Threat Post

Apple Rushes Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

Threat Post - Fri, 02/16/2018 - 2:44pm
Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters.   
Categories: Threat Post

Intel Expands Bug Bounty Program Post-Spectre and Meltdown

Threat Post - Thu, 02/15/2018 - 5:09pm
Intel will pay up to $250,000 to researchers who identify bugs more severe than 9.0 on the CVSS scale.
Categories: Threat Post

Reported Critical Vulnerabilities In Microsoft Software On the Rise

Threat Post - Thu, 02/15/2018 - 12:39pm
Avecto researchers say removing admin rights from users would mitigate many of the threats.
Categories: Threat Post

Word-based Malware Attack Doesn’t Use Macros

Threat Post - Thu, 02/15/2018 - 12:31pm
Malicious e-mail attachments used in this campaign don’t display any warnings when opened and silently install malware.
Categories: Threat Post

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems

Threat Post - Wed, 02/14/2018 - 5:22pm
Attacks include a hard-coded password vulnerability that could give attackers unauthorized access to systems.
Categories: Threat Post

Researchers Find New Twists In ‘Olympic Destroyer’ Malware

Threat Post - Wed, 02/14/2018 - 2:42pm
Researchers now believe attackers may have had prior access to networks and that malware was more sophisticated than originally believed.
Categories: Threat Post

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update

Threat Post - Tue, 02/13/2018 - 5:01pm
One of the bugs could allow a successful attack simply by a user viewing an email in Outlook's Preview pane.
Categories: Threat Post

Venerable Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

Threat Post - Tue, 02/13/2018 - 2:36pm
It's just the latest reported vulnerability for the secure messaging application.
Categories: Threat Post

‘Olympic Destroyer’ Malware Behind Winter Olympics Cyberattack, Researchers Say

Threat Post - Mon, 02/12/2018 - 5:53pm
The malware's sole purpose was to take down systems, not steal data, Cisco Talos researchers say.
Categories: Threat Post

Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Threat Post - Mon, 02/12/2018 - 12:58pm
Emails try to get recipients to share revealing photos of themselves so scammers can later extort them later.
Categories: Threat Post

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner

Threat Post - Mon, 02/12/2018 - 12:28pm
The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme.
Categories: Threat Post

Cisco Confirms Critical Firewall Software Bug Is Under Attack

Threat Post - Fri, 02/09/2018 - 1:06pm
Cisco has issued patches for the vulnerability, which could be up to seven years old.
Categories: Threat Post

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models

Threat Post - Fri, 02/09/2018 - 12:59pm
Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad laptops.
Categories: Threat Post

Apple Downplays Impact of iBoot Source Code Leak

Threat Post - Thu, 02/08/2018 - 5:26pm
Apple said the leak of its iBoot source code will have little to no impact on iOS device security.
Categories: Threat Post

Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server

Threat Post - Thu, 02/08/2018 - 2:51pm
The vulnerability also exposed login credentials for a massive national insurance claims database, Upguard says.
Categories: Threat Post

Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say

Threat Post - Thu, 02/08/2018 - 10:50am
Researchers have identified a new ransomware strain that went undetected by built-in malware protection used by cloud heavyweights Microsoft and Google as recently as January.
Categories: Threat Post

Google Expands Play Marketplace Bug Bounty Program

Threat Post - Wed, 02/07/2018 - 5:22pm
The move adds to Google's efforts against malicious apps on the Play store.
Categories: Threat Post

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims

Threat Post - Wed, 02/07/2018 - 1:00pm
Hotspot Shield has been downloaded more than 500 million times, according to its creator AnchorFree.
Categories: Threat Post

Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers

Threat Post - Tue, 02/06/2018 - 4:15pm
Octoly's incident response was sorely lacking, says the Upguard researcher who found the exposed repository.
Categories: Threat Post

Cisco Issues New Patches for Critical Firewall Software Vulnerability

Threat Post - Tue, 02/06/2018 - 10:34am
The vulnerability has a CVSS base score of 10.0, the highest possible, and now affects 15 products.
Categories: Threat Post