Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/04/28 4:36 p.m.41 views

Hackers Leak Biopharmaceutical Firm's Data Stolen in Ransomware Attack

The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company’s compromised data on underground forums. ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for...

1.1AI score
Exploits0References17
ThreatPost
ThreatPost
added 2020/01/29 2:0 p.m.41 views

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider MSSP market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t...

0.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/01/15 9:17 p.m.41 views

A Practical Guide to Zero-Trust Security

Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and...

7.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2019/08/28 4:49 p.m.41 views

Apple Updates Privacy Policies After Siri Audio Recording Backlash

Apple is taking steps to improve the privacy of audio collected by its Siri voice assistant, on the heels of backlash around a program that let contractors listen into Siri conversations. On Wednesday, the phone giant apologized for violating users’ privacy through the program, which was...

6.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2019/08/01 2:20 p.m.41 views

For $8.6M, Cisco Settles Suit Over Bug-Riddled Video Surveillance Software

Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that alleged it sold video security software with known security vulnerabilities to U.S. federal and state governments. The litigation, originally brought in 2011, was filed under the False Claims Act, claiming that the software...

Exploits0References5
ThreatPost
ThreatPost
added 2019/04/17 3:34 p.m.41 views

ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst

About a fifth of all web traffic 20.4 percent comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps and APIs. That’s worse for some verticals, like the banking and finance sector, which was hit the hardest last year. That’s according to the Distil...

7.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/01/17 10:36 p.m.41 views

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...

6.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/10/09 3:26 p.m.41 views

How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate

The transformation from racks of physical hardware hosting sites and services to cloud computing has provided organizations with better flexibility and reduced costs. Attackers have seen the benefits to this model and are also taking advantage of cloud computing to make more money, evade detectio...

0.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/10/02 4:47 p.m.41 views

Google Patches Critical Vulnerabilities in Android OS

Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...

10CVSS0.2AI score0.05278EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2018/07/12 4:2 p.m.41 views

Cisco Patches High-Severity Bug in VoIP Phones

A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday. Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in...

9CVSS0.8AI score0.05872EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2018/07/05 6:5 p.m.41 views

Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear

Patches for three critical vulnerabilities impacting broadband gateways made by Advanced Digital Broadcast ADB have been released to the public, nearly two years after the bugs were first found. Issues range from a privilege escalation flaw, an authorization bypass vulnerability and a local...

8.5CVSS8.4AI score0.35862EPSS
Exploits15References8
ThreatPost
ThreatPost
added 2018/06/05 5:30 p.m.42 views

Google Patches 11 Critical Android Bugs in June Update

Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...

9.3CVSS2.5AI score0.12054EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2018/04/04 3:18 p.m.41 views

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...

4.7CVSS0.9AI score0.74041EPSS
Exploits9References4
ThreatPost
ThreatPost
added 2018/01/25 6:40 p.m.41 views

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices. Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86...

10CVSS10AI score0.8715EPSS
Exploits21References3
ThreatPost
ThreatPost
added 2017/12/08 5:20 p.m.41 views

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code

Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...

7.2CVSS7.7AI score0.20089EPSS
Exploits9References3
ThreatPost
ThreatPost
added 2017/10/10 2:0 p.m.41 views

Microsoft Patches Critical Windows DNS Client Vulnerabilities

Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were...

9.3CVSS0.4AI score0.33338EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2017/09/29 8:0 a.m.41 views

Macs Not Receiving EFI Firmware Security Updates as Expected

Since the Thunderstrike bootkit attacks targeting Apple firmware were disclosed in 2015, Apple has bundled subsequent EFI updates with its regular macOS security and software updates in an attempt to improve protection around its hardware. Researchers at Duo Security, however, have uncovered that...

10CVSS7.5AI score0.06284EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2017/09/01 10:0 a.m.41 views

No Fix Planned For LabVIEW Bug, Says National Instruments

Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...

9.3CVSS2AI score0.30666EPSS
Exploits5References5
ThreatPost
ThreatPost
added 2017/05/18 10:18 a.m.41 views

Siemens, Bayer Expected to Patch Medical Devices Hit By WannaCry

It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry ransomware outburst as well. Over the past few days the Department of Homeland...

9.3CVSS8.1AI score0.77207EPSS
Exploits5References12
ThreatPost
ThreatPost
added 2016/10/31 5:0 p.m.41 views

Google Reveals Windows Kernel Zero Day Under Attack

A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft. Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attac...

10CVSS9.2AI score0.25198EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2016/09/02 10:0 a.m.41 views

Apple Patches Trident Vulnerabilities in OS X, Safari

The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple...

7.1CVSS8.1AI score0.66788EPSS
Exploits12References11
ThreatPost
ThreatPost
added 2016/04/19 9:30 a.m.41 views

Range of Mousejack Attack More Than Doubles

The Mousejack vulnerability raised awareness of the potential risks introduced by a wireless mouse or keyboard to the enterprise. From a relatively short distance, a hacker could send packets to the device that generate keystrokes on the host computer rather than mouse clicks. In short order,...

0.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/01/26 11:17 a.m.41 views

Adobe Auto-Update Flash Player Zero Day Patch

Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...

10CVSS1AI score0.8582EPSS
Exploits5References6
ThreatPost
ThreatPost
added 2014/11/11 2:54 p.m.41 views

Adobe Patches 18 Vulnerabilities in Flash

Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today. The Patch Tuesday updates,...

10CVSS0.9AI score0.90208EPSS
Exploits5References3
ThreatPost
ThreatPost
added 2014/10/09 7:2 a.m.41 views

Google Fixes 159 Flaws in Chrome

Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those...

10CVSS0.4AI score0.0595EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2014/06/11 10:31 a.m.41 views

Mozilla Patches Seven Flaws in Firefox 30

Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution. Firefox 30 is a relatively minor release of the popular browser, with the most notable change being the addition of a sidebar button that allows users to quickly...

7.5CVSS1.5AI score0.01699EPSS
Exploits0References15
ThreatPost
ThreatPost
added 2014/05/15 11:5 a.m.41 views

Five Year Old Security Vulnerability Patched in Linux Kernel

A serious and reportedly five-year-old bug in the Linux kernel could give attackers the ability to run malicious code or, at the very least, cause crashes on a variety of affected systems. Some, though not necessarily all, Linux distributions would be vulnerable without installing the patch. What...

6.9CVSS6.2AI score0.22475EPSS
Exploits7References8
ThreatPost
ThreatPost
added 2013/11/19 4:7 p.m.41 views

JBoss AS Attacks Up Since Exploit Code Disclosed

Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...

10CVSS0.6AI score0.79003EPSS
Exploits5References3
ThreatPost
ThreatPost
added 2013/07/08 9:45 a.m.41 views

July 2013 Microsoft Patch Tuesday Security Updates

A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...

6.9CVSS0.2AI score0.39578EPSS
Exploits6References6
ThreatPost
ThreatPost
added 2013/06/19 10:40 a.m.41 views

Oracle Releases 40 Critical Java Patches in June Update

Oracle pushed out another 40 Java patches Tuesday night bringing the total number of Java security updates for 2013 to well over 100, exceeding already the number of Java patches released in 2012. Attackers have had a field day this year exploiting previously unreported vulnerabilities in Java, i...

4.3CVSS9.2AI score0.66817EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2013/05/21 1:33 p.m.41 views

Google Fixes More Than a Dozen Flaws in Chrome 27

Google has released Chrome 27, a new version of its browser that includes a long list of security fixes, many of which are for high-risk vulnerabilities. The company handed out more than $14,000 in rewards to researchers who reported bugs fixed in the latest iteration of Chrome. Google’s security...

7.5CVSS1.7AI score0.11999EPSS
Exploits0References17
ThreatPost
ThreatPost
added 2013/05/14 4:14 p.m.41 views

Microsoft Patches IE Zero Day Used In Watering Hole Attack

Microsoft wasted no time today delivering a patch for the Internet Explorer 8 vulnerability being exploited in watering hole attacks carried out against the U.S. Department of Labor website and nine others worldwide. Today’s Patch Tuesday security updates also include a fix for IE vulnerabilities...

9.3CVSS9.3AI score0.77889EPSS
Exploits11References14
ThreatPost
ThreatPost
added 2013/02/13 5:51 p.m.41 views

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

10CVSS3.3AI score0.13911EPSS
Exploits2References6
ThreatPost
ThreatPost
added 2013/01/15 8:6 p.m.41 views

Adobe Patches Four ColdFusion Flaws Exploited in Wild

Adobe delivered a security hotfix for its ColdFusion application server today, repairing a host of vulnerabilities being exploited in the wild. The company had recommended a series of mitigations in a Jan. 7 advisory as a stopgap until today’s hotfix was released. Two of the vulnerabilities affec...

6.8CVSS1.7AI score0.93797EPSS
Exploits5References5
ThreatPost
ThreatPost
added 2013/01/10 3:1 p.m.41 views

Exploit Code, Metasploit Module Out for Ruby on Rails Flaws

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...

7.5CVSS0.5AI score0.99449EPSS
Exploits21References5
ThreatPost
ThreatPost
added 2012/12/06 7:7 p.m.41 views

Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday

Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2012/12/03 7:31 p.m.41 views

Experts Downplay MySQL Database Zero-Days

A rash of zero-day exploits and vulnerabilities in the MySQL database were disclosed to the Full Disclosure mailing list over the weekend, but experts are saying they’re much ado about nothing. Of the half-dozen zero-days reported by a researcher known as King Cope, all but one require legitimate...

7.5CVSS7AI score0.31664EPSS
Exploits22References7
ThreatPost
ThreatPost
added 2012/10/04 2:33 p.m.41 views

Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In

Is the Java browser plug-in the IT equivalent of the human appendix? Would you miss it if it were gone? Probably not, experts say, especially now that attackers are beating the Java sandbox with a rash of zero-day exploits. “It’s simply safer to have the Java plug-in disabled in the browser knowi...

10CVSS0.98536EPSS
Exploits10References4
ThreatPost
ThreatPost
added 2012/08/22 8:9 p.m.41 views

RuggedCom Devices Have Hard-Coded SSL Keys

Siemens subsidiary RuggedCom’s Rugged Operating System ROS contains a vulnerability that could give an attacker the ability to decrypt SSL traffic between RuggedCom networking equipment and end-users, according to an ICS-CERT alert. Justin W. Clarke, a security researcher at Cylance Inc., disclos...

1.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/08/21 3:38 p.m.42 views

Phishing for Fanboys with Phony iPhone 5 Images

There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing...

9.3CVSS1AI score0.70384EPSS
Exploits11References5
ThreatPost
ThreatPost
added 2012/08/09 1:31 p.m.41 views

New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East

A new piece of malware dubbed Gauss, that experts say is a direct descendant of Flame and also related to Stuxnet and Duqu, has been found on thousands of PCs in the Middle East, mostly in Lebanon. Gauss contains some of the same code as Flame, but is markedly different in a number of respects,...

9.3CVSS7.5AI score0.91324EPSS
Exploits13References5
ThreatPost
ThreatPost
added 2012/01/13 3:31 p.m.41 views

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2012/01/06 7:26 p.m.41 views

Adobe Plans Critical Security Updates for Reader, Acrobat Next Week

Adobe said on Friday that it will issue critical fixes for its popular Reader and Acrobat products on Tuesday, January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for both the Windows and Macintosh platforms to fix a slew of critical...

10CVSS1.7AI score0.86238EPSS
Exploits12References1
ThreatPost
ThreatPost
added 2011/11/22 5:10 p.m.41 views

APEC Host Committee Spear-Phished by China

An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland. As Threatpost reported yesterday, computers...

9.3CVSS1AI score0.66821EPSS
Exploits8References3
ThreatPost
ThreatPost
added 2010/10/28 2:3 p.m.41 views

New Adobe Flash Bug Being Exploited

On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms...

9.3CVSS1.9AI score0.69679EPSS
Exploits14References4
ThreatPost
ThreatPost
added 2010/10/12 5:38 p.m.41 views

Microsoft Releases Huge Patch Tuesday Update For 49 Bugs

Microsoft has released its largest-ever bundle of patches, pushing out 16 updates that fix a total of 49 individual vulnerabilities. The patches include updates for six critical vulnerabilities, most notably a huge fix for some remote code-execution bugs in various versions of Internet Explorer...

9.3CVSS0.2AI score0.99945EPSS
Exploits40References2
ThreatPost
ThreatPost
added 2010/10/08 5:22 p.m.41 views

Cryptome Outs Identities of Hackers Behind Breach

Less than a week after the Cryptome.org archive was hacked and defaced, the site has posted the names, addresses and phone numbers of two individuals it accuses of being involved in the attack. In an update on Friday, Cryptome founder John Young posted contact information for three individuals he...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2010/09/08 2:1 p.m.41 views

Mozilla Patches Firefox DLL Load Hijacking Bug

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...

9.3CVSS0.3AI score0.06672EPSS
Exploits1
ThreatPost
ThreatPost
added 2010/05/18 7:1 p.m.41 views

Microsoft to Share Vulnerability Details with Governments

Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a Defensive Information Sharing...

9.3CVSS0.7AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2010/02/16 9:14 p.m.41 views

Adobe Plugs Critical PDF Code Execution Flaw

Adobe today released an out-of-band security update to patch a pair of gaping holes that expose hundreds of millions of computer users to remote code execution attacks. The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux. Th...

9.3CVSS1.7AI score0.88246EPSS
Exploits12References4
Total number of security vulnerabilities5000