Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/08/24 3:23 p.m.260 views

Iran-Linked 'Newbie' Hackers Spread Dharma Ransomware Via RDP Ports

A group of ‘script kiddies’ tied to Iran are targeting companies worldwide with internet-facing Remote Desktop Protocol RDP ports and weak credentials in order to infect them with Dharma ransomware. The Dharma malware also known as Crysis has been distributed as a ransomware-as-a-service RaaS mod...

1.9CVSS0.5AI score0.84138EPSS
Exploits13References10
ThreatPost
ThreatPost
added 2020/03/09 6:1 p.m.260 views

Microsoft Exchange Server Flaw Exploited in APT Attacks

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability in question CVE-2020-0688 exists in the control panel of...

9CVSS0.4AI score0.99965EPSS
Exploits30References8
ThreatPost
ThreatPost
added 2019/06/14 6:52 p.m.260 views

ThreatList: Ransomware Trojans Picking Up Steam in 2019

With the number of unique cyberincidents continuing to grow, ransomware-based attacks in particular are on the rise in 2019, researchers said. Ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019, said Positive...

7.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/05/20 4:50 p.m.258 views

4 Android Bugs Being Exploited in the Wild

Google updated its May 3 Android security bulletin on Wednesday to say that there are “indications” that four of the 50 vulnerabilities “may be under limited, targeted exploitation.” That was mostly confirmed by Maddie Stone, a member of Google’s Project Zero exploit research group, who clarified...

9CVSS8.6AI score0.72105EPSS
Exploits29References21
ThreatPost
ThreatPost
added 2021/03/10 2:44 p.m.258 views

Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare

Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. They claim, the hack gave them widespread access to surveillance footage within companies such as Tesla and Cloudflare, as well as hospitals, companies,...

0.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/03/02 5:54 p.m.258 views

Jailbreak Tool Works on iPhones Up to iOS 14.3

Hackers behind previous iPhone jailbreak tools have released a jailbreak update based on a recently discovered and patched iPhone vulnerability. According to iPhone jailbreakers at UnC0ver, the tool allows users to take full control over unpatched iPhones. The jailbreak—which UnC0ver said works o...

8.6AI score0.02222EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2020/01/29 3:27 p.m.258 views

Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution. Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe...

10CVSS1.5AI score0.13964EPSS
Exploits1References11
ThreatPost
ThreatPost
added 2021/07/29 7:16 p.m.257 views

UC San Diego Health Breach Tied to Phishing Attack

Authorities at the University of California San Diego Health reported a phishing attack led to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2,...

7AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/05/19 4:53 p.m.257 views

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service DDoS attacks on gaming targets and others, using internet of things IoT nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said. According to t...

10CVSS9.2AI score0.99975EPSS
Exploits6References11
ThreatPost
ThreatPost
added 2019/07/26 7:44 p.m.256 views

Louisiana Gov Declares Emergency After Rampant Cyberattacks Plague Schools

After a rash of public schools were hit with ransomware, Louisiana’s governor has declared a statewide state of emergency. School districts in the northern part of the state – including Monroe City, Morehouse Parish and Sabine Parish – have been affected. Monroe City, on its website, noted that i...

1.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/06/24 3:31 p.m.255 views

Critical VMware Carbon Black Bug Allows Auth Bypass

VMware has fixed an uber-severe bug in its Carbon Black App Control AppC management server: A server whose job is to lock down critical systems and servers so they don’t get changed willy-nilly. AppC also ensures that organizations stay in continuous compliance with regulatory mandates. This is a...

9.8CVSS7.4AI score0.10619EPSS
Exploits0References13
ThreatPost
ThreatPost
added 2020/08/14 6:26 p.m.255 views

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is...

0.6AI score0.0552EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2019/06/21 7:50 p.m.255 views

Microsoft Outlook for Android Open to XSS Attacks

Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting XSS attacks. The software giant said that CVE-2019-1105, rated “important,” is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses...

4.3CVSS6.3AI score0.09024EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2019/06/06 5:43 p.m.255 views

High-Severity Bug in Cisco Industrial Enterprise Tool Allows RCE

A high-severity bug has been found that allows remote attackers to hijack Cisco’s enterprise-class Industrial Network Director. The vulnerability was made public Wednesday along with a patch; there are no workarounds for the bug and a software patch is required, Cisco said. Cisco’s Industrial...

9CVSS1.5AI score0.99737EPSS
Exploits16References11
ThreatPost
ThreatPost
added 2021/02/17 3:30 p.m.254 views

Details Tied to Safari Browser-based 'ScamClub' Campaign Revealed

Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers. The Safari bug, patched on Dec. 2 by Apple,...

7.7AI score0.01515EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2019/05/13 4:38 p.m.254 views

ThreatList: Top 5 Most Dangerous Attachment Types

Researchers with F-Secure have tracked the top spam-related attachments and campaigns used so far in 2019. The verdict, ZIPs, PDF, and MS office files such as DOC and XLSM file attachments were more commonly used in huge spam campaigns than any other type attachment. In addition, researchers...

7.3AI score
Exploits0References15
ThreatPost
ThreatPost
added 2019/04/24 8:57 p.m.254 views

Facebook May Face $5 Billion FTC Fine for Data Misuse

UPDATE Facebook may be facing fines as high as $5 billion after a year-long Federal Trade Commission FTC investigation into its data-security practices. Though it wasn’t mentioned in its earnings call on Wednesday, the social-media giant in a release for its Q1 2019 earnings said that it was...

0.3AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/05/11 8:5 p.m.253 views

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...

9.9CVSS7.6AI score0.99782EPSS
Exploits46References24
ThreatPost
ThreatPost
added 2019/10/08 4:20 p.m.253 views

Google October Android Security Update Fixes Critical RCE Flaws

UPDATE Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code. The remote code execution RCE flaws are part of Google’s October 2019 Android Security Bulletin,...

10CVSS8.3AI score0.72105EPSS
Exploits27References10
ThreatPost
ThreatPost
added 2019/06/10 4:10 p.m.252 views

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References7
ThreatPost
ThreatPost
added 2021/04/01 6:7 p.m.251 views

Ragnarok Ransomware Hits Boggi Milano Menswear

Luxury Italian men’s clothing line Boggi Milano has confirmed what Ragnarok was already bragging about on the Dark Web: The brand was hit with a ransomware attack, according to multiple sources. Ragnarok and Boggi Milano representatives who spoke to Bloomberg agree on the facts; the ransomware...

0.1AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/05/06 7:55 p.m.250 views

Qualcomm Chip Bug Opens Android Fans to Eavesdropping

A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. That’s according to...

7.8CVSS7.8AI score0.00814EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2020/07/27 4:23 p.m.250 views

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability CVE-2020-3452 in question, which ranks 7.5 out of 10 on the CVSS scale, were released last...

5CVSS7.8AI score0.99992EPSS
Exploits25References10
ThreatPost
ThreatPost
added 2019/07/05 5:5 p.m.250 views

PGP Ecosystem Targeted in ‘Poisoning’ Attacks

A long-feared attack vector used against Pretty Good Privacy, the framework used to authenticate and keep email messages private, is being exploited for the first time. The attack, which takes aim at keyserver verification directories, makes it impossible for Pretty Good Privacy PGP to work...

1.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/04/26 7:44 p.m.250 views

Users Urged to Update WordPress Plugin After Flaw Disclosed

UPDATE A vulnerability in a popular WordPress plugin called the WooCommerce Checkout Manager extension is potentially putting more than 60,000 websites at risk, researchers say. The WooCommerce Checkout Manager plugin allows WooCommerce users to customize and manage the fields on their checkout...

9CVSS1.2AI score0.99965EPSS
Exploits30References8
ThreatPost
ThreatPost
added 2018/08/12 10:0 p.m.250 views

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

LAS VEGAS – Tens of millions of fax-ready HP OfficeJet inkjet printers are vulnerable to a simple hack that gives an attacker full control over a targeted printer. Once compromised, the all-in-one OfficeJet could act as a springboard for deeper network penetration by an attacker. Here at DEF CON,...

9.3CVSS0.5AI score0.12227EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2011/08/03 7:26 p.m.250 views

Black Hat: Remote DOS, Backdoor, Easter Egg Among Newly Discovered Siemens Holes

Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easte...

1.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/24 10:0 a.m.249 views

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...

8.3AI score
Exploits0References20
ThreatPost
ThreatPost
added 2019/06/12 1:25 p.m.249 views

Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC short for Next Unit of Computing, a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight...

7.5CVSS8.1AI score0.01996EPSS
Exploits0References16
ThreatPost
ThreatPost
added 2022/04/12 8:0 p.m.248 views

Microsoft Zero-Days, Wormable Bugs Spark Concern

Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update – ten of them rated critical including three wormable code-execution bugs that require no user interaction to exploit. There are also two important-rated zero-days that allow privilege...

10CVSS9.5AI score0.91316EPSS
Exploits22References17
ThreatPost
ThreatPost
added 2022/02/04 6:26 p.m.248 views

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers

A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in...

10CVSS9.7AI score0.99999EPSS
Exploits352References3
ThreatPost
ThreatPost
added 2020/06/15 3:36 p.m.248 views

Claire's Customers Targeted with Magecart Payment-Card Skimmer

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire’s for a month and a half, according to researchers. Claire’s – a purveyor of jewelry and accessories – closed its 3,000 physical retail locations worldwide on March 20, in the wake of the COVID-19 pandemic. ...

8.4AI score0.0552EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2019/01/23 3:6 p.m.248 views

U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks

The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System DNS security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned that multiple government domains have been targeted by DNS...

0.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2022/03/03 2:0 p.m.247 views

Securing Data With a Frenzied Remote Workforce–Podcast

The baby upchucks. The dog loudly informs you that she’s detected a budding squirrel armageddon. Your department’s Zoom meeting starts in four minutes. The Bank of Fezziwig texts: If you haven’t enabled online banking, click here. What. Do. You. DO?!? It doesn’t matter that you’ve been working...

8.4AI score
Exploits0References10
ThreatPost
ThreatPost
added 2022/02/15 2:4 a.m.247 views

BlackByte Tackles the SF 49ers & US Critical Infrastructure

The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...

9.1AI score
Exploits0References10
ThreatPost
ThreatPost
added 2022/02/14 5:23 p.m.247 views

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/04/01 4:22 p.m.247 views

Building a Fortress: 3 Key Strategies for IT Security

Last year and early spring has been undoubtedly tough for cybersecurity. We’ve seen one of – if not the – worst cyberattacks on U.S. companies and government agencies in the last decade; and the ProxyLogon Microsoft Exchange vulnerabilities continue to be dangerous. Knowing just how vulnerable ma...

0.1AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/02/09 7:40 p.m.247 views

Attackers Exploit Critical Adobe Bug, Target Windows

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. The vulnerability CVE-2021-21017 has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in...

1.4AI score0.8621EPSS
Exploits3References9
ThreatPost
ThreatPost
added 2020/04/14 7:45 p.m.247 views

April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit

Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It’s a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important...

7.6CVSS9.7AI score0.69166EPSS
Exploits3References25
ThreatPost
ThreatPost
added 2019/01/23 8:0 p.m.247 views

Malware in Ad-Based Images Targets Mac Users

A massive adware campaign has so far impacted up to a million Mac users, using a tricky steganography technique to hide malware in image files. Researchers at Confiant and Malwarebytes said the attacks have been running since Jan. 11, using ads on the web and steganography to spread; steganograph...

0.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/25 1:5 a.m.246 views

Spam Downpour Drips New IcedID Banking Trojan Variant

Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. Written in English and carrying .ZIP files full of the malware – or links to such ZIP files – the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from...

7.7AI score
Exploits0References16
ThreatPost
ThreatPost
added 2019/07/26 4:29 p.m.246 views

'Google' Sites Are the Latest Ploy by Card-Skimming Thieves

Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. According to analysts at Sucuri, cybercriminals are using typosquatting the practice of changing one letter in a trusted site name to use as a malicious URL to...

6.9AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/02/16 2:8 p.m.245 views

Unpatched Android App with 1B Downloads Allows RCE

An Android app that’s been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk MiTD attacks on people’s devices, researchers discovered. The flaws exist in an app...

0.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2017/09/14 4:0 p.m.245 views

Equifax Confirms March Struts Vulnerability Behind Breach

Equifax said the culprit behind this summer’s massive breach of 143 million Americans was indeed CVE-2017-5638, an Apache Struts vulnerability patched back in March. The bug was widely assumed by experts to be the “U.S. website application vulnerability” implicated by the company last Thursday,...

10CVSS1.2AI score0.99999EPSS
Exploits66References12
ThreatPost
ThreatPost
added 2022/03/24 7:23 p.m.244 views

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into an endless loop of losing their characters’ lives, rendering it essentially unplayable. Malwarebytes Labs researcher Christopher Boyd said...

9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2022/02/15 2:2 p.m.244 views

TA2541: APT Has Been Shooting RATs at Aviation for Years

Researchers have identified an advanced persistent threat APT group responsible for a series of cyberespionage and spyware attacks against the aviation, aerospace, transportation and defense industries since at least 2017 that feature high-volume email campaigns using industry-specific lures. The...

8.9AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/07/28 11:1 a.m.244 views

Podcast: Why Securing Active Directory Is a Nightmare

This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory AD such a nightmare? When security...

8.1AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/04/07 4:47 p.m.244 views

Fake Netflix App on Google Play Spreads Malware Via WhatsApp

Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called “FlixOnline,” which advertised via WhatsApp messages...

Exploits0References7
ThreatPost
ThreatPost
added 2020/09/15 7:8 p.m.244 views

IBM Spectrum Protect Plus Security Open to RCE

IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems. IBM Spectrum Protect Plus is a data-protection...

6CVSS0.2AI score0.26869EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2020/06/09 7:28 p.m.244 views

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update

Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server,...

10CVSS9.2AI score0.9981EPSS
Exploits129References24
Total number of security vulnerabilities5000