Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/09/30 3:51 p.m.54 views

Senate Passes Bill Aimed At Combating Ransomware Attacks

The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed...

0.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/08/26 3:43 p.m.54 views

Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk

Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/07/08 6:43 p.m.54 views

GoBotKR Targets Pirate Torrents to Build a DDoS Botnet

A botnet dubbed GoBotKR is targeting fans of Korean TV, compromising computers via pirated copies of South Korean movies, games and TV shows available via Korean and Chinese torrent sites. Ultimately, the cybercriminals are building a network that can then be used to perform DDoS attacks of vario...

7.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/14 12:2 p.m.54 views

Hackers Favor Weekdays for Attacks, Share Resources Often

Do threat actors carry out phases of their attack on different days of the week? Do threats use the same infrastructure for exploitation and control? These may not be the sort of questions that cybersecurity professional usually think about, but their implications can actually have an important...

Exploits0References2
ThreatPost
ThreatPost
added 2019/04/23 8:26 p.m.54 views

Carbanak Source Code Unveils a Startlingly Complex Malware

A look under the hood of FIN7’s notorious Carbanak backdoor – the result of nearly 500 total hours of analysis across 100,000 lines of code and dozens of binaries – shows that the malware is highly sophisticated – more sophisticated than expected. It’s a Cadillac in a sea of golf carts, if you...

Exploits0References10
ThreatPost
ThreatPost
added 2019/03/07 5:0 p.m.54 views

RSAC 2019: For Domestic Abuse, IoT Devices Pose New Threat

SAN FRANCISCO – The influx of connected products in the home – from smart thermometers to connected locks – presents a disturbing new threat surface for victims of domestic abuse. That’s what Lisa Green, senior director of operations at Independent Security Evaluators, is warning conference-goers...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/09/11 2:52 p.m.54 views

Adobe Patches Six Critical Flaws in ColdFusion

Adobe has released patches fixing six critical vulnerabilities in its ColdFusion product that could lead to arbitrary code-execution. The flaws impact Adobe’s ColdFusion product, which is the company’s commercial web application development platform. Impacted are the 2016 Update 6 and earlier...

10CVSS2.1AI score0.9995EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2018/07/25 7:36 p.m.54 views

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

A buggy Mozilla Firefox browser extension for sharing links to Pinterest has automatically injected malformed code into at least 5,000 websites. The code injection in this instance was not malicious, but researchers at Sucuri, which discovered and reported the problem on Tuesday, said the inciden...

7.5CVSS0.1AI score0.37951EPSS
Exploits7References2
ThreatPost
ThreatPost
added 2018/07/11 7:8 p.m.54 views

Multiple Bugs Found in QNAP Q’Center Web Console

Researchers found an array of high severity vulnerabilities in network storage vendor QNAP’s web console, which could enable an authenticated attacker to gain privileges and execute arbitrary commands on the system. The web-based platform, Q’center, allows users to manage network attached storage...

9CVSS2AI score0.59215EPSS
Exploits12References8
ThreatPost
ThreatPost
added 2018/04/30 8:43 p.m.54 views

KRACK Vulnerability Puts Medical Devices At Risk

A slew of devices from medical technology company Becton, Dickinson and Company BD are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2017/07/31 1:0 p.m.54 views

Microsoft Releases Outlook Patches, Fixes Broken Update

During the heat of Black Hat last week, Microsoft pushed out patches for Outlook that address three newly reported vulnerabilities. Last week’s update also included fixes for six of eight vulnerabilities left unpatched after issues were reported with the June Patch Tuesday update. The most seriou...

9.3CVSS0.6AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2017/06/28 12:15 p.m.54 views

Average Bug Bounty Payments Growing

HackerOne said Monday its average dollar payouts to participants are up, and cross site scripting vulnerabilities cause the biggest headaches for companies. The bug bounty platform provider culled data from the past four years, analyzing 50,000 reported bugs and more than $17 million in payouts t...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2016/06/15 3:23 p.m.54 views

Patched BadTunnel Windows Bug Has 'Extensive' Impact

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese...

9.3CVSS0.2AI score0.99945EPSS
Exploits35References2
ThreatPost
ThreatPost
added 2016/05/04 12:17 p.m.54 views

Public Exploits Available for ImageMagick Vulnerabilities

Within hours of the disclosure of serious vulnerabilities in ImageMagick, public exploits were available increasing the risk to thousands of websites that make use of the open source image-processing software. Attackers can append malicious code to an image file that ImageMagick will process...

10CVSS8.1AI score0.97485EPSS
Exploits11References4
ThreatPost
ThreatPost
added 2016/01/19 7:47 a.m.54 views

Linux Kernel Privilege Escalation Flaw Patched

A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, t...

7.2CVSS6.8AI score0.03646EPSS
Exploits14References2
ThreatPost
ThreatPost
added 2015/03/10 2:24 p.m.54 views

March 2015 Microsoft Patch Tuesday Security Bulletins

Windows IT shops figure to be in for some scrambling today. Not only was it revealed that a five-year-old patch for a vulnerability exploited by Stuxnet was incomplete and machines have been exposed since 2010, but today is also Patch Tuesday and the updated Stuxnet patch is one of 14 bulletins...

9.3CVSS9.7AI score0.99945EPSS
Exploits51References12
ThreatPost
ThreatPost
added 2013/09/06 7:40 a.m.54 views

Many Flash, Java Users Running Older, Vulnerable Versions

It’s long been known that Java and Flash are favored targets of attackers, thanks to their huge install bases and numerous security issues. And the users who are targeted by these attacks aren’t doing themselves any favors either, as new research shows that 19 percent of business users are runnin...

10CVSS1.8AI score0.10179EPSS
Exploits4References2
ThreatPost
ThreatPost
added 2013/06/14 10:57 a.m.54 views

More on Office 2003 Zero Day Vulnerability Patch

This week’s patch and security advisory for a vulnerability in Microsoft Office is the perfect example of why enterprise administrators need to take Microsoft’s criticality ratings as a suggestion and not gospel. Microsoft pushed security update MS13-051 through on Tuesday with a rating of...

9.3CVSS8.6AI score0.99945EPSS
Exploits37References9
ThreatPost
ThreatPost
added 2012/10/31 11:20 p.m.54 views

DHS Chief Uses 'Sandy' to Underscore Cybersecurity Threats

While the eastern United States recovers from this week’s devastasting storm, the nation’s Homeland Security chief used “Superstorm Sandy” to promote the importance of national cybersecurity protection. “One of the possible areas of attack, of course, is attacks on our nation’s control systems —...

Exploits0References1
ThreatPost
ThreatPost
added 2012/05/03 2:9 p.m.54 views

Serious Remote PHP Bug Accidentally Disclosed

A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag...

7.5CVSS0.2AI score0.99998EPSS
Exploits43References3
ThreatPost
ThreatPost
added 2012/03/08 7:2 p.m.54 views

Mystery of Duqu Deepens As Researchers Ponder Unknown Programming Language

Segments of code within the mysterious information stealing trojan, Duqu, seem to have been written in an unknown programming language according to a new report from Securelist. Kaspersky Lab Expert, Igor Soumenkov claims that Duqu’s payload DLL initially looked like standard Windows executable,...

1.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/05/07 3:37 p.m.54 views

Main PHP-Nuke Site Compromised

The main site for the PHP-Nuke content management system software has been compromised and is serving malicious iFrame exploits to visitors. Researchers at Websense found that the phpnuke.org site is currently serving several different exploits. The attack uses the common iFrame-redirection...

9.3CVSS8.5AI score0.96632EPSS
Exploits44References5
ThreatPost
ThreatPost
added 2022/05/12 10:45 a.m.53 views

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/12/14 11:10 p.m.53 views

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2...

9.3CVSS8.6AI score0.18024EPSS
Exploits6References22
ThreatPost
ThreatPost
added 2021/11/25 4:2 p.m.53 views

New Twists on Gift-Card Scams Flourish on Black Friday

Black Friday cyber-pariahs have revamped gift-card scams to better target modern online shoppers hungry for deals post-Thanksgiving. Experts warn new tactics include bogus gift-card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. Internet-based Blac...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/07/07 2:47 p.m.53 views

Fake Kaseya VSA Security Update Drops Cobalt Strike

A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator VSA platform to spread a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike, researchers warn. On Tuesday night, Malwarebyte...

7.9AI score
Exploits0References28
ThreatPost
ThreatPost
added 2021/07/01 11:30 a.m.53 views

Netgear Authentication Bypass Allows Router Takeover

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/06/29 11:34 a.m.53 views

Details of RCE Bug in Adobe Experience Manager Revealed

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager AEM, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. The bug, patched in May, allowed hackers to bypass authentication protection and execute code...

7.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/25 8:26 p.m.53 views

‘Agrius’ APT Launches Wiper Attacks Against Israelis

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Sentinel Labs analysts said they have been tracking Agrius’ operations in Israel...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/04/21 12:0 p.m.53 views

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/04/02 1:9 p.m.53 views

Robinhood Warns Customers of Tax-Season Phishing Scams

Attackers have targeted customers of stock-trading broker Robinhood with a phishing campaign aimed to steal their credentials and spread malware using fake tax documents, the company has warned. Robinhood, which aims to make it easy for people to trade stocks online but has faced a number of...

0.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/03/26 8:8 p.m.53 views

E.O. Would Strengthen Federal Cyber Requirements

The U.S. federal government is mulling changes to up its cybersecurity software game in the wake of the sprawling SolarWinds cyberattacks that came to light in December, including requiring data-breach notifications. In a draft executive order from President Joe Biden, software companies would be...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/03/24 8:53 p.m.53 views

ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar

In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...

6.9AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/03/17 3:8 p.m.53 views

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy...

0.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/03/09 9:59 p.m.53 views

Dark Web Markets for Stolen Data See Banner Sales

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiar predicament — they need to lock down...

7.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/03/09 4:44 p.m.53 views

Google Play Harbors Malware-Laced Apps Bent on Spying

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The malware is part of a campaign aimed at lifting victims’ financial information, but which also...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/02/02 6:17 p.m.53 views

Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges

Hundreds of investors in a fake cryptocurrency scam were bilked out of $11 million by John DeMarr, who advised them to invest in fake cryptocurrency “Bitcoiin,” took their money and spent it on a Porsche, jewelry and upgrades to his home, a criminal complaint from the Department of Justice allege...

Exploits0References5
ThreatPost
ThreatPost
added 2021/01/21 3:2 p.m.53 views

Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/10/26 2:40 p.m.53 views

Nando's Hackers Feast on Customer Accounts

Diners at a popular chicken-dinner chain have seen hundreds of dollars siphoned out of their bank accounts, after cybercriminals were able to access their restaurant ordering credentials. The issue though is that payment-card information is not stored within Nando’s accounts, leaving some questio...

Exploits0References6
ThreatPost
ThreatPost
added 2020/10/09 2:50 p.m.53 views

Facebook Debuts Bug Bounty ‘Loyalty Program’

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called “Hacker Plus,” offers bonuses on top of bounty awards,...

6.5AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/07/23 12:57 p.m.53 views

Twitter: Hackers Accessed Private Messages for Elite Accounts

Hackers accessed direct messages DMs for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. An elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late...

0.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/07/10 1:25 p.m.53 views

Report: Most Popular Home Routers Have ‘Critical’ Flaws

A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. The “Home Router Security Report” PDF by Peter Weidenbach and Johannes vom Dorp—both from the German think tank Fraunhofer Institute–found that not only did all of the...

7.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/06/18 8:42 p.m.53 views

Facebook's FTC-Mandated Privacy Committee Now in Effect

Facebook on Thursday said it has started to report its privacy practices to a newly formed, independent Privacy Committee. The creation of the independent committee was part of the company’s settlement a year ago with the Federal Trade Commission FTC over data privacy violations, which came in...

1.4AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/06/08 8:57 p.m.53 views

Singapore’s Contact Tracing Wearable Causes Privacy Backlash

Singapore’s announcement that it is developing a wearable for contact tracing has caused citizens to voice concern for the technology’s impact on their data privacy, with more than 35,000 signing a petition against the devices. On Friday during a parliament session, Vivian Balakrishnan,...

6.8AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/05/06 3:31 p.m.53 views

Microsoft Shells Out $100K for IoT Security

Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things IoT that encompasses hardware, OS and cloud elements. The top reward will come in at $100,000. The Azure Sphere Security Research Challenge is an expansion of a program...

8AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/03/16 9:13 p.m.53 views

Convincing Google Impersonation Opens Door to MiTM, Phishing

An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how...

7.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/02/04 2:22 p.m.53 views

Twitter API Abused to Uncover User Identities

Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API...

6.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/11/11 6:13 p.m.53 views

ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months

Much has been made of the fallout that companies face after a data breach. But for public companies, shaken investor confidence adds a whole new dimension to recovery concerns. A recent study from Comparitech shows that share prices for large breached companies will hit a low point approximately ...

6.9AI score
Exploits0References21
ThreatPost
ThreatPost
added 2019/10/30 12:58 p.m.53 views

Android Malware Plaguing 45K Devices Remains a Mystery

Researchers are on the hunt for the infection vector behind a mysterious mobile malware that has infected over 45,000 Android devices in the past six months. Researchers said they have detected a surge in detections of the malware, dubbed Xhelper, which can hide itself from users, download...

0.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/10/23 4:43 p.m.53 views

ThreatList: Google's Advertising Network Dominates Global Data Collection

When it comes to data collection, Google’s combined arsenal of advertising tools and services continue to help it dominate at a global level. Close behind are AOL Advertising, Moat and AppNexus. Each are singled out by researchers in new report that brings to mind the privacy-busting quote, “If...

0.6AI score
Exploits0References11
Total number of security vulnerabilities5000