bluetooth Spoofing Bug Affects Billions of IoT Devices

A team of academic researchers have discovered a Bluetooth Low Energy BLE vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks. It potentially impacts billions of Internet of Things IoT devices, researchers said, and remains unpatched in Android...

4CVSS0.4AI score0.01188EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/04/13 6:42 p.m.102 views

Overlay Malware Exploits Chrome Browser, Targets Banks and Heads to Spain

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image...

0.9AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/03/18 9:0 a.m.102 views

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...

8.3AI score0.0552EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2020/02/21 9:17 p.m.102 views

Lawsuit Claims Google Collects Minors’ Locations, Browsing History

Google was slapped with a lawsuit this week that alleges that it has been covertly collecting data of students via its G Suite for Education program, which offers its productivity services to students for free. Google’s G Suite for Education program formerly known as Google Education offers free...

9.3CVSS8AI score0.012EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2019/12/31 2:0 p.m.102 views

7 Tips for Maximizing Your SOC

It takes a special sort of person to be a security analyst. The person must be detail-oriented, curious, intelligent and hard-working, and with a quick reaction time as constant attacks unfold. These analysts have deep expertise that they use during their long shifts to sort through what’s worth...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2019/10/09 11:25 a.m.102 views

Twitter Uses Phone Numbers, Emails to Sell Ads

Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads. It calls the move an accident. The revelation is being widely criticized for its obvious breach of user privacy,...

0.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/08/27 6:20 p.m.102 views

Employers Beware: Microsoft Word 'Resume' Phish Delivers Malware

Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage. Researchers with Cofense said they have recently spotted emails with maliciou...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/07/31 2:51 p.m.102 views

Trivial Bug Turns Home Security Cameras Into Listening Posts

A vulnerability in the consumer-grade Amcrest IP2M-841B IP home security video camera would allow an attacker to remotely listen to the camera’s audio over the internet, without authentication. “Essentially, if this thing is connected directly to the internet, it’s anyone’s listening device,”...

7.5CVSS7.6AI score0.36747EPSS
Exploits5References9
ThreatPost
ThreatPost
added 2019/05/24 1:42 p.m.102 views

News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?

The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...

6.3AI score
Exploits0References17
ThreatPost
ThreatPost
added 2019/05/22 1:16 p.m.102 views

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

7.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/02/28 2:27 p.m.102 views

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code. The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco RV110W Wireless-N VPN...

10CVSS1.2AI score0.95707EPSS
Exploits15References6
Total number of security vulnerabilities5000