Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/06/27 7:23 p.m.526 views

Scammers Prey on Instagram Vanity and 'Verified Account' Status

UPDATE A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information. The scam centers around Instagram’s labeling of verified accounts, which indicates that the account user is a...

0.7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/10/13 8:44 p.m.523 views

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public...

9.3CVSS9.1AI score0.99512EPSS
Exploits93References24
ThreatPost
ThreatPost
added 2019/12/26 7:17 p.m.523 views

Critical Citrix Bug Puts 80,000 Corporate LANs at Risk

Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller ADC and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary co...

7.5CVSS0.3AI score0.99999EPSS
Exploits48References4
ThreatPost
ThreatPost
added 2018/10/29 8:50 p.m.523 views

IoT Flaw Allows Hijacking of Connected Construction Cranes

A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over. The internet of things IoT continues to add new types of objects to its footprint, as industries start leveraging connectivity to increa...

4.8CVSS0.00663EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/01/13 3:32 p.m.521 views

Unpatched Citrix Flaw Now Has PoC Exploits

Proof-of-concept PoC exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller ADC and Citrix Gateway products. The vulnerability CVE-2019-19781, which Threatpost reported on in December, already packs a double-punch in terms...

7.5CVSS10AI score0.99999EPSS
Exploits48References17
ThreatPost
ThreatPost
added 2018/10/30 9:10 p.m.517 views

Square, PayPal POS Hardware Open to Multiple Attack Vectors

Mobile point-of-sale POS terminals have revolutionized the retail space in many ways, with devices such as Square offering locations like mall kiosks, small coffee shops and roadside stands a handy and cost-effective way to accept credit cards. Unfortunately, more than half of leading mobile POS...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/11/01 3:20 p.m.512 views

Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack

UPDATE Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments and used in millions of wireless access points open corporate networks to crippling stealth attacks. Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable...

5.8CVSS0.1AI score0.02981EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/10/12 7:34 p.m.511 views

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign

Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat APT espionage campaign this summer. The exploit chain ended with a freshly discovered remote access...

9.3CVSS8.2AI score0.99945EPSS
Exploits44References4
ThreatPost
ThreatPost
added 2020/04/28 3:8 p.m.511 views

WordPress Plugin Bug Opens 100K Websites to Compromise

A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...

9.4AI score0.26869EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2022/03/10 1:0 p.m.510 views

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

8.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2010/09/23 8:38 p.m.510 views

Google Warning Gmail users on China Spying Attempts

Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply rand...

0.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/06/18 1:0 p.m.504 views

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Ax...

10CVSS0.8AI score0.86682EPSS
Exploits10References2
ThreatPost
ThreatPost
added 2022/03/09 4:0 p.m.502 views

Most ServiceNow Instances Misconfigured, Exposed

Nearly 70 percent of instances of the software-as-a-service SaaS platform ServiceNow Customers aren’t locking down access correctly, leading to 70 percent of ServiceNow implementations tested by AppOmni being potentially exposed to the public. ServiceNow is a $4.5 billion company whose software...

8.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/06/21 5:20 p.m.502 views

Agent Tesla RAT Returns in COVID-19 Vax Phish

The Agent Tesla remote access trojan RAT is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure. Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References10
ThreatPost
ThreatPost
added 2018/10/29 4:25 p.m.502 views

Nation-State Phishing: A Country-Sized Catch

Thanks to the traditional role of phishing in widespread email scams, there is a general tendency to equate it with clearly fraudulent and obnoxiously implausible emails. While this misperception has not evolved, phishing campaigns have. Andrea Little Limbago Once a threat that went hand-in-hand...

0.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/10/29 6:16 p.m.501 views

Girl Scouts Issues Data Breach Warning to 2,800 Members

The Orange County, Calif. branch of the Girl Scouts of America has been hacked, potentially exposing personal information for thousands of members. Rest assured though: The cookies are safe, even those of the computing type. According to a letter to members filed with the state PDF, an...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/05/28 8:51 p.m.499 views

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...

7.5CVSS0.2AI score0.96405EPSS
Exploits26References10
ThreatPost
ThreatPost
added 2018/10/22 3:41 p.m.498 views

Obamacare Sign-Up Channel Breach Affects 75K Consumers

A hack of the government’s Affordable Care Act-mandated healthcare exchanges has exposed the files of 75,000 individuals. According to the Centers for Medicare and Medicaid Services CMS, its staff detected “anomalous activity” in the Direct Enrollment pathway on Oct. 13 – with a breach declared...

1.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/02/09 3:47 p.m.497 views

Android Devices Hunted by LodaRAT Windows Malware

A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both...

9.3CVSS1.2AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2021/06/25 4:8 p.m.496 views

Cisco ASA Bug Now Actively Exploited as PoC Drops

Researchers have dropped a proof-of-concept PoC exploit on Twitter for a known cross-site scripting XSS vulnerability in the Cisco Adaptive Security Appliance ASA. The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for...

7.5CVSS7.5AI score0.99992EPSS
Exploits26References16
ThreatPost
ThreatPost
added 2018/11/07 3:23 p.m.496 views

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/05/01 2:11 p.m.491 views

Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

UPDATE A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers. The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching...

9CVSS9.2AI score0.99993EPSS
Exploits104References8
ThreatPost
ThreatPost
added 2019/06/07 5:15 p.m.490 views

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

10CVSS0.99999EPSS
Exploits123References10
ThreatPost
ThreatPost
added 2018/10/30 3:47 p.m.490 views

Google Updates reCAPTCHA: No More Boxes to Check

Google this week has rolled out its latest version of the reCAPTCHA mechanism, which is meant to weed out spam and abuse by robots on websites. It marks a dramatic departure from previous reCAPTCHA efforts by eliminating the need for visitors to take any extra steps in order to log onto a website...

6.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2022/01/12 9:5 p.m.488 views

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...

10CVSS9.5AI score0.99999EPSS
Exploits123References16
ThreatPost
ThreatPost
added 2018/11/06 3:15 p.m.488 views

U.S. Elections True Test for Facebook’s Disinformation Crackdown

As the U.S. midterm elections commence on Tuesday, all eyes are on Facebook and other social-media companies to see how they continue to crack down on misinformation and other political meddling efforts on their platforms. Facebook for its part on Monday evening said it has barred an additional 1...

0.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/05/29 4:34 p.m.487 views

NSA Warns of Sandworm Backdoor Attacks on Mail Servers

The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...

7.5CVSS0.9AI score0.99961EPSS
Exploits27References11
ThreatPost
ThreatPost
added 2019/06/07 3:27 p.m.487 views

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation LPE flaw — again without notifying Microsoft. The exploit, dubbed “ByeBear,” enables attackers to get past the patch to attack a permissions-overwrite,...

7.2CVSS7.1AI score0.414EPSS
Exploits20References17
ThreatPost
ThreatPost
added 2018/11/01 3:44 p.m.486 views

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

A proof-of-concept PoC attack details how an attacker can gain access a victim’s Microsoft Live webmail session, without having the person’s credentials. It relies upon the hijack of a Microsoft-owned Live.com website subdomain. The PoC, developed by CyberInt, demonstrates what it characterizes a...

7.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/09/07 4:7 p.m.484 views

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

A just-patched, critical remote code-execution RCE vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned – as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platfor...

9.8CVSS10AI score0.99999EPSS
Exploits46References15
ThreatPost
ThreatPost
added 2021/02/16 4:47 p.m.484 views

Microsoft Pulls Bad Windows Update After Patch Issue

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...

0.9AI score0.78376EPSS
Exploits21References13
ThreatPost
ThreatPost
added 2021/07/02 4:14 p.m.481 views

Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28

U.S. and U.K. authorities are warning that the APT28 advanced-threat actor APT – a.k.a. Fancy Bear or Strontium, among other names – has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets...

9CVSS9.7AI score0.99965EPSS
Exploits34References21
ThreatPost
ThreatPost
added 2018/10/30 3:39 p.m.481 views

ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms

A study of abandoned websites owned by leading global corporations hammers home the point that old web applications need to be properly mitigated or retired. Otherwise, these resources often haunt a firm long after they have been forgotten. Researchers at High-Tech Bridge used the Financial Times...

0.3AI score
Exploits0References10
ThreatPost
ThreatPost
added 2018/10/31 3:38 p.m.479 views

Kraken Ransomware Upgrades Distribution with RaaS Model

The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service RaaS model to underground forum customers, via a video...

0.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/03/30 6:4 p.m.476 views

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...

9.8CVSS9.2AI score0.99939EPSS
Exploits36References9
ThreatPost
ThreatPost
added 2020/09/08 4:52 p.m.474 views

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers

UPDATE Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting XSS flaws could allow attackers to execute JavaScript in targets’ browsers. Including Adobe Experienc...

6.8CVSS1.1AI score0.11294EPSS
Exploits1References17
ThreatPost
ThreatPost
added 2020/04/01 6:3 p.m.469 views

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

A pair of security vulnerabilities in the WordPress search engine optimization SEO plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000...

10AI score0.26869EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/07/14 11:45 a.m.458 views

Critical SAP Bug Allows Full Enterprise System Takeover

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers. SAP’s widely deployed collection of enterprise resource planning ERP software is used to manage their financials, logistics, customer-facing organizations, hum...

10CVSS9.7AI score0.94719EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2022/03/02 10:50 p.m.457 views

TeaBot Trojan Haunts Google Play Store, Again

The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps,...

8.5AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/12/09 4:40 p.m.454 views

COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread medi...

6.5AI score
Exploits0References18
ThreatPost
ThreatPost
added 2019/02/21 3:5 p.m.453 views

19-Year-Old WinRAR Flaw Plagues 500 Million Users

Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on...

6.8CVSS7.5AI score0.96274EPSS
Exploits16References9
ThreatPost
ThreatPost
added 2018/09/10 2:23 p.m.448 views

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets – now targeting well-known vulnerabilities in Apache Struts and SonicWall. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a...

10CVSS0.5AI score0.99999EPSS
Exploits98References12
ThreatPost
ThreatPost
added 2021/10/28 3:34 p.m.446 views

UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forge

As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports. Two days earlier, on...

6.9AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/07/29 4:32 p.m.446 views

Critical Security Flaw in WordPress Plugin Allows RCE

Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files including PHP files and ultimately execute remote code on vulnerabl...

0.8AI score0.26869EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2022/06/24 11:2 a.m.442 views

Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group TAG revealed details in a blog post...

9.3CVSS8.2AI score0.17438EPSS
Exploits7References15
ThreatPost
ThreatPost
added 2022/04/06 12:37 p.m.441 views

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and...

8.6AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/11/17 5:4 p.m.440 views

Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns

A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other...

10CVSS10AI score0.99999EPSS
Exploits41References24
ThreatPost
ThreatPost
added 2012/01/09 4:0 p.m.437 views

Exploit Code Released for ASP.NET Flaw

A few days after MIcrosoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability. The proof-of-concept exploit code was posted to the Full Disclosure mailing list and is available for download from...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2020/06/10 6:37 p.m.433 views

Critical Intel Flaws Fixed in Active Management Technology

Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges. The critical flaws exist in Intel’s Active Management Technology AMT, which is used for remote out-of-band management of personal...

7.5CVSS8.5AI score0.0552EPSS
Exploits1References29
ThreatPost
ThreatPost
added 2019/06/27 4:20 p.m.432 views

New Microsoft Excel Attack Vector Surfaces

UPDATE A feature in Microsoft Office’s Excel spreadsheet program called Power Query can be exploited to plant malware on remote systems. Researchers at Mimecast Threat Center say they have developed a proof-of-concept attack scenario and reported the vulnerability Thursday. The exploitable featur...

7AI score
Exploits0References5
Total number of security vulnerabilities5000