Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/01/28 7:53 p.m.64 views

2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on What’s Next

Just when we thought we’d escaped 2018 without an attack on the scale of WannaCry, NotPetya or Equifax, we were struck by Marriott’s November news of a breach affecting 500 million guests and once again reminded that complacency is the enemy of cybersecurity. We were also reminded that predicting...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/03/29 3:58 p.m.64 views

Drupal Issues Highly Critical Patch: Over 1M Sites Vulnerable

Drupal released a patch for a “highly critical” flaw in versions 6, 7 and 8 of its CMS platform that could allow an attacker to take control of an affected site simply by visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS...

7.5CVSS9.8AI score0.99993EPSS
Exploits46References3
ThreatPost
ThreatPost
added 2017/12/19 11:0 a.m.64 views

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Google’s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems. The attack is a variation of a WPAD/PAC attack. In Project Zero’s case, the...

7.6CVSS8.1AI score0.64164EPSS
Exploits27References12
ThreatPost
ThreatPost
added 2017/07/06 12:30 p.m.64 views

Google Patches Critical 'Broadpwn' Bug in July Security Update

Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. The so-called Broadpwn bug is tied to a vulnerability in Broadcom’s BCM43xx family of Wi...

9.3CVSS8.1AI score0.47537EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2017/05/31 1:0 p.m.64 views

Dedicated Machine Learning Behind Early Phishing Detection in Gmail

Cybercrime and state-sponsored advanced attacks continue to cling to email as a primary distribution vehicle for first-stage malware. Phishing campaigns thrive in targeted attacks, and criminals have even resuscitated old-school macro malware in attachments to gain that initial foothold on a...

0.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/05/26 12:0 p.m.64 views

Mark Dowd on Exploit Mitigation Development

Mark Dowd, fresh off his 2017 Security Analyst Summit keynote, discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers...

9.3CVSS4AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2014/08/26 12:55 p.m.64 views

South Korean Data Breach Compromises 27 Million

A data breach in South Korea appears to have impacted as many as 27 million citizens, roughly 70 percent of the nation’s population. Authorities with the South Jeolla Provincial Police Agency announced late last week that it had apprehended a 24-year-old, known simply as Kim, in addition to 15...

1.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/04/08 3:52 p.m.64 views

April Patch Tuesday Fixes 11 Vulnerabilities, Last Updates for XP

As expected, Microsoft issued its final epitaph for Windows XP today, pushing out four security bulletins for 11 vulnerabilities, including the last updates for the oft-maligned, thirteen-year-old operating system. Despite it being XP’s last gasp from a security standpoint, it’s actually a...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2013/11/05 2:7 p.m.64 views

Microsoft Warns of Targeted Attacks on Windows 0-Day

Microsoft is warning users about targeted attacks against a new vulnerability in several versions of Windows and Office that could allow an attacker to take over a user’s machine. The bug, which is not yet patched, is being used as part of targeted attacks with malicious email attachments, mainly...

9.3CVSS2.4AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2013/04/04 6:44 p.m.64 views

Microsoft Expected to Patch Pwn2Own IE Vulnerabilities

Appropriately enough for the start of the baseball season, Microsoft is going to go 4-for-4 and release another set of critical Internet Explorer patches on Tuesday, the fourth consecutive month in which serious vulnerabilities in the browser are being addressed in Microsoft’s Patch Tuesday month...

9.3CVSS9.6AI score0.99945EPSS
Exploits33References8
ThreatPost
ThreatPost
added 2010/04/13 7:37 p.m.64 views

Google Is 'Paranoid' on Security Following Aurora

Google learned some hard security lessons after it was attacked late last year by hackers, said CEO Eric Schmidt. “Google is now particularly paranoid about that,” Schmidt said during a question-and-answer session following Google’s Atmosphere 2010 conference before about 400 CIOs. Read the full...

2.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/04/19 5:29 p.m.63 views

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

9.3CVSS9.2AI score0.9857EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2022/01/26 10:19 p.m.63 views

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild. The first zero-day CVE-2022-22587 is a memory-corruption issue that could be exploited...

10CVSS8.4AI score0.11638EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2021/11/23 12:59 p.m.63 views

Common Cloud Misconfigurations Exploited in Minutes, Report

Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...

7.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/08/27 5:32 p.m.63 views

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor

The financially motivated FIN8 cybergang used a brand-new backdoor – dubbed Sardonic by the Bitdender researchers who first spotted it – in attempted but unsuccessful breaches of networks belonging to two unidentified U.S. financial organizations. It’s a nimble newcomer, researchers wrote: “The...

8.5AI score
Exploits0References18
ThreatPost
ThreatPost
added 2021/08/17 4:0 a.m.63 views

Phishing Costs Nearly Quadrupled Over 6 Years

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large U.S. companies are now losing, on average, $14.8 million annually, or $1,500 per employee. That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute th...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/08/10 9:21 p.m.63 views

Connected Farms Easy Pickings for Global Food Supply-Chain Hack

A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern...

6.6CVSS5.9AI score0.01086EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2021/07/15 3:49 p.m.63 views

Fake Zoom App Dropped by New APT ‘Luminous Moth’

Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration. Kaspersky researchers said in a Wednesday writeup that they’ve named the advanced threat actor...

6.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/06/28 11:24 p.m.63 views

Data for 700M LinkedIn Users Posted for Sale

A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/05/25 4:41 p.m.63 views

Trend Micro Bugs Threaten Home Network Security

Three security vulnerabilities have been found in Trend Micro’s Home Network Security systems, which can allow denial of service DoS, privilege escalation, code execution and authentication bypass. The Home Network Security Station is an all-in-one device that scans for vulnerabilities for...

7.8CVSS8.2AI score0.0096EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2021/05/13 3:39 p.m.63 views

Beyond MFA: Rethinking the Authentication Key

You have to hand it to the cyber-thieves: They have proven extremely adept at defeating security measures once thought reliable. Case in point: multifactor authentication MFA. While two-factor authentication 2FA using push text notifications has become the de-facto standard for login security, ba...

5.9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/03/17 8:26 p.m.63 views

Cisco Plugs Security Hole in Small Business Routers

A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly. Cisco issued fixes on Wednesday for the flaw in i...

0.7AI score0.022EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2021/03/11 4:5 p.m.63 views

FIN8 Resurfaces with Revamped Backdoor Malware

The FIN8 cyberattack group has resurfaced after a period of relative quiet, researchers have found. The gang is using new versions of the BadHatch backdoor to compromise companies in the chemical insurance, retail and technology industries. The attacks have been seen hitting organizations around...

0.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/02/10 9:32 p.m.63 views

SAP Commerce Critical Security Bug Allows RCE

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. If exploited, the flaw could allow for remote code execution RCE that ultimately could compromise or disrupt the application. SAP Commerce organizes data – such as product information – to be...

6.5CVSS10AI score0.29847EPSS
Exploits2References10
ThreatPost
ThreatPost
added 2021/01/25 9:51 p.m.63 views

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. Those included hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency CISA. The...

7.1AI score
Exploits0References17
ThreatPost
ThreatPost
added 2021/01/25 5:53 p.m.63 views

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A cross-site request forgery CSRF vulnerability in the Cisco Digital Network Architecture DNA Center could open enterprise users to remote attack and takeover. The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized...

6.5CVSS1.2AI score0.03725EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/01/20 8:45 p.m.63 views

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs

NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV; and allows loc...

7.2CVSS1.7AI score0.01777EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/01/08 9:31 p.m.63 views

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...

7.6AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/10/28 11:32 a.m.63 views

Trump Campaign Website Defaced by Cryptocurrency Scam

UPDATE Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. Journalist Gabriel Lorenzo Greschler was the first to notice the attack while he was...

6.8AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/10/16 9:20 p.m.63 views

Phishers Capitalize on Headlines with Breakneck Speed

The speed with which phishers are able to adapt to new messaging based on the latest headlines is accelerating, according to the Proofpoint Threat Research Team, which was able to track backend data from a recent voter-registration scam to uncover just how quickly cybercriminals can pivot to...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/08/04 12:20 p.m.63 views

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks

Google and Amazon overtook Apple in the second quarter Q2 of 2020 as the brand most spoofed by attackers to lure people into falling for phishing attacks. The leaderboard change is likely due to activity related to the COVID-19 pandemic, according to new research. While the number of so-called...

0.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/06/15 7:11 p.m.63 views

WFH Alert: Critical Bug Found in Old D-Link Router Models

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. The routers, first introduced in 2013, reached end-of-life support in Feb. 2016. In Au...

7.5CVSS9AI score0.27057EPSS
Exploits3References11
ThreatPost
ThreatPost
added 2020/05/22 3:35 p.m.63 views

Home Chef Serves Up Data Breach for 8 Million Records

Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, one of these, the popular Kroger’s Home Chef service, recently served up a side of data breach along with its perfectly measured ingredients. Accordin...

7.4AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/05/22 1:30 p.m.63 views

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...

0.3AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/05/19 4:1 a.m.63 views

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Denial-of-service DoS attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report DBIR released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry...

0.2AI score
Exploits0References19
ThreatPost
ThreatPost
added 2020/04/16 10:0 a.m.63 views

'Double Extortion' Ransomware Attacks Spike

Victims of ransomware attacks now face a double whammy of headaches. Cybercriminals are increasingly inflicting more pain on ransomware victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren’t met. The ransomware tactic, call “double extortion,”...

6.8AI score
Exploits0References21
ThreatPost
ThreatPost
added 2020/03/18 1:51 p.m.63 views

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

10CVSS1.4AI score0.07581EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2020/02/27 9:58 p.m.63 views

RSAC 2020: GM's Transportation Future Hinges on Cybersecurity

SAN FRANCISCO — General Motors is working on self-driving cars, cars that monitor heart rates and other vital functions, zero-emission vehicles and more – all underpinned by exceedingly complex coding and relying on ubiquitous connectivity. But there’s a problem. The cyber-talent gap is hitting t...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/02/26 12:59 p.m.63 views

Stalkerware Attacks Increased 50 Percent Last Year, Report

The number of stalkerware attacks on mobile devices increased 50 percent over the last year, showing an upward and continued trend in the emerging threat, researchers said. Over the past year, the instances of stalkerware—which tracks users without their knowledge and can result in harassment,...

Exploits0References5
ThreatPost
ThreatPost
added 2020/01/31 4:58 p.m.63 views

Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

Zero Day Initiative ZDI awarded more than $1.5 million in cash and prizes to bug-hunters throughout 2019, it said, resulting in 1,035 security vulnerability advisories for the year. Most of those advisories 88 percent were published in conjunction with a patch from the vendor, Zero Day Initiative...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/01/29 11:57 a.m.63 views

Wawa Breach May Have Affected More Than 30 Million Customers

A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The Joker’s Stash...

7.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/01/28 11:0 a.m.63 views

Zoom Fixed Flaw Opening Meetings to Hackers

NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/01/13 9:5 p.m.63 views

Scammers Dupe Texas School District Out of $2.3M

A Texas school district, based outside of Austin, Tex., has lost $2.3 million after falling victim to an email scam. The Manor Independent School District encompasses 8,000 students from elementary to high school. Police told local news outlets that the incident started in early November and...

0.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/12/16 2:0 p.m.63 views

Understanding the Risk of Zero-Day Exploits

To protect your home from thieves, the easiest thing you can do is lock your windows and doors every time you leave the house. Similarly, in cybersecurity, the easiest way to protect your network is to keep your hardware and applications up to date with the latest security patches. But how do you...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/11/20 7:41 p.m.63 views

Apache Solr Bug Gets Bumped Up to High Severity

A bug impacting the Linux enterprise-search platform called Apache Solr has been revised from low to high-severity after researchers discovered a new remote code execution exploit. The warning comes from Tenable, which is reporting that the newly-identified default configuration vulnerability cou...

7.5CVSS0.3AI score0.21866EPSS
Exploits4References6
ThreatPost
ThreatPost
added 2019/09/18 1:0 p.m.63 views

Massive Gaming DDoS Exploits Widespread Technology

UPDATE Akamai Wednesday revealed that it’s witnessed the fourth-largest DDoS attack the company has ever encountered, leveraging a widespread and highly exploitable UDP amplification technique known as WS-Discovery WSD. WSD—a consumer device network discovery and connectivity technology—was seen...

0.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/08/05 7:31 p.m.63 views

E3 Website Leaks Private Addresses for Thousands of Journalists

A YouTube content creator said that she has found a spreadsheet with the names and addresses – including private residences – of more than 2,000 journalists and content creators on the popular Electronic Entertainment Expo E3 trade show’s website. E3 2019, which took place this year June 11 to 13...

0.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/07/08 3:9 p.m.63 views

Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software

Apple patched a high-severity iMessage bug found by Google Project Zero that can be exploited by an attacker who sends a specially-crafted message to a vulnerable iOS device. Those iPhones receiving the malicious message are rendered inoperable, or bricked. Apple patched the bug with the release ...

7.2CVSS6.8AI score0.00829EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/05/14 12:0 p.m.63 views

Cynet: An Autonomous Security Platform for Any Size Organization

The Cynet security platform takes a different approach to traditional point security offerings, by providing a consolidated solution to all aspects of breach protection through a single interface. Unlike endpoint security solutions that only focus on particular types of threats targeting the...

Exploits0References21
ThreatPost
ThreatPost
added 2019/04/03 6:36 p.m.63 views

Facebook Data of Millions Exposed in Leaky Datasets

UPDATE Hundreds of millions of Facebook records – including account names, personal data, and more – have been found in two separate publicly-exposed app datasets. The first publicly-exposed dataset originates from a Mexico-based media company, Cultura Colectiva, and contains over 540 million...

0.1AI score
Exploits0References6
Total number of security vulnerabilities5000