Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/01/21 2:58 p.m.367 views

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...

7.6CVSS8.1AI score0.86863EPSS
Exploits18References13
ThreatPost
ThreatPost
added 2019/06/21 2:22 p.m.367 views

Mozilla Fixes Second Actively-Exploited Firefox Flaw

UPDATE Mozilla has fixed a high-severity vulnerability in its Firefox browser being actively exploited in the wild. The vulnerability CVE-2019-11708 is separate from a critical flaw under active attack that was patched earlier this week CVE-2019-11707. However, both vulnerabilities were discovere...

10CVSS9.7AI score0.55874EPSS
Exploits14References8
ThreatPost
ThreatPost
added 2022/03/17 7:21 p.m.366 views

Dev Sabotages Popular NPM Package to Protest Russian Invasion

The developer behind the hugely popular npm package “node-ipc” has released sabotaged versions of the library to condemn Russia’s invasion of Ukraine: a supply-chain tinkering that he’d prefer to call “protestware” as opposed to “malware.” Regardless of the peace-not-war messaging, node-ipc is no...

10CVSS8.7AI score0.04194EPSS
Exploits1References16
ThreatPost
ThreatPost
added 2022/02/24 8:7 p.m.363 views

Zenly Social-Media App Bugs Allow Account Takeover

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an...

9.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/03/22 2:21 p.m.361 views

Serpent Backdoor Slithers into Orgs Using Chocolatey Installer

Researchers have discovered a cyberattack that uses unusual evasion tactics to backdoor French organizations with a novel malware dubbed Serpent, they said. A team from Proofpoint observed what they call an “advanced, targeted threat” that uses email-based lures and malicious files typical of man...

8.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/07/15 8:50 p.m.360 views

Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases

A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed. The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday. The bug could allow...

7.7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/05/26 9:3 p.m.358 views

StrandHogg 2.0 Critical Bug Allows Android App Hijacking

A critical privilege-escalation vulnerability affecting Android devices has been found that allows attackers to hijack any app on an infected phone – potentially exposing private SMS messages and photos, login credentials, GPS movements, phone conversations and more. The bug is dubbed the...

7.2CVSS8.7AI score0.26869EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/04/08 2:0 p.m.356 views

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...

5CVSS10AI score0.99999EPSS
Exploits22References15
ThreatPost
ThreatPost
added 2021/08/12 1:19 p.m.352 views

Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution RCE vulnerability in the Windows Print Spooler that can be filed under the PrintNightmare umbrella. The news comes amid plenty of...

9.8CVSS9AI score0.99759EPSS
Exploits76References16
ThreatPost
ThreatPost
added 2021/07/07 10:55 a.m.350 views

Microsoft Releases Emergency Patch for PrintNightmare Bugs

Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution RCE vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the...

9.3CVSS9.5AI score0.99759EPSS
Exploits75References12
ThreatPost
ThreatPost
added 2019/09/10 7:54 p.m.350 views

Microsoft Addresses Two Zero-Days Under Active Attack

Two elevation-of-privilege vulnerabilities that have been exploited in the wild as zero-days are at the heart of September’s Patch Tuesday update from Microsoft. The two EoP vulnerabilities under active attack consist of CVE-2019-1214, which exists in the Windows Common Log File System CLFS Drive...

10CVSS0.99999EPSS
Exploits126References15
ThreatPost
ThreatPost
added 2019/09/13 8:52 p.m.349 views

WordPress XSS Bug Allows Drive-By Code Execution

A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...

4.3CVSS6.8AI score0.01889EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/03/10 8:30 p.m.347 views

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

0.3AI score0.9981EPSS
Exploits125References6
ThreatPost
ThreatPost
added 2019/09/03 6:17 p.m.347 views

How to Get a Handle on Patch Management

Patch management is a thankless job. Data shows, despite best efforts, that 80 percent of enterprise applications have at least one unpatched vulnerability in them, according research by Veracode. It is not for lack of trying that vulnerabilities persist. Last year 16,500 vulnerabilities were...

10CVSS10AI score0.99999EPSS
Exploits123References23
ThreatPost
ThreatPost
added 2018/10/08 12:7 a.m.346 views

PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and...

9CVSS1.3AI score0.96087EPSS
Exploits27References9
ThreatPost
ThreatPost
added 2019/03/05 11:0 a.m.344 views

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes

SAN FRANCISCO – A previously unknown bug in Microsoft Office has been spotted being actively exploited in the wild; it can be used to bypass security solutions and sandboxes, according to findings released at the RSA Conference 2019. The bug exists in the OLE file format and the way it’s handled ...

9.3CVSS9.4AI score0.99999EPSS
Exploits81References3
ThreatPost
ThreatPost
added 2016/05/21 9:0 a.m.344 views

Microsoft Warns of Sneaky New Macro Trick

Microsoft is warning of an innovative new technique attackers are using to sneak macro malware past virus detection engines and add to the already huge uptick in reported macro attacks. According to researchers at Microsoft’s Malware Protection Center, they stumbled upon the macro technique in a...

9.3CVSS0.3AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2021/04/14 12:46 p.m.343 views

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88...

10CVSS9AI score0.83337EPSS
Exploits4References16
ThreatPost
ThreatPost
added 2022/04/07 1:46 p.m.341 views

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

A server-side request forgery SSRF flaw in an API of a large financial technology fintech platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security’s...

9.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/09/09 12:58 p.m.341 views

Zoho ManageEngine Password Manager Zero-Day Gets Fix

A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory AD and cloud accounts. The issue CVE-2021-40539 has been actively exploited in the wild as a zero-day,...

10CVSS9.8AI score0.99999EPSS
Exploits59References11
ThreatPost
ThreatPost
added 2022/02/16 4:3 p.m.340 views

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

9.1CVSS9.3AI score0.54889EPSS
Exploits7References11
ThreatPost
ThreatPost
added 2021/07/16 11:57 a.m.340 views

Microsoft: Unpatched Bug in Windows Print Spooler

Microsoft has warned of yet another vulnerability that’s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution RCE bugs found in the print service...

9.8CVSS9.3AI score0.99759EPSS
Exploits76References13
ThreatPost
ThreatPost
added 2019/03/01 8:22 p.m.340 views

Adobe Patches Critical ColdFusion Vulnerability With Active Exploit

Adobe has issued an emergency patch for a critical vulnerability in its ColdFusion service that is being exploited in the wild. The vulnerability, CVE-2019-7816, exists in Adobe’s commercial rapid web application development platform, ColdFusion. The ColdFusion vulnerability is a file upload...

10CVSS1.2AI score0.99999EPSS
Exploits48References4
ThreatPost
ThreatPost
added 2019/07/30 7:22 p.m.336 views

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages

Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has...

7.5CVSS0.1AI score0.16997EPSS
Exploits6References6
ThreatPost
ThreatPost
added 2022/03/21 11:57 p.m.335 views

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that eas...

8.4AI score
Exploits0References16
ThreatPost
ThreatPost
added 2020/12/08 4:36 p.m.333 views

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. Overall, Adobe issued patches for flaws tied to one important-rated and thre...

6.8CVSS1.3AI score0.02883EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2020/04/10 10:0 a.m.333 views

Compromised Zoom Credentials Swapped in Underground Forums

Researchers have uncovered a database shared on an underground forum containing more than 2,300 compromised Zoom credentials. The database contained usernames and passwords for Zoom accounts – including corporate accounts belonging to banks, consultancy companies, educational facilities, healthca...

7.5AI score
Exploits0References24
ThreatPost
ThreatPost
added 2022/08/25 6:47 p.m.332 views

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers...

9.8CVSS10AI score0.99869EPSS
Exploits23References2
ThreatPost
ThreatPost
added 2021/03/05 3:55 p.m.332 views

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service DDoS attacks. Researchers first discover...

10CVSS0.5AI score0.99999EPSS
Exploits62References17
ThreatPost
ThreatPost
added 2018/08/24 10:7 p.m.332 views

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework. The vulnerability CVE-2018-11776, identified earlier this week, could allow an adversary to execute remote code on targeted...

9.3CVSS0.5AI score0.99993EPSS
Exploits41References7
ThreatPost
ThreatPost
added 2018/10/10 9:52 p.m.331 views

FruityArmor Apt Exploits Yet Another Windows Graphics Kernel Flaw

A just-patched zero-day vulnerability in win32k.sys – the Windows graphics kernel component – is at the heart of a probable sighting of the FruityArmor APT group – an under-the-radar cyberespionage gang active in the Middle East. A recent campaign uncovered by Kaspersky Lab led researchers to the...

7.2CVSS0.2AI score0.69833EPSS
Exploits13References3
ThreatPost
ThreatPost
added 2022/02/03 10:10 p.m.330 views

Low-Detection Phishing Kits Increasingly Bypass MFA

More and more phishing kits are focusing on bypassing multi-factor authentication MFA methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle MiTM attack. As MFA continues to see widespread consumer and business adoption – a full 78 percent of...

9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/08/11 8:2 p.m.330 views

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw CVE-2020-8708 ranks 9.6 out of 10 on the CVSS...

5.8CVSS8.8AI score0.26869EPSS
Exploits1References17
ThreatPost
ThreatPost
added 2014/03/06 1:49 p.m.327 views

Microsoft, Kaspersky Shed Light on Sefnit Tor Botnet

Alarm bells went off last August when spikes in Tor client downloads were traced to a large click-fraud and Bitcoin-mining botnet called Sefnit. The malware was using the popular anonymity network to communicate with hackers in order to transmit stolen data and receive additional commands. In...

9.3CVSS8.5AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2019/06/05 2:14 p.m.326 views

BlueKeep 'Mega-Worm' Looms as Fresh PoC Shows Full System Takeover

A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine. Reverse engineer Zǝɹosum0x0 tweeted about his success on Tuesday, noting that he plans to keep the...

10CVSS0.9AI score0.99999EPSS
Exploits139References12
ThreatPost
ThreatPost
added 2020/07/16 6:5 p.m.321 views

Hackers Look to Steal COVID-19 Vaccine Research

The advanced threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S. That’s according to a joint alert from the U.S. Department of Homeland...

7.5CVSS0.99999EPSS
Exploits93References13
ThreatPost
ThreatPost
added 2022/04/01 1:2 p.m.320 views

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs – a vulnerability affecting both macOS and iOS...

9.3CVSS8.8AI score0.12642EPSS
Exploits0References14
ThreatPost
ThreatPost
added 2019/06/07 9:56 p.m.320 views

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover

Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade $50 Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the si...

6.8CVSS0.8AI score0.73773EPSS
Exploits4References5
ThreatPost
ThreatPost
added 2019/05/10 9:29 p.m.320 views

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

A recently patched, high-severity vulnerability in Microsoft SharePoint CVE-2019-0604 that allows remote code-execution is being increasingly exploited in the wild, according to researchers – possibly by the FIN7 group, among others. According to the Microsoft’s advisory, the vulnerability which...

7.5CVSS10AI score0.99913EPSS
Exploits29References10
ThreatPost
ThreatPost
added 2022/03/07 7:28 p.m.319 views

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...

8.7AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/07/17 3:43 p.m.319 views

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a “high potential for compromise of agency information systems.” In an Emergency Directive, the Department...

10CVSS1.9AI score0.92178EPSS
Exploits22References9
ThreatPost
ThreatPost
added 2018/12/11 6:40 p.m.318 views

Cobalt Group Pushes Revamped ThreadKit Malware

Despite the high profile arrest earlier this year of the Cobalt Group ringleader, the threat actors behind the hacking collective are slowly ramping up their malicious behavior. In a new analysis of the threat group, known for its widespread attacks against banks in Eastern Europe over the past...

9.3CVSS8.7AI score0.99945EPSS
Exploits74References8
ThreatPost
ThreatPost
added 2019/02/04 8:45 p.m.317 views

Spy Campaign Spams Pro-Tibet Group With ExileRAT

A cyber-espionage campaign has been spotted targeting recipients of a mailing list run by the Central Tibetan Administration CTA. India’s CTA is an organization officially representing the Tibetan government-in-exile. The territory of Tibet is administered by the People’s Republic of China – but...

9.3CVSS1.4AI score0.99933EPSS
Exploits29References4
ThreatPost
ThreatPost
added 2019/11/22 1:32 p.m.316 views

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...

9.3CVSS0.1AI score0.89889EPSS
Exploits14References6
ThreatPost
ThreatPost
added 2021/03/11 2:21 p.m.315 views

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks is warning users to patch four critical remote command execution RCE flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. If exploited, the flaws could allow attackers to take full control over a vulnerable system. The company released an advisory, Wednesday, on seven...

10CVSS0.2AI score0.99999EPSS
Exploits81References16
ThreatPost
ThreatPost
added 2019/10/31 1:0 p.m.315 views

Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant

A new Gafgyt variant is adding vulnerable internet of things IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service DoS attacks against the Valve Source Engine, a video game engine...

10CVSS0.4AI score0.99975EPSS
Exploits10References7
ThreatPost
ThreatPost
added 2022/05/23 12:7 p.m.312 views

Snake Keylogger Spreads Through Malicious PDFs

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...

9.3CVSS8.6AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2019/03/13 3:15 p.m.312 views

Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw

A newly-patched Microsoft Win32k vulnerability is being exploited in the wild by at least two threat actors, including a recently discovered advanced persistent threat APT group dubbed SandCat. The exploited vulnerability CVE-2019-0797, rated important, was patched on Tuesday as part of Microsoft...

10CVSS0.4AI score0.69833EPSS
Exploits9References10
ThreatPost
ThreatPost
added 2022/03/24 1:10 p.m.310 views

Microsoft Help Files Disguise Vidar Malware

Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday actually, that’s probably the first place you should look? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed ...

8.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/03/01 9:44 p.m.310 views

RCE Bugs in Hugely Popular VoIP Apps: Patch Now!

Some of the world’s most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It’s ubiquitous. The library, PJSIP – an open-source...

9.4AI score
Exploits0References10
Total number of security vulnerabilities5000