Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2018/05/30 3:32 p.m.34 views

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...

6.8CVSS8.9AI score0.07666EPSS
Exploits3References8
ThreatPost
ThreatPost
added 2018/04/10 2:48 p.m.34 views

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Researchers are warning of a new email phishing campaign that downloads and launches the Quant Loader trojan, capable of distributing ransomware and stealing passwords. Barracuda on Tuesday said it has been tracking emails containing zipped Microsoft internet shortcut files with a “.url” file...

5.1CVSS0.7AI score0.11774EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2017/11/21 3:3 p.m.34 views

Intel Patches CPU Bugs Impacting Millions of Devices

Intel released patches on Monday to protect millions of PCs and servers from vulnerabilities found in its Management Engine, Trusted Execution Engine and Server Platform Services that could allow local attackers elevate privileges, run arbitrary code, crash systems and eavesdrop on communications...

9CVSS2.2AI score0.04407EPSS
Exploits0References15
ThreatPost
ThreatPost
added 2017/11/16 5:5 p.m.34 views

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bug...

7.5CVSS7.5AI score0.02142EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2017/10/16 2:5 p.m.34 views

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a...

4.3CVSS0.09825EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2017/08/10 1:56 p.m.34 views

Juniper Issues Security Alert Tied to Routers and Switches

Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team...

7.5CVSS8.8AI score0.36974EPSS
Exploits8References7
ThreatPost
ThreatPost
added 2017/07/11 12:33 p.m.34 views

Adobe Fixes Six Vulnerabilities in Flash, Connect

Adobe fixed six vulnerabilities in two products, one of the company’s smallest security bulletins in recent memory, as part of its regularly scheduled round of updates on Tuesday. Included are fixes for the company’s Flash Player software platform, including a critical vulnerability CVE-2017-3099...

10CVSS0.8AI score0.08552EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2017/05/15 5:12 p.m.34 views

OpenVPN Audits Yield Mixed Bag

Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes after it was announced in December the SSL VP...

5CVSS7.8AI score0.13892EPSS
Exploits2References6
ThreatPost
ThreatPost
added 2017/03/23 3:24 p.m.34 views

Cisco Patches Critical IOx Vulnerability

Cisco Systems patched a critical vulnerability Wednesday that could allow an unauthenticated, remote attacker to execute remote code on affected hardware and gain root privileges. The bug is in Cisco’s Data-in-Motion DMo process, part of the company’s IOx application environment that marries its...

10CVSS3.6AI score0.08711EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2017/01/18 2:26 p.m.34 views

Docker Patches Privilege Escalation Vulnerability

Docker has patched a privilege escalation vulnerability CVE-2016-9962 that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. The vulnerability is rated high severity by some Linux distributions such as Arch Linux, which traces the problem t...

4.4CVSS0.6AI score0.00377EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2016/10/11 3:18 p.m.34 views

Microsoft Patches Five Zero Days Under Attack

Update: Microsoft today said it mislabeled CVE-2016-7189 in bulletin MS16-119 as exploited. “There is no evidence of any active attacks using this vulnerability and the bulletin text has been corrected.” – a Microsoft spokesperson said. Microsoft today patched a handful of zero-day vulnerabilitie...

9.3CVSS0.4AI score0.68684EPSS
Exploits0References13
ThreatPost
ThreatPost
added 2016/09/21 8:58 a.m.34 views

Mozilla Patches Certificate Pinning Vulnerability in Firefox

As expected, Mozilla patched a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the expiration of certificate pins. The vulnerability allowed attackers to intercept encrypted browser traffic, inject a malicious NoScript extension update and gain...

7.5CVSS9.6AI score0.04243EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2016/09/01 9:15 a.m.34 views

Patched ColdFusion Flaw Exposes Applications to Attack

An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a...

6.4CVSS0.9AI score0.69044EPSS
Exploits7References4
ThreatPost
ThreatPost
added 2016/08/12 9:0 a.m.34 views

Simple Car Hack Open Millions Wireless Key Systems

Academic researchers added another hack to a growing list of compromises involving vehicles, and this one should give drivers pause the next time they leave valuables locked in their trunk. This hack involves millions of Volkswagen, Ford and Chevrolet vehicles that rely on an outdated key fob...

7.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/06/30 11:48 a.m.34 views

Conficker Used in New Wave of Hospital IoT Device Attacks

Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps are increasingly being targeted by hackers seeking to steal patient medical records from hospitals. Attackers consider the devices soft digital targets, seldom guarded with same security as client PCs and...

1.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/05/23 10:4 a.m.34 views

Exploit Kits Attacking Adobe Flash Player Zero Day

Update Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Angler, Neutrino and Magnitude exploit kits, and are leading compromised computers to different ransomware strains, banking malware, and a credential-stealing Trojan. A French researcher wh...

10CVSS0.1AI score0.94354EPSS
Exploits6References8
ThreatPost
ThreatPost
added 2016/03/08 11:41 a.m.34 views

ISC Warning Some Versions of DHCP Vulnerable to DoS

The Internet Systems Consortium ISC this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol DHCP to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition. The group acknowledged on Monday that it plans to release DH...

7.1CVSS1.1AI score0.73622EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2015/11/20 4:36 p.m.34 views

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

5CVSS1.5AI score0.0954EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2015/09/10 2:14 p.m.34 views

Password Cracking Group Decodes 11 Million Ashley Madison Passwords

A San Diego-based password cracking group has taken a big step towards deciphering some of the 36 million odd passwords leaked in last month’s Ashley Madison breach, a move that could quickly lead to the widespread hacking of any users who used the same password on other services. Hackers had...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/08/27 2:8 p.m.34 views

Adobe ColdFusion Hotfix

Adobe today pushed out a hotfix to ColdFusion implementations, patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework. Today’s hotfix affects ColdFusion 11, update 5 and earlier, and ColdFusion 10, update 16 and earlier. Hotfixes, unlike...

5CVSS0.5AI score0.0954EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2015/08/18 12:46 p.m.34 views

Adobe LiveCycle Data Services Hotfix

Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services application framework. The company said the vulnerability, CVE-2015-3269, affects versions 4.7, 4.6.2, 4.5 and 3.0.x on Windows, Macintosh and UNIX systems. Adobe is not aware of public exploits of...

5CVSS1.4AI score0.0954EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2015/08/11 2:56 p.m.34 views

August 2015 Microsoft Patch Tuesday Security Bulletins

Microsoft Edge wasted no time making its presence felt on Patch Tuesday today when Microsoft released the first security bulletin for the company’s new browser. Released two weeks ago along with the public debut of Windows 10, Edge, like its big brother Internet Explorer, got its own critical...

9.3CVSS9.1AI score0.99945EPSS
Exploits33References17
ThreatPost
ThreatPost
added 2015/05/18 10:49 a.m.34 views

Oracle Patches VENOM Vulnerability

Oracle, whose virtualization software VirtualBox is among those affected by the VENOM vulnerability, on Saturday joined the litany of VM providers that have patched the bug. Oracle was one of the first vendors notified by Crowdstrike, whose researcher Jason Geffner found the bug and disclosed it...

7.7CVSS1.9AI score0.15275EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2015/04/29 2:28 p.m.34 views

WordPress CartPress Plugin Zero Day Disclosure

Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin. These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since...

4CVSS7.7AI score0.09101EPSS
Exploits6References2
ThreatPost
ThreatPost
added 2015/03/23 1:19 p.m.34 views

Hilton Hotels Fix CSRF Vulnerability That Exposed All Accounts

A cross-site request forgery CSRF vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users’ personal information. Ironically the since-fixed issue stemmed from a promotion the chain was offering to users if they changed their passwords on...

4.3CVSS8.5AI score0.07973EPSS
Exploits5References1
ThreatPost
ThreatPost
added 2015/02/17 11:1 a.m.34 views

Inside nls_933w.dll, the Equation APT Persistence Module

CANCUN – The names called out like beacons from the screen: Samsung; Seagate; Western Digital; Hitachi; Maxtor. Hardware makers were in the crosshairs of the Equation APT group and it was perhaps the worst possible scenario imagined by researchers looking at the frightening and extensive storehou...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/03/03 2:8 p.m.34 views

Four Oracle Demantra Security Vulnerabilities Found

Oracle’s Demantra, part of the company’s Value Chain Planning suite of software, is fraught with vulnerabilities according to several bug disclosures issued over the weekend. Researchers at the London-based computer security firm Portcullis claim the application is plagued by a four vulnerabiliti...

5.5CVSS0.9AI score0.59494EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2014/02/05 11:5 a.m.34 views

Kaspersky Provides Details on Latest Adobe Flash Zero Day

Exploits for a newly reported zero-day vulnerability in Adobe’s Flash Player drop a password-grabbing Trojan that targets the email and social media accounts of users and organizations in China, researchers at Kaspersky Lab said today. The attacks appear to be an isolated campaign and there is no...

10CVSS0.7AI score0.99883EPSS
Exploits7References5
ThreatPost
ThreatPost
added 2014/01/17 10:1 a.m.34 views

EE BrightBox Router Vulnerabilities Exposed

Leave it to a software test engineer to be thorough about his home networking gear. Scott Helme, an engineer in the U.K., likes to take a close look at traffic coming and going from new devices installed at his home. Recently, he signed up for fiber service from Everything Everywhere, an ISP in t...

7.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/11/26 11:19 a.m.34 views

Blackhole and Cool Exploit Kits Nearly Extinct

When authorities in Russia arrested Paunch, the alleged creator of the Blackhole exploit kit, last month, security researchers and watchers of the malware underground predicted that taking him off the board would put a dent in the use of Blackhole and force its customers onto other platforms. Six...

9.3CVSS7.9AI score0.81868EPSS
Exploits8References7
ThreatPost
ThreatPost
added 2013/07/10 9:37 a.m.34 views

Google Fixes 17 Flaws in Chrome 28

Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome. Google Chrome 28 includes fixes for thre...

9.3CVSS0.4AI score0.04733EPSS
Exploits0References17
ThreatPost
ThreatPost
added 2013/05/16 4:57 p.m.34 views

At Microsoft, a Sharp Focus on Cybercrime

REDMOND, Wash.–Cybercrime has developed in the last few years into a major concern, not just for the consumers and businesses that are victims, but also for governments around the world. Obama administration officials have called it one of the larger threats to the United States economy. While la...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/03/26 6:31 p.m.34 views

Google Fixes 11 Flaws in Chrome

Google Chrome 26, the latest version of the company’s browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser. That vulnerability, discovered and reported by Atte Kettunen, is the...

7.5CVSS6.7AI score0.01282EPSS
Exploits0References17
ThreatPost
ThreatPost
added 2013/02/20 6:32 p.m.34 views

Adobe Patches Sandbox Escape Vulnerability in Reader and Acrobat

Adobe today released a patch for two vulnerabilities being exploited in the wild that enabled attackers to pull off the first confirmed sandbox escape against Adobe Reader. The vulnerabilities CVE-2013-0640 and CVE-2013-0641 could cause a crash and allow an attacker to remotely run malware on a...

9.3CVSS0.9AI score0.86979EPSS
Exploits4References6
ThreatPost
ThreatPost
added 2013/02/19 10:30 p.m.34 views

Oracle Patches Critical Java Flaws in 7u15

On a day when Java zero day exploits were fingered in attacks against Apple, Facebook and Twitter, Oracle released the remainder of its quarterly security patch updates for the Java platform. Five vulnerabilities were patched in Java 7 Update 15 today, all of them remotely exploitable, and three ...

10CVSS1AI score0.06917EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2013/02/13 8:19 p.m.34 views

Vulnerability Patched in Schneider Electric ICS Gear

The Industrial Control System CERT released an advisory this week warning of a vulnerability in a popular sensor monitoring system used in a number of critical industries, including energy, water and manufacturing. Aaron Portnoy of Exodus Intelligence discovered the flaw in the Windows-based...

10CVSS7.4AI score0.21527EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2013/01/14 8:29 p.m.34 views

Out-of-Band IE Patch Released as More Sites Attacked

Internet Explorer users, exposed to a zero-day vulnerability in the browser and a faulty temporary Fix It from Microsoft, finally got some relief today when the company, as promised, released an out-of-band patch. Meanwhile, a handful of new telco, manufacturing and human rights sites have been...

9.3CVSS0.1AI score0.78823EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2012/11/27 5:7 p.m.34 views

Google Repairs High-Risk Flaw in Chrome

Google has fixed a couple of security vulnerabilities in its Chrome browser, including a high-risk use-after-free bug and a problem in the way that the Apple OS X driver for some Intel GPUs handles rendering. The biggest fix in Chrome 23 is a patch for the use-after-free vulnerability in the Chro...

7.5CVSS0.6AI score0.04382EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2012/11/16 2:19 p.m.34 views

Embedded Systems, Critical Infrastructure 'Renovation' Outpacing Security

Scott Tousley, deputy director cybersecurity division at Department of Homeland Security Science & Technology, is an advocate of integrating cybersecurity education into all disciplines of IT and business and risk management. “We don’t want to teach cybersecurity as a stovepipe, but to do it so...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/09/06 12:14 p.m.34 views

Apple Fixes Flaws, Updates Java 6 for OS X

Apple pushed out a Java update for its Snow Leopard, Lion and Mountain Lion systems Wednesday, fixing vulnerabilities Oracle tackled in last week’s emergency CVE-2012-4681 patch. Both Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005 update the Java SE 6 plugin and, in what might be a...

10CVSS0.4AI score0.98536EPSS
Exploits10References9
ThreatPost
ThreatPost
added 2012/08/14 5:31 p.m.34 views

Microsoft Patches Critical MS12-060 Office Flaw Being Used in Targeted Attacks

Microsoft on Tuesday fixed a critical vulnerability in a component of Office, SQL Server and other widely deployed applications that attackers already are using in targeted attacks. The flaw in the Microsoft Common Controls component, which was one of the 26 vulnerabilities fixed in nine bulletin...

10CVSS0.8AI score0.99945EPSS
Exploits34References4
ThreatPost
ThreatPost
added 2012/08/07 4:47 p.m.34 views

OpFake, FakeInst Android Malware Variants Continue to Resist Detection

Android devices have remained a constant target of attacks over the last quarter thanks in part to new variants from the FakeInst and OpFake families of malware. According to the latest version of the F-Secure Mobile Threat Report, the firm found 5033 malicious Android application packages APKs, ...

1.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/08/03 3:17 p.m.34 views

Yahoo Sued By User Following Breach of 450,000 Passwords

Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month. According to a complaint .PDF filed earlier this week in a federal court in San Jose, Calif., the...

10CVSS0.9AI score0.93688EPSS
Exploits9References3
ThreatPost
ThreatPost
added 2012/07/03 4:3 p.m.34 views

New Version of Sykipot Trojan Linked To Targeted Attacks On Aerospace Industry

A new version of the Sykipot Trojan is being pushed to unsuspecting users in a wave of online attacks, including targeted attacks on attendees of an international aerospace conference, according to researchers at the security firm AlienVault. The latest edition of the common Trojan Horse program...

9.3CVSS1.6AI score0.83638EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2012/06/18 7:14 p.m.34 views

Intel Processor SYSRET Vulnerability Affecting Some 64-Bit Systems

A flaw exists in the way that a specific instruction is handled on some types of Intel 64-bit chips that could open up some operating systems and types of virtualization software to attacks, according to an alert issued last week but revised today by the United States Computer Emergency Readiness...

4.9CVSS7.6AI score0.00465EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2011/11/17 8:42 p.m.34 views

New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot

A security researcher who has in the past has created low-level rootkits capable of staying resident on an infected machine after reboots, said he has now accomplished the same feat on Windows 8, which hasn’t even hit the shelves yet. Peter Kleissner said he has created a new version of his Stone...

9.3CVSS8.2AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2011/08/28 11:44 p.m.34 views

Weaknesses in Webkit Becoming Problematic

Attackers interested in getting the most bang for their buck focus on ubiquitous software. Microsoft’s Office, Adobe’s Acrobat and Oracle’s Java have all become popular platforms exploited by cybercriminals intent on compromising end users’ systems. Another platform has quietly made its way onto...

9.3CVSS9.1AI score0.03964EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2011/07/14 3:40 p.m.34 views

Anonymous Shifts Attention to Big Oil, Monsanto

Just days after infiltrating military contractor Booz Allen Hamilton, hacktivist group Anonymous has confirmed they’ve set their next target: Big oil. In a post on the AnonNews website, the group has announced their intent to shift their ongoing Operation Green Rights initiative to “protest...

7AI score
Exploits0References6
ThreatPost
ThreatPost
added 2011/06/07 7:5 p.m.34 views

Google Fixes 15 Bugs in Chrome, Gives Users Ability to Delete Flash Cookies

Google has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company’s highest bug bounty, a $3133.7 reward. The new version of Chrome has fixes for 15 separate security vulnerabilities, the most critical of...

7.5CVSS0.1AI score0.01573EPSS
Exploits0References17
ThreatPost
ThreatPost
added 2011/04/21 8:11 p.m.34 views

Adobe Releases Patch for Flash Zero Day Hole in Reader, Acrobat

Adobe has released patches for its Reader and Acrobat products to plug a hole in the Flash Player that was first reported in March and is being used in attacks on the Internet. The company issued a security update on Thursday, APSB11-08, that repairs critical vulnerabilities in current versions o...

9.3CVSS1.7AI score0.9941EPSS
Exploits14References4
Total number of security vulnerabilities5000