Vulnerabilities – Threatpost
Pandemic, A Driving Force in 2021 Financial Crime
Ransomware gangs with zero-days and more players overall will characterize financially motivated cy…
Read more >>
Vulnerabilities – Threatpost
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes
While 2021 will present evolving threats and new challenges, it will also offer new tools and techn…
Read more >>
Vulnerabilities – Threatpost
Changing Employee Security Behavior Takes More Than Simple Awareness
Designing a behavioral change program requires an audit of existing security practices and where th…
Read more >>
Vulnerabilities – Threatpost
Critical MobileIron RCE Flaw Under Active Attack
Attackers are targeting the critical remote code-execution flaw to compromise systems in the health…
Read more >>
Vulnerabilities – Threatpost
How to Update Your Remote Access Policy – And Why You Should Now
Reducing the risks of remote work starts with updating the access policies of yesterday. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investi…
Read more >>
Vulnerabilities – Threatpost
Baidu Apps in Google Play Leak Sensitive Data
Cyberattackers could use the information to track users across devices, disable phone service, or i…
Read more >>
Vulnerabilities – Threatpost
Tesla Hacked and Stolen Again Using Key Fob
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this t…
Read more >>
Vulnerabilities – Threatpost
Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Wind…
Read more >>
Vulnerabilities – Threatpost
GoDaddy Employees Tricked into Compromising Cryptocurrency Sites
‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains Nice…
Read more >>
Vulnerabilities – Threatpost
Manchester United: IT Systems Disrupted in Cyberattack
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure. Via Vul…
Read more >>
Vulnerabilities – Threatpost
VMware Fixes Critical Flaw in ESXi Hypervisor
The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hackin…
Read more >>
Vulnerabilities – Threatpost
Facebook Messenger Bug Allows Spying on Android Users
The company patched a vulnerability that could connected video and audio calls without the knowledg…
Read more >>
Vulnerabilities – Threatpost
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting op…
Read more >>
Vulnerabilities – Threatpost
GO SMS Pro Android App Exposes Private Photos, Videos and Messages
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to lin…
Read more >>
Vulnerabilities – Threatpost
IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk
Security experts praised the newly approved IoT law as a step in the right direction for insecure c…
Read more >>
Vulnerabilities – Threatpost
Widespread Scans Underway for RCE Bugs in WordPress Websites
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping
Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of secu…
Read more >>
Vulnerabilities – Threatpost
Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole
Overall Google's Chrome 87 release fixed 33 security vulnerabilities. Via Vulnerabilities – Thr…
Read more >>
Vulnerabilities – Threatpost
Multiple Industrial Control System Vendors Warn of Critical Bugs
Four industrial control system vendors each announced vulnerabilities that ranged from critical to …
Read more >>
Vulnerabilities – Threatpost
Cisco Patches Critical Flaw After PoC Exploit Code Release
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sen…
Read more >>
Vulnerabilities – Threatpost
Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs
Attackers can exploit the feature and send people’s data directly to remote servers, posing a priva…
Read more >>
Vulnerabilities – Threatpost
Dating Site Bumble Leaves Swipes Unsecured for 100M Users
An API bug exposed personal information of users like political leanings, astrological signs, educa…
Read more >>
Vulnerabilities – Threatpost
Citrix SD-WAN Bugs Allow Remote Code Execution
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Cente…
Read more >>
Vulnerabilities – Threatpost
Scams Ramp Up Ahead of Black Friday Cybercriminal Craze
With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new …
Read more >>
Vulnerabilities – Threatpost
Credential-Stuffing Attack Hits The North Face
The North Face has reset an undisclosed number of customer accounts after detecting a credential-st…
Read more >>
Vulnerabilities – Threatpost
Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys
Hacker forums are a rich source of threat intelligence. Via Vulnerabilities – Threatpost https://th…
Read more >>
Vulnerabilities – Threatpost
Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Security problems in Schneider Electric programmable logic controllers allow compromise of the hard…
Read more >>
Technology
Should You Get a PlayStation 5, Xbox Series X, or Xbox Series S? Here’s How to Decide
After seven years, millions of consoles sold, and a generation of users clamoring for an u…
Read more >>
Vulnerabilities – Threatpost
2 More Google Chrome Zero-Days Under Active Exploitation
Browser users are once again being asked to patch severe vulnerabilities. Via Vulnerabilities – Thr…
Read more >>
Vulnerabilities – Threatpost
Silver Peak SD-WAN Bugs Allow for Network Takeover
Three security vulnerabilities can be chained to enable unauthenticated remote code execution. Via …
Read more >>
Vulnerabilities – Threatpost
Nvidia Warns Windows Gamers of GeForce NOW Flaw
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvi…
Read more >>
Vulnerabilities – Threatpost
High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software. …
Read more >>
Vulnerabilities – Threatpost
COVID-19 Data-Sharing App Leaked Healthcare Worker Info
Philippines COVID-KAYA app allowed for unauthorized access typically protected by ‘superuser’ crede…
Read more >>
Technology
Apple’s New MacBooks (and Mac Mini) Are Powered By iPhone DNA
Months after first teasing the news, Apple on Tuesday unveiled a trio of Mac desktop and l…
Read more >>
Vulnerabilities – Threatpost
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patch…
Read more >>
Vulnerabilities – Threatpost
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across…
Read more >>
Vulnerabilities – Threatpost
Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the in…
Read more >>
Vulnerabilities – Threatpost
Trump Site Alleging AZ Election Fraud Exposes Voter Data
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities…
Read more >>
Vulnerabilities – Threatpost
Cyberattack on UVM Health Network Impedes Chemotherapy Appointments
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff…
Read more >>
Vulnerabilities – Threatpost
Ultimate Member Plugin for WordPress Allows Site Takeover
Three critical security bugs allow for easy privilege escalation to an administrator role. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
Microsoft Exchange Attack Exposes New xHunt Backdoors
An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-s…
Read more >>
Vulnerabilities – Threatpost
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with…
Read more >>
Vulnerabilities – Threatpost
WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
The shopping cart application contains a PHP object-injection bug. Via Vulnerabilities – Threatpost…
Read more >>
Vulnerabilities – Threatpost
Gitpaste-12 Worm Targets Linux Servers, IoT Devices
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 diffe…
Read more >>
Vulnerabilities – Threatpost
Apple Patches Bugs Tied to Previously Identified Zero-Days
The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPo…
Read more >>
Vulnerabilities – Threatpost
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many fr…
Read more >>
Vulnerabilities – Threatpost
VMware Issues Updated Fix For Critical ESXi Flaw
A previous fix for the critical remote code execution bug was "incomplete," according to …
Read more >>
Vulnerabilities – Threatpost
Oracle Solaris Zero-Day Attack Revealed
A threat actor is compromising telecommunications companies and targeted financial and professional…
Read more >>
Vulnerabilities – Threatpost
APT Groups Finding Success with Mix of Old and New Tools
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, larg…
Read more >>
Vulnerabilities – Threatpost
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Patches for both the Chrome desktop and Android browser address high-severity flaws with known expl…
Read more >>
Vulnerabilities – Threatpost
Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws
The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code executio…
Read more >>
Vulnerabilities – Threatpost
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction …
Read more >>
Vulnerabilities – Threatpost
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable informa…
Read more >>
Vulnerabilities – Threatpost
Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope
Automation, strategic process design and an investment in training are the keys to managing the cyb…
Read more >>
Vulnerabilities – Threatpost
WordPress Pushes Out Multiple Flawed Security Updates
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
JM Bullion fell victim to a payment-card skimmer, which was in place for five months. Via Vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Via Vulnerab…
Read more >>
