Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/03/23 8:35 p.m.50 views

Hackers Actively Exploited 0-Day in CCTV Camera Hardware

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...

0.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/03/18 6:0 p.m.50 views

Trend Micro Fixes Critical Flaws Under Attack

Trend Micro has released security updates patching five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan XG for Windows. Specifically, Apex One 2019 and OfficeScan XG SP1 and XG are affected by four critical-severity and one high-severity flaws. Two of these...

10CVSS1.2AI score0.25125EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2020/02/26 2:0 p.m.50 views

Unpatched Security Flaws Open Connected Vacuum to Takeover

SAN FRANCISCO – Researchers have discovered several high-severity vulnerabilities in a connected vacuum cleaner. The security holes could give remote attackers the capability to launch an array of attacks — from a denial of service DoS attack that renders the vacuum unusable, to viewing private...

0.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/02/12 2:37 p.m.50 views

Katie Moussouris: The Bug Bounty Conflict of Interest

Since the launch of the Hack the Pentagon program in 2016, bug bounty programs continue to increase in popularity – however, as more programs are created, some companies are forgetting the real reason behind bug bounties. Instead of aiming to make their systems more secure, companies are viewing...

7.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2020/01/02 5:38 p.m.50 views

California Adopts Strictest Privacy Law in U.S.

A landmark privacy rights bill took effect Jan. 1, 2020 in California and will have broad implications for U.S. consumers and businesses. The California Consumer Privacy Act CCPA mandates strict requirements for companies to notify users about how their user data will be used and monetized along...

1.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2019/12/19 3:45 p.m.50 views

Honda Leaks Data of 26K North American Customers

An exposed database was discovered leaking the personal information of 26,000 North American Honda owners and their vehicles. The Elasticsearch database in question is owned by the American Honda Motor Co., a North American subsidiary of the Honda Motor Co. The cloud misconfiguration exposed the...

1.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/12/04 9:11 p.m.50 views

Nebraska Medicine Breached By Rogue Employee

Hospital network Nebraska Medicine has disclosed a data breach after a former employee accessed sensitive patient data – including medical records and Social Security numbers. The Nebraska Medicine network encompasses Nebraska’s largest hospital, Nebraska Medical Center, as well as other location...

1.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/11/13 10:19 p.m.50 views

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

LAS VEGAS – From drones to facial recognition, new technology applications are introducing unique consumer privacy issues for civil society — and U.S. lawmakers and legal teams are struggling to keep up. Privacy is a fundamental human right for consumers, but new ways in which data is collected a...

Exploits0References20
ThreatPost
ThreatPost
added 2019/11/13 3:27 p.m.50 views

IoT Security Woes Plague Healthcare Industry

LAS VEGAS – More hospitals are adopting internet of things IoT devices, from wearables to smart insulin pens. But neither hospitals nor the device manufacturers themselves are ready to address the onslaught of security and privacy challenges that come with medical connected devices. At least 82...

Exploits0References10
ThreatPost
ThreatPost
added 2019/10/30 1:52 p.m.50 views

MSPs Can Now Provide Managed Detection and Response with Cynet 360

Today, managed detection and response MDR is a rapidly growing market segment, actively pursued by some 27 percent of organizations, according to April 2019 numbers released by ESG Research. According to the same, another 11 percent of organizations plan to pursue MDR in the future. The Cynet 360...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/09/16 1:13 p.m.50 views

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate digital certificate...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/09/05 3:14 p.m.50 views

$5.3M Ransomware Demand: Massachusetts City Says No Thanks

After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Mass., the city announced that it is instead opting to pick up the pieces and restore what it can from backups itself. If the city had opted to pay, the payout would have been the largest known ransom payout f...

0.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/08/07 2:51 p.m.50 views

Smominru Cryptominer Scrapes Credentials for Half-Million Machines

A commodity cryptomining botnet campaign that has infected a half-million computers is now tapping a lucrative secondary moneymaking opportunity in selling access to victim machines, according to researchers. An analysis of the known Smominru cryptomining campaign, which uses a modified version o...

0.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2017/06/08 2:53 p.m.50 views

Motorola Moto G4, G5 Vulnerable to Local Root Shell Attacks

UPDATE Researchers say several Motorola handset models are vulnerable to a critical kernel command line injection flaw that could allow a local malicious application to execute arbitrary code on the devices. The two affected Motorola models are the Moto G4 and Moto G5. The warnings come from Alep...

9.3CVSS1.1AI score0.09465EPSS
Exploits6References6
ThreatPost
ThreatPost
added 2017/02/23 8:0 a.m.50 views

Publicly Disclosed Windows Vulnerabilities Await Patches

As a consequence of skipping its February Patch Tuesday release, Microsoft is leaving two publicly disclosed vulnerabilities unpatched with proof-of-concept exploits available for both. That raises the stakes exponentially on possible attacks, said Tod Beardsley, senior research director at Rapid...

7.1CVSS8AI score0.821EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2016/05/23 1:8 p.m.50 views

Persistent EITest Malware Campaign Jumps from Angler to Neutrino

A two-year-old EITest malware campaign is still going strong, fueled by the fact it has shifted its distribution technique over time. Now, researchers at the SANS Institute’s Internet Storm Center, are reporting EITest is morphing again based on analysis of the malware campaign conducted earlier...

10CVSS9.9AI score0.22487EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/05/10 3:3 p.m.50 views

May 2016 Microsoft Patch Tuesday Security Bulletins

Microsoft released a hefty load of security bulletins today, which included a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited. The flaw is addressed in its own bulletin, MS16-053, but users need to pay attention to, and apply MS16-051 as well since the...

9.3CVSS0.8AI score0.93165EPSS
Exploits10References16
ThreatPost
ThreatPost
added 2016/05/03 12:17 p.m.50 views

OpenSSL Patches Padding Oracle Attack Bug

The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...

2.6CVSS0.8AI score0.89058EPSS
Exploits6References3
ThreatPost
ThreatPost
added 2014/10/29 11:29 a.m.50 views

Dyreza Banker Trojan Attackers Exploiting CVE-2014-4114 Windows Flaw

The Dyreza Trojan is nothing if not ambitious. The malware has been spotted doing a variety of interesting things in the last year, including bypassing SSL and targeting users of specific business apps. Now the Trojan is exploiting the recently disclosed CVE-2014-4114 vulnerability in Windows tha...

9.3CVSS2.1AI score0.81628EPSS
Exploits22References3
ThreatPost
ThreatPost
added 2014/04/28 11:43 a.m.50 views

Flash Zero Day Used to Target Victims in Syria

A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...

10CVSS9AI score0.94569EPSS
Exploits10References3
ThreatPost
ThreatPost
added 2013/01/29 5:47 p.m.50 views

Some Versions of Ruby on Rails Vulnerable to New Parsing Attack

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation JSON code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL cod...

7.5CVSS8AI score0.99449EPSS
Exploits22References9
ThreatPost
ThreatPost
added 2012/08/30 6:12 p.m.50 views

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...

10CVSS1.6AI score0.98536EPSS
Exploits10References4
ThreatPost
ThreatPost
added 2012/08/10 2:24 p.m.50 views

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel

While much of the world was focused yesterday on the Gauss malware saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the Zeus and Citadel attacks, though the motivation behind the attack is somewhat of a mystery. The new...

10CVSS0.98113EPSS
Exploits22References7
ThreatPost
ThreatPost
added 2012/03/22 3:44 p.m.50 views

Mass WordPress Compromise Fuels CRIDEX Worm Outbreak

There are a number of compromised sites on the popular blogging platform, WordPress, which, according to a Trend Labs report, are actively infecting users with the CRIDEX worm. The infections are part of a social engineering campaign that lures users with emails purporting to come from trusted...

9.3CVSS7.9AI score0.88246EPSS
Exploits23References10
ThreatPost
ThreatPost
added 2012/03/14 7:15 p.m.50 views

Microsoft, Security Experts Warn 'Wormable' RDP Exploit Will Come Sooner Than Later

As a follow-up to its usual Patch Tuesday release this week, officials at Microsoft are warning users that an exploit against the recently disclosed Remote Desktop Protocol RDP vulnerability for Windows is likely to come in the next 30 days. According to a supplementary entry on its Security...

9.3CVSS0.3AI score0.99945EPSS
Exploits44References7
ThreatPost
ThreatPost
added 2011/09/16 4:32 p.m.50 views

Google Fixes More Than 30 Flaws in Chrome

Google has fixed more than 30 security vulnerabilities in its Chrome browser with a new version the company released on Friday. The company also paid out more than $14,000 in rewards to the various researchers who reported bugs that were fixed with Chrome 14.0.835.163. The new version of Chrome...

7.5CVSS0.6AI score0.0369EPSS
Exploits6References36
ThreatPost
ThreatPost
added 2011/08/31 10:30 a.m.50 views

Apache Fixes Range Header DoS Flaw

There is a new version of the Apache Web Server available that fixes the recently disclosed range header denial-of-service vulnerability. Apache 2.2.20 is was released Tuesday and the new content mostly comprises the bug fix. The Apache Software Foundation, which maintains the Web server, said th...

7.8CVSS7.6AI score0.98945EPSS
Exploits17References4
ThreatPost
ThreatPost
added 2022/06/13 12:36 p.m.49 views

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego. The paper suggests...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/01/25 4:22 p.m.49 views

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

The WordPress content management system CMS is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow remot...

7.7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2022/01/24 9:13 p.m.49 views

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/12/23 4:0 p.m.49 views

Telegram Abused to Steal Crypto-Wallet Credentials

Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber’s Division Seven threat...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/10/25 3:28 p.m.49 views

CISA Urges Sites to Patch Critical RCE in Discourse

Discourse – the ultra-popular, widely deployed open-source community forum and mailing list management platform – has a critical remote code-execution RCE bug that was fixed in an urgent update on Friday. Tracked as CVE-2021-41163, the flaw is found in Discourse versions 2.7.8 and earlier. It’s...

10CVSS9.7AI score0.19812EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2021/10/04 3:22 p.m.49 views

Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions

More than 3,300 U.S. military service members, military dependents and civilians employed by the Department of Defense were compromised as part of a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the Department of Veterans Affairs. ...

7.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/09/28 2:39 p.m.49 views

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center MSTIC have observed the APT it calls Nobelium using a...

9.8CVSS9AI score0.99999EPSS
Exploits11References12
ThreatPost
ThreatPost
added 2021/09/02 3:41 p.m.49 views

Cisco Patches Critical Bug With Public Exploit

Cisco has patched a near-max critical bug in its NFVIS software for which there’s a publicly available proof-of-concept PoC exploit. On Wednesday, Cisco released patches for the flaw – an authentication bypass vulnerability in Enterprise NFV Infrastructure Software NFVIS that’s tracked as...

9.8CVSS9AI score0.19958EPSS
Exploits3References4
ThreatPost
ThreatPost
added 2021/08/12 1:59 p.m.49 views

QR Code Scammers Get Creative with Bitcoin ATMs

With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors are going so far as to send potential victims to gas stations to use Bitcoin ATMs in their endeavors to exploit the technology. The Better Business Bureau B...

7.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/08/05 11:40 p.m.49 views

Black Hat: New CISA Head Woos Crowd With Public-Private Task Force

LAS VEGAS – Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency CISA, the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Called the Joint...

7.1AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/05/20 12:10 p.m.49 views

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the...

7.2AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/04/27 8:46 p.m.49 views

Nintendo Sues Video-Game Pirates

Gaming giant Nintendo has filed a lawsuit against video-game piracy group ringleader Gary Bowser, a Canadian national behind Team Xecuter, which law enforcement said built and sold hacking devices that enabled consoles to play unauthorized versions of games. Download “The Evolution of Ransomware”...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/04/22 1:0 p.m.49 views

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

Even though data breaches top news headlines every other week, it’s still tempting to think that no one is interested in your data. But a hacker doesn’t need to target you in particular to get their hands on your most sensitive information. Let’s look at the cyber-threats out there and how a...

7.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/03/16 1:0 p.m.49 views

Top MSPs challenges in 2021

If one searches for ‘the top MSP challenges’ between 2017 and 2020, there are mainly five things that are more likely to emerge from the search results: adopting cloud-based solutions, sales margins, satisfying complex client’s needs, employee turnover, and the scalability of the IT security...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/03/01 10:54 p.m.49 views

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/02/16 10:0 p.m.49 views

Complaint Blasts TikTok’s 'Misleading' Privacy Policies

An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has “misleading” data-collection policies. ByteDance-owned TikTok has skyrocketed in popularity, with more than 2 billion downloads on th...

0.1AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/01/29 1:29 p.m.49 views

Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher

Microsoft has attributed a recently discovered campaign to target security researchers with custom malware through elaborate socially-engineered attacks to an APT group affiliated with North Korea-linked Lazarus Group. Google’s Threat Analysis Group TAG on Monday already sounded a warning about t...

7.5AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/01/18 3:35 p.m.49 views

Medical Device Security: Diagnosis Critical

A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality. Last year, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued more than a...

0.1AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/01/14 7:33 p.m.49 views

Florida Ethics Officer Charged with Cyberstalking

A Tallahassee city ethics officer was arrested and charged with cyberstalking her coworker and former lover, and is now banned by a judge from using the internet for anything besides work, paying bills and her legal defense. Julie Meadows-Keef is accused of cyberstalking Bert Fletcher, the...

7.4AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/01/14 5:20 p.m.49 views

Telegram Bots at Heart of Classiscam Scam-as-a-Service

A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate...

Exploits0References7
ThreatPost
ThreatPost
added 2021/01/05 8:33 p.m.49 views

Telegram Triangulation Pinpoints Users' Exact Locations

A feature that allows Telegram users to see who’s nearby can be misused to pinpoint your exact distance to other users – by spoofing one’s latitude and longitude. According to bug-hunter Ahmed Hassan, the “People Nearby” feature could allow an attacker to triangulate the location of unsuspecting...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/12/14 7:50 p.m.49 views

Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

A man has been sentenced to two years in jail after being convicted of hacking Cisco’s Webex collaboration platform in an insider-threat case brought to the U.S. District Court in California. Sudhish Kasaba Ramesh, 31, admitted that he broke into Cisco’s cloud infrastructure in 2018, hosted on...

6.4CVSS9AI score0.65907EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2020/12/08 11:0 a.m.49 views

'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices

Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency CISA – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things IoT devices and embedded systems, including smart thermometers, smart plugs and printers...

8.4AI score
Exploits0References9
Total number of security vulnerabilities5000