Threatpost

Syndikovat obsah
The First Stop For Security News
Aktualizace: 1 rok 32 týdny zpět

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

14 Září, 2020 - 23:20
Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
Kategorie: Hacking & Security

Cloud Leak Exposes 320M Dating-Site Records

14 Září, 2020 - 22:00
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
Kategorie: Hacking & Security

TikTok Fixes Flaws That Opened Android App to Compromise

14 Září, 2020 - 18:23
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
Kategorie: Hacking & Security

Magecart Attack Impacts More Than 10K Online Shoppers

14 Září, 2020 - 18:01
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
Kategorie: Hacking & Security

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

11 Září, 2020 - 22:28
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
Kategorie: Hacking & Security

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

11 Září, 2020 - 22:28
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Kategorie: Hacking & Security

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

11 Září, 2020 - 21:18
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
Kategorie: Hacking & Security

WordPress Plugin Flaw Allows Attackers to Forge Emails

11 Září, 2020 - 18:34
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Kategorie: Hacking & Security

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

10 Září, 2020 - 22:57
Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.
Kategorie: Hacking & Security

Razer Gaming Fans Caught Up in Data Leak

10 Září, 2020 - 22:50
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
Kategorie: Hacking & Security

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

10 Září, 2020 - 18:39
The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
Kategorie: Hacking & Security

Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans

10 Září, 2020 - 16:09
Cyberattacks have caused several school systems to delay students' first day back - and experts warn that new COVID-related delays could be the new "snow days."
Kategorie: Hacking & Security

Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles

10 Září, 2020 - 15:46
New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates.
Kategorie: Hacking & Security

Product Overview: Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

10 Září, 2020 - 15:00
The Cynet 360 platform is built on three pillars; Extended Detection and Response (XDR), Response Automation, and Managed Detection and Response (MDR).
Kategorie: Hacking & Security

CDRThief Malware Targets VoIP Gear in Carrier Networks

10 Září, 2020 - 11:30
The Linux-targeted code can steal phone-call metadata, likely in spy campaigns or for use in VoIP fraud.
Kategorie: Hacking & Security

Zeppelin Ransomware Returns with New Trojan on Board

9 Září, 2020 - 22:40
The malware has popped up in a targeted campaign and a new infection routine.
Kategorie: Hacking & Security

Google Squashes Critical Android Media Framework Bug

9 Září, 2020 - 22:32
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall.
Kategorie: Hacking & Security

TeamTNT Gains Full Remote Takeover of Cloud Instances

9 Září, 2020 - 18:09
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors on targeted Docker and Kubernetes clusters.
Kategorie: Hacking & Security

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

9 Září, 2020 - 17:58
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS vendors like Rockwell Automation and Siemens.
Kategorie: Hacking & Security

Spyware Labeled ‘TikTok Pro’ Exploits Fears of U.S. Ban

9 Září, 2020 - 13:47
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials.
Kategorie: Hacking & Security