Vulnerabilities – Threatpost
8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign
An old RAT learns an old trick. Via Vulnerabilities – Threatpost https://threatpost.com
Read more >>
Vulnerabilities – Threatpost
Nation-State Attacks Drop in Latest Google Analysis
Phishing and zero-days continue to be a core part of the APT arsenal. Via Vulnerabilities – Threatp…
Read more >>
Vulnerabilities – Threatpost
Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
The vulnerability can be exploited to reveal limited traffic data including a device’s IP address. …
Read more >>
Vulnerabilities – Threatpost
Critical CODESYS Bug Allows Remote Code Execution
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the COD…
Read more >>
Vulnerabilities – Threatpost
Emerging APT Mounts Mass iPhone Surveillance Campaign
The malware, the work of a new APT called TwoSail Junk, allows deep surveillance and total control …
Read more >>
Vulnerabilities – Threatpost
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at Mobile…
Read more >>
Vulnerabilities – Threatpost
Apple Update Fixes WebKit Flaws in iOS, Safari
Apple's security update included a slew of vulnerabilities in various components of iOS, macOS …
Read more >>
Vulnerabilities – Threatpost
Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they&…
Read more >>
Vulnerabilities – Threatpost
Critical Adobe Flaw Fixed in Out-of-Band Security Update
Adobe has fixed a critical flaw in its Creative Cloud Desktop Application for Windows. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Apache Tomcat Exploit Poised to Pounce, Stealing Files
Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compr…
Read more >>
Vulnerabilities – Threatpost
Hackers Actively Exploit 0-Day in CCTV Camera Hardware
Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercia…
Read more >>
Technology
I Finished Half-Life: Alyx in 12 Hours and Can’t Stop Thinking About It
While exploring a worn-down warehouse, I look through a window and see a room full of zomb…
Read more >>
Vulnerabilities – Threatpost
Microsoft Warns of Critical Windows Zero-Day Flaws
The unpatched Windows zero day flaws are being exploited in "limited, targeted" attacks, …
Read more >>
Vulnerabilities – Threatpost
Defying Covid-19’s Pall: Pwn2Own Goes Virtual
Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Ado…
Read more >>
Vulnerabilities – Threatpost
News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own
Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to…
Read more >>
Vulnerabilities – Threatpost
New Mirai Variant ‘Mukashi’ Targets Zyxel NAS Devices
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely …
Read more >>
Vulnerabilities – Threatpost
Coronavirus Poll: Cyberattacks Ramp Up as Work from Home Takes Hold
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an un…
Read more >>
Vulnerabilities – Threatpost
Cisco Warns of High-Severity SD-WAN Flaws
The high-severity flaws exist in the products using SD-WAN software earlier than Release 19.2.2. Vi…
Read more >>
Technology
Doom Eternal Is the Best Doom Game Ever Made, Period
I am become death, the Slayer, the Hell-walker. I am Doomguy — protagonist of the Doom f…
Read more >>
Vulnerabilities – Threatpost
WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Via Vulne…
Read more >>
Vulnerabilities – Threatpost
Trend Micro Fixes Critical Flaws Under Attack
Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are bei…
Read more >>
Vulnerabilities – Threatpost
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and othe…
Read more >>
Technology
Apple’s iPad Lineup Is Finally Getting Real, Official Trackpad and Mouse Support
(Bloomberg) — Apple unveiled a new version of its iPad Pro that supports laptop-like trackp…
Read more >>
Vulnerabilities – Threatpost
A COVID-19 Cybersecurity Poll: Securing a Remote Workforce
COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprin…
Read more >>
Vulnerabilities – Threatpost
APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT
The Pakistani-linked APT has been spotted infecting victims with data exfiltration malware. Via Vul…
Read more >>
Technology
As Schools Close Amid Coronavirus Concerns, the Digital Divide Leaves Some Students Behind
Spring break just began for Kyii Sells-Wheeler, but he’s already wondering how he’ll compl…
Read more >>
Vulnerabilities – Threatpost
Working from Home: COVID-19’s Constellation of Security Challenges
Organizations are sending employees and students home to work and learn -- but implementing the pla…
Read more >>
Vulnerabilities – Threatpost
WordPress Plugin Bug in Popup Builder Threatens 100K Websites
The high-severity flaw allows malicious code injection into website pop-up windows. Via Vulnerabili…
Read more >>
Vulnerabilities – Threatpost
$100K Paid Out for Google Cloud Shell Root Compromise
A Dutch researcher claimed Google's very first annual Cloud Platform bug-bounty prize, for a cl…
Read more >>
Technology
The Coronavirus Is Making Us See That It’s Hard to Make Remote Work Actually Work
I am observing what may be the future of work in a San Francisco skyscraper, watching as a…
Read more >>
Vulnerabilities – Threatpost
Flaws Riddle Zyxel’s Network Management Software
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the soft…
Read more >>
Vulnerabilities – Threatpost
Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in …
Read more >>
Vulnerabilities – Threatpost
Critical Bugs in Rockwell, Johnson Controls ICS Gear
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilit…
Read more >>
Vulnerabilities – Threatpost
Microsoft Patches 26 Critical Bugs in Big March Update
March security updates include 115 CVEs patching everything from Windows, Office and Microsoft’s ne…
Read more >>
Vulnerabilities – Threatpost
Popular ThemeREX WordPress Plugin Opens Websites to RCE
The bug has been under active attack as a zero-day. Via Vulnerabilities – Threatpost https://threat…
Read more >>
Vulnerabilities – Threatpost
Firefox Bug Opens iPhone AirPods to Third-Party Snooping
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
High-Severity Flaws Plague Intel Graphics Drivers
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in …
Read more >>
Vulnerabilities – Threatpost
Critical Zoho Zero-Day Flaw Disclosed
A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter. Via…
Read more >>
Vulnerabilities – Threatpost
High-Severity Cisco Webex Flaws Fixed
The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arb…
Read more >>
Vulnerabilities – Threatpost
Critical Netgear Bug Impacts Flagship Nighthawk Router
Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.…
Read more >>
Technology
Review: The Samsung Galaxy S20 Ultra Can’t Deliver On All the Hype
So you want a smartphone that’s bigger, better, and faster than the pocket-stretching gadg…
Read more >>
Vulnerabilities – Threatpost
MediaTek Bug Actively Exploited, Affects Millions of Android Devices
An exploit published by a developer is easy to use and has already been used to build malicious app…
Read more >>
Vulnerabilities – Threatpost
Have I Been Pwned No Longer For Sale
Troy Hunt said the popular HIBP will continue to be run as an independent service. Via Vulnerabilit…
Read more >>
Technology
Why So Many Users Are Furious After Popular Online Stock-Trading App Robinhood Crashed This Week
(Bloomberg) — Online brokerage platform Robinhood said it’s back up and running after an …
Read more >>
Vulnerabilities – Threatpost
Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code ex…
Read more >>
Vulnerabilities – Threatpost
Walgreens Mobile App Leaks Prescription Data
A security error in the Walgreens mobile app may have leaked customers' full names, prescriptio…
Read more >>
Technology
‘There’s No Story That Stays Stable for Too Long.’ How Artists Are Using Artificial Intelligence to Confront Modern Anxieties
Agnieszka Kurant’s lower Manhattan studio stands among a scattering of cultural outposts t…
Read more >>
