Threat Post

Intel Patches CPU Bugs Impacting Millions of PCs, Servers

Threat Post - Tue, 11/21/2017 - 3:03pm
Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.
Categories: Threat Post

US-CERT Warns of ASLR Implementation Flaw In Windows

Threat Post - Mon, 11/20/2017 - 5:30pm
US-CERT is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10.
Categories: Threat Post

CENTCOM Says Massive Data Cache Found on Leaky Server is Benign

Threat Post - Mon, 11/20/2017 - 1:15pm
Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket.
Categories: Threat Post

The First Threatpost Alumni Podcast

Threat Post - Mon, 11/20/2017 - 8:00am
With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and Christen Gentile are aboard for a memorable all-smiles podcast. 
Categories: Threat Post

Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks

Threat Post - Fri, 11/17/2017 - 4:50pm
Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library.
Categories: Threat Post

Amazon Promises Fix for Wireless Key Hack

Threat Post - Fri, 11/17/2017 - 1:59pm
Amazon said it will offer a fix for its Amazon Key delivery service that allows hackers to tamper with a home security camera.
Categories: Threat Post

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

Threat Post - Thu, 11/16/2017 - 5:05pm
Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol.
Categories: Threat Post

White House Releases VEP Disclosure Rules

Threat Post - Thu, 11/16/2017 - 2:19pm
The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret.
Categories: Threat Post

Cisco Warns of Critical Flaw in Voice OS-based Products

Threat Post - Wed, 11/15/2017 - 5:35pm
Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.
Categories: Threat Post

Microsoft Patches 17-Year-Old Office Bug

Threat Post - Wed, 11/15/2017 - 1:11pm
Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday.
Categories: Threat Post

Microsoft Patches 20 Critical Vulnerabilities

Threat Post - Tue, 11/14/2017 - 5:10pm
This month, Microsoft's Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core, .NET Core, and its Chackra Core browser engine.
Categories: Threat Post

Debugging Tool Left on OnePlus Phones, Enables Root Access

Threat Post - Tue, 11/14/2017 - 2:21pm
Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.
Categories: Threat Post

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat

Threat Post - Tue, 11/14/2017 - 12:14pm
Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.
Categories: Threat Post

Apple iPhone X Face ID Fooled by a Mask

Threat Post - Tue, 11/14/2017 - 9:00am
Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.
Categories: Threat Post

Phishing Biggest Threat to Google Account Security

Threat Post - Mon, 11/13/2017 - 1:29pm
Phishing remains the biggest account takeover threat to Google users, surpassing keyloggers and credential leaks.
Categories: Threat Post

New IcedID Trojan Targets US Banks

Threat Post - Mon, 11/13/2017 - 12:42pm
A new banking Trojan dubbed IcedID is is being distributed by a seasoned cybergang or hacker targeting U.S. financial institutions.
Categories: Threat Post

AutoIt Scripting Used By Overlay Malware to Bypass AV Detection

Threat Post - Fri, 11/10/2017 - 12:00pm
IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.
Categories: Threat Post

Threatpost News Wrap Podcast for Nov. 10

Threat Post - Fri, 11/10/2017 - 9:00am
Threatpost editors Mike Mimoso and Tom Spring discuss the week's information security news.
Categories: Threat Post

Eavesdropper Vulnerability Exposes Mobile Call, Text Data

Threat Post - Thu, 11/09/2017 - 1:48pm
Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.
Categories: Threat Post

Microsoft Provides Guidance on Mitigating DDE Attacks

Threat Post - Thu, 11/09/2017 - 9:15am
Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks.
Categories: Threat Post