Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2018/09/27 2:49 p.m.310 views

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Enterprises using Apple’s Device Enrollment Program DEP for mobile device management MDM enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks, according to researchers. MDM is a common enterprise technology offered by multipl...

1.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/02/11 1:45 p.m.309 views

Apple Patches Actively Exploited WebKit Zero Day

Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of...

10CVSS9AI score0.16342EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2021/04/13 9:3 p.m.309 views

How the NAME:WRECK Bugs Impact Consumers, Businesses

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...

7.5CVSS0.4AI score0.07194EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2020/09/02 12:28 p.m.309 views

Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Softwar...

7.8CVSS1.4AI score0.26869EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/01/30 4:2 p.m.309 views

U.N. Hack Stemmed From Microsoft SharePoint Flaw

Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data. The breach was swept under the rug by...

7.5CVSS0.4AI score0.99913EPSS
Exploits29References9
ThreatPost
ThreatPost
added 2019/01/25 4:44 p.m.309 views

Razy Malware Attacks Browser Extensions to Steal Cryptocurrency

UPDATE A Windows malware dubbed “Razy” has been uncovered that sports a toolbox of cryptocurrency theft and fraud tools. Razy works by weaponizing browser extensions in order to perpetrate a range of online scams on unwitting victims. According to researchers at Kaspersky Lab, the trojan targets...

6.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2022/03/31 6:9 p.m.308 views

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...

8.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/04/15 4:35 p.m.308 views

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...

10CVSS0.99975EPSS
Exploits16References12
ThreatPost
ThreatPost
added 2017/04/28 6:52 p.m.308 views

WikiLeaks Reveals CIA Tool 'Scribbles' For Document Tracking

Update WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located ...

9.3CVSS0.6AI score0.99933EPSS
Exploits29References7
ThreatPost
ThreatPost
added 2019/11/22 7:50 p.m.307 views

Critical Flaws in VNC Threaten Industrial Environments

The open-source Virtual Network Computing VNC project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution RCE. According to researchers at Kaspersky...

7.5CVSS1AI score0.26869EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2022/03/15 4:58 p.m.306 views

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw

The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage NAS appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reporte...

7.8CVSS9.6AI score0.88106EPSS
Exploits171References14
ThreatPost
ThreatPost
added 2021/04/16 2:2 p.m.306 views

Mandiant Front Lines: How to Tackle Exchange Exploits

Recently, the public learned of multiple vulnerabilities “ProxyLogon” that impacted Microsoft’s on-premises Exchange Server, a software application used worldwide to manage communications between employees. Since then, many in the security industry have come to realize that attackers knew of thes...

7.5CVSS10AI score0.99999EPSS
Exploits63References9
ThreatPost
ThreatPost
added 2021/03/16 2:1 p.m.306 views

Google Releases Spectre PoC Exploit For Chrome

Google has released proof-of-concept PoC exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack,...

4.7CVSS6.8AI score0.93838EPSS
Exploits13References9
ThreatPost
ThreatPost
added 2019/05/31 7:0 p.m.306 views

5G Networks Spark Concerns For Enterprise Risks

THE HAGUE, Netherlands – The rise of 5G networks – and subsequent security risks – was the centerpiece issue discussed during the GSMA’s Mobile360 conference on 5G security this past week. While researchers warn that 5G security issues could literally be a matter of life or death for certain...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/02/09 10:33 p.m.305 views

Actively Exploited Windows Kernel Bug Allows Takeover

Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the...

9.3CVSS0.7AI score0.99512EPSS
Exploits100References25
ThreatPost
ThreatPost
added 2020/06/25 6:30 p.m.305 views

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...

7.5CVSS9AI score0.99993EPSS
Exploits124References8
ThreatPost
ThreatPost
added 2020/01/16 10:18 p.m.305 views

Critical Cisco Flaws Now Have PoC Exploit

Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager DCNM tool for managing network platforms and switches. The three critical vulnerabilities in question CVE-2019-15975, CVE-2019-15976, CVE-2019-15977 impact DCNM, a platform for...

10CVSS9.6AI score0.99512EPSS
Exploits92References19
ThreatPost
ThreatPost
added 2021/04/23 1:0 p.m.303 views

REvil's Big Apple Ransomware Gambit Looks to Pay Off

The REvil ransomware gang is known for audacious attacks on the world’s biggest organizations, and its demands for astronomical ransoms to match. But the gang’s latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service...

0.1AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/09/24 8:47 p.m.303 views

Feds Hit with Successful Cyberattack, Data Stolen

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency CISA issued an alert on Thursday, not naming the agency but providing technical details of...

7.5CVSS2AI score0.99999EPSS
Exploits22References3
ThreatPost
ThreatPost
added 2019/10/08 7:55 p.m.302 views

Critical Microsoft Remote Desktop Flaw Fixed in Security Update

Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Overall, Microsoft issued fixes for 59 vulnerabilities – including nin...

10CVSS0.3AI score0.17833EPSS
Exploits0References14
ThreatPost
ThreatPost
added 2021/11/24 2:9 p.m.301 views

Attackers Actively Target Windows Installer Zero-Day

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer...

7.8CVSS7.2AI score0.20099EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/08/10 7:43 p.m.301 views

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy CSP on websites, in order to steal data and execute rogue code. The bug CVE-2020-6519 is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of...

4.3CVSS1.4AI score0.26869EPSS
Exploits5References6
ThreatPost
ThreatPost
added 2019/10/24 3:44 p.m.301 views

Samsung Rolls Out Fix For Galaxy S10 Fingerprint Sensor Glitch

Samsung has reportedly started rolling out a software patch for the Galaxy S10 and Note10, addressing glitches in both phone models that allow the bypass of their built-in fingerprint authentication sensors. The fix comes after Samsung admitted last week that anyone can bypass the Galaxy S10...

9CVSS0.1AI score0.99965EPSS
Exploits30References12
ThreatPost
ThreatPost
added 2019/10/08 12:44 p.m.301 views

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn

State-sponsored advanced persistent threat APT groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials. The National Security Agency NSA issued a...

7.5CVSS9.2AI score0.99999EPSS
Exploits57References13
ThreatPost
ThreatPost
added 2020/03/05 3:11 p.m.300 views

High-Severity Cisco Webex Flaws Fixed

Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems. Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording...

9.3CVSS0.8AI score0.0552EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2021/07/27 5:30 p.m.298 views

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a “drastic” situation, given Zimbra’s...

9.8CVSS8.6AI score0.99986EPSS
Exploits6References11
ThreatPost
ThreatPost
added 2022/02/08 8:24 p.m.297 views

No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day

Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical. For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web...

8.8CVSS9.6AI score0.55711EPSS
Exploits12References13
ThreatPost
ThreatPost
added 2021/07/14 12:23 p.m.297 views

Updated Joker Malware Floods into Android Apps

The Joker mobile trojan is back on Google Play, with an uptick in malicious Android applications that hide the billing-fraud malware, researchers said. It’s also using new approaches to skirt past Google’s app-vetting process. Joker has been around since 2017, disguising itself within common,...

7.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/06/02 4:16 p.m.297 views

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...

5CVSS0.26869EPSS
Exploits1References12
ThreatPost
ThreatPost
added 2019/09/13 1:30 p.m.296 views

North Korean Spear-Phishing Attack Targets U.S. Firms

Researchers have uncovered an ongoing, sophisticated malware campaign aiming at U.S.-based targets with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions. The campaign, which researchers from Prevailion call “Autumn Aperture” and link...

6.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/01/22 11:1 a.m.295 views

PoC Exploits Do More Good Than Harm: Threatpost Poll

When it comes to the release of proof-of-concept PoC exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll. Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a...

7.5CVSS9.4AI score0.99999EPSS
Exploits49References18
ThreatPost
ThreatPost
added 2012/12/03 9:0 p.m.295 views

Dockster Mac Malware Targets Dalai Lama Website Through Flashback Vulnerability

Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year. F-Secure...

10CVSS10AI score0.98536EPSS
Exploits23References10
ThreatPost
ThreatPost
added 2019/07/22 2:31 p.m.294 views

Equifax to Pay $700 Million in 2017 Data Breach Settlement

Equifax will pay as much as $700 million to settle federal and state investigations on the heels of its infamous 2017 breach, which exposed the data of almost 150 million customers. The consumer credit reporting agency on Monday said it will dish out $300 million to cover free credit monitoring...

10CVSS9.9AI score0.99999EPSS
Exploits44References12
ThreatPost
ThreatPost
added 2021/04/01 7:53 p.m.292 views

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. The bugs, tracked as CVE-2020-2509 and CVE-2021-36195, impact QNAP’s model TS-231 network attached storage NAS hardware, allowing an attacker to manipulate stored data a...

4.3CVSS0.2AI score0.328EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2021/02/04 3:59 p.m.292 views

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers. The flaws exist in the web-based management interface of...

1.5AI score0.05421EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/07/22 4:43 p.m.293 views

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

10CVSS9.4AI score0.99913EPSS
Exploits20References12
ThreatPost
ThreatPost
added 2021/01/27 8:32 p.m.291 views

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers. A new version of a known network-address translation NAT slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if tho...

6.8CVSS0.7AI score0.01323EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2019/01/24 10:3 p.m.292 views

Fighting Fire with Fire: API Automation Risks

Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...

Exploits0References6
ThreatPost
ThreatPost
added 2021/01/07 12:53 p.m.290 views

Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire

WhatsApp is asking users to accept a new privacy policy that will share all of their data with Facebook beginning Feb. 8, a move that has users sounding an alarm once again about the privacy of their information in the hands of the social media giant. The Facebook-owned messaging service already...

7AI score
Exploits0References17
ThreatPost
ThreatPost
added 2020/12/23 3:55 p.m.290 views

Hey Alexa, Who Am I Messaging?

The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known. Now researchers have discovered that the devices also may be able to “hear” and record what people are typing on nearby smartphones, even...

6.8AI score
Exploits0References10
ThreatPost
ThreatPost
added 2022/02/11 7:57 p.m.289 views

Cybercrooks Frame Targets by Planting Fabricated Digital Evidence

Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn. The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting target...

9.3CVSS8.6AI score0.99966EPSS
Exploits29References22
ThreatPost
ThreatPost
added 2020/12/23 5:11 p.m.289 views

Third-Party APIs: How to Prevent Enumeration Attacks

When organizations use APIs – the next frontier in cybercrime – to engage with third parties, it’s crucial they understand the associated security exposure they’re introducing. To do so, they must think like a hacker to evaluate whether or not they are introducing a problem or a solution for thei...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/02/07 8:35 p.m.289 views

Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed

A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution RCE attacks – without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw CVE-2020-0022, which was patched earlier...

8.3CVSS9.7AI score0.26869EPSS
Exploits8References8
ThreatPost
ThreatPost
added 2021/06/10 9:54 p.m.288 views

‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoSes

A distributed denial-of-service DDoS extortion group has blazed back on the cybercrime scene, this time under the name of “Fancy Lazarus.” It’s been launching a series of new attacks that may or may not have any teeth, researchers said. The new name is a tongue-in-cheek combination of the...

6.4AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/01/28 8:6 p.m.288 views

Rocke Group’s Malware Now Has Worm Capabilities

Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks. The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with “worm” capabilities and rootkit...

7.5CVSS0.99993EPSS
Exploits69References17
ThreatPost
ThreatPost
added 2020/04/30 8:54 p.m.287 views

Salt Bugs Allow Full RCE as Root on Cloud Servers

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...

7.5CVSS9.7AI score0.96405EPSS
Exploits25References8
ThreatPost
ThreatPost
added 2019/08/16 9:5 p.m.286 views

Fake News and Influence: Information Warfare in the Digital Age

It’s 2019 and we live in a world where understanding what is real and what is fake can be challenging. For the security community, we increasingly deal with information warfare adversaries that rely on that fact; and, operating at internet scale, are capable of causing plenty of havoc...

6.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/01/25 10:16 p.m.286 views

LabKey Vulnerabilities Threaten Medical Research Data

A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting XSS attacks. The flaws are serious as they allow an attacker to retrieve user credentials once a...

5.8CVSS1AI score0.04825EPSS
Exploits3References4
ThreatPost
ThreatPost
added 2022/02/14 4:48 p.m.285 views

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack

A zero-day remote code-execution RCE bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said – prompting an emergency patch to roll out over the weekend. The security vulnerability bug CVE-2022-24086 is a critical affair, allowing pre-authentication R...

10CVSS8.9AI score0.99199EPSS
Exploits5References17
ThreatPost
ThreatPost
added 2020/05/15 8:41 p.m.285 views

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

9.6AI score0.26869EPSS
Exploits0References9
Total number of security vulnerabilities5000