Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2009/08/14 4:33 p.m.75 views

Microsoft IE 8 Shines in Web Browser Security Test

From Network World Ellen Messmer Microsoft’s Internet Explorer 8 rated tops among five browsers tested by NSS Labs for effectiveness in protecting against malware and phishing attacks — though NSS Labs acknowledges Microsoft paid for the tests. Nevertheless, the test process, which lasted over a...

9.3CVSS1.7AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2022/06/28 11:57 a.m.74 views

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

The Cybersecurity and Infrastructure Security Agency CISA and Coast Guard Cyber Command CGCYBER released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway UAG servers. The VMware Horizon is a...

10CVSS10AI score0.99997EPSS
Exploits25References2
ThreatPost
ThreatPost
added 2021/08/05 2:36 p.m.74 views

Windows Hello Bypass Bug Patch is Faulty, Researchers Say

LAS VEGAS – Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user’s face planted on a tampered clone of an external USB-based webcam. The vulnerability, tracked as CVE-2021-34466, CVSS score: 5.7, was patched by Microsoft...

6.1CVSS7.1AI score0.00649EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2021/07/23 12:21 p.m.74 views

Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator VSA platform, affecte...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/03/12 8:41 p.m.74 views

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70,000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/12/03 3:18 p.m.74 views

As Modern Mobile Enables Remote Work, It Also Demands Security

Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socializ...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/11/18 6:58 p.m.74 views

Cisco Webex 'Ghost' Flaw Opens Meetings to Snooping

A vulnerability in Cisco’s Webex conferencing application could allow an attendee to act as a “ghost” in the meeting – allowing them to spy in on potentially sensitive company secrets. To exploit the flaw CVE-2020-3419, attackers can be remote – however, they would need access to join the Webex...

1.4AI score0.65907EPSS
Exploits0References13
ThreatPost
ThreatPost
added 2020/10/23 5:4 p.m.74 views

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/08/28 7:38 p.m.74 views

Instagram 'Help Center' Phishing Scam Pilfers Credentials

Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Researchers said that the campaign has been targeting hundreds of celebrities, startup business owners, and othe...

0.1AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/08/07 7:16 p.m.74 views

Have I Been Pwned Set to Go Open-Source

Have I Been Pwned, the service that logs data breaches and lets individuals search to see if they’ve been affected by one, is about to go open-source. The result of that, according to its founder, will be additional transparency and security-enhancing features. HIBP, which was kicked off in 2013,...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/03/30 6:19 p.m.74 views

Zeus Sphinx Banking Trojan Arises Amid COVID-19

The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx a.k.a. Zloader or Terdot began resurfacing in December. However, the researchers observed a significant increase in volume in Marc...

7.2AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/11/15 5:54 p.m.74 views

Lizard Squad Threatens UK's Labour Leader with Cyberattacks Against His Family

Lizard Squad, the well-known hacktivist cybergang, is pledging to mount personal cyberattacks on Britain’s Labour Party leader, Jeremy Corbyn. As the UK continues to be roiled by Brexit debate ahead of a Dec. 12 general election, the Labour Party said on Tuesday that it had been targeted by a...

0.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/11/14 9:0 a.m.74 views

ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks

LAS VEGAS – From insider threats, Internet of Things insecurity, to medical device hacking, ENFUSE 2019 broke down the top privacy and security issues help desks are seeing today. It also tackle what regulatory efforts are being developed to address those threats. Threatpost editor Lindsey...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2019/11/08 1:0 p.m.74 views

News Wrap: Voice Assistant Laser Hack, Twitter Insider Threats, Data Breach Fine Fails

Threatpost editors break down the top news stories for the week ended Nov. 8. The hot stories of the week include: Despite trillions of dollars in data-breach fine payouts, each year the number of compromised companies and individuals with private data exposed rise – a Threatpost feature looks at...

7.2AI score
Exploits0References21
ThreatPost
ThreatPost
added 2019/10/21 7:36 p.m.74 views

U.S. Government, Military Personnel Data Leaked By Autoclerk

A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel. Autoclerk, which was acquired by the Best Western Hotel and Resorts Group in August, provides...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/10/17 5:28 p.m.74 views

Hacking Back? BriansClub Dark Web Attack a Boon for Banks

UPDATE A Dark Web “carding store” called BriansClub, which specializes in selling stolen payment card information, has itself become a victim, with thieves making off with 26 million credit- and debit-card records. The site appears to be a target of roundabout “hacking back” by a competitor , who...

0.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/10/16 5:54 p.m.74 views

Silent Librarian Retools Phishing Emails to Hook Student Credentials

Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group also known as TA4...

0.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/10/10 4:54 p.m.74 views

Sophisticated Spy Kit Targets Russians with Rare GSM Plugin

A sophisticated cyberespionage platform called Attor has come to light, sporting an unusual capability for fingerprinting mobile devices as part of its attacks on government and diplomatic victims. According to researchers at ESET, Attor, which has flown under the radar since at least 2013, also...

0.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/08/29 3:36 p.m.74 views

Venmo's Public Transactions Policy Stirs Privacy Concerns

Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns. Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier...

7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/08/14 2:53 p.m.74 views

DEF CON and Feds Partner on Anonymous Bug Submission Program

Hacking conference organizer DEF CON Communications said it plans to roll out a global anonymous bug submission platform based on the SecureDrop communications tool. During a session at DEF CON in Las Vegas last week, conference founder Jeff Moss said the goal was to launch the yet-to-be-named...

6.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/08/12 3:42 p.m.74 views

Black Hat 2019 News Wrap: The Best and Worst of the Show

LAS VEGAS – Black Hat and DEF CON 2019 may be wrapping up, but the dual conferences last week in Las Vegas left the security industry with a flurry of new security flaws, topics and announcements to discuss for the weeks to come. Threatpost editors Tara Seals and Lindsey O’Donnell get together to...

6.7AI score
Exploits0References14
ThreatPost
ThreatPost
added 2019/08/09 12:48 p.m.74 views

Election Security Threats: From Misinformation to Voting Machine

Election security continues to be a top concern – from social media misinformation campaigns, to vulnerabilities in the actual voting machines themselves. At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that...

0.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/03/28 2:51 p.m.74 views

Gamers Urged to Patch Critical Bugs in GOG Galaxy

GOG Galaxy Games, a popular video game digital distribution platform that enables users to purchase new games and launch them from their desktop, is riddled with vulnerabilities, according to researchers at Cisco Talos. The researchers assert that the GOG Galaxy video game launcher contains six...

7.2CVSS2.1AI score0.00598EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2019/03/13 7:29 p.m.74 views

Intel Windows 10 Graphics Drivers Riddled With Flaws

Intel has patched 19 vulnerabilities across its popular graphics drivers for Windows 10, including two high-severity flaws. CVE-2018-12216 and CVE-2018-12214 could both allow a privileged user to execute arbitrary code via local access, according to an Intel advisory. “Multiple potential security...

7.2CVSS8.6AI score0.00456EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2014/10/29 10:25 a.m.74 views

BlackEnergy Malware Used in Attacks Against ICS HMI

Industrial control system operations running human-machine interface software from a handful of vendors are being targeted by a hacking campaign making use of the BlackEnergy malware. The United States Industrial Control System Cyber Emergency Response Team ICS-CERT published an advisory on Tuesd...

9.3CVSS8.1AI score0.81628EPSS
Exploits24References5
ThreatPost
ThreatPost
added 2014/09/09 2:40 p.m.74 views

September 2014 Microsoft Patch Tuesday security bulletins

The Operation SnowMan espionage campaign, which targeted military intelligence earlier this year via an Internet Explorer zero day, exposed a weak spot in Microsoft’s vulnerability management efforts. What was unique about the SnowMan operation is that it included a check as to whether the...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References10
ThreatPost
ThreatPost
added 2014/05/14 1:21 p.m.74 views

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

9.3CVSS1.1AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2012/10/04 6:28 p.m.74 views

Microsoft to Fix Critical Word Flaw in October Patch Tuesday

Microsoft will release seven bulletins in the October Patch Tuesday next week, fixing 20 total vulnerabilities in Windows, Office, Lync and SQL Server. Only one of the bulletins is rated critical, while the six others are rated important. The one critical bulletin affects Microsoft Office 2003,...

9.3CVSS1.3AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2012/05/17 2:54 p.m.74 views

White House Security Czar Howard Schmidt Retiring

Howard Schmidt, the top White House information security adviser, is retiring after more than two years on the job and several decades in security both in government and private industry. Schmidt is in his second stint as the White House security chief and he’s leaving at a time when cybersecurit...

9.3CVSS9AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2012/04/05 11:30 a.m.74 views

Arms Race In Zero Days Spells Trouble For Privacy, Public Safety

Editor’s Note: This is the second of a two-part podcast with independent security researcher Chris Soghoian. In the first part of our podcast with independent security researcher Chris Soghoian, we talked about the way that the proliferation of “free” applications have forced consumers into the...

9.3CVSS8.7AI score0.99945EPSS
Exploits33References8
ThreatPost
ThreatPost
added 2011/03/16 3:12 p.m.74 views

Katie Moussouris on Microsoft, Trustworthy Computing and the Evolution of the Security Community

Dennis Fisher talks with Microsoft’s Katie Moussouris about the way that the Trustworthy Computing effort at Microsoft has changed, how the security community has evolved since she got involved in the 1990s and the challenges–and fun–of being a woman in security. Podcast audio courtesy of sykboy6...

9.3CVSS1.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2022/01/24 11:8 p.m.73 views

Linux Servers at Risk of RCE Due to Critical CWP Bugs

Researchers have discovered two critical bugs in Control Web Panel CWP – a popular web hosting management software used by 200,000+ servers – that could allow for remote code execution RCE as root on vulnerable Linux servers. CWP, formerly known as CentOS Web Panel, is an open-source Linux contro...

9.8CVSS10AI score0.70947EPSS
Exploits2References9
ThreatPost
ThreatPost
added 2021/09/30 10:38 p.m.73 views

Google Emergency Update Fixes Two Chrome Zero Days

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...

9.6CVSS9.3AI score0.64546EPSS
Exploits4References7
ThreatPost
ThreatPost
added 2021/07/30 3:21 p.m.73 views

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

An attack earlier this month on Iran’s train system, which disrupted rail service and taunted Iran’s leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found. The initial...

7.3AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/04/05 9:7 p.m.73 views

533M Facebook Accounts Leaked Online: Check if You Are Exposed

More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials. The publicly released Facebook user data is believed to be part of a 2019 “Add Friend” Facebook security b...

0.4AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/06/05 4:1 p.m.73 views

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?

UPDATE A researcher is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find. But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chose...

6.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/05/20 1:47 p.m.73 views

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine SSU took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail...

0.3AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/04/27 9:15 p.m.73 views

GDPR Compliance Site Leaks Git Data, Passwords

A website that gives advice on privacy regulation compliance has fixed a security issue that was exposing MySQL database settings — including passwords — to anyone on the internet. The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data...

7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/04/23 5:45 p.m.73 views

Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak

The discovery of leaked source code for two popular games – Counter-Strike: Global Offensive CS:GO and Team Fortress 2 – has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the...

7.3AI score
Exploits0References21
ThreatPost
ThreatPost
added 2020/03/31 3:14 p.m.73 views

Millions of Guests Impacted in Marriott Data Breach, Again

For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected. The attack was carried out via third-party software that Marriott’s hotel properties use to provide guest services, according to an online...

7AI score
Exploits0References21
ThreatPost
ThreatPost
added 2020/03/23 8:35 p.m.73 views

Hackers Actively Exploit 0-Day in CCTV Camera Hardware

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...

0.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/03/10 6:8 p.m.73 views

High-Severity Flaws Plague Intel Graphics Drivers

Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service DoS and information disclosure. The graphics driver is software that controls how graphic components work with the...

7.2CVSS8.3AI score0.0104EPSS
Exploits1References24
ThreatPost
ThreatPost
added 2020/01/31 12:1 p.m.73 views

Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program

Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/01/22 11:50 p.m.73 views

Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment

The very first Pwn2Own hacking competition that exclusively focuses on the industrial control systems ICS has kicked off in Miami. So far, a total of $180,000 has been awarded for pwning five different products. The contest hosts at Trend Micro’s Zero Day initiative ZDI have allocated more than...

1.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/01/10 12:58 p.m.73 views

Oil-and-Gas APT Pivots to U.S. Power Plants.

A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part...

0.7AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/09/25 9:37 p.m.73 views

Magecart Group Targets Routers Behind Public Wi-Fi Networks

A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks ...

7.3AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/09/11 2:37 p.m.73 views

198 Million Car-Buyer Records Exposed Online for All to See

Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer...

0.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/09/04 1:0 p.m.73 views

MSP or System Integrator? Add Incident Response to Your Portfolio at No Cost

As breaches and cyberattacks grow in a steady upward trajectory, organizations are increasingly looking for ways to protect their assets, outsourcing critical Incident Response IR services to third-party providers. Cynet is now providing its IR services at no cost in a market-first offering which...

0.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/08/06 3:48 p.m.73 views

Mass Spoofing Campaign Abuses Walmart Brand

An ongoing domain name spoofing campaign is taking aim at retail giant Walmart and other big fish, with more than 540 malicious domains being used to harvest consumer information. The scam domains are mimicking legitimate sites in name and appearance, in hopes of fooling visitors into entering...

0.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/07/09 5:7 p.m.73 views

1,300 Popular Android Apps Access Data Without Proper Permissions

Over 1,300 popular Android apps defy user permissions and gather sensitive data with no consent, according to a study by a coalition of academics from the International Computer Science Institute. The report examined popular mobile apps available through the U.S. version of the Google Play store,...

Exploits0References4
Total number of security vulnerabilities5000