Vulnerabilities – Threatpost
Why MTTR is Bad for SecOps
Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC a…
Read more >>
Vulnerabilities – Threatpost
Zero-Day Used to Wipe My Book Live Devices
Threat actors may have been duking it out for control of the compromised devices, first using a 201…
Read more >>
Vulnerabilities – Threatpost
PoC Exploit Circulating for Critical Windows Print Spooler Bug
The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the …
Read more >>
Vulnerabilities – Threatpost
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-la…
Read more >>
Vulnerabilities – Threatpost
Details of RCE Bug in Adobe Experience Manager Revealed
Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayS…
Read more >>
Vulnerabilities – Threatpost
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manip…
Read more >>
Vulnerabilities – Threatpost
Cisco ASA Bug Now Actively Exploited as PoC Drops
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researche…
Read more >>
Vulnerabilities – Threatpost
My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks
“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised …
Read more >>
Vulnerabilities – Threatpost
Critical VMware Carbon Black Bug Allows Authentication Bypass
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting th…
Read more >>
Vulnerabilities – Threatpost
Atlassian Bugs Could Have Led to 1-Click Takeover
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issue…
Read more >>
Vulnerabilities – Threatpost
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
Four separate security bugs would give attackers almost complete control and persistence over targe…
Read more >>
Vulnerabilities – Threatpost
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, whic…
Read more >>
Vulnerabilities – Threatpost
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspe…
Read more >>
Vulnerabilities – Threatpost
SonicWall ‘Botches’ October Patch for Critical VPN Bug
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices…
Read more >>
Vulnerabilities – Threatpost
Cryptominers Slither into Python Projects in Supply-Chain Campaign
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into softwa…
Read more >>
Vulnerabilities – Threatpost
Email Bug Allows Message Snooping, Credential Theft
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop…
Read more >>
Vulnerabilities – Threatpost
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
“No remedy available as of June 21, 2021," according to the researcher who discovered the easy…
Read more >>
Vulnerabilities – Threatpost
Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles lo…
Read more >>
Vulnerabilities – Threatpost
Agent Tesla RAT Returns in COVID-19 Vax Phish
An unsophisticated campaign shows that the pandemic still has long legs when it comes to being soci…
Read more >>
Vulnerabilities – Threatpost
iPhone Wi-Fi Crushed by Weird Network
… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is …
Read more >>
Vulnerabilities – Threatpost
What’s Making Your Company a Ransomware Sitting Duck
What's the low-hanging fruit for ransomware attackers? What steps could help to fend them off, …
Read more >>
Vulnerabilities – Threatpost
Cisco Smart Switches Riddled with Severe Security Holes
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, …
Read more >>
Vulnerabilities – Threatpost
Takeaways from the Colonial Pipeline Ransomware Attack
The incident showcases basic steps that organizations can take to protect themselves as ransomware …
Read more >>
Technology
General Motors Will Open 2 U.S. Battery Plants to Support Increasing Electric and Autonomous Vehicle Production
DETROIT — General Motors will raise its spending on electric and autonomous vehicles and a…
Read more >>
Vulnerabilities – Threatpost
Peloton Bike+ Bug Gives Hackers Complete Control
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive t…
Read more >>
Vulnerabilities – Threatpost
Millions of Connected Cameras Open to Eavesdropping
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security v…
Read more >>
Vulnerabilities – Threatpost
Apple Hurries Patches for Safari Bugs Under Active Attack
Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being e…
Read more >>
Vulnerabilities – Threatpost
Utilities ‘Concerningly’ at Risk from Active Exploits
Utilities’ vulnerability to application exploits goes from bad to worse in just weeks. Via Vulner…
Read more >>
Vulnerabilities – Threatpost
Microsoft Teams: Very Bad Tabs Could Have Led to BEC
Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams cha…
Read more >>
Vulnerabilities – Threatpost
Moobot Milks Tenda Router Bugs for Propagation
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site. Via Vu…
Read more >>
Technology
TikTok Has Started Collecting Your ‘Faceprints’ and ‘Voiceprints.’ Here’s What It Could Do With Them
Recently, TikTok made a change to its U.S. privacy policy, allowing the company to “autom…
Read more >>
Vulnerabilities – Threatpost
Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC
A trio of security flaws open the door to remote-code execution and a malware tsunami. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Critical Chrome Browser Bug Under Active Attack
Google has patched its Chrome browser, fixing one critical cache issue and a second bug being activ…
Read more >>
Vulnerabilities – Threatpost
STEM Audio Table Rife with Business-Threatening Bugs
The desktop conferencing IoT gadget allows remote attackers to install all kinds of malware and mov…
Read more >>
Vulnerabilities – Threatpost
JBS Paid $11M to REvil Gang Even After Restoring Operations
The decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues …
Read more >>
Vulnerabilities – Threatpost
Intel Plugs 29 Holes in CPUs, Bluetooth, Security
The higher-rated advisories focus on privilege-escalation bugs in CPU firmware: Tough to patch, har…
Read more >>
Vulnerabilities – Threatpost
Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws
Researchers discovered a highly targeted malware campaign launched in April, in which a new, unknow…
Read more >>
Vulnerabilities – Threatpost
Google Patches Critical Android RCE Bug
Google's June security bulletin addresses 90+ bugs in Android and Pixel devices. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
Windows Container Malware Targets Kubernetes Clusters
“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to p…
Read more >>
Vulnerabilities – Threatpost
‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles
Unprotected server exposes AMT Games user data containing user emails and purchase information. Via…
Read more >>
Vulnerabilities – Threatpost
Exchange Servers Targeted by ‘Epsilon Red’ Malware
REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponiz…
Read more >>
Vulnerabilities – Threatpost
Then and Now: Securing Privileged Access Within Healthcare Orgs
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best pract…
Read more >>
Vulnerabilities – Threatpost
Podcast: The State of Ransomware
In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takea…
Read more >>
Vulnerabilities – Threatpost
Cyber-Insurance Fuels Ransomware Payment Surge
Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blame…
Read more >>
Vulnerabilities – Threatpost
Where Bug Bounty Programs Fall Flat
Some criminals package exploits into bundles to sell on cybercriminal forums years after they were …
Read more >>
