Ads

Showing posts from October, 2020Show all
Crippling Cyberattacks, Disinformation Top Concerns for Election Day Vulnerabilities – Threatpost

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

October 31, 2020

Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend …

Read more >>
WordPress Patches 3-Year-Old High-Severity RCE Bug Vulnerabilities – Threatpost

WordPress Patches 3-Year-Old High-Severity RCE Bug

October 31, 2020

In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publi…

Read more >>
Firestarter Android Malware Abuses Google Firebase Cloud Messaging Vulnerabilities – Threatpost

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

October 31, 2020

The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a…

Read more >>
Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories Vulnerabilities – Threatpost

Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories

October 31, 2020

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industr…

Read more >>
Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug Vulnerabilities – Threatpost

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

October 31, 2020

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain…

Read more >>
NVIDIA Patches Critical Bug in High-Performance Servers Vulnerabilities – Threatpost

NVIDIA Patches Critical Bug in High-Performance Servers

October 30, 2020

NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn…

Read more >>
REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue Vulnerabilities – Threatpost

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

October 30, 2020

In a wide-ranging interview, a REvil leader said the gang is earning $100 million per year, and pro…

Read more >>
U.S. Hospitals Warned of Hacking Threat Amid ‘Coordinated’ Ransomware Attack Technology

U.S. Hospitals Warned of Hacking Threat Amid ‘Coordinated’ Ransomware Attack

October 30, 2020

Several federal agencies on Wednesday warned hospitals and cyber-researchers about “credib…

Read more >>
Oracle WebLogic Server RCE Flaw Under Active Attack Vulnerabilities – Threatpost

Oracle WebLogic Server RCE Flaw Under Active Attack

October 29, 2020

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, r…

Read more >>
Bug-Bounty Awards Spike 26% in 2020 Vulnerabilities – Threatpost

Bug-Bounty Awards Spike 26% in 2020

October 29, 2020

The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to …

Read more >>
Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems Vulnerabilities – Threatpost

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

October 29, 2020

While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows…

Read more >>
Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees Vulnerabilities – Threatpost

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

October 28, 2020

The Phosphorous APT has launched successful attacks against world leaders who are attending the Mun…

Read more >>
Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote Vulnerabilities – Threatpost

Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote

October 28, 2020

With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under …

Read more >>
Experts Weigh in on E-Commerce Security Amid Snowballing Threats Vulnerabilities – Threatpost

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

October 28, 2020

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud durin…

Read more >>
Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes Vulnerabilities – Threatpost

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes

October 28, 2020

Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and s…

Read more >>
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm Vulnerabilities – Threatpost

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

October 27, 2020

Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to th…

Read more >>
Containerd Bug Exposes Cloud Account Credentials Vulnerabilities – Threatpost

Containerd Bug Exposes Cloud Account Credentials

October 27, 2020

The flaw (CVE-2020-15157) is located in the container image-pulling process. Via Vulnerabilities – …

Read more >>
Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients Vulnerabilities – Threatpost

Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients

October 26, 2020

Cybercriminals have already reportedly posted the details of 300 Vastaamo patients - and are threat…

Read more >>
IoT Device Takeovers Surge 100 Percent in 2020 Vulnerabilities – Threatpost

IoT Device Takeovers Surge 100 Percent in 2020

October 24, 2020

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a …

Read more >>
Election Security: Beyond Mail-In Voting Vulnerabilities – Threatpost

Election Security: Beyond Mail-In Voting

October 24, 2020

There are many areas of the election process that criminal hackers can target to influence election…

Read more >>
Nvidia Warns Gamers of Severe GeForce Experience Flaws Vulnerabilities – Threatpost

Nvidia Warns Gamers of Severe GeForce Experience Flaws

October 23, 2020

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severit…

Read more >>
Facebook, News and XSS Underpin Complex Browser Locker Attack Vulnerabilities – Threatpost

Facebook, News and XSS Underpin Complex Browser Locker Attack

October 23, 2020

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. Via…

Read more >>
Microsoft Teams Phishing Attack Targets Office 365 Users Vulnerabilities – Threatpost

Microsoft Teams Phishing Attack Targets Office 365 Users

October 23, 2020

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify the…

Read more >>
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks Vulnerabilities – Threatpost

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

October 22, 2020

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and ot…

Read more >>
Cisco Warns of Severe DoS Flaws in Network Security Software Vulnerabilities – Threatpost

Cisco Warns of Severe DoS Flaws in Network Security Software

October 22, 2020

The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance …

Read more >>
Oracle Kills 402 Bugs in Massive October Patch Update Vulnerabilities – Threatpost

Oracle Kills 402 Bugs in Massive October Patch Update

October 22, 2020

Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without a…

Read more >>
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser Vulnerabilities – Threatpost

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

October 21, 2020

The memory-corruption vulnerability exists in the browser’s FreeType font rendering library. Via Vu…

Read more >>
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio Vulnerabilities – Threatpost

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

October 21, 2020

The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month. Via Vu…

Read more >>
Facebook: A Top Launching Pad For Phishing Attacks Vulnerabilities – Threatpost

Facebook: A Top Launching Pad For Phishing Attacks

October 21, 2020

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishin…

Read more >>
Mobile Browser Bugs Open Safari, Opera Users to Malware Vulnerabilities – Threatpost

Mobile Browser Bugs Open Safari, Opera Users to Malware

October 20, 2020

A set of address-spoofing bugs affect users of six different types of mobile browsers, with some re…

Read more >>
Google’s Waze Can Allow Hackers to Identify and Track Users Vulnerabilities – Threatpost

Google’s Waze Can Allow Hackers to Identify and Track Users

October 20, 2020

The company already patched an API flaw that allowed a security researcher to use the app to find t…

Read more >>
DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks Vulnerabilities – Threatpost

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

October 20, 2020

DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Ol…

Read more >>
Star Wars: Squadrons Crams Tons of Fun in a Tiny Cockpit Technology

Star Wars: Squadrons Crams Tons of Fun in a Tiny Cockpit

October 20, 2020

I’m flying through the Nadiri Dockyards, where the New Republic constructs warships to tak…

Read more >>
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack Vulnerabilities – Threatpost

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

October 19, 2020

Researchers said the group was able to move from initial phish to full domain-wide encryption in ju…

Read more >>
Microsoft Exchange, Outlook Under Siege By APTs Vulnerabilities – Threatpost

Microsoft Exchange, Outlook Under Siege By APTs

October 19, 2020

A new threat report shows that APTs are switching up their tactics when exploiting Microsoft servic…

Read more >>
Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers Vulnerabilities – Threatpost

Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers

October 19, 2020

In both cases, cybercriminals claim to have reams of information for the popular gaming titles. Via…

Read more >>
Microsoft Fixes RCE Flaws in Out-of-Band Windows Update Vulnerabilities – Threatpost

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

October 17, 2020

The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could e…

Read more >>
Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy Vulnerabilities – Threatpost

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

October 17, 2020

Google's Threat Analysis Group sheds more light on targeted credential phishing and malware att…

Read more >>
Phishing Lures Shift from COVID-19 to Job Opportunities Vulnerabilities – Threatpost

Phishing Lures Shift from COVID-19 to Job Opportunities

October 17, 2020

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercrimi…

Read more >>
TikTok Launches Bug Bounty Program Amid Security Snafus Vulnerabilities – Threatpost

TikTok Launches Bug Bounty Program Amid Security Snafus

October 16, 2020

The move is a distinct change in direction for the app, which has been criticized and even banned f…

Read more >>
Critical Magento Holes Open Online Shops to Code Execution Vulnerabilities – Threatpost

Critical Magento Holes Open Online Shops to Code Execution

October 16, 2020

Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code ex…

Read more >>
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft Vulnerabilities – Threatpost

FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft

October 16, 2020

In-game features of the just-released FIFA 21 title give scammers easy access its vast audience. Vi…

Read more >>
Zoom Rolls Out End-to-End Encryption After Setbacks Vulnerabilities – Threatpost

Zoom Rolls Out End-to-End Encryption After Setbacks

October 15, 2020

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-…

Read more >>
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On Vulnerabilities – Threatpost

Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On

October 15, 2020

Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS at…

Read more >>
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug Vulnerabilities – Threatpost

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

October 14, 2020

There were 11 critical bugs and six that were unpatched but publicly known in this month's regu…

Read more >>
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes Vulnerabilities – Threatpost

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

October 14, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020. Via Vulnerabilit…

Read more >>
Critical Flash Player Flaw Opens Adobe Users to RCE Vulnerabilities – Threatpost

Critical Flash Player Flaw Opens Adobe Users to RCE

October 14, 2020

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and Chro…

Read more >>
Election Systems Under Attack via Microsoft Zerologon Exploits Vulnerabilities – Threatpost

Election Systems Under Attack via Microsoft Zerologon Exploits

October 13, 2020

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltra…

Read more >>
Authentication Bug Opens Android Smart-TV Box to Data Theft Vulnerabilities – Threatpost

Authentication Bug Opens Android Smart-TV Box to Data Theft

October 13, 2020

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media…

Read more >>
Facebook Debuts Bug-Bounty ‘Loyalty Program’ Vulnerabilities – Threatpost

Facebook Debuts Bug-Bounty ‘Loyalty Program’

October 09, 2020

Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of su…

Read more >>
Wormable Apple iCloud Bug Allows Automatic Photo Theft Vulnerabilities – Threatpost

Wormable Apple iCloud Bug Allows Automatic Photo Theft

October 09, 2020

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for di…

Read more >>
Cisco Fixes High-Severity Webex, Security Camera Flaws Vulnerabilities – Threatpost

Cisco Fixes High-Severity Webex, Security Camera Flaws

October 08, 2020

Three high-severity flaws exist in Cisco's Webex video conferencing system, Cisco’s Video Surve…

Read more >>
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks Vulnerabilities – Threatpost

Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

October 08, 2020

A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Pri…

Read more >>
Google Rolls Out Fixes for High-Severity Android System Flaws Vulnerabilities – Threatpost

Google Rolls Out Fixes for High-Severity Android System Flaws

October 08, 2020

The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0…

Read more >>
Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables Vulnerabilities – Threatpost

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

October 07, 2020

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Wind…

Read more >>
Comcast TV Remote Hack Opens Homes to Snooping Vulnerabilities – Threatpost

Comcast TV Remote Hack Opens Homes to Snooping

October 07, 2020

Researchers disclosed the 'WarezTheRemote' attack, affecting Comcast's XR11 voice remot…

Read more >>
Grindr’s Bug Bounty Pledge Doesn’t Translate to Security Vulnerabilities – Threatpost

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

October 07, 2020

At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a '…

Read more >>
Male Chastity Device Comes with Massive Security Flaws Vulnerabilities – Threatpost

Male Chastity Device Comes with Massive Security Flaws

October 07, 2020

Smart sex toy vulnerable to hacks, researchers say -- which could expose users’ most sensitive bits…

Read more >>
Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack Vulnerabilities – Threatpost

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

October 07, 2020

The Magecart spinoff group targeted the wireless service provider in an odd choice of victim. Via V…

Read more >>
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors Vulnerabilities – Threatpost

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

October 06, 2020

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for th…

Read more >>
Post Grid WordPress Plugin Flaws Allow Site Takeovers Vulnerabilities – Threatpost

Post Grid WordPress Plugin Flaws Allow Site Takeovers

October 06, 2020

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- toge…

Read more >>
Tenda Router Zero-Days Emerge in Spyware Botnet Campaign Vulnerabilities – Threatpost

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

October 05, 2020

A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its den…

Read more >>
Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy Vulnerabilities – Threatpost

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy

October 04, 2020

Phishing emails tell recipients that their voter's registration applications are incomplete - b…

Read more >>
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer Vulnerabilities – Threatpost

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

October 02, 2020

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he&…

Read more >>
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices Vulnerabilities – Threatpost

InterPlanetary Storm Botnet Infects 13K Mac, Android Devices

October 01, 2020

In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android…

Read more >>