Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2015/06/22 10:16 a.m.38 views

Ubuntu Patches Privilege-Escalation Bug

There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some specific circumstances. Security researcher Philip Pettersson discovered the vulnerability and reported...

7.2CVSS1.7AI score0.37679EPSS
Exploits22References5
ThreatPost
ThreatPost
added 2015/05/07 10:49 a.m.38 views

Apple Fixes WebKit Vulnerabilities in Safari Browser

Apple has updated its Safari browser, fixing a handful of exploitable WebKit flaws in various versions of Safari. WebKit is the core layout engine responsible for rendering webpages in the Safari browser. The first bulletin, vulnerabilities uncovered by Apple, resolves multiple memory corruption...

6.8CVSS0.8AI score0.10946EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2015/05/05 11:21 a.m.38 views

ICU Project ICU4C Library Vulnerabilities Patched

Multitudes of software packages that make use of the ICU Project C/C++ and Java libraries may need to update after a pair of memory-based vulnerabilities were discovered and subsequently patched. Version 55.1 of the ICU Project ICU4C library, released yesterday, addresses separate heap-based buff...

7.5CVSS0.4AI score0.2447EPSS
Exploits3References3
ThreatPost
ThreatPost
added 2015/02/12 9:10 a.m.38 views

Ryan Naraine on SAS 2015

Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years. Music by Chris Gonsalves Download: digitalunderground184.mp3...

1.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/03/04 10:55 a.m.38 views

Google Fixes Nearly 20 Bugs in Chrome 33

Google has fixed 19 security flaws in its Chrome browser, including more than a dozen high-risk bugs. The company paid out $3,500 in rewards to security researchers who reported flaws. Two of the high-risk vulnerabilities fixed in Chrome 33 are use-after-free flaws, one in SVG images and the othe...

7.5CVSS2AI score0.01781EPSS
Exploits1
ThreatPost
ThreatPost
added 2014/01/14 12:45 p.m.38 views

NTP Amplification Flaw To Blame For Gaming DDoS Attacks

US-CERT has issued an advisory that warns enterprises about distributed denial of service attacks flooding networks with massive amounts of UDP traffic using publicly available network time protocol NTP servers. Known as NTP amplification attacks, hackers are exploiting something known as the...

5CVSS1.4AI score0.97549EPSS
Exploits23References3
ThreatPost
ThreatPost
added 2013/09/19 12:53 p.m.38 views

Apple's iOS 7 Update Fixes 80 Security Bugs

We are one day in and Apple’s sleek new mobile operating system, iOS 7, has been dissected to death – the colors, the similarities to Android’s OS, the amount of time it took some users to download the update from Apple’s servers. Those talking points aside, the update also brought a slew of bug...

6.8CVSS8.7AI score0.04382EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2012/12/19 10:19 p.m.38 views

VMware Patches Directory Traversal Vulnerability in View Server and Security Server

Virtualization vendor VMware has patched a critical vulnerability in its VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files without the need for authentication. VMware View 5.x prior to 5.1.2 and 4.x prior to...

5CVSS7.1AI score0.02802EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2012/08/30 4:48 p.m.38 views

Computer Virus Blacks Out Qatari Gas Producer

An “unknown virus” has shutdown the entire computer network of the world’s second largest liquefied natural gas LNG producer, RasGas, according to news reports. RasGas is based in Qatar, a peninsular nation located within the larger Arabian Peninsula. The LNG producer has reportedly been offline...

10CVSS1.6AI score0.98536EPSS
Exploits10References2
ThreatPost
ThreatPost
added 2012/06/11 2:3 p.m.38 views

Trivial Password Flaw Leaves MySQL Databases Exposed

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying...

5.1CVSS6.1AI score0.96188EPSS
Exploits9References6
ThreatPost
ThreatPost
added 2012/01/27 1:3 p.m.38 views

Attackers Targeting Windows Media Bug With Malware

Security researchers have seen attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems. Whe...

9.3CVSS1.7AI score0.69499EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2011/07/06 7:42 p.m.38 views

New BIND Release Fixes High-Severity Remote Bugs

The Internet Systems Consortium has released new versions of the ubiquitous BIND server software that fix a pair of vulnerabilities in existing releases, one of which enables an attacker to stop the software from running on remote DNS servers. The high-severity vulnerability in many versions of t...

5CVSS2.5AI score0.19265EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2011/06/20 8:24 a.m.38 views

Attackers Exploiting Critical Flash Bug Via Drive-By Download

Attackers have begun actively exploiting the critical Adobe Flash vulnerability that Adobe patched last week, using rigged Web pages and phishing techniques to compromise vulnerable machines. The attack code is being hosted on a number of sites around the Web right now, researchers said. Adobe...

10CVSS0.2AI score0.86421EPSS
Exploits11References3
ThreatPost
ThreatPost
added 2011/04/27 5:26 p.m.38 views

Google Fixes More Than 25 Bugs in Chrome, Pays $16,500 in Bounties

Google has released another new version of Chrome that fixes a total of 27 different bugs on various platforms. The company paid out $16,500 in bounties to researchers for the vulnerabilities they reported, including one $3,000 payment for a high-severity bug. The new version of Chrome, version...

7.5CVSS0.01822EPSS
Exploits16References29
ThreatPost
ThreatPost
added 2011/01/05 6:4 p.m.38 views

Yonggang "Gary" Min (DuPont)

Min worked at Delaware based chemicals giant DuPont for over a decade before he surreptitiously took a job at DuPont competitor, Victrex. Over a four month period after accepting that offer, and before informing DuPont of his decision, Min systematically copied thousands of pages of confidential...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2010/10/06 11:42 a.m.38 views

Adobe Issues Huge Patch for Reader and Acrobat

UPDATE: After announcing that it was accelerating a critical patch of its Reader program last week, Adobe pushed out a large patch on Tuesday, fixing 23 separate vulnerabilities in its Reader and Acrobat applications. The huge quarterly security update included company issued Security Bulletin...

9.3CVSS8.3AI score0.82485EPSS
Exploits14References6
ThreatPost
ThreatPost
added 2010/09/08 5:50 p.m.38 views

New Adobe PDF Zero-Day Flaw Under Attack

Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild. Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being...

9.3CVSS1.8AI score0.82485EPSS
Exploits13
ThreatPost
ThreatPost
added 2010/07/01 11:15 a.m.38 views

Huge Increase Seen in Attacks on Windows Help Center Flaw

Attackers are ramping up their attempts to exploit the recently disclosed vulnerability in the Windows Help and Support Center in Windows XP. There have been targeted attacks against the flaw for two weeks now, but experts have noticed a major increase in the volume and spread of them in recent...

9.3CVSS1.8AI score0.75458EPSS
Exploits11References4
ThreatPost
ThreatPost
added 2022/07/13 11:45 a.m.37 views

Large-Scale Phishing Campaign Bypasses MFA

Microsoft researchers have uncovered a massive phishing campaign that can steal credentials even if a user has multi-factor authentication MFA enabled and has so far attempted to compromise more than 10,000 organizations. The campaign, which has been active since September 2021, depends upon the...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/07/08 2:45 p.m.37 views

Sneaky New Orbit Malware Backdoors Linux Devices

A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found. The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores th...

7.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/07/05 12:35 p.m.37 views

Latest Cyberattack Against Iran Part of Ongoing Campaign

Malware used in a crippling cyberattacks against an Iranian steel plants last week is connected to an attack that shut down the country’s rail system last year. In both cases, on malware strain was used to impact physical and critical infrastructure, according to a report from Check Point Researc...

6.7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2022/06/08 1:36 p.m.37 views

Taming the Digital Asset Tsunami

Internet Protocol IP addresses and the devices, web services and cloud assets behind them are the lifeblood of modern businesses. But too often companies amass thousands of digital assets, creating an unmanageable mess for IT and security teams. Left unchecked, a single forgotten, abandoned or...

6.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/06/03 1:46 p.m.37 views

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon’s 15th annual Data Breach Investigations Report DBIR. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware – up 1...

7.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2022/06/02 11:44 a.m.37 views

Scammers Target NFT Discord Channel

Discord a public chat application designed for gamers has grown popular among crypto owners all over the world. Attackers are targeting the Discord servers of several popular nonfungible token NFT projects. Josh Fraser founder of Origin protocol shared a thread on Twitter earlier this month,...

6.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2022/02/01 11:6 p.m.37 views

FBI: Use a Burner Phone at the Olympics

Use a burner phone if you’re traveling to the Olympics, the FBI warned on Tuesday, lest you come home with a nasty case of malware and/or snatched personal data. The FBI didn’t mention specific threats, per se, but its alert warned those traveling to the February 2022 Beijing Winter Olympics and...

7.3AI score
Exploits0References22
ThreatPost
ThreatPost
added 2022/01/25 8:45 p.m.37 views

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin

Ozzy Osbourne and his famously enterprising wife and manager, Sharon, decided to launch a new non-fungible token NFT collection called CryptoBatz — but the rollout was clouded. Scammers quickly found they could use an abandoned vanity Discord URL to drain potential buyers’ crypto wallets...

7.4AI score
Exploits0References14
ThreatPost
ThreatPost
added 2022/01/05 11:13 p.m.37 views

1.1M Compromised Accounts Found at 17 Major Companies

There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes o...

7.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/12/28 4:31 p.m.37 views

That Toy You Got for Christmas Could Be Spying on You

Many adults found it charming when Mattel upgraded its classic Fisher-Price Chatter telephone for its 60th anniversary in October with actual Bluetooth capabilities, so grownups, too, can use it — and for actual mobile phone calls. But flaws in the way the toy pairs with Bluetooth means that othe...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/11/17 10:6 p.m.37 views

Fake Ransomware Infection Hits WordPress Sites

Fake red-on-black warnings have been plastered to hundreds of WordPress sites, warning that they’ve been encrypted. The warnings have at least one ransomware accoutrement that might look convincing at first blush: a countdown clock tick-tick-ticking away, warning site owners that they’ve got seve...

7.9AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/11/11 6:48 p.m.37 views

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/09/08 9:14 p.m.37 views

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

The Ragnar Locker ransomware gang just put its victims on notice: Call for help – be it from investigators, the FBI or ransomware negotiators – and the punishment will be the publication of encrypted files. Bryce Webster-Jacobsen, director of intelligence operations at digital risk...

6.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/09/07 4:7 p.m.37 views

ProtonMail Forced to Log IP Address of French Activist

The privacy-hugging, end-to-end encryption-providing email provider ProtonMail was forced to log the IP address of a French activist and turn it over to Europol, according to a French police report that came to light over the weekend. The activist was arrested as a result. In the wake of the news...

6.7AI score
Exploits0References17
ThreatPost
ThreatPost
added 2021/09/03 11:31 a.m.37 views

Brute-Force Attacks Target Inboxes for Gift Card Data

Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The actors behind the scam—outlined in a post by Brian Krebs on Krebs on...

7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2021/08/25 3:10 p.m.37 views

US Media, Retailers Targeted by New SparklingGoblin APT

An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat APT group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called...

7.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/08/24 7:35 p.m.37 views

Poly Network Recoups $610M Stolen from DeFi Platform

A threat actor called “Mr. White Hat” has returned the $610 million they stole from the decentralized finance platform Poly Network. The breached company did everything from threaten to sic law enforcement on the attacker on up to its ultimate offer: the position of chief security officer in...

7.3AI score
Exploits0References19
ThreatPost
ThreatPost
added 2021/08/12 4:6 p.m.37 views

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the...

6.4AI score
Exploits0References22
ThreatPost
ThreatPost
added 2021/07/01 4:24 p.m.37 views

Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline Threatpost confirmed that as of press time, the website was down. The stole...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/06/18 1:39 p.m.37 views

Insider Versus Outsider: Navigating Top Data Loss Threats

It’s no surprise that cloud adoption has increased considerably in the last year, as organizations sought to adapt to the rapid transition to remote work amid the pandemic. However, what’s shocking is that despite the many advantages cloud and software-as-a-service SaaS applications provide...

6.9AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/06/11 4:39 p.m.37 views

Cyberpunk 2077 Hacked Data Circulating Online

New data from the February hack of CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the Witcher series, is circulating online. Earlier this year, the company suffered a ransomware attack in which a cyberattack group believed by some to be the HelloKitty gang “gained...

7.3AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/05/25 3:6 p.m.37 views

Bose Admits Ransomware Hit: Employee Data Accessed

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/05/24 4:23 p.m.37 views

FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel

An FBI analyst with top-secret security clearance illegally squirreled away national-security documents related to Osama bin Laden, al-Qaeda, cybersecurity and more in her home for years, the feds say. Kendra Kingsbury, who was working in the FBI’s Kansas City Division until being put on leave in...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/05/11 4:8 p.m.37 views

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud

Though it’s often hard to find group consensus, one thing everyone can agree on is a feeling of relief that we may be moving past the worst of the pandemic. While few want to look back on the darkest times, those months have continuing lessons to teach about cybersecurity. Like it or not, the...

5.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/02/17 10:2 p.m.37 views

Stolen Jones Day Law Firm Files Posted on Dark Web

The Clop ransomware group has reportedly started posting data on the Dark Web apparently stolen from law firm Jones Day, which represents many of the globe’s most powerful people, including former president Donald Trump in his efforts to overturn the 2020 election. But the attack had nothing to d...

7AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/01/21 2:0 p.m.37 views

Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found. The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scans to lure victi...

0.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/01/15 5:2 p.m.37 views

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

Apple has removed a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called “ContentFilterExclusionList” and included a list of at least 50...

6.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2021/01/07 10:21 p.m.37 views

Biden to Appoint Cybersecurity Advisor to NSC – Report

President-elect Joe Biden has reportedly tapped the National Security Agency’s cybersecurity director to serve in a brand-new cyber-role on his National Security Council. Anne Neuberger, a more than 10-year veteran of the NSA and its cyber-chief since 2019, will become the country’s deputy nation...

0.5AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/01/07 6:8 p.m.37 views

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research. The research author, Chuong Dong, a computer science student at...

7AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/12/30 3:0 p.m.37 views

Taking a Neighborhood Watch Approach to Retail Cybersecurity

Every year retailers face a heightened level of risk during the online holiday shopping season. COVID-19 drastically shifted consumer buying behaviors, forcing retailers to accelerate digital transformation efforts to support an exponentially higher number of online transactions. Projected U.S...

7.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/12/23 7:2 p.m.37 views

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack

The advanced persistent threat APT known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries’ vaccine-development efforts. That’s the finding from Kaspersky researchers, who found that Lazarus Group — widely...

0.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/12/22 4:5 p.m.37 views

Joker's Stash Carding Site Taken Down

Joker’s Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains. Joker’s Stash is a popular cybercriminal destination that specializes in trading in payment-card data, offering millions of stolen...

0.7AI score
Exploits0References8
Total number of security vulnerabilities5000