Threat Post
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.
Categories: Threat Post
Self-Propagating Malware Targets Thousands of Docker Ports Per Day
A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.
Categories: Threat Post
Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks
A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.
Categories: Threat Post
Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.
Categories: Threat Post
Google Squashes High-Severity Flaws in Chrome Browser
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days.
Categories: Threat Post
Zoom Removes Data-Mining LinkedIn Feature
The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month.
Categories: Threat Post
In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits
Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.
Categories: Threat Post
44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig
Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
Categories: Threat Post
Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs
Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
Categories: Threat Post
Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
Like NotPetya, it overwrites the master boot record to render computers "trashed."
Categories: Threat Post
Coronavirus ‘Financial Relief’ Phishing Attacks Spike
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.
Categories: Threat Post
Critical WordPress Plugin Bug Can Lock Admins Out of Websites
A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
Categories: Threat Post
Two Zoom Zero-Day Flaws Uncovered
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
Categories: Threat Post
Top Email Protections Fail in Latest COVID-19 Phishing Campaign
An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.
Categories: Threat Post
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
Categories: Threat Post
Zoom Scrutinized As Security Woes Mount
The New York Attorney General has inquired about Zoom's data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.
Categories: Threat Post
8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign
An old RAT learns an old trick.
Categories: Threat Post
Millions of Guests Impacted in Marriott Data Breach, Again
The second breach in less than 24 months stemmed from employee account compromises.
Categories: Threat Post
Covid-19 Poll Results: One in Four Prioritize Health Over Privacy
An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.
Categories: Threat Post
Nation-State Attacks Drop in Latest Google Analysis
Phishing and zero-days continue to be a core part of the APT arsenal.
Categories: Threat Post