Washington

» Auto updated continuously

• Source limited to: Threatpost

 2022-01-27 15:00 

Threatpost

Shipment-Delivery Scams a Fav Way to Spread Malware...

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads....

 2022-01-26 22:39 

Threatpost

TrickBot Crashes Security Researchers' Browsers in Latest Upgrade...

The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis....

 2022-01-26 22:19 

Threatpost

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild...

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users' browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild....

 2022-01-26 21:24 

Threatpost

'Dark Herring' Billing Malware Swims onto 105M Android Devices...

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play....

 2022-01-26 20:23 

Threatpost

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense...

Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown....

 2022-01-26 19:37 

Threatpost

Cybercriminals Love Supply-Chain Chaos: Here's How to Protect Your Inbox...

Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do....

 2022-01-26 17:52 

Threatpost

Linux Bug in All Major Distros: 'An Attacker's Dream Come True'...

Every major Linux distribution has an easily exploited memory-corruption bug that's been lurking for 12 years a stunning revelation that's likely to be followed soon by in-the-wild exploits. Found in polkit's pkexec a tool for controlling syst...

 2022-01-26 14:02 

Threatpost

Threat Actors Blanket Androids with Flubot, Teabot Campaigns...

Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe....

 2022-01-25 21:00 

Threatpost

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra's Internet...

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population....

 2022-01-25 20:45 

Threatpost

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin...

A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets....

 2022-01-25 20:35 

Threatpost

Segway Hit by Magecart Attack Hiding in a Favicon...

Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned....

 2022-01-25 18:54 

Threatpost

New MacOS Malware 'DazzleSpy' Used in Watering-Hole Attacks...

A pro-democracy Hong Kong site was hijacked and used to launch watering-hole attacks that exploited a Safari exploit to drop a powerful macOS backdoor....

 2022-01-25 16:22 

Threatpost

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover...

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users....

 2022-01-25 13:56 

Threatpost

BRATA Android Trojan Updated with 'Kill Switch' that Wipes Devices...

Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques....

 2022-01-24 23:08 

Threatpost

Linux Servers at Risk of RCE Due to Critical CWP Bugs...

The two flaws in Control Web Panel a popular web hosting management software used by 200K+ servers allow code execution as root on Linux servers....

 2022-01-24 21:54 

Threatpost

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists...

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data....

 2022-01-24 21:13 

Threatpost

Surge in Malicious QR Codes Sparks FBI Alert...

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data, money and drop malware....

 2022-01-24 20:26 

Threatpost

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug...

The bug can allow attackers to remotely execute code on gamers' computers. The devs temporarily deactivated PvP servers across multiple affected versions....

 2022-01-21 20:27 

Threatpost

Merck Awarded $1.4B Insurance Payout over NotPetya Attack...

Court rules 'War or Hostile Acts' exclusion doesn't apply to the pharma giant's 2017 cyberattack....

 2022-01-21 18:19 

Threatpost

20K WordPress Sites Exposed by Insecure Plugin REST-API...

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS....

 2022-01-21 17:13 

Threatpost

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges...

McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges....

 2022-01-21 14:10 

Threatpost

Spyware Blitzes Compromise, Cannibalize ICS Networks...

The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud....

 2022-01-20 23:14 

Threatpost

2FA Bypassed in $34.6M Crypto.com Heist...

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds....

 2022-01-20 19:35 

Threatpost

Critical Cisco StarOS Bug Grants Root Access via Debug Mode...

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges....

 2022-01-20 18:39 

Threatpost

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug...

SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks' internal devices....

 2022-01-20 16:50 

Threatpost

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs...

The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open....

 2022-01-20 15:49 

Threatpost

Red Cross Begs Attackers Not to Leak 515K People's Stolen Data...

A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration....

 2022-01-20 14:27 

Threatpost

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack...

R.R. Donnelly, the integrated services company, confirmed a 'systems intrusion' that occurred in late December and is still under investigation....

 2022-01-19 13:36 

Threatpost

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks...

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees including personal health details....

 2022-01-18 22:33 

Threatpost

Will 2022 Be the Year of the Software Bill of Materials?...

Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable....

 2022-01-18 19:33 

Threatpost

Cybercriminals Actively Target VMware vSphere with Cryptominers...

VMware's container-based application development environment has become attractive to cyberattackers....

 2022-01-18 17:23 

Threatpost

'White Rabbit' Ransomware May Be FIN8 Tool...

It's a double-extortion play that uses the command-line password 'KissMe' to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art....

 2022-01-18 15:44 

Threatpost

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware...

Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution....

 2022-01-18 14:03 

Threatpost

Organizations Face a 'Losing Battle' Against Vulnerabilities...

Companies must take more 'innovative and proactive' approaches to security in 2022 to combat threats that emerged last year, researchers said....

 2022-01-14 16:37 

Threatpost

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc...

Attackers could access and modify agent resources, telephone queues and other customer-service systems and access personal information on companies' customers....

 2022-01-14 16:06 

Threatpost

'Be Afraid:' Massive Cyberattack Downs Ukrainian Gov't Sites...

As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. "Be afraid" was scrawled on the Foreign Ministry site....

 2022-01-14 14:45 

Threatpost

Russian Security Takes Down REvil Ransomware Gang...

The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure....

 2022-01-14 14:07 

Threatpost

Three Plugins with Same Bug Put 84K WordPress Sites at Risk...

Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform....

 2022-01-13 23:08 

Threatpost

Microsoft Yanks Buggy Windows Server Updates...

Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable....

 2022-01-13 21:03 

Threatpost

North Korean APTs Stole ~$400M in Crypto in 2021...

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens....

 2022-01-13 17:35 

Threatpost

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran...

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools....

 2022-01-13 15:04 

Threatpost

New GootLoader Campaign Targets Accounting, Law Firms...

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates....

 2022-01-13 14:00 

Threatpost

Adobe Cloud Abused to Steal Office 365, Gmail Credentials...

Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered....

 2022-01-12 21:05 

Threatpost

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft...

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access....

 2022-01-12 21:04 

Threatpost

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign...

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code....

 2022-01-12 19:49 

Threatpost

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts...

Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users....

 2022-01-12 13:21 

Threatpost

Phishers Rip Off High-Profile EA Gamers...

Electronic Arts blamed "human error" after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts....

 2022-01-11 21:54 

Threatpost

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days...

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score....

 2022-01-11 20:35 

Threatpost

MacOS Bug Could Let Creeps Snoop On You...

The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots....

 2022-01-11 19:49 

Threatpost

WordPress Bugs Exploded in 2021, Most Exploitable...

Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk....

Page 1 of 2

  • Need an account?  
    or