Threatpost

Syndikovat obsah Threatpost | The first stop for security news
The First Stop For Security News
Aktualizace: 12 min 8 sek zpět

Zerodium Offers $500K for Secure Messaging App Zero Days

23 Srpen, 2017 - 20:32
Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.
Kategorie: Hacking & Security

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

23 Srpen, 2017 - 19:53
An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they've been sent.
Kategorie: Hacking & Security

Business Email Compromise Campaign Harvesting Credentials in Numerous Industries

23 Srpen, 2017 - 19:02
Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.
Kategorie: Hacking & Security

Neptune Exploit Kit Dropping Cryptocurrency Miners Through Malvertisements

22 Srpen, 2017 - 23:51
Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.
Kategorie: Hacking & Security

Android Spyware Linked to Chinese SDK Forces Google to Boot 500 Apps

22 Srpen, 2017 - 19:28
More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK called Igenix could be leveraged to quietly install spyware on devices.
Kategorie: Hacking & Security

Foxit to Fix PDF Reader Zero Days by Friday

22 Srpen, 2017 - 18:33
Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.
Kategorie: Hacking & Security

Fuze Patches TPN Handset Vulnerabilities

22 Srpen, 2017 - 14:05
VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.
Kategorie: Hacking & Security

Industrial Cobots Might Be The Next Big IoT Security Mess

22 Srpen, 2017 - 14:00
Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.
Kategorie: Hacking & Security

Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method

21 Srpen, 2017 - 20:28
Researchers who identified a real-time way to detect credential spearphishing attacks in enterprise settings won $100,000 from Facebook last week.
Kategorie: Hacking & Security

Meeting and Hotel Booking Provider’s Data Found in Public Amazon S3 Bucket

21 Srpen, 2017 - 17:13
Personal and business data belonging to Boston area meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has since been locked down.
Kategorie: Hacking & Security

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

18 Srpen, 2017 - 19:55
Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.
Kategorie: Hacking & Security

It’s Not Exactly Open Season on the iOS Secure Enclave

18 Srpen, 2017 - 18:00
Despite yesterday's leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.
Kategorie: Hacking & Security

Threatpost News Wrap, August 18, 2017

18 Srpen, 2017 - 15:30
Mike Mimoso and Tom Spring discuss this week's security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe's decision to end-of-life Flash Player.
Kategorie: Hacking & Security

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

18 Srpen, 2017 - 02:32
A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor.
Kategorie: Hacking & Security

Cisco Patches Privilege Escalation Bugs in APIC

17 Srpen, 2017 - 21:55
Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine.
Kategorie: Hacking & Security

Drupal Patches Critical Access Bypass in Core Engine

17 Srpen, 2017 - 21:50
A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.
Kategorie: Hacking & Security

Rowhammer Attacks Come to MLC NAND Flash Memory

17 Srpen, 2017 - 19:48
IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory.
Kategorie: Hacking & Security

Locky Ransomware Variant Slips Past Some Defenses

16 Srpen, 2017 - 23:41
Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.
Kategorie: Hacking & Security

Flash’s Final Countdown Has Begun

16 Srpen, 2017 - 19:59
The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.
Kategorie: Hacking & Security

Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack

16 Srpen, 2017 - 19:33
A.P. Moller -Maersk said June's NotPetya wiper malware attacks would cost the world's largest shipping container company $300M USD in lost revenue.
Kategorie: Hacking & Security