Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/04/22 9:39 p.m.285 views

Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug

A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service DDoS campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. That’s according to researchers at Radware, who also sa...

10CVSS0.5AI score0.83926EPSS
Exploits8References10
ThreatPost
ThreatPost
added 2021/02/26 9:53 p.m.284 views

Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process

Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities developed by third parties – that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon...

Exploits0References8
ThreatPost
ThreatPost
added 2009/03/20 5:17 p.m.284 views

Internet Explorer 8 includes a bevy of security features

By Robert Westervelt, SearchSecurity.com Microsoft has officially released Internet Explorer 8 today microsoft.com with a number of new security features to improve privacy and protect against phishing and cross-site-scripting attacks. From the article: Microsoft is trying to mitigate some of the...

9.3CVSS1.1AI score0.99945EPSS
Exploits33References5
ThreatPost
ThreatPost
added 2021/07/08 6:29 p.m.283 views

Coursera Flunks API Test in Researchers’ Security Exam

Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...

6.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/05/10 12:45 p.m.283 views

ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018

In 2018, Nigeria-based cybercrime jumped 54 percent over the previous year, as groups of scammers expanded their operations adding new tactics and reaching a wider breadth of targets. The increase, outlined in a report released Thursday by Palo Alto Network’s Unit 42, shows that Nigerian scammers...

1.2AI score
Exploits0References17
ThreatPost
ThreatPost
added 2021/01/08 6:0 a.m.282 views

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability CVE-2020-16044 is separate from a bug reported in Google’s browser engine Chromium, which is...

9.3CVSS9.6AI score0.03095EPSS
Exploits0References25
ThreatPost
ThreatPost
added 2021/01/13 4:57 p.m.281 views

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Threat Analysis Group...

7.2CVSS0.1AI score0.78808EPSS
Exploits9References17
ThreatPost
ThreatPost
added 2019/06/14 8:9 p.m.281 views

Ransomware: A Persistent Scourge Requiring Corporate Action Now

A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and...

7AI score
Exploits0References17
ThreatPost
ThreatPost
added 2020/04/10 9:37 p.m.280 views

WooCommerce Falls to Fresh Card-Skimmer Malware

Credit-card-stealing criminals have set their sights on the WordPress plugin known as WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware. Sucuri researcher Ben Martin recently investigated a skimmer attack lodged against a WooCommerce site and found that it differs...

8AI score0.0552EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2021/04/28 7:0 p.m.279 views

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways SEGs. In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’...

7.5CVSS9.5AI score0.99913EPSS
Exploits29References15
ThreatPost
ThreatPost
added 2019/06/14 5:30 p.m.279 views

TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

XENOTIME, the APT group behind the TRISIS industrial control system ICS event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations in the U.S. and elsewhere – perhaps a precurso...

0.4AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/04/29 7:26 p.m.279 views

Apple Defends Parental Control App Removal Amid Backlash

Apple is defending its decision to take down several highly popular parental control apps amidst a firestorm of backlash, saying it did so for “privacy and security” reasons. Apple came under scrutiny this weekend after a New York Times article alleged that the phone giant had unfairly removed or...

9CVSS0.1AI score0.99965EPSS
Exploits30References8
ThreatPost
ThreatPost
added 2015/01/22 2:35 p.m.279 views

Mojang Resets Users' Passwords, Microsoft Insists Not a Hack

Microsoft confirmed this week that one of its recent acquisitions, the gaming firm Mojang, has not been hacked. Nearly 2,000 credentials belonging to users of the Mojang game Minecraft – email addresses and passwords in plain-text – surfaced on Pastebin earlier this week and speculation began to...

9.3CVSS8.4AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2019/05/24 3:52 p.m.278 views

Microsoft Beefs Up Wi-Fi Protection

Microsoft has begun pushing out its May 2019 Windows 10 update, which will flag Wi-Fi networks that are using the outdated and insecure Wired Equivalent Privacy WEP and Temporal Key Integrity Protocol TKIP authentication mechanisms. WEP was introduced in 1997 as part of the original 802.11 Wi-Fi...

7.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/04/26 4:12 p.m.278 views

Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection

A 5G wireless gateway tailored for industrial internet of things IoT, retail point-of-sale and enterprise redundancy applications is riddled with vulnerabilities, include two critical bugs that allow remote code-execution RCE and arbitrary command-injection. The Sierra Wireless AirLink ES450 LTE...

9.3CVSS0.8AI score0.99965EPSS
Exploits64References14
ThreatPost
ThreatPost
added 2021/01/22 12:45 p.m.276 views

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Cybercriminals can exploit Microsoft Remote Desktop Protocol RDP as a powerful tool to amplify distributed denial-of-service DDoS attacks, new research has found. Attackers can abuse RDP to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1, principal engineer Rolan...

1AI score0.00836EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2019/06/26 7:56 p.m.275 views

Cisco Warns of Critical Flaws in Data Center Network Manager

Cisco Systems has released emergency patches for two critical vulnerabilities in its Data Center Network Manager, which could allow attackers to take control of impacted systems. The Data Center Network Manager DCNM is Cisco’s network management platform for switches running on its network...

10CVSS1.6AI score0.8378EPSS
Exploits8References7
ThreatPost
ThreatPost
added 2022/03/01 9:44 p.m.274 views

RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!

WhatsApp and BlueJeans are just two of the world’s most popular communication apps that are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It’s ubiquitous...

9.3CVSS0.4AI score0.99999EPSS
Exploits351References12
ThreatPost
ThreatPost
added 2018/05/03 8:26 p.m.274 views

MassMiner Takes a Kitchen-Sink Approach to Cryptomining

Though it falls squarely into the trend of cryptominers setting their sights on the Monero virtual currency, the MassMiner malware family is adding its own special somethin’-somethin’ to the mix. It targets Windows servers with a variety of recent and well-known exploits – all within a single...

10CVSS9.2AI score0.99999EPSS
Exploits135References9
ThreatPost
ThreatPost
added 2022/02/22 3:12 a.m.273 views

NFT Investors Lose $1.7M in OpenSea Phishing Attack

Over the weekend, hackers stole millions of dollars worth of non-fungible tokens NFTs belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. NFTs are digital tokens on the blockchain that represent ownership over virtu...

8.7AI score
Exploits0References20
ThreatPost
ThreatPost
added 2021/06/08 9:45 p.m.273 views

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits

Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge Chromium-based and EdgeHTML, SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML...

9.6CVSS9.8AI score0.81107EPSS
Exploits8References21
ThreatPost
ThreatPost
added 2019/10/02 5:22 p.m.273 views

Virus Bulletin 2019: Geost Android Botnet Goes After Millions of Euros

LONDON — A powerful Android botnet dubbed Geost has been spotted targeting Russian citizens, with the end goal of distributing a banking trojan to victims. The botnet has infected more than 800,000 Android devices, controlling several million Euros held in five banks, according to researchers fro...

0.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/09/10 2:7 p.m.273 views

U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign

The well-known LokiBot malware has popped up in several malicious spam campaigns over the past year, covertly siphoning information from victims’ compromised endpoints. Researchers this week are warning of the most recent sighting of the malware, which was recently spotted in spam messages...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2019/07/29 3:0 p.m.273 views

'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks

UPDATE A cadre of 11 vulnerabilities, six of them critical remote code-execution RCE bugs, have been uncovered that affect millions of critical infrastructure systems, such as SCADA gear at utilities, elevator and industrial controllers, patient monitors and MRI machines, programmable logic...

7.5CVSS9.9AI score0.84177EPSS
Exploits5References13
ThreatPost
ThreatPost
added 2019/06/14 5:57 p.m.273 views

News Wrap: Amazon Privacy and Telegram DDoS Attack

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...

2.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/06/11 4:0 p.m.273 views

Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows

UPDATE Two Microsoft vulnerabilities, CVE-2019-1040 and CVE-2019-1019, would allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication WIA such as Exchange or ADFS. According to researchers at Preemp...

6CVSS0.48043EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2021/05/04 4:16 p.m.272 views

Apple Fixes Zero‑Day Security Bugs Under Active Attack

Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution RCE and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. Three ...

7.5CVSS9.8AI score0.47172EPSS
Exploits10References10
ThreatPost
ThreatPost
added 2019/05/10 4:53 p.m.272 views

The WannaCry Security Legacy and What’s to Come

May 12 will mark the second anniversary of the WannaCry ransomware cryptoworm attack. It was a troubling time: During the four-day long ordeal, the cryptoworm infected more than 300,000 endpoints among 200,000 separate victims throughout 150 countries. It propagated rapidly through the EternalBlu...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/11/22 7:26 p.m.271 views

Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws

Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader tha...

10CVSS10AI score0.99999EPSS
Exploits78References39
ThreatPost
ThreatPost
added 2020/09/23 3:27 p.m.269 views

CISA: LokiBot Stealer Storms Into a Resurgence

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...

9.3CVSS1.4AI score0.99945EPSS
Exploits33References8
ThreatPost
ThreatPost
added 2020/09/14 4:1 p.m.269 views

Magecart Attack Impacts More Than 10K Online Shoppers

One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information...

8.3AI score0.0552EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2020/04/06 6:43 p.m.269 views

Apple Safari Flaws Enable One-Click Webcam Access

A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one maliciou...

6.8CVSS7.8AI score0.0552EPSS
Exploits1References19
ThreatPost
ThreatPost
added 2022/03/15 12:58 p.m.268 views

Pandora Ransomware Hits Giant Automotive Supplier Denso

A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident. The...

8.6AI score
Exploits0References18
ThreatPost
ThreatPost
added 2021/07/13 9:26 p.m.268 views

Microsoft Crushes 116 Bugs, Three Actively Exploited

Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as modera...

10CVSS9.2AI score0.99999EPSS
Exploits58References21
ThreatPost
ThreatPost
added 2022/03/18 2:49 p.m.267 views

Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops

Google’s Threat Analysis Group TAG has provided a rare look inside the operations of a cybercriminal dubbed “Exotic Lily,” that appears to serve as an initial-access broker for both Conti and Diavol ransomware gangs. Researchers’ analysis exposes the business-like approach the group takes to...

8.8CVSS8.4AI score0.96843EPSS
Exploits38References7
ThreatPost
ThreatPost
added 2021/04/07 8:50 p.m.267 views

Attackers Blowing Up Discord, Slack with Malware

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans RATs and other malware. The pandemic-induced shift to remote work drove business processes...

6.8AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/09/17 9:4 p.m.266 views

Panda Threat Group Mines for Monero With Updated Payload, Targets

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloa...

10CVSS9.7AI score0.99999EPSS
Exploits118References9
ThreatPost
ThreatPost
added 2019/06/12 7:51 p.m.266 views

Data Breach Disclosed by Online Invitation Firm Evite

Online invitation and stationary company Evite has notified customers of a data breach that stemmed from an “inactive data storage file” associated with user accounts. The company over the weekend said that during April 2019, it became aware of a “security incident involving potential unauthorize...

0.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/08/09 9:36 p.m.266 views

Understanding TRITON and the Missing Final Stage of the Attack

In December 2017 it was reported that a Middle Eastern oil and gas petrochemical facility had undergone a safety system shutdown as the result of a malware attack. The malware, named TRITON also TRISIS or HatMan exceeded other industrial cyberattacks because it directly interacted with and...

7.4AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/04/27 4:16 p.m.265 views

Hackers Mount Zero-Day Attacks on Sophos Firewalls

Attackers have been targeting the Sophos XG Firewall both physical and virtual versions using a zero-day exploit, according to the security firm – with the ultimate goal of dropping the Asnarok malware on vulnerable appliances. Sophos said in a posting updated on Monday that the bug in question i...

8.7AI score0.0552EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2019/02/08 9:4 p.m.264 views

Google Boosts Encryption For Low-End Android Devices

Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption. The new encryption offering, Adiantum, aims to solve a big issue that has plagued...

1.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/04/13 1:40 p.m.263 views

Chrome Zero-Day Exploit Posted on Twitter

A researcher has dropped working exploit code for a zero-day remote code execution RCE vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Security researcher Rajvardhan Agarwal...

7.7AI score
Exploits0References14
ThreatPost
ThreatPost
added 2019/01/23 12:0 p.m.263 views

RogueRobin Malware Uses Google Drive as C2 Channel

A custom malware used by the APT known as DarkHydrus uses a mix of novel techniques, including using Google Drive as an alternate command-and-control C2 channel. According to Palo Alto’s Unit 42 intelligence division, the targeted attack involved spear-phishing emails written in Arabic sent to...

7.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2022/03/01 5:55 p.m.262 views

Daxin Espionage Backdoor Ups the Ante on Chinese Malware

The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat APT weapon in action in November, noting that it’s “the most advanced piece of malwar...

8.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/11/20 3:11 p.m.262 views

Facebook Messenger Bug Allows Spying on Android Users

Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing. Natalie Silvanovich, a security researcher at Google Project Zero, discovered the vulnerability,...

Exploits0References12
ThreatPost
ThreatPost
added 2019/08/16 7:54 p.m.262 views

ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019

This year is on track to be the worst year on record for data breach activity, according to a recent analysis. Within the first six months of this year, there have been 3,813 incidents publicly reported, according to Risk Based Security’s 2019 MidYear QuickView Data Breach Report. That’s up 54...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/06/11 8:29 p.m.262 views

Microsoft Patches Four Publicly-Known Vulnerabilities

Microsoft patched four Windows operating system bugs – all of which are already publicly known or have proof of concept exploits – as part of its June Patch Tuesday security bulletin. Each of the vulnerabilities are rated important and there are no reports of public exploitation for the flaws. Th...

9.3CVSS0.2AI score0.48043EPSS
Exploits12References25
ThreatPost
ThreatPost
added 2019/04/29 2:13 p.m.262 views

Docker Hub Hack Affects 190K Accounts, with Concerning Consequences

UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...

9CVSS8.7AI score0.99965EPSS
Exploits30References9
ThreatPost
ThreatPost
added 2019/07/26 7:13 p.m.261 views

Rare Steganography Hack Can Compromise Fully Patched Websites

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...

7.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2022/02/16 9:15 p.m.260 views

Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry

Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have...

8.6AI score
Exploits0References10
Total number of security vulnerabilities5000