Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/03/31 10:0 a.m.72 views

Covid-19 Poll Results: One in Four Prioritize Health Over Privacy

One in four respondents to a Threatpost reader poll said they were okay with sacrificing a portion of their personal privacy in exchange for some form of cellphone tracking that could – in theory – reduce coronavirus infection rates and save lives. While the majority of Threatpost readers were...

7AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/03/17 9:45 p.m.73 views

This Stalkerware Delivers Extra-Creepy Features

Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute control of targeted devices, going so far as allowing them to capture the...

0.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/03/03 11:56 a.m.72 views

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved...

1.3AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/02/26 2:0 p.m.72 views

Iranian APT Targets Govs With New Malware

SAN FRANCISCO – A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat APT group. The emails distributing ForeLord were uncovered as part of a...

1.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/02/14 8:50 p.m.72 views

500 Malicious Chrome Extensions Impact Millions of Users

Researchers say that 500 Google Chrome browser extensions were discovered secretly uploading private browsing data to attacker-controlled servers, and redirecting victims to malware-laced websites. The browser extensions, all of which have now been removed, were downloaded millions of times from...

Exploits0References11
ThreatPost
ThreatPost
added 2020/02/14 6:36 p.m.73 views

Apple iPhone Users Bombarded with Bogus Dating App for Valentine's Day

A malicious email campaign aimed at iPhone owners is making the rounds this week, using a bouquet of different themes to scam victims, just in time for Valentine’s Day – including a fake dating app. The gambit begins far afield from romance however, with an email from “Nerve Renew,” claiming to...

0.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/02/12 1:50 p.m.72 views

FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware

Cybercriminals are focusing on previously successful internet scams to defraud businesses and individuals in the United States out of more money than ever before, according to the FBI’s annual report on cybercrime. Meanwhile, ransomware continues to take a big financial toll on victims. Businesse...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/01/17 9:46 p.m.72 views

Feds Cut Off Access to Billions of Breached Records with Site Takedown

The feds and international law enforcement have taken down a website that was selling access to billions of stolen personal records. The FBI and the Department of Justice said on Thursday that they, in conjunction with the Dutch police, the United Kingdom’s National Crime Agency and Germany’s...

7.1AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/11/01 5:14 p.m.72 views

Global Crime Ring Bilks U.S. Military Members, Vets Out of Millions

Operators of a widespread identity-theft and fraud scheme have bilked thousands of U.S. servicemembers and veterans out of millions of dollars in stolen funds and Veterans Affairs VA benefits payments. Fredrick Brown pled guilty this week, revealing that in his role as a civilian medical records...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/10/24 6:47 p.m.72 views

Raccoon Malware Scavenges 100,000+ Devices to Steal Data

A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. The malware...

Exploits0References8
ThreatPost
ThreatPost
added 2019/10/22 1:0 p.m.72 views

Three Service Account Secrets Straight from Hackers and Security Pros

Barbara Hoffman, Product Marketing Manager, Thycotic Nearly 19,000 infosec experts travel from all over the world to attend the annual Black Hat Conference. They come to share, educate and disclose their security research on the latest vulnerabilities and cyberthreats. We here at Thycotic love to...

1.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/09/23 2:33 p.m.72 views

Google Assistant Audio Privacy Controls Updated After Outcry

Google is unveiling new privacy controls for the Google Assistant virtual assistant, after the company came under fire earlier this year for eavesdropping on users’ personal audio snippets – without their permission. The tech giant on Monday promised more transparency around the audio data that i...

0.4AI score
Exploits0References15
ThreatPost
ThreatPost
added 2019/08/06 3:42 p.m.72 views

Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs

UPDATE Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction...

10CVSS9.8AI score0.01135EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/07/29 6:10 p.m.72 views

Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD

With the increasing popularity of bring-your-own-device BYOD policies and public cloud offerings, enterprises are moving from on-premises applications to cloud apps – but they still lack faith in cloud security. A recent July Bitglass study found that 67 percent of respondents believe cloud apps...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/03/19 7:31 p.m.72 views

Old Tech Spills Digital Dirt on Past Owners

In a test of how well businesses wipe data on old devices, Rapid7 researcher Josh Frantz purchased 85 old gadgets from businesses. In total, he paid $600 for an aging collection of old computers, flash drives, phones and hard drives. What he discovered was that despite decades of the infosec...

7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/03/18 5:41 p.m.72 views

Google Gives Users More Choice with Location-Tracking Apps

Anyone who uses a mobile app knows how convenient the features that use location data can be, from getting turn-by-turn directions and finding nearby restaurants to fitness-tracking and weather integration. But these rich mobile “experiences” – as app developers call them – can be a double-edged...

2.1CVSS5.2AI score0.00154EPSS
Exploits4References10
ThreatPost
ThreatPost
added 2019/03/04 4:29 p.m.72 views

Project Zero Discloses High-Severity Apple macOS Flaw

Researchers have disclosed what they say is a high-severity security flaw in Apple’s MacOS operating system – which has not yet been patched. The flaw gives an attacker privileges to perform malicious actions on a mounted filesystem – without the victim knowing. The Google Project Zero team...

0.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/02/18 9:26 p.m.72 views

When Cyberattacks Pack a Physical Punch

More than one in 10 data breaches now involve “physical actions,” according to a recent report. These include leveraging physical devices to aid an attack, but also hacks that involve breaking into hardware and remote attacks on physical infrastructure. The stat underscores the realities of a...

8.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/02/12 6:28 p.m.72 views

Major Container Security Flaw Threatens Cascading Attacks

runc, a building-block project for the container technologies used by many enterprises as well as public cloud providers, has patched a vulnerability that would allow root-level code-execution, container escape and access to the host filesystem. Discovered by researchers Adam Iwaniuk and Borys...

9.3CVSS0.3AI score0.9857EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2019/01/23 6:17 p.m.72 views

Monero: Cybercrime's Top Choice for Mining Malware

An academic analysis of cryptomining malware has determined that the Monero virtual currency XMR is “by far” the most popular cryptocurrency to mine among cybercriminals. And, it would appear that cryptomining as a criminal enterprise is unlikely to wane anytime soon. After examining approximatel...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/12/04 4:56 p.m.72 views

Google Patches 11 Critical RCE Android Vulnerabilities

Remote code-execution RCE vulnerabilities dominated Google’s December Android Security Bulletin. The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number of 11 critical bugs – six of which are RCE flaws tied to the operating system’s Media Framewor...

9.3CVSS0.5AI score0.01246EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2018/08/30 1:34 p.m.72 views

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

Two previously undocumented, critical vulnerabilities in widely deployed medical devices have sparked patient-safety and data-privacy concerns. Flaws in the Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson BD Alaris TIVA Syringe Pump have been acknowledged by the vendors...

10CVSS0.63748EPSS
Exploits12References8
ThreatPost
ThreatPost
added 2017/07/06 12:30 p.m.72 views

Google Patches Critical 'Broadpwn' Bug in July Security Update

Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. The so-called Broadpwn bug is tied to a vulnerability in Broadcom’s BCM43xx family of Wi...

9.3CVSS8.1AI score0.47537EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2017/03/10 10:51 a.m.72 views

Apache Attack Traffic Dropping, Limited to Few Sources

Malicious traffic stemming from exploits against the Apache Struts 2 vulnerability disclosed and patched this week has tapered off since Wednesday. Researchers at Rapid7 published an analysis of data collected from its honeypots situated on five major cloud providers and a number of private...

10CVSS10AI score0.99999EPSS
Exploits44References6
ThreatPost
ThreatPost
added 2014/09/25 2:34 p.m.72 views

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

10CVSS0.1AI score0.99999EPSS
Exploits131References4
ThreatPost
ThreatPost
added 2014/09/25 11:41 a.m.72 views

Bash Botnet Exploit Found, Bash Patches Incomplete

The urgency to patch systems against the Bash zero-day vulnerability has been cranked to 10 after reports of an exploit in the wild have been made public by AusCERT, the Computer Emergency Response Team of Australia. This seems to reflect a similar finding posted by a researcher who goes by the...

10CVSS10AI score0.99999EPSS
Exploits140References10
ThreatPost
ThreatPost
added 2014/05/28 4:34 p.m.72 views

Mixed Reviews on Microsoft myBulletins Patch Service

Microsoft today released its new myBulletins service, an interface where IT administrators can customize security patch update information. While providing users with a slick GUI that allows for extensive filtering of patch information by the products in use inside an enterprise or small company,...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2009/11/09 6:26 p.m.72 views

Microsoft to Give Security Guidelines for Agile

Microsoft will release on Tuesday guidelines for developers building online applications and for those using the Agile code-development process. The Agile guidelines apply principles from Microsoft’s Security Development Lifecycle SDL to Agile, an umbrella term for a development model frequently...

9.3CVSS1.4AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2022/02/18 1:46 p.m.71 views

Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident – one of a series of politically motivated attacks in Iran...

9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/02/10 1:58 p.m.71 views

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE

Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. One of the bugs allows any authenticated user of any level – even subscribers and customers – to execute code that can completely take over a sit...

9.9CVSS9.5AI score0.026EPSS
Exploits3References13
ThreatPost
ThreatPost
added 2021/08/30 9:46 p.m.71 views

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

Hewlett Packard Enterprise HPE is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw...

7.8CVSS8.7AI score0.99295EPSS
Exploits81References9
ThreatPost
ThreatPost
added 2021/07/22 8:53 p.m.71 views

Phish Swims Past Email Security with Milanote Pages

The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways SEGs, researchers said. Milanote is a tool for organizing and collaborating on...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/07/10 1:0 p.m.71 views

Cyber Polygon 2021

On June 9, 2021, the III annual international online training event Cyber Polygon took place. It connects various global organisations to train their competencies, exchange best practices and bring tangible results to the world community. 200 organizations from 48 countries tested their skills in...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/09 8:54 p.m.71 views

DOJ: Creep Coach Finagles Nude Athlete Photos

A former track-and-field coach who worked at several universities has been arrested and is facing up to five years in prison for attempting to solicit nude photos of his athletes through sham social-media accounts and cyberstalking. The Department of Justice alleged that Steve Waithe, while...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/04/09 3:40 p.m.71 views

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Last year, Gartner published a market guide on network detection and response NDR. Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has adapted to not only play a major role in helping network and security teams identify threats, but it has enabled...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/11/16 1:0 p.m.71 views

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

Cybercriminals are embracing cloud-based services and technologies in order to accelerate their attacks on organizations and better monetize their wares, researchers have found. This is largely driven by cybercriminals who sell access to what they call “clouds of logs,” which are caches of stolen...

0.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/08/20 7:41 p.m.71 views

IBM Settles Lawsuit Over Weather Channel App Data Privacy

IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app’s permission prompt for users to...

6CVSS6.5AI score0.02606EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/08/05 8:7 p.m.71 views

Black Hat 2020: Open-Source AI to Spur Wave of 'Synthetic Media' Attacks

An abundance of deep-learning and open-source technologies are making it easy for cybercriminals to generate fake images, text and audio called “synthetic media”. This type of media can be easily leveraged on Facebook, Twitter and other social media platforms to launch disinformation campaigns wi...

0.8AI score
Exploits0References19
ThreatPost
ThreatPost
added 2020/05/14 12:38 p.m.71 views

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/04/07 4:57 p.m.71 views

FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...

0.9AI score
Exploits0References20
ThreatPost
ThreatPost
added 2020/04/03 5:16 p.m.71 views

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...

7.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/02/28 8:6 p.m.71 views

Bruce Schneier Proposes 'Hacking Society' for a Better Tomorrow

SAN FRANCISCO – Cybersecurity experts have long stayed in their problem-solving lane when it comes to finding vulnerabilities, patching bugs and keeping networks safe. But maybe it is time they applied their defensive skillsets and adversarial understanding of cyberthreats to help solve some of...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/11/08 12:11 p.m.71 views

Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials

UPDATE Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/10/30 4:42 p.m.71 views

Murky Details Surround Bed, Bath and Beyond Breach

Housewares and home furnishings purveyor Bed, Bath and Beyond has disclosed a data-thieving cyber attack that allowed the adversaries to access customers’ online accounts. According to a Tuesday SEC filing, the company “discovered that a third party acquired email and password information from a...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/10/24 1:28 p.m.71 views

Apple Removes 17 Malicious iOS Apps From App Store

Researchers have uncovered 17 apps on Apple’s official App Store infected with malware. Apple has since removed the apps from the App Store – but a “significant” number of iOS users could have installed them, researchers said. Once downloaded, the malicious apps infect victims with a trojan...

0.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/09/03 7:10 p.m.71 views

IoT Security Challenges in a 5G Era: Expert Advice

When it comes to what we can expect with 5G mobile networks, they promise a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G. Providing ultra low-latency and exponentially faster throughput along with sensors that will boast a 10-year battery life 5G pav...

2.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/08/12 7:13 p.m.71 views

4 Dating Apps Pinpoint Users' Precise Locations – and Leak the Data

Four popular dating apps that together can claim 10 million users have been found to leak precise locations of their members. “By simply knowing a person’s username we can track them from home, to work,” explained Alex Lomas, researcher at Pen Test Partners, in a blog on Sunday. “We can find out...

6.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/08/05 4:0 p.m.71 views

Microsoft Lab Offers $300K For Working Azure Exploits

Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testi...

8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/04/04 11:0 a.m.71 views

SAS 2019 to Tackle APTs, Supply Chains and More

Kaspersky Lab’s Security Analyst Summit kicks off in Singapore next week, where elite researchers, top cybersecurity firms and global law-enforcement agencies will discuss today’s biggest cybersecurity threats and how best to squash them. This year marks the first time the global security...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/03/20 6:0 p.m.71 views

Fin7 Ramps Up Campaigns With Two Fresh Malware Samples

Despite the arrest of several Fin7 members in 2018, the cybercrime group has ramped up its efforts in a series of widespread campaigns hitting businesses with two never-before-seen malware samples. Researchers with Flashpoint said Wednesday that they have discovered a new administrative panel and...

7.7AI score
Exploits0References5
Total number of security vulnerabilities5000