Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2021/03/23 8:27 p.m.48 views

Security Analysis Clears TikTok of Censorship, Privacy Accusations

Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy. The...

7.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/03/18 2:53 p.m.48 views

Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter

A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics .PNG image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Researcher David Buchanan heralded his discovery on Twitter...

7AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/02/22 10:2 p.m.48 views

TDoS Attacks Take Aim at Emergency Services

Telephony denial-of-service TDoS attacks, which affect the availability and readiness of call centers, are hitting critical first-responder facilities, according to the Federal Bureau of Investigation FBI. A TDoS attack is designed to prevent incoming and outgoing calls, by flooding a target with...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/02/18 9:4 p.m.48 views

Apple Outlines 2021 Security, Privacy Roadmap

Click to Register Apple released its 2021 Platform Security guide, Thursday, outlining its current and year-ahead agenda for its device hardware, software and silicon security. This year’s 192-page report is beefed-up, compared to past reports, with a wealth of new insights into how Apple is...

7.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/12/11 8:39 p.m.48 views

Adrozek Malware Delivers Fake Ads to 30K Devices a Day

A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft. At its peak in August, Adrozek was observed on more than 30,000 devices each day, researchers found, affecting multiple browsers. The...

7.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/12/04 9:33 p.m.48 views

Making Sense of the Security Sensor Landscape

We have a serious sensor problem in the cybersecurity world. And it’s bad. Particularly when it comes to network intrusion detection and prevention sensors IDS/IPS. It seems like many security operations center SOC teams have completely given up on them being effective. But is the problem with...

0.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/12/02 9:38 p.m.48 views

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks

In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year’s most popular songs, the streaming service is grappling with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke and others. Spotify is the most...

0.1AI score
Exploits0References11
ThreatPost
ThreatPost
added 2020/11/30 9:25 p.m.48 views

Post-Cyberattack, UVM Health Network Still Picking Up Pieces

More than a month after a cyberattack hit the University of Vermont UVM health network, the organization is still working to recover its systems. The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicia...

0.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/10/26 7:15 p.m.48 views

'Among Us' Mobile Game Under Siege by Attackers

The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers —...

7.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/10/23 8:49 p.m.48 views

IoT Device Takeovers Surge 100 Percent in 2020

Connected cameras, refrigerators and other seemingly-mundane internet-of-things IoT devices are a cybercriminal favorite this year, with new research showing a sharp increase 100 percent in IoT infections observed on wireless networks. IoT devices are now responsible for 32.72 percent of all...

Exploits0References6
ThreatPost
ThreatPost
added 2020/09/04 5:23 p.m.48 views

Social Media: Thwarting The Phishing-Data Goldmine

Phishing attacks are on the rise and are more widespread — and successful — than ever before. They’ve gone way beyond mocked-up bank emails littered with malicious links although those are still around, too. Today’s hackers now target mobile users across multiple vectors, such as text and SMS...

Exploits0References6
ThreatPost
ThreatPost
added 2020/08/14 1:25 p.m.48 views

Instagram Retained Deleted User Data Despite GDPR Rules

Instagram kept copies of deleted pictures and private direct messages on its servers even after someone removed them from their account. The Facebook-owned service acknowledged the slipup and awarded a security researcher $6,000 for finding the bug. Researcher Saugat Pokharel discovered the...

7.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/08/13 8:23 p.m.48 views

CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets

The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group’s victimology, according to researchers. The group also used a fresh variant of the Bisonal backdoor, which allows the attacke...

7.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/06/10 1:30 p.m.48 views

Thanos Ransomware First to Weaponize RIPlace Tactic

Researchers have uncovered a new ransomware-as-a-service RaaS tool, called Thanos, which they say is increasing in popularity in multiple underground forums. Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique...

7.4AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/04/20 8:40 p.m.49 views

Maze Ransomware Attack Hits Cognizant

IT services giant Cognizant said that it has been hit by the Maze ransomware group in a cyberattack that has caused service disruptions. Cognizant, a Fortune 500 company that employs close to 300,000 people, said that it is providing customers with indicators of compromise IoCs and other technica...

0.1AI score
Exploits0References20
ThreatPost
ThreatPost
added 2020/02/25 6:7 p.m.48 views

RSAC 2020 Keynote: Changing the World's False Perception of Cybersecurity

SAN FRANCISCO – Today, cybersecurity is portrayed in the media and by businesses as an ongoing complex conflict between defenders and cybercriminals, with heightened noise around hyper-technical proof-of-concept attacks, or nation state threats. But, the reality is starkly different, said Rohit...

7.4AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/01/23 7:0 p.m.48 views

Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia

The malvertising-focused trojan known as Shlayer has burbled to the top of the malware heap when it comes to targeting Mac users. It made up 29 percent of all attacks on macOS devices in Kaspersky’s telemetry for 2019, making it the No. 1 Mac malware threat for the year. To spread, it has been...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/01/15 5:57 p.m.48 views

Equifax Settles Class-Action Breach Lawsuit for $380.5M

A Georgia court granted final approval for an Equifax settlement in a class-action lawsuit, after the credit-reporting agency was hit by its massive 2017 data breach. Equifax will pay $380.5 million to settle lawsuits regarding the 2017 data breach, the Atlanta federal judge reportedly ruled this...

7AI score
Exploits0References14
ThreatPost
ThreatPost
added 2019/12/03 10:48 p.m.49 views

DHS Plans to Expand Facial Recognition Border Checks

The Department of Homeland Security plans to extend facial recognition checks to all travelers entering and leaving the U.S. – including previously-exempt U.S. citizens. The proposed ruling, outlined in a recent filing that was first reported this week by TechCrunch, signifies a rapid expansion o...

0.6AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/11/25 7:28 p.m.48 views

NYPD Fingerprint Database Taken Offline to Thwart Ransomware

The New York Police Department’s database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports. The malware was introduced to the network via a contractor who was installing a digital display, according to an article in the New York Post. To do t...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/11/06 2:0 p.m.48 views

Presentation Template: Build Your 2020 Security Plan

As the end of the year approaches, security decision makers are creating their 2020 plans and running them by management for approval. In most cases, this means requesting and making the case for the necessary resources that need to be allocated, while still providing value to the organization. T...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/11/04 5:30 p.m.48 views

Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol ARP pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim...

7.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/10/29 4:57 p.m.48 views

Joker's Stash Drops Largest-Ever Credit Card Cache on Dark Web

Joker’s Stash, a Dark Web destination that specializes in trading in payment-card data, has added 1.3 million credit and debit cards to its inventory, belonging to Indian banking customers. Researchers said it’s the largest stolen payment card cache ever put up for sale. According to Group-IB, th...

0.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/04/22 1:48 p.m.48 views

Millions of Medical Documents for Addiction and Recovery Patients Leaked

As if wrestling with addiction and recovery weren’t difficult enough, tens of thousands of patients of a rehab clinic in Pennsylvania may find their personal information hijacked and manipulated by identity thieves or extortionists. An ElasticSearch database that was left open to the internet...

6.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/04/15 6:43 p.m.48 views

TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids

UPDATE A popular smartwatch that allows parents to track their children’s whereabouts, TicTocTrack, has been discovered to be riddled with security issues that could allow hackers to track and call children. Researchers at Pen Test Partners revealed vulnerabilities in the watch sold in Australia ...

7.6AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/03/13 8:44 p.m.48 views

Purveyor of Cracked Netflix, Hulu, Spotify Accounts Arrested

A Sydney man has been arrested after allegedly selling hundreds of thousands of compromised account details for subscription streaming services, including for Netflix, Hulu and music streaming service Spotify – raking in about $212,000 $300,000 AUD in profit in the process. The Australian Federal...

Exploits0References8
ThreatPost
ThreatPost
added 2019/01/30 4:53 p.m.48 views

Apple Blasts Facebook Over Data-Sucking 'Research' App

Apple has revoked Facebook’s enterprise iOS developer certificate on the heels of a “Facebook Research” VPN app that was being distributed to consumers; the app paid teens and Millennial users in exchange for being able to track their phone and web activity, and has been available since 2016. App...

6.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2018/11/20 8:49 p.m.48 views

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Adobe released a patch for a critical flaw on Tuesday that leaves its Flash Player vulnerable to arbitrary code execution by an adversary. Affected are versions of the Flash Player running on Windows, macOS, Linux and Chrome OS. In tandem, a Microsoft Security Advisory was also issued for the bug...

10CVSS9.3AI score0.71536EPSS
Exploits4References5
ThreatPost
ThreatPost
added 2018/10/17 6:49 p.m.48 views

Oracle Fixes 301 Flaws in October Critical Patch Update

Oracle has released a critical patch update addressing more than 300 vulnerabilities across several of its products – including one flaw with a CVSS 3.0 score of 10 that could allow the takeover of the company’s software package, Oracle GoldenGate. Of the 301 security flaws that were fixed in thi...

7.5CVSS0.5AI score0.04179EPSS
Exploits3References4
ThreatPost
ThreatPost
added 2018/10/10 11:26 a.m.48 views

Podcast: Key Takeaways For DevOps in BSIMM9

Synopsys released its ninth annual Building Security in Maturity Model report BSIMM9 last week. The report tracked 120 firms to look at 116 unique activities among 415,000 developers. Gary McGraw, vice president of security technology at Synopsys, talked to the Threatpost about an emerging new...

0.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/07/10 4:37 p.m.48 views

Adobe Issues Over 100 Patches for Flash, Acrobat and Reader

Adobe fixed a slew of critical vulnerabilities in its Flash Player and Acrobat products as part of its regularly scheduled update on Tuesday morning. Overall, the company issued a 112 fixes for vulnerabilities in its products spanning from Flash Player two bugs, Acrobat and Reader 104 bugs, and...

10CVSS1.9AI score0.37951EPSS
Exploits8References6
ThreatPost
ThreatPost
added 2018/05/22 2:3 p.m.48 views

Intel Responds to Spectre-Like Flaw In CPUs

Intel acknowledged that its processors are vulnerable to another dangerous speculative execution side channel flaw that could give attackers unauthorized read access to memory. The new vulnerability, disclosed by Google Project Zero and Microsoft’s Security Response Center, is called Variant 4, a...

4.9CVSS6.5AI score0.60631EPSS
Exploits2References13
ThreatPost
ThreatPost
added 2017/01/09 2:26 p.m.48 views

Gaming Network ESEA Breached, 1.5M Profiles Leaked

Following an extortion attempt, information from a recent breach of a competitive video gaming community surfaced over the weekend online. Data purportedly belonging to 1.5 million members of video gaming community ESEA, the E-Sports Entertainment Association League, was added to LeakedSource’s...

7.1AI score
Exploits0References15
ThreatPost
ThreatPost
added 2016/07/06 2:0 p.m.48 views

July 2016 Android Security Bulletin

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point ou...

10CVSS0.8AI score0.77906EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2016/03/24 12:5 p.m.48 views

Emergency Java Patch Re-Issued for 2013 Vulnerability

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...

9.3CVSS0.6AI score0.05765EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/07/13 12:43 p.m.48 views

Hacking Team Promises to Rebuild RCS

The aftermath of the Hacking Team attack raised legitimate questions about the controversial Italian surveillance software vendor’s long-term viability. With reams of sensitive internal data and intellectual property posted online, how could the company survive? For now, however, the company seem...

10CVSS0.93688EPSS
Exploits5References10
ThreatPost
ThreatPost
added 2015/07/07 3:46 p.m.48 views

Adobe to Patch Hacking Team Flash Zero Day

Adobe tomorrow is expected to release an updated version of Flash Player that will patch a zero-day vulnerability uncovered among the 400 GB of data stolen from Hacking Team. The controversial Italian intrusion and surveillance software vendor was breached and on Sunday, private documents,...

10CVSS0.6AI score0.99344EPSS
Exploits6References5
ThreatPost
ThreatPost
added 2015/02/09 11:16 a.m.48 views

Government Requests for Twitter User Data Continue to Grow

The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014. Requests from the United States government alone went up 29 percent, the company said in its latest transparency report...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/05/01 12:56 p.m.48 views

Emergency IE Zero Day Patch Fixes XP Systems Too

UPDATE – Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks...

10CVSS1.2AI score0.99945EPSS
Exploits34References6
ThreatPost
ThreatPost
added 2013/09/30 4:35 p.m.48 views

Linux Kernel Update Fixes DoS, Leakage Bugs

Debian developers alerted Linux users late last week of a new Linux kernel build, linux-2.6, that fixes 11 separate vulnerabilities that could open the kernel to a denial of service attack, information leak or privilege escalation. Dann Frazier, an administrator with Debian announced the security...

6.2CVSS1.5AI score0.00593EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2012/05/07 6:46 p.m.48 views

New Exploit Kit RedKit Discovered in Wild

A new exploit kit hit the scene recently, and according to Arseny Levin of Spiderlabs, the RedKit exploit kit contains an API that generates new host-site URLs every hour. The authors of the kit haven’t named it, so Levin and Spiderlabs simply chose to call it RedKit in reference to its color...

10CVSS0.9AI score0.98113EPSS
Exploits25References4
ThreatPost
ThreatPost
added 2011/11/09 5:9 p.m.48 views

Apple Releases New Java Updates, Fix 17 Flaws

Apple pushed out a new batch of Java updates for Mac OS X 10.6.8 Snow Leopard and 10.7 Lion yesterday, bringing the two operating systems up to date with Oracle’s Java SE 6 Update 29. In its update summary, Apple claims multiple vulnerabilities exist in Java’s previous build 1.6.026, including on...

10CVSS2.3AI score0.96714EPSS
Exploits19References2
ThreatPost
ThreatPost
added 2021/12/07 8:24 p.m.47 views

Windows 10 Drive-By RCE Triggered by Default URI Handler

Researchers have discovered a drive-by remote code-execution RCE bug in Windows 10 via Internet Explorer 11/Edge Legacy – the EdgeHTML-based browser that’s currently the default browser on Windows 10 PCs – and Microsoft Teams. According to a report posted Tuesday by Positive Security, the...

8.8CVSS8.7AI score0.25895EPSS
Exploits2References22
ThreatPost
ThreatPost
added 2021/10/06 6:11 p.m.47 views

ESPecter Bootkit Malware Haunts Victims with Persistent Espionage

A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning. According to ESET, the bootkit’s goal is to install a full featured backdoor on a target PC, which “supports a rich set of commands and contains various automatic data...

7.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/09/16 11:37 a.m.47 views

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...

9.8CVSS9AI score0.99723EPSS
Exploits20References12
ThreatPost
ThreatPost
added 2021/09/10 7:37 p.m.47 views

Top Steps for Ransomware Recovery and Preparation

When it comes to ransomware attacks, it’s no longer a question of if or even when, but how often. A business falls victim to a ransomware attack every 11 seconds, making ransomware the fastest-growing type of cybercrime. Businesses today need to not only think about strategies to prevent...

6.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/08/24 4:27 p.m.47 views

Custom WhatsApp Build Delivers Triada Malware

Triada malware, both pernicious and persistent, has resurfaced. Its most recent sighting is buried inside an advertising component of a modified version of the popular WhatsApp messenger called FM WhatsApp. The malware, first spotted by researchers at Kaspersky in 2016, is a type of mobile...

7.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/08/16 8:50 p.m.47 views

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Simply by changing the account’s email address, the exploit allowed anyone to artificially boost their digital billfold to...

7.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/08/04 7:57 p.m.47 views

Black Hat: Let’s All Help Cyber-Immunize Each Other

LAS VEGAS – The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy. Event founder Jeff Moss kicked off...

6.7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/07/01 10:0 a.m.47 views

Ongoing Spearphishing Campaign Targets Afghan Gov’t

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control C2 communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council NSC, researchers have found. According to a report...

7.7AI score
Exploits0References7
Total number of security vulnerabilities5000