Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/01/29 1:0 p.m.40 views

Researchers Allege 'Systemic' Privacy, Security Flaws in Popular IoT Devices

Researchers are highlighting the insecure nature of Internet of Things devices in a report released Tuesday alleging a bevy of popular consumer connected devices sold at major retailers such as Walmart and Best Buy are riddled with security holes and privacy issues. In analyzing 12 different IoT...

7.6AI score
Exploits0References10
ThreatPost
ThreatPost
added 2018/10/11 8:19 p.m.40 views

ThreatList: Credential Theft Spikes by Triple Digits in U.S.

Credential theft was substantially up in the United States during the third quarter – even as declines were charted in Europe and Asia. What credentials go for on the Dark Web. Periodic analysis from Blueliv shows a whopping 141 percent increase in compromised credentials from North American...

7.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2018/08/13 5:26 p.m.40 views

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...

0.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/07/26 3:50 p.m.40 views

Sen. Wyden Urges Government Ban on Adobe Flash

Citing security concerns, Sen. Ron Wyden is urging the government to create a plan to transition away from Adobe Flash before the vendor stops supporting it in 2020. To that end, the Oregon Democrat delivered a formal request to the National Security Agency and the National Institute of Standards...

6.8CVSS1AI score0.18002EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2018/03/30 6:51 p.m.40 views

Microsoft Fixes Bad Patch That Left Win7, Server 2008 Open to Attack

Microsoft released an out-of-band fix on Thursday for a Windows vulnerability introduced earlier this year as a patch. If exploited, the bug could allow an authenticated attacker to install programs, access stored data or create new accounts with full user rights on Windows 7 and Server 2008 R2...

7.2CVSS2.6AI score0.08915EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2017/11/27 9:6 a.m.40 views

Newly Published Exploit Code Used to Spread Mirai Variant

Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...

9CVSS1.7AI score0.12439EPSS
Exploits5References9
ThreatPost
ThreatPost
added 2017/06/30 2:16 p.m.40 views

Siemens Patches Critical Intel AMT Flaw in Industrial Products

Siemens patched two critical vulnerabilities that affected its industrial products this week. One, tied to a recently disclosed flaw in Active Management Technology – a function of certain Intel processors – could have allowed an attacker to gain system privileges. Another vulnerability could hav...

10CVSS1.7AI score0.92189EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2016/11/22 10:30 a.m.40 views

Exploit Code Released for NTP Vulnerability

A researcher has released a proof-of-concept exploit for a vulnerability in the Network Time Protocol daemon that could crash a server with a single, malformed packet. The Network Time Foundation’s NTP Project on Monday patched the bug and nine others with the release of NTP 4.2.8p9. The...

5CVSS0.3AI score0.52935EPSS
Exploits7References11
ThreatPost
ThreatPost
added 2016/11/08 11:17 a.m.40 views

Adobe Patches Nine Code Execution Flaws in Flash Player

Two weeks after rushing out an emergency patch for a zero-day vulnerability, Adobe today released another Flash Player security update. The new release patched nine vulnerabilities, all of which expose the host system to remote code execution. Adobe said it is not aware of public exploits against...

10CVSS0.9AI score0.25198EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/06/22 4:27 p.m.40 views

Patched libarchive Vulnerabilities Have Big Reach

The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software. As is the case with most open source software packages, patching the core library is only half the battl...

6.8CVSS0.4AI score0.04919EPSS
Exploits6References4
ThreatPost
ThreatPost
added 2015/12/21 4:12 p.m.40 views

Juniper ScreenOS Backdoor Password

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said...

10CVSS8.5AI score0.614EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2015/10/16 12:12 p.m.40 views

Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule

Adobe has decided to patch the zero day vulnerability that was disclosed in Flash Player earlier this week today — instead of next week as originally scheduled. According to a security bulletin Adobe posted this morning the update actually fixes three vulnerabilities in the software, but the most...

10CVSS0.7AI score0.68396EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2015/09/22 3:0 p.m.40 views

Control Flow Guard Mitigation Bypass

Introduced in Windows 8.1 Update 3 and Windows 10, Control Flow Guard was Microsoft’s latest antidote to memory-corruption attacks. The technology was meant to stand up to attacks that had long ago figured out how to bypass previous-generation protections such as Address Space Layout Randomizatio...

10CVSS0.1AI score0.8582EPSS
Exploits5References5
ThreatPost
ThreatPost
added 2015/09/09 12:6 p.m.40 views

Android Stagefright Exploit Code Released to Public

Joshua Drake, the researcher who found the so-called Stagefright vulnerability in Android, today released exploit code to the public, which he hopes will be used to test systems’ exposure to the flaw. The move comes more than a month after vulnerability details were released in August during...

10CVSS7.4AI score0.99064EPSS
Exploits6References6
ThreatPost
ThreatPost
added 2014/11/14 11:52 a.m.40 views

Edward Snowden Effect on Privacy Attitudes

Serious concessions have been made about privacy post-Snowden, in particular about how personal information is processed and consumed online. Results from a survey conducted by the Pew Research Center of Washington, D.C., show that the Snowden leaks have raised consumers’ consciousness about not...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/06/25 1:59 p.m.40 views

VMware Patches Apache Struts Flaws in vCOPS

VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. All of the vulnerabilities that the company patched lie in the Apache Struts Java application framework, and the...

7.5CVSS4.3AI score0.99614EPSS
Exploits15References5
ThreatPost
ThreatPost
added 2014/06/24 9:10 a.m.40 views

AskMen Purportedly Compromised by Nuclear Pack Kit

Users who visit AskMen.com, a men’s entertainment and lifestyle portal, are being hit with malicious code, potentially stemming from the Nuclear Pack exploit kit, researchers announced today. When a user stumbles across the site – or a localized version aus.askmen.com, etc. of it – malicious code...

10CVSS7.9AI score0.98704EPSS
Exploits10References5
ThreatPost
ThreatPost
added 2014/05/02 10:48 a.m.40 views

PHP Updated to Fix Heartbleed, Other Bugs

The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities. The fix fo...

7.2CVSS1AI score0.00505EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2014/04/08 2:55 p.m.40 views

Google Patches 31 Flaws in Chrome

Google has patched a long list of serious security vulnerabilities in Chrome, including at least 19 highly rated flaws. The company patched a total of 31 vulnerabilities in Chrome 34 and paid out more than $28,000 in rewards to researchers who reported bugs to Google. Among the security fixes in...

7.5CVSS1.2AI score0.01934EPSS
Exploits10References15
ThreatPost
ThreatPost
added 2014/02/20 2:13 p.m.40 views

Google Fixes 28 Security Flaws in Chrome 33

Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the...

7.5CVSS0.3AI score0.02057EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2014/02/14 2:27 p.m.40 views

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

9.3CVSS0.6AI score0.85239EPSS
Exploits23References6
ThreatPost
ThreatPost
added 2013/11/19 3:24 p.m.40 views

Exploit Kit Adds Vector for Silverlight Vulnerability

Developers behind the Angler Exploit Kit have apparently added a new exploit over the last week that leverages a known vulnerability in Microsoft’s Silverlight browser framework. Silverlight, similar to Adobe Flash, is Microsoft’s plug-in for streaming media on browsers and is perhaps most known...

9.3CVSS1.4AI score0.99945EPSS
Exploits41References6
ThreatPost
ThreatPost
added 2013/01/29 2:25 p.m.40 views

Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities

Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year. One of the key...

9.3CVSS0.1AI score0.04129EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2013/01/23 4:25 p.m.40 views

Password Cracker Targets Siemens S7 PLCs

Siemens S7 programmable logic controllers, the same PLC family exploited by the Stuxnet malware, are in the crosshairs of a password-cracking tool that is capable of stealing credentials from industrial control systems. PLCs are microprocessors that automate mechanical processes inside factories,...

0.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2012/05/09 6:39 p.m.40 views

U.S. Cyber Command Using Classified Intel To Scare CEOs To Action

The U.S.’s Cyber Command is using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks, according to an NPR report. The report, quoting unnamed participants in the classified, 2010 briefings said that government officials...

7.5CVSS0.5AI score0.99998EPSS
Exploits42References3
ThreatPost
ThreatPost
added 2012/02/16 6:48 p.m.40 views

Mobile, Android Threats Continued Sharp Growth in 2011

The occurrence of mobile malware increased by 155 percent across all platforms in 2011, and, according to Juniper Network’s 2011 Mobile Threat Report, malware specifically targeting the Android operating system saw its own increase of more than 3,000 percent. Juniper Networks attributes Android’s...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/01/06 12:41 p.m.40 views

Google Fixes Three High-Priority Bugs in Chrome

Google has released a new version of its Chrome browser, fixing just a small handful of vulnerabilities in the process. All three of the bugs fixed in Chrome were rated high. The release by Google is a pretty small one by the company’s standards. Often, new versions of Chrome will include fixes f...

7.5CVSS1.7AI score0.02399EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2011/11/28 4:39 p.m.40 views

New Java Vulnerability Coming Bundled With Exploit Kits

A recently discovered Java vulnerability that’s been circulating throughout the hacking underground has begun to show up alongside the BlackHole exploit kit, according to a post on Brian Krebs’ KrebsonSecurity blog. The National Vulnerability Database claims the vulnerability is found in the Java...

10CVSS0.5AI score0.96714EPSS
Exploits13References7
ThreatPost
ThreatPost
added 2011/11/21 3:51 p.m.40 views

Anatomy of the Duqu Attacks

Stuxnet has become the bogeyman of Internt security and cyberwar, showing up in marketing pitches, PowerPoint presentations and press releases from Washington to Silicon Valley to Tehran. But while Stuxnet has been garnering headlines for more than a year now, the far more serious threat in terms...

9.3CVSS5.8AI score0.78285EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2011/07/26 7:36 p.m.40 views

U.S. Says Cybercrime a Major National Security Threat

A new report from the National Security Council warns that international cybercrime has reached the upper echelon of threats of to the security of the United States and is responsible for as much as $1 billion in losses in just one year in the U.S. The report, which focuses on a number of broad...

0.6AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/04/12 11:51 a.m.40 views

Adobe Flash Bug Being Used in Attacks Via Word Documents

Adobe on Monday warned its customers about a new unpatched vulnerability in its Flash Player application. Officials say that the bug is being used in targeted attacks involving a malicious Flash file embedded in a Microsoft Word document. The Flash vulnerability affects users on Windows, Apple OS...

9.3CVSS1.3AI score0.9941EPSS
Exploits14References3
ThreatPost
ThreatPost
added 2010/06/08 1:6 p.m.40 views

Apple Plugs 48 Security Holes in Safari Browser

Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities. The Safari 4.1 and 5.0 updates, considered “highly critical,” is available for both Windows and Mac OS X. Exploitation of some of these vulnerabilities could lead to drive-by download remot...

10CVSS1.9AI score0.19016EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2009/04/15 11:45 a.m.40 views

Microsoft to unveil patch management metrics project

Microsoft on Wednesday plans to launch a new research effort to determine the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch. The end result of the project, which will be completely open and transparent to outsiders, will be a full...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2022/07/11 8:26 p.m.39 views

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2022/05/09 5:23 p.m.39 views

FBI: Rise in Business Email-based Attacks a $43B Headache

The FBI warned the global cost of business email compromise BEC attacks is $43 billion for the time period of June 2016 and December 2021. According to FBI report, 241,206 complaints were lodged by the agency’s Internet Crime Center IC3. BEC or email account compromise EAC are an advanced scammin...

7.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/02/02 2:0 p.m.39 views

Thousands of Malicious npm Packages Threaten Web Apps

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases how npm has become a launchpad for a range of nefarious activities. New research from open-source...

7.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2022/01/06 3:44 p.m.39 views

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real...

7.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/12/29 7:13 p.m.39 views

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

7.8AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/11/18 6:49 p.m.39 views

3 Top Tools for Defending Against Phishing Attacks

Even with the most sophisticated email scanning and phishing detection system available, phishing emails are still a very common intrusion vector for cybercriminals to use to introduce malware, including ransomware, to a business’ network. That’s because 1 increasingly, legitimate systems are use...

7.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/10/26 7:30 p.m.39 views

Lazarus Attackers Turn to the IT Supply Chain

Lazarus – a North Korean advanced persistent threat APT group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework. The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used ...

7.2AI score
Exploits0References15
ThreatPost
ThreatPost
added 2021/10/21 7:31 p.m.39 views

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said. According to Proofpoint researchers, TA551 aka Shathak has been mounting cyberattacks that start with email thread...

7.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/10/13 4:5 p.m.39 views

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers. Brizy or Brizy – Page Builder has been installed on more than 90,000 sites. It’s billed as an intuitive website builder fo...

8.8CVSS7.9AI score0.01682EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2021/09/10 8:17 p.m.39 views

MyRepublic Data Breach Raises Data-Protection Questions

Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The Singapore-based ISP and mobile provider said that an “unauthorized data access incident” took place on August 29. The intrusion in question...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/09/08 5:28 p.m.39 views

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow an attacker to falsify someone’s vaccine status, it still hasn’t been fixed. Researcher Richard Nelson looked into the security behind a new digital...

7.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/08/16 6:22 p.m.39 views

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

A stored cross-site scripting XSS vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said. SEOPress is a search engine optimization SEO tool that lets site owners manage SEO metadata, social-media cards, Google Ad settin...

6.4CVSS5.7AI score0.00651EPSS
Exploits2References9
ThreatPost
ThreatPost
added 2021/07/14 4:33 p.m.39 views

Apps Built Better: DevSecOps, a Security Silver Bullet

Security should never be an afterthought when developing software and applications. However, as technological advances continue to take hold, the security tools many rely on are changing in real-time, and combatting potential breaches or hacks of your wares before they arise now requires new...

7.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/07/07 4:23 p.m.39 views

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested. Interpol announced the bust – which took place in Morocco in May – on...

6.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/06/15 4:46 p.m.39 views

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

6.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/07 7:37 p.m.39 views

Bad Apple: App Store Rife with Fraud, Fleeceware

A new analysis from the Washington Post reveals just how widespread fraud is across the Apple App Store, while also offering glimpse into the revenue flowing into Cupertino generated by those malicious activities. The Apple App Store has been under heightened scrutiny for maintaining its iron gri...

6.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/05/11 6:1 p.m.39 views

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials. Join...

5.7AI score
Exploits0References8
Total number of security vulnerabilities5000