Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2020/06/17 9:5 p.m.35 views

Premier League's Return: A Hat Trick of Cyberthreats?

England’s Premier League is returning this week, with millions of soccer fans around the world looking to stream matches using their online video accounts. Unfortunately, the U.K.’s National Cyber Security Centre NCSC is warning on phishing, fraud and brute-forcing attempts by attackers looking t...

7.3AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/06/12 7:52 p.m.35 views

Knoxville Ransomware Attack Leads to IT Network Shutdown

The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city’s network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city’s intern...

0.3AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/05/05 3:55 p.m.35 views

GoDaddy Hack Breaches Hosting Account Credentials

UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...

0.9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/03/11 1:56 p.m.35 views

More Than Half of IoT Devices Vulnerable to Severe Attacks

More than half of all internet of things IoT devices are vulnerable to medium- or high-severity attacks, meaning that enterprises are sitting on a “ticking IoT time bomb,” according to Palo Alto Networks Unit 42 research team. In new research released Tuesday, researchers said that several...

7.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/11/21 4:35 p.m.35 views

Gnip Banking Trojan Shows Ongoing, Aggressive Development

A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating — including a sample released in...

7.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/07/09 4:0 p.m.35 views

Marriott Hit With $123M Fine For Massive 2018 Data Breach

The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...

7.1AI score
Exploits0References14
ThreatPost
ThreatPost
added 2019/06/06 2:6 p.m.35 views

Help Keep Data and Systems Safe with Access Rights Manager (ARM)

Built to provision, deprovision, audit, and manage user access rights to data, files, and other systems, SolarWinds® Access Rights Manager ARM is designed to help security admins and IT pros protect their companies from potential risks like data loss and breaches. Visualize who has access to what...

0.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2019/01/29 5:32 p.m.35 views

Mozilla Firefox 65 Ups the Ante on Privacy with Anti-Tracking Efforts

Mozilla has unveiled new anti-tracking policies and redesigned privacy controls in tandem with the release of Firefox 65 on Tuesday. The company announced a new set of redesigned controls for the Content Blocking section, where users can choose their desired level of privacy protection. These are...

0.3AI score
Exploits0References21
ThreatPost
ThreatPost
added 2018/08/30 5:44 p.m.35 views

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...

5CVSS7AI score0.00987EPSS
Exploits5References6
ThreatPost
ThreatPost
added 2018/08/07 9:29 p.m.35 views

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Legacy WiFi just became a little less safe, according to Jens Steube, the developer of the password-cracking tool known as Hashcat. He has found a faster, easier way to crack some WPA/WPA2-protected WiFi networks. Hackers have compromised the WPA/WPA2 encryption protocols in the past, but it’s an...

7.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/06/13 9:55 p.m.35 views

Malicious Docker Containers Earn Cryptomining Criminals $90K

UPDATE Seventeen malicious Docker containers earned cryptomining criminals $90,000 in 30 days in what could be a harbinger of things to come. The figure may seem tame compared to some of the larger paydays that cryptojackers have earned. But, researchers at Kromtech Security Center warn container...

7.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2018/05/02 2:13 p.m.35 views

Schneider Electric Patches Critical RCE Vulnerability

Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations. Tenable Research, who discovered the vulnerability CVE-2018-8840 and created a...

10CVSS0.4AI score0.08431EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2017/11/03 11:0 a.m.35 views

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this...

6.8CVSS2.8AI score0.16043EPSS
Exploits4References5
ThreatPost
ThreatPost
added 2017/11/01 2:35 p.m.35 views

WordPress Delivers Second Patch For SQL Injection Bug

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover. WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability. “This is a security releas...

7.5CVSS0.4AI score0.10357EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2017/09/19 5:21 p.m.35 views

iOS 11 Update includes Patches for Eight Vulnerabilities

iOS 11 is out today and along with a new look and feel on the iPad especially comes a handful of patches for the Apple mobile OS. Apple addressed eight CVEs in today’s iOS update, and 15 overall as it also updated Safari and the Xcode development framework. Two Webkit bugs, CVE-2017-7106 and...

7.1CVSS0.1AI score0.061EPSS
Exploits6References3
ThreatPost
ThreatPost
added 2017/08/14 3:22 p.m.35 views

Windows Search Bug Worth Watching, and Squashing

Between Conficker and WannaCry, there was a nearly a decade when network worms went dark. WannaCry changed that, riding into enterprises globally on the coattails of a leaked nation-state exploit. In the months since the May 12 ransomware attack, vendors, researchers and network admins have been ...

9.3CVSS0.9AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2017/08/10 3:0 p.m.35 views

Patched Flash Player Sandbox Escape Leaked Windows Credentials

One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue. Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the...

5CVSS8AI score0.04478EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2017/06/19 1:5 p.m.35 views

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD,...

6.2CVSS7.5AI score0.05186EPSS
Exploits3References4
ThreatPost
ThreatPost
added 2017/03/07 1:58 p.m.35 views

Unpatched Western Digital Bugs Leave NAS Boxes Open to Attack

Western Digital Corporation network-attached storage owners were warned of critical flaws in the company’s My Cloud line of hardware that exposed data stored on the devices to attack. The flaws impact a dozen Western Digital drives that could allow remote adversaries to bypass logins, insert...

10CVSS0.1AI score0.95174EPSS
Exploits5References13
ThreatPost
ThreatPost
added 2017/01/25 2:30 p.m.35 views

Firefox 51 Begins Warning Users of Insecure HTTP Connections

Mozilla Foundation took steps with the release of Firefox 51 on Tuesday to communicate more clearly to users when they land on a HTTP website collecting personal information such as passwords that the site may not be secure. Going forward, Firefox will display a gray lock icon with a red...

7.5CVSS0.4AI score0.33434EPSS
Exploits16References8
ThreatPost
ThreatPost
added 2016/10/13 2:54 p.m.35 views

Google Plugs 21 Security Holes in Chrome Browser

Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty. Bug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a...

6.8CVSS0.6AI score0.01978EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2016/09/28 4:29 p.m.35 views

ISC Patches Critical Error Condition in BIND

The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software. A security advisory on ISC’s Knowledge Base on Tuesday acknowledges an attacker can exploit the vulnerability remotely and likely for that reason,...

7.8CVSS1.1AI score0.89482EPSS
Exploits7References2
ThreatPost
ThreatPost
added 2016/09/01 11:52 a.m.35 views

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company. Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time...

6.8CVSS8.2AI score0.04702EPSS
Exploits0References25
ThreatPost
ThreatPost
added 2016/08/09 12:50 p.m.35 views

Adobe Patches Experience Manager; No Flash Update

Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t. For the first time since January, Adobe did not release a security update for Flash Player. Given Flash’s legacy of being a target-rich environment for cybercriminals and advanced...

5CVSS1.6AI score0.0275EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2016/05/19 1:8 p.m.35 views

Android Qualcomm Vulnerability Impacts 60 Percent of Devices

A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with...

9.3CVSS1AI score0.06906EPSS
Exploits3References3
ThreatPost
ThreatPost
added 2016/04/15 3:22 p.m.35 views

Microsoft Wins Widespread Support in Privacy Clash With Govt.

Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic...

9.3CVSS8.4AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2015/06/09 2:19 p.m.35 views

June 2015 Microsoft Patch Tuesday Security Bulletins

IT administrators today were granted a relatively light month of security bulletins from Microsoft, which is likely to be welcomed given that Windows Server 2003 security support ends in little more than a month. Microsoft today released eight bulletins, two of them rated critical, including a...

9.3CVSS9.8AI score0.99945EPSS
Exploits33References15
ThreatPost
ThreatPost
added 2015/04/15 1:26 p.m.35 views

Oracle Patch Update Delivers 98 Fixes

Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few. One of the most pressing issues the update resolves is...

9CVSS0.4AI score0.0256EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/04/14 2:44 p.m.35 views

Google Fixes Dozens of Bugs in Chrome 42

Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous...

7.5CVSS0.1AI score0.02702EPSS
Exploits1References14
ThreatPost
ThreatPost
added 2015/02/11 4:7 p.m.35 views

Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial...

10CVSS7AI score0.33581EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2014/12/16 9:10 a.m.35 views

Two Cisco Products Vulnerable to POODLE Attack on TLS

Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who...

4.3CVSS1.8AI score0.1372EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2014/03/20 3:57 p.m.35 views

Bitcoin Transaction Malleability Flaw Resolved

The so-called transaction malleability software issue blamed for the dissolution of Bitcoin exchange Mt. Gox has been patched. Also, the Bitcoin-QT reference client was also rebranded to Bitcoin Core, in order to clear confusion users might have had between the Bitcoin network and software. Bitco...

0.5AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/01/30 12:32 p.m.35 views

Researcher Warns of Critical Flaws in Oracle Servers

There are two vulnerabilities in some of Oracle’s older database packages that allow an attacker to access a remote server without a password and even view the server’s filesystem and dump arbitrary files. Oracle has not released a patch for one of the flaws, even though it was reported by a...

6.4CVSS10AI score0.9822EPSS
Exploits11References3
ThreatPost
ThreatPost
added 2014/01/14 2:27 p.m.35 views

Google Blocks Malicious File Downloads Automatically in Chome

Google has fixed five vulnerabilities in its Chrome browser and also has activated a feature that will block malicious file downloads automatically. The change is a major security upgrade for Chrome and will help prevent users from unwittingly downloading harmful files, an attack vector that...

7.5CVSS0.01575EPSS
Exploits4References9
ThreatPost
ThreatPost
added 2013/10/03 4:3 p.m.35 views

Microsoft Readies Eight Patches, IE Zero Day Fix

Microsoft has announced that it plans to release eight patches next week as part of its October Patch Tuesday release, addressing flaws in its Windows, the .NET Framework, Office, Server, Silverlight and most importantly its Internet Explorer browser. Four of the patches are marked critical,...

1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2013/10/02 10:4 a.m.35 views

Researchers Ponder When to Notify Users of Public Vulnerability Exploits

BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point...

9.3CVSS0.3AI score0.75458EPSS
Exploits11References1
ThreatPost
ThreatPost
added 2013/09/10 2:51 p.m.35 views

SharePoint Fixes Priority for September 2013 Patch Tuesday

It’s no secret that putting SharePoint installations online and making them accessible without authentication is standard practice in many organizations. Those SharePoint administrators, however, may want to rethink their policies after today’s Microsoft Patch Tuesday security bulletins release...

10CVSS9.8AI score0.99945EPSS
Exploits34References16
ThreatPost
ThreatPost
added 2013/06/18 11:22 a.m.35 views

BlackBerry Z10 Privilege Escalation Security Vulnerability

BlackBerry has released a security update resolving an escalation of privilege vulnerability that existed in “BlackBerry Protect” enabled devices running version 10.0.10.261 and earlier operating systems. The company says that version 10.0.9.2743 is not affected and that they have found no eviden...

6.2CVSS1.6AI score0.00353EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2013/05/16 4:4 p.m.35 views

Spyware Campaign Originating in India Targeting Pakistanis

A new malware campaign has been hitting Pakistan hard over the last few months and after a little e-sleuthing, it appears the not-so-stealthy attacks have been originating from nearby India and exploiting a certificate to run its binaries. Security firm Eset has a full rundown of the campaign tod...

9.3CVSS1AI score0.99966EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2013/01/16 2:25 p.m.35 views

Oracle Releases 86 Patches in its January Critical Patch Update

This week’s relentless onslaught of security patches continued late Tuesday afternoon when Oracle released its quarterly Critical Patch Update, a healthy dose of 86 security updates across all major product lines including Oracle Database and MySQL Server. The most serious may be a critical...

9CVSS0.24564EPSS
Exploits4References8
ThreatPost
ThreatPost
added 2012/12/07 8:6 p.m.35 views

Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...

6.8CVSS7AI score0.03032EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2012/10/18 1:44 p.m.35 views

Apple Patches Java Flaws

Apple has released a patch that fixes a laundry list of vulnerabilities in Java after Oracle pushed out a fix for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users’ browsers in order to prevent users from falling victim...

10CVSS2.9AI score0.68532EPSS
Exploits5References3
ThreatPost
ThreatPost
added 2012/09/24 5:27 p.m.35 views

Another IE Exploit Targeting Defense Industry Discovered

Another malicious website has been discovered hosting an exploit for the zero-day vulnerability Internet Explorer patched by Microsoft last week. This site, like the other exploits discovered, targets the defense and space industries, and is dropping an unknown payload, according to Barracuda Lab...

9.3CVSS0.5AI score0.81716EPSS
Exploits8References6
ThreatPost
ThreatPost
added 2012/07/31 1:46 p.m.35 views

Cross-Platform Flaws a Boon For Attackers

Attackers and malware writers, like many other people, tend to specialize, honing their skills in one particular discipline in order to maximize their chances for success. But Microsoft researchers have come across a series of malware samples and exploits that show that some attackers are beginni...

10CVSS10AI score0.98113EPSS
Exploits25References5
ThreatPost
ThreatPost
added 2012/03/05 1:1 p.m.35 views

Google Patches 14 Chrome Bugs Ahead of Pwn2Own, Pays $30k in Special Rewards

Just two days before the annual Pwn2Own contest is set to begin at CanSecWest, Google has patched a huge set of serious vulnerabilities in its Chrome browser. In addition to the 14 high-risk flaws fixed in Chrome, the company also handed out rewards of $10,000 each to three researchers who...

7.5CVSS0.02195EPSS
Exploits2References23
ThreatPost
ThreatPost
added 2011/02/15 2:19 a.m.35 views

Ubuntu Fixes Kerberos Bug With New Packages

There’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10. The bug is in the Ubuntu implementation of the Kerberos...

5CVSS2.3AI score0.04202EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2010/07/08 6:46 p.m.35 views

Rob Cheyne on Security Education and the Problem of People in Security

Dennis Fisher talks with Rob Cheyne of Safelight Security Advisors about the classical problem of user education, how much of an obstacle to security people are and the ways in which technology has made security more difficult. Podcast audio courtesy of sykboy65 Subscribe to the Digital Undergrou...

1.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/05/17 2:36 p.m.35 views

PostgreSQL Vulnerabilities Fixed

PostgreSQL 7 and 8 users are advised to update their installations as the development team has released new versions which fix a vulnerability classed as moderately severe in PL/perl and PL/tcl. CVE-2010-1169, CVE-2010-1447 and CVE-2010-1170 reports detail the vulnerabilities involved. Read the...

8.5CVSS2.6AI score0.04081EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2010/02/02 7:5 p.m.35 views

Apple Plugs Critical iPhone Security Holes

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files. Here’s the skinny on the vulnerabilities being...

9.3CVSS0.07996EPSS
Exploits6References1
ThreatPost
ThreatPost
added 2009/11/16 4:23 p.m.35 views

MS Confirms Windows 7 DoS Flaw

On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations. The flaw, in the Microsoft Server Message Block SMB Protocol...

7.1CVSS0.7AI score0.34336EPSS
Exploits1References5
Total number of security vulnerabilities5000