Vulnerabilities – Threatpost
HPE Fixes Critical Zero-Day in Server Management Software
The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction…
Read more >>
Vulnerabilities – Threatpost
Building Multilayered Security for Modern Threats
Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful ad…
Read more >>
Vulnerabilities – Threatpost
Targeted AnyDesk Ads on Google Served Up Weaponized App
Malicious ad campaign was able to rank higher in searches than legitimate AnyDesk ads. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues
David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous propo…
Read more >>
Vulnerabilities – Threatpost
PDF Feature ‘Certified’ Widely Vulnerable to Attack
Researchers found flaws most of the ‘popular’ PDF applications tested. Via Vulnerabilities – Threat…
Read more >>
Vulnerabilities – Threatpost
VMware Sounds Ransomware Alarm Over Critical Severity Bug
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the compan…
Read more >>
Vulnerabilities – Threatpost
A Peek Inside the Underground Ransomware Economy
Threat hunters weigh in on how the business of ransomware, the complex relationships between cyberc…
Read more >>
Vulnerabilities – Threatpost
Trend Micro Bugs Threaten Home Network Security
The security vendor's network management and threat protection station can open the door to cod…
Read more >>
Technology
Travel Is Coming Back, and Artificial Intelligence May Be Planning Your Next Flight
There are dozens of routes that Alaska Airways Flight 1405 can take from Oklahoma City to …
Read more >>
Vulnerabilities – Threatpost
Combatting Insider Threats with Keyboard Security
Dale Ludwig, business development manager at Cherry Americas, discusses advances in hardware-based …
Read more >>
Vulnerabilities – Threatpost
Pulse Secure VPNs Get Quick Fix for Critical RCE
One of the workaround XML files automatically deactivates protection from an earlier workaround: a …
Read more >>
Vulnerabilities – Threatpost
Restaurant Reservation System Patches Easy-to-Exploit XSS Bug
A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access re…
Read more >>
Vulnerabilities – Threatpost
WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites
The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info witho…
Read more >>
Vulnerabilities – Threatpost
Four Android Bugs Being Exploited in the Wild
On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that…
Read more >>
Vulnerabilities – Threatpost
Apple Exec Calls Level of Mac Malware ‘Unacceptable’
Company is using threat of attacks as defense in case brought against it by Epic Games after Fortni…
Read more >>
Vulnerabilities – Threatpost
Can Nanotech Secure IoT Devices From the Inside-Out?
Work's being done with uber-lightweight nanoagents on every IoT device to stop malicious behavi…
Read more >>
Vulnerabilities – Threatpost
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using k…
Read more >>
Vulnerabilities – Threatpost
Windows PoC Exploit Released for Wormable RCE
The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the b…
Read more >>
Vulnerabilities – Threatpost
Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as track…
Read more >>
Vulnerabilities – Threatpost
Magecart Goes Server-Side in Latest Tactics Changeup
The latest Magecart iteration is finding success with a new PHP web shell skimmer. Via Vulnerabilit…
Read more >>
Vulnerabilities – Threatpost
CISOs Struggle to Cope with Mounting Job Stress
Pandemic and evolving IT demands are having a major, negative impact on CISOs' mental health, a…
Read more >>
Vulnerabilities – Threatpost
‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymit…
Read more >>
Vulnerabilities – Threatpost
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
The DBRI – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially …
Read more >>
Vulnerabilities – Threatpost
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting…
Read more >>
Vulnerabilities – Threatpost
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it dem…
Read more >>
Vulnerabilities – Threatpost
Ransomware Going for $4K on the Cyber-Underground
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with m…
Read more >>
Vulnerabilities – Threatpost
Apple’s ‘Find My’ Network Exploited via Bluetooth
The ‘Send My’ exploit can use Apple's locator service to collect and send information from near…
Read more >>
Vulnerabilities – Threatpost
Researchers Flag e-Voting Security Flaws
Paper ballots and source-code transparency are recommended to improve election security. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they're…
Read more >>
Vulnerabilities – Threatpost
Wormable Windows Bug Opens Door to DoS, RCE
Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabili…
Read more >>
Vulnerabilities – Threatpost
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attac…
Read more >>
Vulnerabilities – Threatpost
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh …
Read more >>
Technology
Criminal Gang DarkSide Linked to Cyberattack That Forced U.S. Gas Pipeline Shutdown
(NEW YORK) — The cyberextortion attempt that has forced the shutdown of a vital U.S. pipel…
Read more >>
Vulnerabilities – Threatpost
iPhone Hack Allegedly Used to Spy on China’s Uyghurs
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority …
Read more >>
Vulnerabilities – Threatpost
Qualcomm Chip Bug Opens Android Fans to Eavesdropping
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. Via V…
Read more >>
Vulnerabilities – Threatpost
Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
The networking giant has rolled out patches for remote code-execution and command-injection securit…
Read more >>
Vulnerabilities – Threatpost
Anti-Spam WordPress Plugin Could Expose Website User Data
'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites …
Read more >>
Vulnerabilities – Threatpost
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Remote code execution, privilege escalation to root and lateral movement through a victim's env…
Read more >>
Vulnerabilities – Threatpost
Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to Chi…
Read more >>
Vulnerabilities – Threatpost
Apple Fixes Zero‑Day Security Bugs Under Active Attack
On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping se…
Read more >>
Vulnerabilities – Threatpost
Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tab…
Read more >>
Vulnerabilities – Threatpost
New Attacks Slaughter All Spectre Defenses
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks…
Read more >>
Vulnerabilities – Threatpost
Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to rem…
Read more >>
