Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/05/12 4:50 p.m.52 views

Gig Workers Being Paid $500 for Payroll Passwords

Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up...

5.7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/04/22 1:17 p.m.52 views

Telegram Platform Abused in 'ToxicEye' Malware Campaigns

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...

0.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/02/10 1:49 p.m.52 views

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/02/04 3:58 p.m.52 views

Microsoft Office 365 Attacks Sparked from Google Firebase

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/01/05 1:51 p.m.52 views

Data from August Breach of Amazon Partner Juspay Dumped Online

Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found. Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach...

0.7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/07/30 9:40 p.m.52 views

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...

7.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/07/21 6:32 p.m.52 views

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will “blindside” the world: “fakeable” voices. More bad actors using artificial...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/06/08 1:0 p.m.52 views

Can Governments Defeat Nation-State Attacks on Critical Infrastructures?

For physical conflicts, we expect our government to protect us from nation-state adversaries. It turns out, though, that industrial enterprises are much better positioned to defeat most nation-state attacks on power plants, pipelines, and other critical infrastructures than governments are. For...

0.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/05/21 1:0 p.m.52 views

Supreme Court Phish Targets Office 365 Credentials

A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme...

6.9AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/05/15 3:54 p.m.52 views

Quantum Security Goes Live with Samsung Galaxy

Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation RNG chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum...

9.3CVSS7.8AI score0.012EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2020/05/06 2:32 p.m.52 views

Ransomware Attack Takes Down Toll Group Systems, Again

Australian transportation and logistics giant Toll Group has been hit by a ransomware attack – for the second time in three months. The company said a relatively new form of ransomware known as Nefilim had targeted its systems. Toll Group, a subsidiary of Japan Post Holdings, is a freight and...

7.6AI score
Exploits0References18
ThreatPost
ThreatPost
added 2020/04/17 2:44 p.m.52 views

Zoom Bombing Attack Hits U.S. Government Meeting

A U.S. House Oversight Committee meeting was the most recent victim of a Zoom bombing attack, after the meeting was disrupted at least three different times by uninvited attendees. The incident was disclosed in a recent internal letter from Jim Jordan R-Ohio to Carolyn Maloney R-NY, chairwoman fo...

6.9AI score
Exploits0References19
ThreatPost
ThreatPost
added 2020/03/24 1:0 p.m.52 views

Domain Name Security: Important Measures You Need to Know

Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a doma...

1.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/03/18 9:14 p.m.52 views

Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’

UPDATE Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. Since its discovery, an update has fixed what researchers said was a...

7.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/03/18 1:51 p.m.52 views

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

1.4AI score0.07581EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/02/25 8:39 p.m.52 views

RSAC 2020: Blockchain is 'Garbage In', Voting Needs Paper Ballots

SAN FRANCISCO – Cryptography is at the heart of security, especially here at this week’s RSAC 2020. And during the event’s annual Cryptographer’s Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. Privacy is clearly a top...

6.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/02/18 10:18 p.m.52 views

FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter

Just ahead of its Champion’s League Round of 16 appearance next week, FC Barcelona’s official Twitter account was hacked in an apparent credential-stuffing attack. The strike resulted in account takeover and bogus tweets being sent out. The hacking collective known as OurMine, which made headline...

7.7AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/02/18 7:48 p.m.52 views

Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign

Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain,...

0.1AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/01/27 5:52 p.m.52 views

N.Y. Could Ban Cities from Paying Ransomware Attackers

New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...

0.1AI score
Exploits0References11
ThreatPost
ThreatPost
added 2019/12/18 7:43 p.m.52 views

Why Cloud, Collaboration Breed Insider Threats

When it comes to facing insider threats, many enterprises seem to be suffering from a type of organizational cognitive dissonance – as in, they hold two, seemingly contradictory beliefs when it comes to the cloud and the collaboration tools that they use. Specifically, business leaders and...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/12/11 9:16 p.m.52 views

Smart Krampus-3PC Malware Targets iPhone Users Online

A malicious web redirect campaign affecting iPhone users has impacted more than 100 publisher websites, including online newspapers and international weekly news magazines. According to The Media Trust’s Digital Security & Operations DSO team, iPhone users visiting any of the impacted websites we...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/11/05 11:36 a.m.52 views

Eye Clinic Breach Reveals Data of 20,000 Patients

A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal. The breach at the Utah Valley Eye Center in Provo, Utah, that exposed patient emails once again highligh...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/10/30 7:47 p.m.52 views

Insurance Pays Out a Sliver of Norsk Hydro's Cyberattack Damages

On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/10/22 1:0 p.m.52 views

Cynet’s free vulnerability assessment offering helps organizations significantly increase their security

Long before a cyberattack is underway, organizations need to be focused on improving their security. Part of this is to always be monitoring their environment, on the lookout for weaknesses and ready to take action if they are found. This is the best way to ensure the organization remains immune ...

0.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/09/06 7:14 p.m.52 views

Back-to-School Scams Target Students with Library-Themed Emails

College students settling back into school might want to think twice before clicking on an email prompting them to renew their school library account. Researchers warn that students at hundreds of universities worldwide are being targeted with fake emails this week, which tout attachments or link...

Exploits0References8
ThreatPost
ThreatPost
added 2019/06/19 9:2 p.m.52 views

Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data

NASA’s Jet Propulsion Laboratory JPL may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT...

0.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/05 11:54 a.m.52 views

Infosecurity Europe: Easing the Clash Between IT and Industrial Worlds

LONDON, UK – Information technology and operational technology are like two sides of the same coin. Their objectives are the same, but too often they don’t see eye-to-eye when it comes to priorities, according to cybersecurity experts. Information technology IT teams are tasked with securing and...

6.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/05/06 2:42 p.m.52 views

Tor Security Add-On Abruptly Killed by Mozilla Bug

Thanks to Mozilla letting an intermediate signing certificate expire, the Tor community was thrown into disarray over the weekend when the NoScript security add-on was suddenly killed for both Firefox and the Tor browser. A fix is available for Firefox, but the Tor issue continues. NoScript is a...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/04/15 1:59 p.m.52 views

Microsoft Outlook Breach Widens in Scope, Impacting MSN And Hotmail – Report

UPDATE A recently-disclosed Microsoft email-platform breach is reportedly much worse than previously thought, now impacting a large number of Outlook accounts as well as MSN and Hotmail email accounts. On Friday, a slew of Outlook users reported receiving notifications from Microsoft. The...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/04/10 4:30 a.m.52 views

SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort

SINGAPORE — Around 240 high-profile victims in 39 countries worldwide have become victims of an APT cyber-espionage attack, led by an organization dubbed the Gaza Cybergang that comprises several groups of varying sophistication. The victims, who were all targeted last year, include political,...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/02/14 6:20 p.m.52 views

Threatpost Poll: Over Half of Firms Asked Struggle with Mobile Security

A Threatpost survey of readers found over half of respondents don’t feel sufficiently prepared to prevent or handle a security incident stemming from mobile devices in their firm. The informal survey results should serve as harbinger for security professionals in light of the fact that 80 percent...

6.8AI score
Exploits0References18
ThreatPost
ThreatPost
added 2018/06/05 2:23 p.m.52 views

Social Media Privacy Dominates Apple iOS 12, macOS Launches

Social media privacy is top of mind for Apple on the heels of the Facebook-Cambridge Analytica controversy. On Monday, Apple released the latest versions of its desktop and mobile operating systems at the Worldwide Developers Conference WWDC, which addresses a bevy of security and privacy concern...

7.1CVSS6.2AI score0.0092EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2018/04/10 9:16 p.m.52 views

Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical. Notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug CVE-2018-1034, rated important, which has no fix but has not been publicly exploited. Microsoft SharePoin...

9.3CVSS8.6AI score0.40069EPSS
Exploits2References17
ThreatPost
ThreatPost
added 2018/02/06 10:34 a.m.52 views

Cisco Issues New Patches for Critical Firewall Software Vulnerability

Cisco has released new patches for a critical vulnerability in its Adaptive Security Appliance software after further investigation revealed additional attack vectors. The company first announced the vulnerability, CVE-2018-0101, on Jan. 29. It received a Common Vulnerability Scoring System base...

10CVSS0.9AI score0.87397EPSS
Exploits7References4
ThreatPost
ThreatPost
added 2017/05/11 4:39 p.m.52 views

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an...

7.5CVSS9.8AI score0.99714EPSS
Exploits60References7
ThreatPost
ThreatPost
added 2016/07/07 7:0 a.m.52 views

APT Group 'Patchwork' Cuts-and-Pastes a Potent Attack

An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted...

9.3CVSS0.7AI score0.81628EPSS
Exploits22References2
ThreatPost
ThreatPost
added 2016/05/02 2:0 p.m.52 views

Google Patches More Trouble in Mediaserver

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...

10CVSS1.4AI score0.0206EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2016/01/14 2:33 p.m.52 views

OpenSSH Private Crypto Key Leak Patch

OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in...

4.6CVSS0.4AI score0.63468EPSS
Exploits3References2
ThreatPost
ThreatPost
added 2015/10/13 2:39 p.m.52 views

October 2015 Microsoft Patch Tuesday Security Bulletins

Microsoft’s monthly release of security bulletins today is a relatively light load of patches to be tested and deployed. The real news, however, could be in a separate advisory in which it continues to deprecate the outdated RC4 encryption algorithm. Following its initial advisory in May that...

9.3CVSS9.1AI score0.99945EPSS
Exploits33References8
ThreatPost
ThreatPost
added 2015/05/28 1:57 p.m.52 views

Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0

While the Angler Exploit Kit may have already established itself as one of the more sophisticated kits on the underground market, it appears it’s still finding ways to evolve. Angler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previous...

10CVSS0.8AI score0.95184EPSS
Exploits12References12
ThreatPost
ThreatPost
added 2015/04/03 11:3 a.m.52 views

VMware Fixes Java Information Disclosure Vulnerability

Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle’s Java runtime environment JRE. The update essentially installs the latest version of JRE into VMware systems where the old version of JRE was affecte...

4CVSS0.5AI score0.67234EPSS
Exploits5References1
ThreatPost
ThreatPost
added 2014/06/23 3:17 p.m.52 views

Threatpost News Wrap, June 23, 2014

Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digitalunderground156.mp3 Music by Chris Gonsalves...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2014/01/28 2:19 p.m.52 views

Malicious Java App is Cross-Platform Botnet

Java-related security issues have remained relatively quiet during the past few months, especially after a rocky start to 2013 seemingly had one Java flaw after another in the news. Things might be starting to ramp up again with the discovery of a cross-platform Java-based botnet. Researchers at...

10CVSS0.98704EPSS
Exploits10References6
ThreatPost
ThreatPost
added 2014/01/09 1:2 p.m.52 views

Microsoft to Patch Zero Day in January 2014 Security Updates

Microsoft announced Thursday that it plans to release four bulletins next week as part of the year’s first batch of Patch Tuesday security updates, none of which are rated critical. Despite the relatively light load, the patches do address a zero-day vulnerability in Windows XP and Windows Server...

9.3CVSS8.9AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2013/09/19 3:55 p.m.52 views

Oil, Energy Watering Hole Attacks Linked to DOL attack

A string of watering hole attacks targeting oil and energy companies dating back to May could be linked to similar attacks against the U.S. Department of Labor website. Researchers at Cisco discovered the compromised domains of 10 oil and energy companies worldwide, including hydroelectric plants...

10CVSS0.93688EPSS
Exploits29References10
ThreatPost
ThreatPost
added 2013/02/21 9:7 p.m.52 views

NBC Website Hacked, Leading Visitors to Citadel Banking Malware

Another day, another media company hacked. This time it’s NBC which has fallen to victim hackers on the heels of compromises of the New York Times and Wall Street Journal websites. Various experts have confirmed that NBC’s website is compromised and leading visitors to the dangerous Citadel banki...

10CVSS0.3AI score0.97612EPSS
Exploits38References6
ThreatPost
ThreatPost
added 2011/02/25 10:28 p.m.52 views

Hack-a-mole: Disgruntled Programmer Accused of Sabotaging Arcade Game Classic

Marvin Walter Wimberly, Jr., a sixty one year-old programmer and game board designer has been charged by authorities in Florida with committing computer crimes with the intent to defraud after his employer, game maker Bob’s Space Racers BSR uncovered an elaborate scheme in which popular arcade...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/12/10 3:47 p.m.52 views

Facebook Announces Hacker's Cup

Social networking Web site Facebook has announced that they will begin accepting registrations for the 2011 Hacker Cup, the first annual programming and puzzle solving contest open to software engineers, programmers, puzzle solvers and assorted hackers from around the world.Facebook said this wee...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/01/18 2:11 p.m.52 views

Attacks Continuing Against IE Flaw as Microsoft Preps Patch

Microsoft officials said on Sunday that they are continuing to investigate the attacks that are exploiting the unpatched flaw in Internet Explorer, but that the attacks right now are limited to specifically targeted activity against enterprise networks. The company said that it doesn’t look like...

9.3CVSS2.4AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2009/12/09 3:23 a.m.52 views

Adobe Zaps Dangerous Flash Player Bugs

Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks. The Flash Player 10.0.42.34 update is available for all platforms Windows, Linux and Mac OS X. Here are the raw details:...

9.3CVSS2.9AI score0.11556EPSS
Exploits3References3
Total number of security vulnerabilities5000