Vulnerabilities – Threatpost
What’s Next for Ransomware in 2021?
Ransomware response demands a whole-of-business plan before the next attack, according to our round…
Read more >>
Vulnerabilities – Threatpost
FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call …
Read more >>
Vulnerabilities – Threatpost
The 5 Most-Wanted Threatpost Stories of 2020
A look back at what was hot with readers -- offering a snapshot of the security stories that were m…
Read more >>
Vulnerabilities – Threatpost
Taking a Neighborhood Watch Approach to Retail Cybersecurity
Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers. Via Vulnerabilit…
Read more >>
Vulnerabilities – Threatpost
6 Questions Attackers Ask Before Choosing an Asset to Exploit
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding &qu…
Read more >>
Vulnerabilities – Threatpost
2020 Work-for-Home Shift: What We Learned
Threatpost explores 5 big takeaways from 2020 -- and what they mean for 2021. Via Vulnerabilities –…
Read more >>
Vulnerabilities – Threatpost
Hackers Amp Up COVID-19 IP Theft Attacks
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cyber…
Read more >>
Vulnerabilities – Threatpost
Windows Zero-Day Still Circulating After Faulty Fix
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create ne…
Read more >>
Vulnerabilities – Threatpost
Third-Party APIs: How to Prevent Enumeration Attacks
Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do …
Read more >>
Vulnerabilities – Threatpost
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Investigation reveals device sector is problem plagued when it comes to security bugs. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Defending Against State and State-Sponsored Threat Actors
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of th…
Read more >>
Vulnerabilities – Threatpost
Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE…
Read more >>
Vulnerabilities – Threatpost
Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.…
Read more >>
Vulnerabilities – Threatpost
Telemed Poll Uncovers Biggest Risks and Best Practices
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of…
Read more >>
Technology
What Happens Next with the Massive SolarWinds Hack
The cyber security firm FireEye revealed that it has been the victim of a massive, long-r…
Read more >>
Vulnerabilities – Threatpost
Cloud is King: 9 Software Security Trends to Watch in 2021
Researchers predict software security will continue to struggle to keep up with cloud and IoT in th…
Read more >>
Vulnerabilities – Threatpost
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims
Examining the backdoor's DNS communications led researchers to find a government agency and a b…
Read more >>
Vulnerabilities – Threatpost
Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
The ongoing, growing campaign is “effectively an attack on the United States and its government and…
Read more >>
Vulnerabilities – Threatpost
Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation stor…
Read more >>
Vulnerabilities – Threatpost
Nuclear Weapons Agency Hacked in Widening Cyberattack – Report
Sources said the DoE suffered "damage" in the attack, which also likely extends beyond th…
Read more >>
Vulnerabilities – Threatpost
5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take…
Read more >>
Vulnerabilities – Threatpost
Police Vouch for Hacker Who Guessed Trump’s Twitter Password
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s T…
Read more >>
Technology
Cyberpunk 2077 Is a Mess On Every Level
Cyberpunk 2077 and the constellation of controversy orbiting it—at nearly every level of …
Read more >>
Vulnerabilities – Threatpost
The SolarWinds Perfect Storm: Default Password, Access Sales and More
Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in th…
Read more >>
Vulnerabilities – Threatpost
Easy WP SMTP Security Bug Can Reveal Admin Credentials
A poorly configured file opens users up to site takeover. Via Vulnerabilities – Threatpost https://…
Read more >>
Vulnerabilities – Threatpost
Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The worm returned in recent attacks against web applications, IP cameras and routers. Via Vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gai…
Read more >>
Vulnerabilities – Threatpost
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CD…
Read more >>
Vulnerabilities – Threatpost
Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts
The insider threat will go to jail for two years after compromising Cisco's cloud infrastructur…
Read more >>
Vulnerabilities – Threatpost
DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report
The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with t…
Read more >>
Vulnerabilities – Threatpost
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credent…
Read more >>
Vulnerabilities – Threatpost
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers foun…
Read more >>
Vulnerabilities – Threatpost
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
The malware takes aim at PostgreSQL database servers with never-before-seen techniques. Via Vulnera…
Read more >>
Vulnerabilities – Threatpost
Feds: K-12 Cyberattacks Dramatically on the Rise
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and mor…
Read more >>
Vulnerabilities – Threatpost
Defending the Intelligent Edge from Evolving Attacks
Fortinet's Aamir Lakhani discusses best practices for securing company data against next-gen th…
Read more >>
Vulnerabilities – Threatpost
PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers
Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently …
Read more >>
Vulnerabilities – Threatpost
Critical Cisco Jabber Bug Gets Updated Fix
A series of bugs, patched in September, still allow remote code execution by attackers. Via Vulnera…
Read more >>
Vulnerabilities – Threatpost
Cyber Monday is Every Monday: Securing the ‘New Normal’
From eCommerce threats, to attacks at the smart edge, Fortinet researchers discuss the top evolving…
Read more >>
Vulnerabilities – Threatpost
Misery of Ransomware Hits Hospitals the Hardest
Ransomware attacks targeting hospitals have exacted a human cost as well as financial. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Critical Steam Flaws Could Let Gamers to Crash Opponents’ Computers
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games l…
Read more >>
Vulnerabilities – Threatpost
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “im…
Read more >>
Vulnerabilities – Threatpost
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups…
Read more >>
Vulnerabilities – Threatpost
D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and …
Read more >>
Vulnerabilities – Threatpost
Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
Google updates its mobile OS, fixing ten critical bugs, including one remote code execution flaw. V…
Read more >>
Vulnerabilities – Threatpost
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution
A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices fo…
Read more >>
Vulnerabilities – Threatpost
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Ligh…
Read more >>
Vulnerabilities – Threatpost
‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices
A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devic…
Read more >>
Vulnerabilities – Threatpost
NSA Warns: Patched VMware Bug Under Active Attack
Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access a…
Read more >>
Vulnerabilities – Threatpost
Insider Report: Healthcare Security Woes Balloon in COVID-Era
As hackers put a bullseye on healthcare, Threatpost spotlights how hospitals, researchers and patie…
Read more >>
Vulnerabilities – Threatpost
Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times
In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive…
Read more >>
Vulnerabilities – Threatpost
QNAP High-Severity Flaws Plague NAS Systems
The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems.…
Read more >>
Technology
No PlayStation 5 or Xbox Series X? Here’s How to Get Your Next-Gen Gaming Fix at Any Budget
It’s been just a few weeks since the Microsoft Xbox Series S/X and Sony PlayStation 5 cons…
Read more >>
Vulnerabilities – Threatpost
High-Severity Chrome Bugs Allow Browser Hacks
Desktop versions of the browser received a total of eight fixes, half rated high-severity. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
Novel Online Shopping Malware Hides in Social-Media Buttons
The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign…
Read more >>
Vulnerabilities – Threatpost
VMware Rolls a Fix for Formerly Critical Zero-Day Bug
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to …
Read more >>
Vulnerabilities – Threatpost
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write…
Read more >>
Vulnerabilities – Threatpost
As Modern Mobile Enables Remote Work, It Also Demands Security
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19…
Read more >>
Vulnerabilities – Threatpost
Google Play Apps Remain Vulnerable to High-Severity Flaw
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by sev…
Read more >>
Vulnerabilities – Threatpost
Think-Tanks Under Attack by Foreign APTs, CISA Warns
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and mor…
Read more >>
Vulnerabilities – Threatpost
Xerox DocuShare Bugs Allows Data Leaks
CISA warns the leading enterprise document management platform is open to attack and urges companie…
Read more >>
Vulnerabilities – Threatpost
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data
The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the…
Read more >>
Vulnerabilities – Threatpost
iPhone Bug Allowed for Complete Device Takeover Over the Air
Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity expl…
Read more >>
Vulnerabilities – Threatpost
Android Messenger App Still Leaking Photos, Videos
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively shar…
Read more >>
Vulnerabilities – Threatpost
Cayman Islands Bank Records Exposed in Open Azure Blob
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left …
Read more >>
Vulnerabilities – Threatpost
Electronic Medical Records Cracked Open by OpenClinic Bugs
Four security vulnerabilities in an open-source medical records management platform allow remote co…
Read more >>
Vulnerabilities – Threatpost
Post-Cyberattack, UVM Health Network Still Picking Up Pieces
More than a month after the cyberattack first hit, the UVM health network is still grappling with d…
Read more >>
