Vulnerabilities – Threatpost
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers fro…
Read more >>
Vulnerabilities – Threatpost
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of …
Read more >>
Vulnerabilities – Threatpost
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits. Via V…
Read more >>
Vulnerabilities – Threatpost
Rocke Group’s Malware Now Has Worm Capabilities
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as ha…
Read more >>
Vulnerabilities – Threatpost
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
A phishing kit has been found running on at least 700 domains - and mimicking services via false Sh…
Read more >>
Vulnerabilities – Threatpost
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Al…
Read more >>
Vulnerabilities – Threatpost
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't co…
Read more >>
Vulnerabilities – Threatpost
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
Qualys said the vuln gives any local user root access to systems running the most popular version o…
Read more >>
Vulnerabilities – Threatpost
ADT Security Camera Flaws Open Homes to Eavesdropping
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could hav…
Read more >>
Vulnerabilities – Threatpost
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are…
Read more >>
Vulnerabilities – Threatpost
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetso…
Read more >>
Vulnerabilities – Threatpost
Nefilim Ransomware Gang Hits Jackpot with Ghost Account
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infi…
Read more >>
Vulnerabilities – Threatpost
North Korea Targets Security Researchers in Elaborate 0-Day Campaign
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched…
Read more >>
Vulnerabilities – Threatpost
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
A security flaw in TikTok could have allowed attackers to query query the platform's database –…
Read more >>
Vulnerabilities – Threatpost
Cisco DNA Center Bug Opens Enterprises to Remote Attack
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) a…
Read more >>
Vulnerabilities – Threatpost
SonicWall Breach Stems from ‘Probable’ Zero-Days
The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access…
Read more >>
Vulnerabilities – Threatpost
Amazon Kindle RCE Attack Starts with an Email
The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting vi…
Read more >>
Vulnerabilities – Threatpost
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general …
Read more >>
Vulnerabilities – Threatpost
SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - …
Read more >>
Vulnerabilities – Threatpost
Critical Cisco SD-WAN Bugs Allow RCE Attacks
Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite…
Read more >>
Vulnerabilities – Threatpost
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advis…
Read more >>
Vulnerabilities – Threatpost
Malwarebytes Hit by SolarWinds Attackers
The attack vector was not the Orion platform but rather an email-protection application for Microso…
Read more >>
Vulnerabilities – Threatpost
Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code…
Read more >>
Vulnerabilities – Threatpost
Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including sec…
Read more >>
Vulnerabilities – Threatpost
Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address C…
Read more >>
Vulnerabilities – Threatpost
Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sens…
Read more >>
Vulnerabilities – Threatpost
Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and s…
Read more >>
Vulnerabilities – Threatpost
Ring Adds End-to-End Encryption to Quell Security Uproar
The optional feature was released free to users in a technical preview this week, adding a new laye…
Read more >>
Vulnerabilities – Threatpost
High-Severity Cisco Flaw Found in CMX Software For Retailers
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secu…
Read more >>
Vulnerabilities – Threatpost
Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
Two security vulnerabilities -- one a privilege-escalation problem and the other a stored XSS bug -…
Read more >>
Vulnerabilities – Threatpost
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-…
Read more >>
Vulnerabilities – Threatpost
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were ca…
Read more >>
Vulnerabilities – Threatpost
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under …
Read more >>
Vulnerabilities – Threatpost
Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content
Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS u…
Read more >>
Vulnerabilities – Threatpost
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats tha…
Read more >>
Vulnerabilities – Threatpost
SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack
Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to cr…
Read more >>
Vulnerabilities – Threatpost
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could p…
Read more >>
Vulnerabilities – Threatpost
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its …
Read more >>
Vulnerabilities – Threatpost
Threatpost Poll: Weigh in on Ransomware Security
Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll. Via Vuln…
Read more >>
Vulnerabilities – Threatpost
NSA Urges SysAdmins to Replace Obsolete TLS Protocols
The NSA released new guidance providing system administrators with the tools to update outdated TLS…
Read more >>
Vulnerabilities – Threatpost
Feds Issue Recommendations for Maritime Cybersecurity
Report outlines deep cybersecurity challenges for the public/private seagoing sector. Via Vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerabi…
Read more >>
Vulnerabilities – Threatpost
Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack
The widespread compromise affecting key government agencies is ongoing, according to the U.S. gover…
Read more >>
Vulnerabilities – Threatpost
RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Fram…
Read more >>
Vulnerabilities – Threatpost
Cyberattacks on Healthcare Spike 45% Since November
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomwa…
Read more >>
Vulnerabilities – Threatpost
Google Warns of Critical Android Remote Code Execution Bug
Google's Android security update addressed 43 bugs overall affecting Android handsets, includin…
Read more >>
Vulnerabilities – Threatpost
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat lan…
Read more >>
Vulnerabilities – Threatpost
Inbox Attacks: The Miserable Year (2020) That Was
Reflecting on 2020's record-breaking year of spam and inbox threats. Via Vulnerabilities – Thre…
Read more >>
