Threatpost

Syndikovat obsah
The First Stop For Security News
Aktualizace: 2 roky 50 týdnů zpět

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

6 Leden, 2022 - 16:44
The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.
Kategorie: Hacking & Security

Attackers Exploit Flaw in Google Docs’ Comments Feature

6 Leden, 2022 - 15:00
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
Kategorie: Hacking & Security

1.1M Compromised Accounts Found at 17 Major Companies

6 Leden, 2022 - 00:13
The accounts fell victim to credential-stuffing attacks, according to the New York State AG.
Kategorie: Hacking & Security

‘Elephant Beetle’ Lurks for Months in Networks

5 Leden, 2022 - 23:18
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
Kategorie: Hacking & Security

Broward Breach Highlights Healthcare Supply-Chain Problems

5 Leden, 2022 - 22:09
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.
Kategorie: Hacking & Security

Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails

5 Leden, 2022 - 21:49
A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating past email security – went unaddressed despite flagging by multiple researchers.
Kategorie: Hacking & Security

FTC to Go After Companies that Ignore Log4j

5 Leden, 2022 - 20:00
Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
Kategorie: Hacking & Security

‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

5 Leden, 2022 - 14:00
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Kategorie: Hacking & Security

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

4 Leden, 2022 - 23:49
Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
Kategorie: Hacking & Security

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

4 Leden, 2022 - 21:49
SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Kategorie: Hacking & Security

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

4 Leden, 2022 - 21:33
The campaign was an opportunistic supply-chain attack abusing a weaponized Brightcove cloud video player.
Kategorie: Hacking & Security

Purple Fox Rootkit Dropped by Malicious Telegram Installers

4 Leden, 2022 - 18:12
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
Kategorie: Hacking & Security

McMenamins Data Breach Affects 12 Years of Employee Info

4 Leden, 2022 - 17:43
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
Kategorie: Hacking & Security

Portugal Media Giant Impresa Crippled by Ransomware Attack

4 Leden, 2022 - 14:16
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.
Kategorie: Hacking & Security

What the Rise in Cyber-Recon Means for Your Security Strategy

30 Prosinec, 2021 - 19:01
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
Kategorie: Hacking & Security

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

30 Prosinec, 2021 - 17:16
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Kategorie: Hacking & Security

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

29 Prosinec, 2021 - 20:13
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
Kategorie: Hacking & Security

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

29 Prosinec, 2021 - 15:26
Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.
Kategorie: Hacking & Security

5 Cybersecurity Trends to Watch in 2022

29 Prosinec, 2021 - 14:00
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.  
Kategorie: Hacking & Security

That Toy You Got for Christmas Could Be Spying on You

28 Prosinec, 2021 - 17:31
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
Kategorie: Hacking & Security