Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/04/23 2:0 p.m.54 views

Skype Phishing Attack Targets Remote Workers' Passwords

Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can...

6.9AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/04/14 1:0 p.m.54 views

Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis

With governments closing down workplaces all over the world, telecommuting presents not just online administrative and capacity challenges for organizations, but also security challenges. As highlighted in a recent article by Andy Greenberg from Wired, when more and more employees are asked to VP...

1.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/03/20 6:24 p.m.54 views

News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own

For the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activities – malware, phishing and other scams – tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus’ spread Privacy...

7.4AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/02/25 8:39 p.m.54 views

RSAC 2020: Blockchain is 'Garbage In', Voting Needs Paper Ballots

SAN FRANCISCO – Cryptography is at the heart of security, especially here at this week’s RSAC 2020. And during the event’s annual Cryptographer’s Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. Privacy is clearly a top...

6.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/02/20 4:17 p.m.54 views

Cybergang Favors G Suite and Physical Checks For BEC Attacks

Researchers have uncovered a new business email compromise BEC threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Google’s cloud-based productivity suite, G Suite, and for its use of...

6.9AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/02/07 2:49 p.m.54 views

Phishing Campaign Targets 250 Android Apps with Anubis Malware

A new phishing campaign is attempting to deliver sophisticated malware that can completely hijack an Android mobile device to steal user credentials, install a keylogger and even hold a device’s data for ransom. The attacks are designed for mobile inboxes and leverage the Anubis malware, a...

1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/12/04 1:52 p.m.54 views

Dutch Politician Could Get Three Years in Prison for Hacking iCloud Accounts

Prosecutors in the Netherlands are asking for three years in prison for a Dutch politician who hacked into women’s personal iCloud accounts and stole nude photos and other personal digital material belonging to them, then leaked some of it online. The public prosecutor of the North Holland Public...

0.6AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/11/14 2:0 p.m.54 views

Download: The Comprehensive Compliance Guide

A large part of the CISO/CIO responsibility is ensuring compliance standards are met. As one of the main drivers of security product purchase and implementation, regulation comes in many different shapes and sizes. Some standards provide clear consequences for failure to meet them. Others provide...

0.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/11/06 4:52 p.m.54 views

Facebook Privacy Breach: 100 Developers Improperly Accessed Data

UPDATE Facebook said that 100 third-party app developers have improperly accessed the names and profile pictures of members in various Facebook groups – data that was restricted in 2018 by the platform after its Cambridge Analytica privacy snafu. Facebook said that the developers – including 11 i...

7.2AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/09/30 3:51 p.m.54 views

Senate Passes Bill Aimed At Combating Ransomware Attacks

The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed...

0.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/08/26 3:43 p.m.54 views

Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk

Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/07/08 6:43 p.m.54 views

GoBotKR Targets Pirate Torrents to Build a DDoS Botnet

A botnet dubbed GoBotKR is targeting fans of Korean TV, compromising computers via pirated copies of South Korean movies, games and TV shows available via Korean and Chinese torrent sites. Ultimately, the cybercriminals are building a network that can then be used to perform DDoS attacks of vario...

7.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/14 12:2 p.m.54 views

Hackers Favor Weekdays for Attacks, Share Resources Often

Do threat actors carry out phases of their attack on different days of the week? Do threats use the same infrastructure for exploitation and control? These may not be the sort of questions that cybersecurity professional usually think about, but their implications can actually have an important...

Exploits0References2
ThreatPost
ThreatPost
added 2019/04/23 8:26 p.m.54 views

Carbanak Source Code Unveils a Startlingly Complex Malware

A look under the hood of FIN7’s notorious Carbanak backdoor – the result of nearly 500 total hours of analysis across 100,000 lines of code and dozens of binaries – shows that the malware is highly sophisticated – more sophisticated than expected. It’s a Cadillac in a sea of golf carts, if you...

Exploits0References10
ThreatPost
ThreatPost
added 2019/03/07 5:0 p.m.54 views

RSAC 2019: For Domestic Abuse, IoT Devices Pose New Threat

SAN FRANCISCO – The influx of connected products in the home – from smart thermometers to connected locks – presents a disturbing new threat surface for victims of domestic abuse. That’s what Lisa Green, senior director of operations at Independent Security Evaluators, is warning conference-goers...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/07/25 7:36 p.m.54 views

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

A buggy Mozilla Firefox browser extension for sharing links to Pinterest has automatically injected malformed code into at least 5,000 websites. The code injection in this instance was not malicious, but researchers at Sucuri, which discovered and reported the problem on Tuesday, said the inciden...

7.5CVSS0.1AI score0.37951EPSS
Exploits7References2
ThreatPost
ThreatPost
added 2018/07/11 7:8 p.m.54 views

Multiple Bugs Found in QNAP Q’Center Web Console

Researchers found an array of high severity vulnerabilities in network storage vendor QNAP’s web console, which could enable an authenticated attacker to gain privileges and execute arbitrary commands on the system. The web-based platform, Q’center, allows users to manage network attached storage...

9CVSS2AI score0.59215EPSS
Exploits12References8
ThreatPost
ThreatPost
added 2018/04/30 8:43 p.m.54 views

KRACK Vulnerability Puts Medical Devices At Risk

A slew of devices from medical technology company Becton, Dickinson and Company BD are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2017/07/31 1:0 p.m.54 views

Microsoft Releases Outlook Patches, Fixes Broken Update

During the heat of Black Hat last week, Microsoft pushed out patches for Outlook that address three newly reported vulnerabilities. Last week’s update also included fixes for six of eight vulnerabilities left unpatched after issues were reported with the June Patch Tuesday update. The most seriou...

9.3CVSS0.6AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2017/06/28 12:15 p.m.54 views

Average Bug Bounty Payments Growing

HackerOne said Monday its average dollar payouts to participants are up, and cross site scripting vulnerabilities cause the biggest headaches for companies. The bug bounty platform provider culled data from the past four years, analyzing 50,000 reported bugs and more than $17 million in payouts t...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2016/06/15 3:23 p.m.54 views

Patched BadTunnel Windows Bug Has 'Extensive' Impact

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese...

9.3CVSS0.2AI score0.99945EPSS
Exploits35References2
ThreatPost
ThreatPost
added 2016/01/19 7:47 a.m.54 views

Linux Kernel Privilege Escalation Flaw Patched

A patch for a critical Linux kernel flaw, present in the code since 2012, is expected to be pushed out today. The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, t...

7.2CVSS6.8AI score0.03646EPSS
Exploits14References2
ThreatPost
ThreatPost
added 2015/05/05 8:0 a.m.54 views

Angler Exploit Kit, Bedep Malware Inflating Video Views

A new sort of hacktivism emerged last week when experts from Trustwave published new research revealing that attackers are using the Angler exploit kit and the Bedep Trojan in order to drive artificial views to politically controversial videos. The motivation for the scheme, it appears, is to...

10CVSS0.8AI score0.95683EPSS
Exploits48References3
ThreatPost
ThreatPost
added 2015/03/10 2:24 p.m.54 views

March 2015 Microsoft Patch Tuesday Security Bulletins

Windows IT shops figure to be in for some scrambling today. Not only was it revealed that a five-year-old patch for a vulnerability exploited by Stuxnet was incomplete and machines have been exposed since 2010, but today is also Patch Tuesday and the updated Stuxnet patch is one of 14 bulletins...

9.3CVSS9.7AI score0.99945EPSS
Exploits51References12
ThreatPost
ThreatPost
added 2014/03/13 1:56 p.m.54 views

Energy Watering Hole Attack Used LightsOut Exploit Kit

A recent watering-hole attack targeted firms in the energy sector using a compromised site belonging to a law firm that works with energy companies and led victims to a separate site that used the LightsOut exploit kit to compromise their machines. The attack, which was active during late Februar...

10CVSS7.8AI score0.98704EPSS
Exploits10References6
ThreatPost
ThreatPost
added 2013/09/06 7:40 a.m.54 views

Many Flash, Java Users Running Older, Vulnerable Versions

It’s long been known that Java and Flash are favored targets of attackers, thanks to their huge install bases and numerous security issues. And the users who are targeted by these attacks aren’t doing themselves any favors either, as new research shows that 19 percent of business users are runnin...

10CVSS1.8AI score0.10179EPSS
Exploits4References2
ThreatPost
ThreatPost
added 2012/10/31 11:20 p.m.54 views

DHS Chief Uses 'Sandy' to Underscore Cybersecurity Threats

While the eastern United States recovers from this week’s devastasting storm, the nation’s Homeland Security chief used “Superstorm Sandy” to promote the importance of national cybersecurity protection. “One of the possible areas of attack, of course, is attacks on our nation’s control systems —...

Exploits0References1
ThreatPost
ThreatPost
added 2012/05/03 2:9 p.m.54 views

Serious Remote PHP Bug Accidentally Disclosed

A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag...

7.5CVSS0.2AI score0.99998EPSS
Exploits43References3
ThreatPost
ThreatPost
added 2012/03/08 7:2 p.m.54 views

Mystery of Duqu Deepens As Researchers Ponder Unknown Programming Language

Segments of code within the mysterious information stealing trojan, Duqu, seem to have been written in an unknown programming language according to a new report from Securelist. Kaspersky Lab Expert, Igor Soumenkov claims that Duqu’s payload DLL initially looked like standard Windows executable,...

1.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/05/12 10:45 a.m.53 views

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/12/14 11:10 p.m.53 views

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2...

9.3CVSS8.6AI score0.18024EPSS
Exploits6References22
ThreatPost
ThreatPost
added 2021/11/25 4:2 p.m.53 views

New Twists on Gift-Card Scams Flourish on Black Friday

Black Friday cyber-pariahs have revamped gift-card scams to better target modern online shoppers hungry for deals post-Thanksgiving. Experts warn new tactics include bogus gift-card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. Internet-based Blac...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/07/07 2:47 p.m.53 views

Fake Kaseya VSA Security Update Drops Cobalt Strike

A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator VSA platform to spread a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike, researchers warn. On Tuesday night, Malwarebyte...

7.9AI score
Exploits0References28
ThreatPost
ThreatPost
added 2021/07/01 11:30 a.m.53 views

Netgear Authentication Bypass Allows Router Takeover

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/06/29 11:34 a.m.53 views

Details of RCE Bug in Adobe Experience Manager Revealed

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager AEM, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. The bug, patched in May, allowed hackers to bypass authentication protection and execute code...

7.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/25 8:26 p.m.53 views

‘Agrius’ APT Launches Wiper Attacks Against Israelis

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Sentinel Labs analysts said they have been tracking Agrius’ operations in Israel...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/05/12 7:51 p.m.53 views

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

Telegram groups are being abused by fraudsters peddling fake COVID-19 vaccination cards to the unvaccinated and anti-vaxxer communities, according to researchers. Brittany Allen, trust and safety architect at Sift, noticed the illicit sales on the encrypted messaging platform as the COVID-19...

5.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/04/21 12:0 p.m.53 views

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/04/02 1:9 p.m.53 views

Robinhood Warns Customers of Tax-Season Phishing Scams

Attackers have targeted customers of stock-trading broker Robinhood with a phishing campaign aimed to steal their credentials and spread malware using fake tax documents, the company has warned. Robinhood, which aims to make it easy for people to trade stocks online but has faced a number of...

0.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/03/26 8:8 p.m.53 views

E.O. Would Strengthen Federal Cyber Requirements

The U.S. federal government is mulling changes to up its cybersecurity software game in the wake of the sprawling SolarWinds cyberattacks that came to light in December, including requiring data-breach notifications. In a draft executive order from President Joe Biden, software companies would be...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/03/24 8:53 p.m.53 views

ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar

In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...

6.9AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/03/17 3:8 p.m.53 views

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy...

0.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/03/09 9:59 p.m.53 views

Dark Web Markets for Stolen Data See Banner Sales

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiar predicament — they need to lock down...

7.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/03/09 4:44 p.m.53 views

Google Play Harbors Malware-Laced Apps Bent on Spying

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The malware is part of a campaign aimed at lifting victims’ financial information, but which also...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/02/10 1:49 p.m.53 views

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/02/02 6:17 p.m.53 views

Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges

Hundreds of investors in a fake cryptocurrency scam were bilked out of $11 million by John DeMarr, who advised them to invest in fake cryptocurrency “Bitcoiin,” took their money and spent it on a Porsche, jewelry and upgrades to his home, a criminal complaint from the Department of Justice allege...

Exploits0References5
ThreatPost
ThreatPost
added 2021/01/21 3:2 p.m.53 views

Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...

0.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/10/26 2:40 p.m.53 views

Nando's Hackers Feast on Customer Accounts

Diners at a popular chicken-dinner chain have seen hundreds of dollars siphoned out of their bank accounts, after cybercriminals were able to access their restaurant ordering credentials. The issue though is that payment-card information is not stored within Nando’s accounts, leaving some questio...

Exploits0References6
ThreatPost
ThreatPost
added 2020/10/09 2:50 p.m.53 views

Facebook Debuts Bug Bounty ‘Loyalty Program’

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called “Hacker Plus,” offers bonuses on top of bounty awards,...

6.5AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/07/23 12:57 p.m.53 views

Twitter: Hackers Accessed Private Messages for Elite Accounts

Hackers accessed direct messages DMs for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. An elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late...

0.6AI score
Exploits0References7
Total number of security vulnerabilities5000