Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/11/14 2:0 p.m.39 views

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather...

0.3AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/10/20 2:33 p.m.39 views

Office 365 OAuth Attack Targets Coinbase Users

Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app. But when they agree to do so, users are unknowingly giving attackers full access to their email. OAuth is an open standard...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/10/02 7:48 p.m.39 views

Account Takeover Fraud Losses Total Billions Across Online Retailers

Account takeover ATO attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses. To be clear, ATO fraud isn’t new, it’s been a concern for...

6.7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/09/10 8:57 p.m.39 views

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

The U.S. election campaigns of both Donald Trump and Joe Biden have been targeted in a slew of recent cyberattacks, Microsoft said on Thursday. With the U.S. presidential election a mere two months away, in recent weeks cyberattacks targeting people and organizations involved in it have ramped up...

7.3AI score
Exploits0References18
ThreatPost
ThreatPost
added 2020/08/19 12:58 p.m.39 views

The Sounds a Key Make Can Produce 3D-Printed Replica

Security researchers have given a whole new meaning to “picking a lock,” demonstrating that they can use audio and signal-processing technology to listen to the sounds a key makes when it opens a lock and then 3D-print a duplicate from a recording. The attack, called SpiKey, leverages any basic...

6.7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/08/10 5:45 p.m.39 views

DDoS Attacks Cresting Amid Pandemic

The number of distributed denial-of-service DDoS attacks spiked in the second quarter of 2020, researchers said. According to the latest Kaspersky quarterly DDoS attacks report, DDoS events were three times more frequent in comparison to the second quarter last year up 217 percent, and were up 30...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/07/16 7:0 a.m.39 views

LokiBot Redux Attacks Massive List of Common Android Apps

Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. The apps targeted include: Amazon, eBay, Facebook, Grinder, Instagram...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/07/10 10:43 p.m.39 views

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security,...

7.8AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/07/01 1:0 p.m.39 views

Email Sender Identity is Key to Solving the Phishing Crisis

Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/05/13 7:7 p.m.39 views

Leaked NHS Docs Reveal Roadmap, Concerns Around Contact-Tracing App

A COVID-19 contact-tracing app to be rolled out by the UK’s National Health Service NHS has been thrust into the spotlight thanks to sensitive documents being leaked via a public Google Drive link. Contact tracing has emerged as a top idea for dealing with the coronavirus pandemic and is consider...

6.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2020/03/13 3:19 p.m.39 views

ACLU Sues Over U.S. Airport Facial-Recognition Technology

The American Civil Liberties Union ACLU has filed suit the Department of Homeland Security DHS over its use of facial recognition technology in airports, decrying the government’s “extraordinarily dangerous path” to normalize facial surveillance as well as its secrecy in making specific details o...

0.2AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/03/10 6:8 p.m.39 views

High-Severity Flaws Plague Intel Graphics Drivers

Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service DoS and information disclosure. The graphics driver is software that controls how graphic components work with the...

7.2CVSS8.3AI score0.0104EPSS
Exploits1References24
ThreatPost
ThreatPost
added 2020/03/05 3:11 p.m.39 views

High-Severity Cisco Webex Flaws Fixed

Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems. Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording...

9.3CVSS0.8AI score0.02256EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2020/02/19 2:0 p.m.39 views

Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/02/06 5:54 p.m.39 views

U.S. Finance Sector Hit with Targeted Backdoor Campaign

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The attack chain employed a known method called “VBA Stomping” to avoid detection. According to researchers at FireEye, the campaigns,...

7.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2019/10/30 6:4 p.m.39 views

U.S. Universities Get Failing Grades for DMARC Adoption

The U.S. higher education system is lagging when it comes to implementing email security – even though the segment remains a top target for phishing and spam campaigns. According to an analysis from Red Sift shared with Threatpost, only 3 percent of the top 200 schools in the 2020 WSJ/THE College...

7.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/10/10 1:57 p.m.39 views

Four Critical Flaws Patched in Adobe Digital Edition

Adobe on Tuesday issued patches for 16 vulnerabilities spanning several of its products. The most serious of those flaws, four critical glitches in Adobe Digital Edition, could enable arbitrary code-execution. Adobe Digital Editions is an reader software program used for acquiring, managing and...

10CVSS0.6AI score0.11215EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2017/09/27 8:0 a.m.39 views

Remote Wi-Fi Attack Backdoors iPhone 7

Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the...

10CVSS0.6AI score0.09129EPSS
Exploits3References5
ThreatPost
ThreatPost
added 2017/06/30 2:16 p.m.39 views

Siemens Patches Critical Intel AMT Flaw in Industrial Products

Siemens patched two critical vulnerabilities that affected its industrial products this week. One, tied to a recently disclosed flaw in Active Management Technology – a function of certain Intel processors – could have allowed an attacker to gain system privileges. Another vulnerability could hav...

10CVSS1.7AI score0.92189EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2017/03/10 11:43 a.m.39 views

Google Chrome 57 Browser Update Patches 'High' Severity Flaws

Google released an updated version of its Chrome browser on Thursday to fix nine high-severity vulnerabilities that if exploited could allow adversaries to take control of targeted systems. As part of the update, Google thanked nearly two dozen bug hunters with bug bounty payments totaling $38,00...

6.8CVSS0.7AI score0.41603EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2017/01/06 4:3 p.m.39 views

Google Patches Android 'Custom Boot Mode' Vulnerability

A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and 6P...

4.9CVSS1.6AI score0.00475EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2016/12/16 11:0 a.m.39 views

Nagios Core Patches Root, RCE Vulnerabilities

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software. The flaws were privately disclosed by researcher Dawid Golunski of Legal Hackers, who said the vulnerabilities can...

10CVSS1.5AI score0.22684EPSS
Exploits12References4
ThreatPost
ThreatPost
added 2016/11/03 11:6 a.m.39 views

Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server

Cisco Systems has issued two critical advisories addressing flaws in a variety of enterprise-class products ranging from its 900 Series Routers to its Cisco Prime Home server and cloud-based network management platform. Service providers running Cisco ASR 900 Series routers are being warned that ...

10CVSS2.1AI score0.04899EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2016/10/13 11:27 a.m.39 views

Old SSH Vulnerability at Center of Credential-Stuffing Attacks

Connected devices aren’t just for DDoS attacks anymore. Researchers at Akamai this week exposed how attackers are using a 12-year-old SSH vulnerability in combination with weak or default credentials to compromise an array of IOT and home networking devices. Those connected things are then being...

6.4CVSS0.5AI score0.11574EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2016/06/09 8:43 a.m.39 views

CryptXXX Jumps From Angler to Neutrino Exploit Kit

Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns...

10CVSS9.8AI score0.94354EPSS
Exploits6References5
ThreatPost
ThreatPost
added 2015/12/21 4:12 p.m.39 views

Juniper ScreenOS Backdoor Password

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said...

10CVSS8.5AI score0.614EPSS
Exploits7References7
ThreatPost
ThreatPost
added 2015/10/15 11:29 a.m.39 views

Emergency Adobe Flash Player Security Update

The latest version of Adobe Flash Player, which was made available on Tuesday, will have a short shelf life. Adobe will release an emergency Flash update next week after public attacks were carried out against a zero day vulnerability in the latest version of the software, 19.0.0.207, for Windows...

9.3CVSS7.9AI score0.68396EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/07/22 9:23 a.m.39 views

Google Patches 43 Bugs in Chrome

A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category. Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout...

7.5CVSS9.1AI score0.19069EPSS
Exploits2References34
ThreatPost
ThreatPost
added 2015/06/22 3:11 p.m.39 views

HP Releases Details, Exploit Code for Unpatched IE Flaws

Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish...

9.3CVSS8.8AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2015/06/08 3:54 p.m.39 views

OPM Warned About Vulnerabilities, Governance Weaknesses

It’s hardly a surprise that the U.S. Office of Personnel Management OPM was targeted by nation-state hackers, given the sensitivity of the personal information the office stored. It’s also no shocker that OPM has been successfully infiltrated more than once given the state of its information...

0.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2015/05/19 1:19 p.m.39 views

Google Fixes Sandbox Escape in Chrome

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers w...

7.5CVSS2.6AI score0.0244EPSS
Exploits3References14
ThreatPost
ThreatPost
added 2014/12/05 9:19 a.m.39 views

December 2014 Adobe Reader, Acrobat Security Patches

Adobe is expected to update its Reader and Acrobat software next Tuesday as part of its scheduled security updates, and the updates will, according to an Adobe spokesperson, include patches for a Reader vulnerability disclosed this week by Google’s Project Zero. Researcher James Forshaw, a...

10CVSS6.5AI score0.90208EPSS
Exploits5References6
ThreatPost
ThreatPost
added 2014/12/04 2:4 p.m.39 views

December 2014 Microsoft Patch Tuesday Advance Notification

Microsoft made patch news on two fronts last month with an unusual emergency patch for a critical vulnerability in Kerberos, and for a missing fix for an Exchange bug that was promised in its November advanced notification. In the December advance notification, released today, an elevation...

9.3CVSS1AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2014/04/29 1:3 p.m.39 views

Volume of NTP Amplification Attacks Getting Louder

No security arena is better representative of the cat and mouse game between hackers and defenders than DDoS attacks and prevention/mitigation. Enterprises and service providers have invested heavily in DDoS mitigations in order to keep critical services available. That’s forced hackers to crank ...

5CVSS0.6AI score0.97549EPSS
Exploits23References9
ThreatPost
ThreatPost
added 2014/03/18 12:51 p.m.39 views

Apache Update Resolves Security Vulnerabilities

Apache has released version 2.4.9 of its ubiquitous HTTP web server HTTPD, resolving two security vulnerabilities and a number of other bugs in the process. The Apache Software Foundation is recommending HTTPD 2.4.9 over all previous versions. The first patch fixes CVE-2014-0098. It aims to...

5CVSS1.1AI score0.26831EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2014/03/11 2:30 p.m.39 views

IE Zero Day Exploits Increase Just Before Patch

Attackers have increased their exploitation of an Internet Explorer zero day vulnerability CVE-2014-0322 set to be fixed by Microsoft in its regularly scheduled patch Tuesday release later this afternoon. According to a Websense report, the exploit source code deployed in at least two incidents –...

9.3CVSS8.6AI score0.85239EPSS
Exploits23References5
ThreatPost
ThreatPost
added 2013/09/23 1:3 p.m.39 views

Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities

Developers behind the Apache Struts framework have released an update that fixes two vulnerabilities. Creators of the open-source web application framework are encouraging users to upgrade to Struts 2.3.15.2 immediately. One of the fixes addresses an issue CVE-2013-4316 in the Dynamic Method...

10CVSS0.8AI score0.08333EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2013/02/08 5:50 p.m.39 views

Emergency Adobe Flash Player Patches Fix Pair of Zero Days

Exploits targeting two previously unreported flaws in Flash Player prompted Adobe to release an emergency patch yesterday. One of the attacks is targeting aerospace and other manufacturing companies, and is being delivered via infected Microsoft Office documents. The other is being carried out ov...

9.3CVSS0.77597EPSS
Exploits10References4
ThreatPost
ThreatPost
added 2013/01/17 3:34 p.m.39 views

Java 7u11 Update Addresses Only One of Two Zero-Day Vulnerabilities

Microsoft can take some solace that it is not alone in sending out security updates that don’t fully address a zero-day vulnerability. A researcher at Immunity Inc., put Oracle on a similar hot seat this week when he reported that a recent out-of-band Java update repaired only one of two Java fla...

10CVSS9.8AI score0.97612EPSS
Exploits38References8
ThreatPost
ThreatPost
added 2012/05/02 11:27 a.m.39 views

Google Fixes Five Bugs in Chrome 18

Google has fixed five security vulnerabilities in its Chrome browser, including three high-severity flaws. One of the less-severe vulnerabilities fixed in Chrome 18 is a race condition in the browser’s sandbox. This round of patches in Chrome is one of the rare occasions when the company didn’t...

10CVSS1.4AI score0.03115EPSS
Exploits3References6
ThreatPost
ThreatPost
added 2012/03/29 11:40 a.m.39 views

Google Releases Chrome 18, Fixes Nine Security Flaws

Google has released version 18 of its Chrome browser and has fixed a number of serious security vulnerabilities in the process. The latest version of Chrome also includes an updated release of the Flash player that now includes the background updated that enables users to set the software to upda...

10CVSS8.6AI score0.02187EPSS
Exploits5References3
ThreatPost
ThreatPost
added 2011/11/28 4:39 p.m.39 views

New Java Vulnerability Coming Bundled With Exploit Kits

A recently discovered Java vulnerability that’s been circulating throughout the hacking underground has begun to show up alongside the BlackHole exploit kit, according to a post on Brian Krebs’ KrebsonSecurity blog. The National Vulnerability Database claims the vulnerability is found in the Java...

10CVSS0.5AI score0.96714EPSS
Exploits13References7
ThreatPost
ThreatPost
added 2010/10/01 1:36 p.m.39 views

Adobe to Release Critical Reader Patch Early

Adobe is moving up the release date for the patch for the critical bug in Reader and Acrobat and will now push the fix out on Oct. 5 instead of the following week. The flaw was disclosed last month and has been the target of attacks for several weeks now. The company said on Thursday that it has...

9.3CVSS1.7AI score0.82485EPSS
Exploits14References5
ThreatPost
ThreatPost
added 2010/07/14 4:25 p.m.39 views

Microsoft: 25,000 Computers Attacked With Latest Windows Zero Day

The Windows Help and Support Center vulnerability that was patched with yesterday’s MS10-042 bulletin was under active attack by malware miscreants, especially in Europe where Microsoft tracked about 25,000 attempts to exploit the vulnerability. According to Microsoft’s Holly Stewart, the attacks...

9.3CVSS1.6AI score0.75458EPSS
Exploits11References5
ThreatPost
ThreatPost
added 2010/02/18 3:9 p.m.39 views

OpenOffice Zaps Six Security Bugs

OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks. The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory...

9.3CVSS2.6AI score0.43389EPSS
Exploits2References8
ThreatPost
ThreatPost
added 2009/09/30 6:49 p.m.39 views

SMB2 Exploit Fitted into Metasploit; Attacks Likely

Fully functional exploit code for the still unpatched Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks. The exploit, created and released by...

1.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2022/07/26 6:15 p.m.38 views

Novel Malware Hijacks Facebook Business Accounts

A new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts. The malware, dubbed Ducktail, uses browser cookies from authenticated user sessions to take over accounts and steal data, researchers said...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/07/25 11:0 a.m.38 views

Why Physical Security Maintenance Should Never Be an Afterthought

Infosec Insiders author Roy Dagan, CEO, SecuriThings A crime occurs, police go to access video of the scene and then discover that crucial views are not available due to an outage or malfunction. This is precisely what the NYPD encountered in the recent subway shooting in New York City this past...

7.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2022/07/18 12:32 p.m.38 views

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads. French security researcher Maxime Ingrao of cybersecurity firm Evina discovered a malware that he dubbed...

7AI score
Exploits0References14
ThreatPost
ThreatPost
added 2022/07/11 8:26 p.m.38 views

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

7.3AI score
Exploits0References5
Total number of security vulnerabilities5000