Vulnerabilities – Threatpost
Reboot of PunkSpider Tool at DEF CON Stirs Debate
Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so com…
Read more >>
Vulnerabilities – Threatpost
Podcast: Why Securing Active Directory Is a Nightmare
Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a …
Read more >>
Vulnerabilities – Threatpost
Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbr…
Read more >>
Vulnerabilities – Threatpost
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the…
Read more >>
Vulnerabilities – Threatpost
Apple Patches Actively Exploited Zero-Day in iOS, MacOS
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption fla…
Read more >>
Vulnerabilities – Threatpost
Podcast: IoT Piranhas Are Swarming Industrial Controls
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems…
Read more >>
Vulnerabilities – Threatpost
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows syst…
Read more >>
Vulnerabilities – Threatpost
Malware Makers Using ‘Exotic’ Programming Languages
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to…
Read more >>
Technology
How the Alleged Outing of a Catholic Priest Shows the Sorry State of Data Privacy in America
On Tuesday, the Catholic Substack newsletter The Pillar published an investigation into…
Read more >>
Vulnerabilities – Threatpost
Critical Jira Flaw in Atlassian Could Lead to RCE
The software-engineering platform is urging users to patch the critical flaw ASAP. Via Vulnerabilit…
Read more >>
Vulnerabilities – Threatpost
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. Via Vulne…
Read more >>
Vulnerabilities – Threatpost
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come…
Read more >>
Vulnerabilities – Threatpost
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create ne…
Read more >>
Vulnerabilities – Threatpost
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange att…
Read more >>
Vulnerabilities – Threatpost
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to ru…
Read more >>
Vulnerabilities – Threatpost
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bomb…
Read more >>
Technology
Pegasus Spyware Reportedly Hacked Thousands of iPhones Worldwide. Here’s What to Know
On Sunday, an international collaboration between The Washington Post, The Guardian and …
Read more >>
Vulnerabilities – Threatpost
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
The bug could allow cyberattackers to bypass security products, tamper with data and run code in ke…
Read more >>
Vulnerabilities – Threatpost
Unpatched iPhone Bug Allows Remote Device Takeover
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier …
Read more >>
Vulnerabilities – Threatpost
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most intere…
Read more >>
Vulnerabilities – Threatpost
The Evolving Role of the CISO
Curtis Simpson, CISO at Armis, discusses the stop qualities that all CISOs need to possess to excel…
Read more >>
Vulnerabilities – Threatpost
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the…
Read more >>
Vulnerabilities – Threatpost
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around t…
Read more >>
Vulnerabilities – Threatpost
Microsoft: New Unpatched Bug in Windows Print Spooler
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and syst…
Read more >>
Vulnerabilities – Threatpost
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
The popular e-commerce platform for WordPress has started deploying emergency patches. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
SonicWall Warns Firewall Hardware Bugs Under Attack
SonicWall issued an urgent security alert warning customers that some of its current and legacy fir…
Read more >>
Vulnerabilities – Threatpost
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target gover…
Read more >>
Vulnerabilities – Threatpost
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet
Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps proce…
Read more >>
Technology
This Company Was Hit With a Devastating Ransomware Attack—But Instead of Giving In, It Rebuilt Everything
As the threat of ransomware grows, companies have felt pressed to pay massive amounts to h…
Read more >>
Vulnerabilities – Threatpost
Windows Hello Bypass Fools Biometrics Safeguards in PCs
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-re…
Read more >>
Vulnerabilities – Threatpost
Microsoft Crushes 116 Bugs, Three Actively Exploited
Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a ‘PrintNi…
Read more >>
Vulnerabilities – Threatpost
Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers
The 'ModiPwn' bug lays open production lines, sensors, conveyor belts, elevators, HVACs and…
Read more >>
Vulnerabilities – Threatpost
Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
Adobe July patch roundup includes fixes for its ubiquitous and free PDF reader Acrobat 2020 and oth…
Read more >>
Vulnerabilities – Threatpost
New CISA Director Confirmed, White House Gains Cyber-Director
Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the rans…
Read more >>
Vulnerabilities – Threatpost
SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
Microsoft alerted the company to a security vulnerability in its Serv-U Managed File Transfer and S…
Read more >>
Vulnerabilities – Threatpost
WordPress File Management Plugin Riddled with Critical Bugs
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execut…
Read more >>
Vulnerabilities – Threatpost
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
The attacks are enabled by an unpatched security vulnerability in ForgeRock's Access Management…
Read more >>
Vulnerabilities – Threatpost
Kaseya Patches Zero-Days Used in REvil Attacks
The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a wor…
Read more >>
Vulnerabilities – Threatpost
Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malw…
Read more >>
Vulnerabilities – Threatpost
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and…
Read more >>
Vulnerabilities – Threatpost
Coursera Flunks API Security Test in Researchers’ Exam
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Author…
Read more >>
Vulnerabilities – Threatpost
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victi…
Read more >>
Vulnerabilities – Threatpost
MacOS Targeted in WildPressure APT Malware Campaign
Threat actors enlist compromised WordPress websites in campaign targeting macOS users. Via Vulnerab…
Read more >>
Vulnerabilities – Threatpost
Why I Love (Breaking Into) Your Security Appliances
David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how att…
Read more >>
Vulnerabilities – Threatpost
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The fix doesn’t cover the entire problem nor all affected systems however, so the company also is o…
Read more >>
Vulnerabilities – Threatpost
Western Digital Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t u…
Read more >>
Vulnerabilities – Threatpost
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push …
Read more >>
Vulnerabilities – Threatpost
Kaseya Attack Fallout: CISA, FBI Offer Guidance
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims…
Read more >>
Vulnerabilities – Threatpost
Widespread Brute-Force Attacks Tied to Russia’s APT28
The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password…
Read more >>
Vulnerabilities – Threatpost
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many secur…
Read more >>
Vulnerabilities – Threatpost
CISA Offers New Mitigation for PrintNightmare Bug
CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and sy…
Read more >>
Vulnerabilities – Threatpost
Netgear Authentication Bypass Allows Router Takeover
Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable…
Read more >>
Vulnerabilities – Threatpost
Indexsinas SMB Worm Campaign Infests Whole Enterprises
The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ulti…
Read more >>
