Vulnerabilities – Threatpost
Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still…
Read more >>
Vulnerabilities – Threatpost
Zerologon Attacks Against Microsoft DCs Snowball in a Week
The attempted compromises, which could allow full control over Active Directory identity services, …
Read more >>
Vulnerabilities – Threatpost
Twitter Warns Developers of API Bug That Exposed App Keys, Tokens
Twitter has fixed a caching issue that could have exposed developers' API keys and tokens. Via …
Read more >>
Vulnerabilities – Threatpost
Bug Bounty FAQ: Top Questions, Expert Answers
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunte…
Read more >>
Vulnerabilities – Threatpost
FortiGate VPN Default Config Allows MitM Attacks
The client's default configuration for SSL-VPN has a certificate issue, researchers said. Via V…
Read more >>
Technology
The Inside Story of How Signal Became the Private Messaging App for an Age of Fear and Distrust
Ama Russell and Evamelo Oleita had never been to a protest before June. But as demonstrati…
Read more >>
Vulnerabilities – Threatpost
Cisco Patch-Palooza Tackles 29 High-Severity Bugs
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software. Vi…
Read more >>
Vulnerabilities – Threatpost
Zerologon Patches Roll Out Beyond Microsoft
A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vul…
Read more >>
Vulnerabilities – Threatpost
OldGremlin Ransomware Group Bedevils Russian Orgs
The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVI…
Read more >>
Vulnerabilities – Threatpost
Google Chrome Bugs Open Browsers to Attack
Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaw…
Read more >>
Vulnerabilities – Threatpost
Known Citrix Workspace Bug Open to New Attack Vector
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July. …
Read more >>
Vulnerabilities – Threatpost
Microsoft Overhauls Patch Tuesday Security Update Guide
Microsoft announced a new Security Guide to help cybersecurity profession more quickly untangle rel…
Read more >>
Vulnerabilities – Threatpost
Firefox 81 Release Kills High-Severity Code-Execution Bugs
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3. Vi…
Read more >>
Vulnerabilities – Threatpost
DHS Issues Dire Patch Warning for ‘Zerologon’
The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive …
Read more >>
Vulnerabilities – Threatpost
Firefox for Android Bug Allows ‘Epic Rick-Rolling’
Anyone on the same Wi-Fi network can force websites to launch, with no user interaction. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group's wide…
Read more >>
Technology
Trump Blesses Oracle’s TikTok Deal, Delaying Potential U.S. Ban
Donald Trump gave his blessing to Oracle Corp.’s bid for the American operations of TikTok…
Read more >>
Vulnerabilities – Threatpost
Stubborn WooCommerce Plugin Bugs Get Third Patch
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefu…
Read more >>
Vulnerabilities – Threatpost
Mozi Botnet Accounts for Majority of IoT Traffic
Mozi’s spike comes amid a huge increase in overall IoT botnet activity. Via Vulnerabilities – Threa…
Read more >>
Vulnerabilities – Threatpost
Apple Bug Allows Code Execution on iPhone, iPad, iPod
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity. Via Vulnerabilities…
Read more >>
Vulnerabilities – Threatpost
APT41 Operatives Indicted as Sophisticated Hacking Activity Continues
Five alleged members of the China-linked advanced threat group and two associates have been indicte…
Read more >>
Vulnerabilities – Threatpost
Hackers Continue Cyberattacks Against Vatican, Catholic Orgs
The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic instit…
Read more >>
Vulnerabilities – Threatpost
Bluetooth Spoofing Bug Affects Billions of IoT Devices
The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into…
Read more >>
Vulnerabilities – Threatpost
IBM Spectrum Protect Plus Security Open to RCE
Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protecti…
Read more >>
Vulnerabilities – Threatpost
Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Security researchers and U.S. government authorities alike are urging admins to address Microsoft&#…
Read more >>
Vulnerabilities – Threatpost
MFA Bypass Bugs Opened Microsoft 365 to Attack
Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other servic…
Read more >>
Vulnerabilities – Threatpost
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Monday's CISA advisory is a staunch reminder for federal government and private sector entities…
Read more >>
Vulnerabilities – Threatpost
TikTok Fixes Flaws That Opened Android App to Compromise
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spyi…
Read more >>
Vulnerabilities – Threatpost
Magecart Attack Impacts More Than 10K Online Shoppers
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe t…
Read more >>
Vulnerabilities – Threatpost
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guideli…
Read more >>
Vulnerabilities – Threatpost
WordPress Plugin Flaw Allows Attackers to Forge Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more th…
Read more >>
Technology
Sid Meier Is Here to Remind You That Life Is Full of Interesting Decisions
It is not, by any stretch of the imagination, an easy time to have fun in the United State…
Read more >>
Vulnerabilities – Threatpost
Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks
The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys…
Read more >>
Vulnerabilities – Threatpost
Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans
Cyberattacks have caused several school systems to delay students' first day back - and experts…
Read more >>
Vulnerabilities – Threatpost
Google Squashes Critical Android Media Framework Bug
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs…
Read more >>
Vulnerabilities – Threatpost
TeamTNT Gains Full Remote Takeover of Cloud Instances
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors…
Read more >>
Vulnerabilities – Threatpost
Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS …
Read more >>
Vulnerabilities – Threatpost
Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange j…
Read more >>
Vulnerabilities – Threatpost
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on…
Read more >>
Vulnerabilities – Threatpost
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its r…
Read more >>
Vulnerabilities – Threatpost
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map's export function, which earn…
Read more >>
Vulnerabilities – Threatpost
How Zero Trust and SASE Can Redefine Network Defenses for Remote Workforces
The SASE model for remote access and security coupled with Zero Trust can help redefine network and…
Read more >>
Vulnerabilities – Threatpost
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability discl…
Read more >>
Vulnerabilities – Threatpost
Facebook Debuts Third-Party Vulnerability Disclosure Policy
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to…
Read more >>
Vulnerabilities – Threatpost
WhatsApp Discloses 6 Bugs via Dedicated Security Site
The company committed to more transparency about app flaws, with an advisory page aimed at keeping …
Read more >>
Vulnerabilities – Threatpost
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166…
Read more >>
Technology
Smartphone Showdown: Samsung’s High-End Galaxy Note20 Ultra 5G vs. Google’s Budget Pixel 4a
How much money are you willing to spend on a new smartphone in 2020? A few hundred bucks? …
Read more >>
Vulnerabilities – Threatpost
U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021
U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CI…
Read more >>
Vulnerabilities – Threatpost
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to …
Read more >>
Vulnerabilities – Threatpost
China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks
The RAT has been distributed in various campaigns over the past six months, targeting both European…
Read more >>
Vulnerabilities – Threatpost
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-com…
Read more >>
Vulnerabilities – Threatpost
U.S. Voter Databases Offered for Free on Dark Web, Report
Some underground forum users said they're monetizing the information through the State Departme…
Read more >>
Vulnerabilities – Threatpost
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from…
Read more >>
Vulnerabilities – Threatpost
Pioneer Kitten APT Sells Corporate Network Access
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits. Via Vu…
Read more >>
Vulnerabilities – Threatpost
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adob…
Read more >>
