Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/10/16 1:0 p.m.53 views

New Presentation Template: Incident Response Reporting for Management

Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...

Exploits0References4
ThreatPost
ThreatPost
added 2019/09/18 9:9 p.m.53 views

Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village'

A global anonymous bug submission platform, announced at DEF CON in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or put researchers in legal hot water. DEF CON conference founder Jeff Moss said the goal wa...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/09/18 2:0 p.m.53 views

Edward Snowden Sued by U.S. Over New Memoir

The U.S. has sued whistleblower Edward Snowden over his new memoir, alleging he published the book in violation of non-disclosure agreements signed with both the CIA and NSA. Edward Snowden, a former employee of the Central Intelligence Agency and contractor for the National Security Agency NSA, ...

6.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/08/07 11:56 a.m.53 views

Security Vulnerabilities Are Increasingly Putting Kids at Risk

LAS VEGAS – IoT devices are increasingly coming into the hands of children – from connected watches, to Amazon Echo smart speakers – but security experts worry that these are opening up children’s data to future privacy breaches. The latest example of this fear was seen at Black Hat 2019, where...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/08/01 3:13 p.m.53 views

Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth

A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...

0.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/07/10 3:57 p.m.53 views

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...

6.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/06/06 2:31 p.m.53 views

Streaming Video Fans Open to TV Hijacking

A suite of critical remote code-execution vulnerabilities in a streaming TV platform could expose entire databases of subscribers’ personal info and financial details – and could open the door to attackers hijacking the service, streaming any content they wish to customer screens. According to...

0.2AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/05/15 2:50 p.m.53 views

Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide

When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...

7.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/03/11 8:31 p.m.53 views

Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix

A researcher has attributed a recently publicized attack on Citrix’ internal network to the Iranian-linked group known as IRIDIUM – and said that the data heist involved 6 terabytes of sensitive data. Resecurity posted a blog on Friday indicating that it detected a targeted attack and data breach...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/11/16 9:25 p.m.53 views

Emoji Attack Can Kill Skype for Business Chat

A denial of service DoS vulnerability in the Skype for Business unified communications platform has been uncovered, which can be triggered by sending large numbers of emojis to the instant messaging client. According to the SEC Consult Vulnerability Lab, which discovered the flaw CVE-2018-8546,...

4.3CVSS0.5AI score0.0546EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2018/10/17 3:24 p.m.53 views

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...

9CVSS0.4AI score0.78191EPSS
Exploits16References6
ThreatPost
ThreatPost
added 2017/03/13 4:48 p.m.53 views

38 Android Devices Infected with Malware Preinstalled in Supply Chain

Mobile devices manufactured by a diverse set of handset makers were discovered to be loaded with malware pre-installed somewhere along the supply chain. Check Point Software Technologies said that it found 38 Android handsets were infected with adware, information-stealing malware and ransomware,...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2017/02/21 1:2 p.m.53 views

Google Discloses Unpatched Microsoft Vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...

6.9CVSS6.6AI score0.821EPSS
Exploits4References5
ThreatPost
ThreatPost
added 2016/12/29 2:20 p.m.53 views

PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities

Critical remote code execution vulnerabilities in two different libraries used to send emails via PHP were patched this week. An issue in PHPMailer, thought fixed, was resolved with an update, version 5.2.21, pushed late Wednesday. Developers with another mailing library for PHP, SwiftMailer,...

7.5CVSS0.7AI score0.99714EPSS
Exploits71References27
ThreatPost
ThreatPost
added 2016/07/21 5:4 p.m.53 views

Google Fixes 48 Bugs, Sandbox Escape, in Chrome

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 i...

9.3CVSS8.7AI score0.0246EPSS
Exploits2References18
ThreatPost
ThreatPost
added 2016/03/23 7:0 a.m.53 views

Android Rooting Application Emergency Patch

A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws...

7.2CVSS7.5AI score0.01407EPSS
Exploits3References3
ThreatPost
ThreatPost
added 2016/01/21 11:45 a.m.53 views

Android Devices Linux Zero Day Kernel Vulnerability

Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated. The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially,...

7.2CVSS0.7AI score0.03646EPSS
Exploits14References5
ThreatPost
ThreatPost
added 2015/09/08 3:9 p.m.53 views

Flawed TLS Implementations Leak RSA Keys

A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called “Factoring RSA Keys With TLS Perfect Forward Secrecy” that demonstrated...

4.3CVSS0.2AI score0.03307EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/07/16 1:46 p.m.53 views

Office, Java Patches Erase Latest APT 28 Zero Days

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months. Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a...

10CVSS0.6AI score0.99344EPSS
Exploits6References5
ThreatPost
ThreatPost
added 2015/05/05 8:0 a.m.53 views

Angler Exploit Kit, Bedep Malware Inflating Video Views

A new sort of hacktivism emerged last week when experts from Trustwave published new research revealing that attackers are using the Angler exploit kit and the Bedep Trojan in order to drive artificial views to politically controversial videos. The motivation for the scheme, it appears, is to...

10CVSS0.8AI score0.95683EPSS
Exploits48References3
ThreatPost
ThreatPost
added 2014/06/06 1:40 p.m.53 views

Pinkie Pie Linux Kernel Patch Available

Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation. Debian, which distributes versions of Linux for personal computers and network servers, warned about the vulnerabilities yesterday in a security update. The most...

7.2CVSS1.9AI score0.37233EPSS
Exploits17References7
ThreatPost
ThreatPost
added 2013/08/12 2:52 p.m.53 views

Counter.php Redirecting to Sites Peddling Styx Exploit Kit

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...

10CVSS0.4AI score0.97612EPSS
Exploits67References4
ThreatPost
ThreatPost
added 2013/04/29 10:19 a.m.53 views

Attack Using Backdoored Apache Binaries to Lead to Blackhole Kit

There is a newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites serving various flavors of malware, including the Blackhole exploit kit. Rather than going the traditional route of simply injecting malicious cod...

7.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/02/11 8:40 p.m.53 views

Report: Malvertising Campaign Thrives on Dynamic DNS

A malvertising campaign that’s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks. The campaign, now in its fifth month, relies on the Dynamic Domain Name System DDNS to keep it from being caught according to a report...

10CVSS0.1AI score0.98536EPSS
Exploits48References4
ThreatPost
ThreatPost
added 2012/11/27 4:33 p.m.54 views

Fake Facebook Alert Emails Link to Black Hole Sites

Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to ...

9.3CVSS1.1AI score0.88246EPSS
Exploits12References4
ThreatPost
ThreatPost
added 2012/07/31 6:7 p.m.54 views

Olympic Flavored 419 Scams Exploit London Games Fervor

Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a ‘stay safe online’ page but has also compiled a downloadable list of known scams. The “Stay safe online” page of the London Games’ website...

6.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2012/06/07 4:27 p.m.53 views

Fake Automated Craigslist Email Notifications Link to Blackhole Exploit Kit

UPDATE: A big wave of emails purporting to be Craigslist notifications but containing links to websites hosting the Black Hole exploit kit hit the Internet yesterday, a day that already was filled with drama surrounding the LinkedIn password dump. The malicious emails, 150,000 of which were caugh...

9.3CVSS8AI score0.88246EPSS
Exploits23References4
ThreatPost
ThreatPost
added 2011/12/23 5:9 p.m.53 views

In Possible Targeted Attack, Amnesty International Web Site Found Serving Malware

Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal. Citing historical data, Royal claims that...

10CVSS0.3AI score0.96714EPSS
Exploits13References4
ThreatPost
ThreatPost
added 2009/11/11 9:45 p.m.53 views

Apple Patches Critical Safari Vulnerabilities

Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks. The high-priority update patches vulnerabilities that allow remote code execution drive-by downloads if a user simply surfs to a maliciously rigge...

9.3CVSS0.3AI score0.04471EPSS
Exploits6References2
ThreatPost
ThreatPost
added 2009/09/11 12:12 p.m.53 views

Microsoft Confirms SMB2 Flaw, Heightens Severity

Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover. The vulnerability, which was originally released as a...

10CVSS3.1AI score0.99945EPSS
Exploits53References7
ThreatPost
ThreatPost
added 2022/08/16 12:26 p.m.52 views

Xiaomi Phone Bug Allowed Payment Forgery

Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...

7.5CVSS7.7AI score0.06935EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2022/02/24 4:6 p.m.52 views

Web Filtering & Compliances for Wi-Fi Providers

The demand for public Wi-Fi is increasing constantly due to the increase of smartphone owners and remote workers. Researchers at VPNMentor say that there are approximately 549 million Wi-Fi hotspots worldwide. Another survey by Semantic found that 87 percent of U.S. consumers have used the readil...

8.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2022/01/04 8:49 p.m.52 views

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services AWS S3 bucket during a cloud-security audit, and it’s sharing the story to inspire other organizations to double-check their own systems. Researcher Aaron Phillips with VPN...

6.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/11/22 7:14 p.m.52 views

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for...

9.3CVSS8.2AI score0.01304EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2021/11/17 1:44 p.m.52 views

Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security...

7.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/10/06 8:34 p.m.52 views

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...

7.8AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/09/09 11:26 a.m.52 views

BladeHawk Attackers Target Kurds with Android Apps

Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESE...

7.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/08/03 8:16 p.m.52 views

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...

6.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/07/19 6:48 p.m.52 views

Ruthless Attackers Target Florida Condo Collapse Victims

Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently,...

6.7AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/07/06 5:1 p.m.52 views

Western Digital Users Face Another RCE

Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...

8AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/07/05 8:12 p.m.52 views

Kaseya Attack Fallout: CISA, FBI Offer Guidance

The REvil cybergang is taking credit for Friday’s massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. Federal...

7.6AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/06/23 7:23 p.m.52 views

Iran Media Websites Seized by U.S. in Disinformation Campaign

The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian...

7.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/06/23 3:39 p.m.52 views

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...

9.8CVSS9.7AI score0.01406EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/16 6:38 p.m.52 views

IKEA Fined $1.2M for Elaborate ‘Spying System’

IKEA’s French subsidiary was just hit with a $1.2 million fine after it was found guilty of a creepy systematic snooping scheme targeting customers, employees and even prospective hires. Prosecutors said in all, the company illegally surveilled about 400 people in total, according to the BBC. IKE...

7.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/06/10 6:58 p.m.52 views

STEM Audio Table Rife with Business-Threatening Bugs

The STEM Audio Table conference-room speaker has a security vulnerability that would allow unauthenticated remote code execution RCE as root – paving the way for eavesdropping on conversations, denial of service, lateral movement throughout enterprise networks and more. And, there are multiple...

9.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/06/10 3:51 p.m.52 views

Steam Gaming Platform Hosting Malware

UPDATE Look out for SteamHide, an emerging malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. The Steam platform merely serves as a vehicle which hosts the malicious file, according to research fr...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/06/09 12:58 p.m.52 views

DarkSide Pwned Colonial With Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...

7.7AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/06/02 3:52 p.m.52 views

REvil Ransomware Ground Down JBS: Sources

The cyberattack that flattened operations at JBS Foods over the weekend was indeed a ransomware strike, the global food distributor has confirmed to the Biden administration, with sources pointing to the REvil Group as the responsible gang. Four people familiar with the matter who weren’t...

7AI score
Exploits0References22
ThreatPost
ThreatPost
added 2021/06/01 9:5 p.m.52 views

Cyber-Insurance Fuels Ransomware Payment Surge

Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic. In the first half of 2020, ransomware attacks accounted for 41...

7.4AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/05/12 7:51 p.m.52 views

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

Telegram groups are being abused by fraudsters peddling fake COVID-19 vaccination cards to the unvaccinated and anti-vaxxer communities, according to researchers. Brittany Allen, trust and safety architect at Sift, noticed the illicit sales on the encrypted messaging platform as the COVID-19...

5.8AI score
Exploits0References6
Total number of security vulnerabilities5000