Threat Post

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Threat Post - 6 hours 38 min ago
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.
Categories: Threat Post

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

Threat Post - Fri, 04/03/2020 - 3:31pm
A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.
Categories: Threat Post

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

Threat Post - Fri, 04/03/2020 - 1:16pm
A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.
Categories: Threat Post

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

Threat Post - Fri, 04/03/2020 - 8:50am
The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.
Categories: Threat Post

Google Squashes High-Severity Flaws in Chrome Browser

Threat Post - Thu, 04/02/2020 - 5:19pm
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days.
Categories: Threat Post

Zoom Removes Data-Mining LinkedIn Feature

Threat Post - Thu, 04/02/2020 - 12:58pm
The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month.
Categories: Threat Post

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits

Threat Post - Thu, 04/02/2020 - 11:34am
Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.
Categories: Threat Post

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Threat Post - Thu, 04/02/2020 - 10:00am
Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
Categories: Threat Post

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Threat Post - Thu, 04/02/2020 - 9:10am
Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
Categories: Threat Post

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Threat Post - Wed, 04/01/2020 - 5:07pm
Like NotPetya, it overwrites the master boot record to render computers "trashed."
Categories: Threat Post

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

Threat Post - Wed, 04/01/2020 - 3:48pm
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.
Categories: Threat Post

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

Threat Post - Wed, 04/01/2020 - 2:03pm
A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
Categories: Threat Post

Two Zoom Zero-Day Flaws Uncovered

Threat Post - Wed, 04/01/2020 - 12:00pm
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
Categories: Threat Post

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

Threat Post - Wed, 04/01/2020 - 9:27am
An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.
Categories: Threat Post

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

Threat Post - Tue, 03/31/2020 - 5:16pm
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
Categories: Threat Post

Zoom Scrutinized As Security Woes Mount

Threat Post - Tue, 03/31/2020 - 1:35pm
The New York Attorney General has inquired about Zoom's data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.
Categories: Threat Post

8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign

Threat Post - Tue, 03/31/2020 - 1:14pm
An old RAT learns an old trick.
Categories: Threat Post

Millions of Guests Impacted in Marriott Data Breach, Again

Threat Post - Tue, 03/31/2020 - 11:14am
The second breach in less than 24 months stemmed from employee account compromises.
Categories: Threat Post

Covid-19 Poll Results: One in Four Prioritize Health Over Privacy

Threat Post - Tue, 03/31/2020 - 6:00am
An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.
Categories: Threat Post

Nation-State Attacks Drop in Latest Google Analysis

Threat Post - Mon, 03/30/2020 - 4:53pm
Phishing and zero-days continue to be a core part of the APT arsenal.
Categories: Threat Post