Vulnerabilities – Threatpost
Critical Slack Bug Allows Access to Private Channels, Conversations
The RCE bug affects versions below 4.4 of the Slack desktop app. Via Vulnerabilities – Threatpost h…
Read more >>
Vulnerabilities – Threatpost
Malicious Attachments Remain a Cybercriminal Threat Vector Favorite
Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public…
Read more >>
Vulnerabilities – Threatpost
Cisco Patches ‘High-Severity’ Bugs Impacting Switches, Fibre Storage
Nine bugs were patched, eight of which are rated ‘high’ severity. Via Vulnerabilities – Threatpost …
Read more >>
Vulnerabilities – Threatpost
Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack
The popular Autodesk software was exploited in a recent cyberespionage campaign against an internat…
Read more >>
Vulnerabilities – Threatpost
How to Write a Cybersecurity Playbook During a Pandemic
IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 …
Read more >>
Vulnerabilities – Threatpost
Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform
Researchers have unearthed more vulnerabilities in Microsoft’s IoT security solution. Via Vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attack…
Read more >>
Vulnerabilities – Threatpost
Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
The North Korean-linked APT's latest campaign shows that it is shifting focus to target the cry…
Read more >>
Vulnerabilities – Threatpost
Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem
With many in the public sphere warning about a potential compromise of the integrity of the Preside…
Read more >>
Vulnerabilities – Threatpost
Google Fixes High-Severity Chrome Browser Code Execution Bug
The high-severity flaw, which was patched in the latest version of Google's Chrome browser, cou…
Read more >>
Technology
Working From Home Was a Big Shift Even for the Companies Making the Gear We’re Using to Work From Home
Like so many of us, Massimo Rapparini, chief information officer at Logitech, had no choic…
Read more >>
Vulnerabilities – Threatpost
APIs Are the Next Frontier in Cybercrime
APIs make your systems easier to run -- and make it easier for hackers, too. Via Vulnerabilities – …
Read more >>
Vulnerabilities – Threatpost
Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government
The group has added a management console and a USB worming function to its main malware, Crimson RA…
Read more >>
Vulnerabilities – Threatpost
Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 a…
Read more >>
Vulnerabilities – Threatpost
Cisco Critical Flaw Patched in WAN Software Solution
Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), s…
Read more >>
Vulnerabilities – Threatpost
IBM AI-Powered Data Management Software Subject to Simple Exploit
A low-privileged process on a vulnerable machine could allow data harvesting and DoS. Via Vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Five Essentials for Running a Successful Bug Bounty Program
Join Threatpost on Sept. 16 at 2pm ET when we bring together leading voices in the Bug Bounty commu…
Read more >>
Vulnerabilities – Threatpost
Airline DMARC Policies Lag, Opening Flyers to Email Fraud
Up to 61 percent out of the IATA (International Air Transport Association) airline members do not h…
Read more >>
Vulnerabilities – Threatpost
Large Orgs Plagued with Bugs, Face Giant Patch Backlogs
Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs …
Read more >>
Vulnerabilities – Threatpost
PoC Exploit Targeting Apache Struts Surfaces on GitHub
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatc…
Read more >>
Vulnerabilities – Threatpost
Mac Users Targeted by Spyware Spreading via Xcode Projects
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more -- and uses a p…
Read more >>
Vulnerabilities – Threatpost
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and e…
Read more >>
Vulnerabilities – Threatpost
Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and …
Read more >>
Vulnerabilities – Threatpost
Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors "will move quickly to exploit" two criti…
Read more >>
Vulnerabilities – Threatpost
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug i…
Read more >>
Vulnerabilities – Threatpost
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and…
Read more >>
Technology
‘Every Girl Has to Learn How to Code.’ Reshma Saujani Wants to Make Space for Young Women in Tech
As the coronavirus pandemic deepened and students across the U.S. were forced to learn fro…
Read more >>
Vulnerabilities – Threatpost
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
Samsung Quietly Fixed Critical Galaxy Flaws Allowing Spying, Data Wiping
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galax…
Read more >>
Vulnerabilities – Threatpost
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year t…
Read more >>
Vulnerabilities – Threatpost
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal da…
Read more >>
Vulnerabilities – Threatpost
TeamViewer Flaw in Windows App Allows Password-Cracking
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victi…
Read more >>
Vulnerabilities – Threatpost
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that…
Read more >>
Vulnerabilities – Threatpost
Attackers Horn in on MFA Bypass Options for Account Takeovers
Legacy applications don't support modern authentication -- and cybercriminals know this. Via Vu…
Read more >>
Vulnerabilities – Threatpost
Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
An inside look at how nation-states use social media to influence, confuse and divide -- and why cy…
Read more >>
Vulnerabilities – Threatpost
Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
Researchers went into detail about the discovery and disclosure of 19 security flaws they found in …
Read more >>
Vulnerabilities – Threatpost
High-Severity Cisco DoS Flaw Plagues Small-Business Switches
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers …
Read more >>
Vulnerabilities – Threatpost
Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers
Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch…
Read more >>
Vulnerabilities – Threatpost
Twitter Fixes High-Severity Flaw Affecting Android Users
A vulnerability in Twitter for Android could have allowed attackers to access private direct messag…
Read more >>
Vulnerabilities – Threatpost
Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges
Voting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahe…
Read more >>
Vulnerabilities – Threatpost
High-Severity Android RCE Flaw Fixed in August Security Update
Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android secur…
Read more >>
Vulnerabilities – Threatpost
Microsoft Teams Patch Bypass Allows RCE
An attacker can hide amidst legitimate traffic in the application's update function. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Newsletter WordPress Plugin Opens Door to Site Takeover
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of tho…
Read more >>
Vulnerabilities – Threatpost
Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw
Almost two months after a high-severity flaw was disclosed - and seven months after it was first re…
Read more >>
Vulnerabilities – Threatpost
4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users
The flaws have been confirmed by Grandstream, but no firmware update has yet been issued. Via Vulne…
Read more >>
Vulnerabilities – Threatpost
Authorities Arrest Alleged 17-Year-Old ‘Mastermind’ Behind Twitter Hack
Three have been charged in alleged connection with the recent high-profile Twitter hack - including…
Read more >>
