Threatpost

Syndikovat obsah Threatpost | The first stop for security news
The First Stop For Security News
Aktualizace: 49 min 19 sek zpět

IBM Backup Bug Gets Workaround Fix After Nine Months of Exposure

6 Červen, 2017 - 21:16
IBM quietly released a workaround fix for a vulnerability in its Spectrum Protect enterprise backup software it has known about since September 2016.
Kategorie: Hacking & Security

Google Fixes 30 Vulnerabilities, Five High Severity, in Chrome 59

6 Červen, 2017 - 19:36
Google fixed 30 vulnerabilities, including five high severity issues, in the latest version of Chrome, Chrome 59, on Monday.
Kategorie: Hacking & Security

NSA’s EternalBlue Exploit Ported to Windows 10

6 Červen, 2017 - 16:55
Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack.
Kategorie: Hacking & Security

QakBot Returns, Locking Out Active Directory Accounts

5 Červen, 2017 - 22:28
QakBot, a worm-like, information-stealing strain of malware is back and locking users out of their Active Directory accounts.
Kategorie: Hacking & Security

40,000 Subdomains Tied to RIG Exploit Kit Shut Down

5 Červen, 2017 - 21:16
GoDaddy, along with researchers from RSA Security and other companies, shut down tens of thousands of illegal established subdomains tied to the RIG Exploit Kit.
Kategorie: Hacking & Security

53 Percent of Enterprise Flash Installs are Outdated

5 Červen, 2017 - 21:10
More than half of enterprises are exposing themselves to unnecessary risk by running out-of-date versions of Flash.
Kategorie: Hacking & Security

Jaff Malware Probe Uncovers Link to Cybercrime Marketplace

3 Červen, 2017 - 14:00
Researchers have discovered a shared backend infrastructure between the Jaff ransomware and a black market carder shop.
Kategorie: Hacking & Security

EternalBlue Exploit Spreading Gh0st RAT, Nitol

2 Červen, 2017 - 20:32
FireEye said threat actors are using the NSA's EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.
Kategorie: Hacking & Security

SSH Configuration on Nexpose Servers Allowed Weak Encryption Algorithms

2 Červen, 2017 - 18:46
Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.
Kategorie: Hacking & Security

Threatpost News Wrap, June 2, 2017

2 Červen, 2017 - 16:30
Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week's Samba vulnerability, and the OneLogin breach.
Kategorie: Hacking & Security

WikiLeaks Dumps CIA Patient Zero Windows Implant

2 Červen, 2017 - 15:00
Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements.
Kategorie: Hacking & Security

Fireball Malware Infects 250 Million Computers Worldwide

2 Červen, 2017 - 14:00
A massive malware campaign has already infected 250 million Windows and Mac OS computers worldwide.
Kategorie: Hacking & Security

Insecure Backend Databases Blamed for Leaking 43TB of App Data

1 Červen, 2017 - 20:53
More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.
Kategorie: Hacking & Security

Crowdfunding Effort to Buy ShadowBrokers Exploits Shuts Down

1 Červen, 2017 - 18:38
A crowdfunding effort to buy a subscription to the ShadowBrokers' Monthly Dump Service of stolen exploits and data was shut down citing legal and ethical concerns.
Kategorie: Hacking & Security

OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data

1 Červen, 2017 - 18:29
A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data.
Kategorie: Hacking & Security

WannaCry Development Errors Enable File Recovery

1 Červen, 2017 - 16:09
Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins.
Kategorie: Hacking & Security

Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS

31 Květen, 2017 - 22:25
Senators introduced a bill last week to establish a bug bounty pilot program within the Department of Homeland Security.
Kategorie: Hacking & Security

Patches Available for Linux Sudo Vulnerability

31 Květen, 2017 - 19:55
A high-severity vulnerability in sudo has been patched in a number of Linux distributions; the flaw allows local attackers to elevate privileges to root.
Kategorie: Hacking & Security

Cisco, Netgear Readying Patches for Samba Vulnerability

31 Květen, 2017 - 19:51
Cisco is prepping fixes for two of its products affected by last week's Samba vulnerability. Netgear has also pushed out a fix for NAS devices that were affected.
Kategorie: Hacking & Security

New Machine Learning Behind Early Phishing Detection in Gmail

31 Květen, 2017 - 19:00
Google announced today new security features in Gmail, including the news that it will enhance early phishing detection in Gmail through dedicated machine learning.
Kategorie: Hacking & Security