Threat Post

Academia’s Role in Security Skills Gap Examined

Threat Post - 5 hours 38 min ago
At Black Hat, two RIT professors are expected to deliver a talk about the professional skills gap in security and how academic programs are falling short.
Categories: Threat Post

Novel Attack Tricks Servers to Cache, Expose Personal Data

Threat Post - 7 hours 38 min ago
Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.
Categories: Threat Post

Black Hat USA 2017 Preview

Threat Post - 9 hours 38 min ago
Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas.
Categories: Threat Post

Dashlane, Researcher at Odds Over Potential Privilege Escalation Vulnerability

Threat Post - Mon, 07/24/2017 - 2:54pm
Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application.
Categories: Threat Post

Hacker Admits to Mirai Attack Against Deutsche Telekom

Threat Post - Mon, 07/24/2017 - 2:32pm
A hacker that goes by the name “BestBuy” admitted to a German court that he was behind an attack last year that knocked over a million Deutsche Telekom customers offline.
Categories: Threat Post

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

Threat Post - Mon, 07/24/2017 - 9:00am
This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor.
Categories: Threat Post

Trickbot Malware Now Targets US Banks

Threat Post - Fri, 07/21/2017 - 1:50pm
Researchers with IBM and Flashpoint warn the Trickbot Trojan is growing more potent and now targeting U.S. banks.
Categories: Threat Post

Motivation Mystery Behind WannaCry, ExPetr

Threat Post - Fri, 07/21/2017 - 12:31pm
A shift in APT tactics is emerging as characterized by the destructive ExPetr attacks hidden in ransomware, and WannaCry, which also failed to turn a profit.
Categories: Threat Post

Apple Patches BroadPwn Bug in iOS 10.3.3

Threat Post - Thu, 07/20/2017 - 2:08pm
Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug.
Categories: Threat Post

US, European Law Enforcement Shutter Massive AlphaBay Market

Threat Post - Thu, 07/20/2017 - 12:32pm
U.S. authorities along with law enforcement Europe and Asia announced today the takedown of the dark web’s largest illicit market, AlphaBay.
Categories: Threat Post

Tor Project Opens Bounty Program To All Researchers

Threat Post - Thu, 07/20/2017 - 8:42am
The Tor Project is launching a public bug bounty program to encourage security researchers to responsibly report issues they find in the software.
Categories: Threat Post

Senator Calls For Use Of DMARC To Curb Phishing

Threat Post - Wed, 07/19/2017 - 3:46pm
Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.”
Categories: Threat Post

Modified Versions of Nukebot in Wild Since Source Code Leak

Threat Post - Wed, 07/19/2017 - 9:56am
Criminals have made use of the leaked source code for the Nukebot banking Trojan, crafting modified versions of the malware to target banks in the U.S. and France.
Categories: Threat Post

Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices

Threat Post - Wed, 07/19/2017 - 6:00am
Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them.
Categories: Threat Post

Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched

Threat Post - Tue, 07/18/2017 - 4:47pm
Oracle's July Critical Patch Update included fixes for 308 vulnerabilities, 165 of which are remotely exploitable.
Categories: Threat Post

Oracle E-Business Suite Flaw Allows Downloads of Documents

Threat Post - Tue, 07/18/2017 - 3:45pm
Oracle today in its Critical Patch Update addressed a critical vulnerability in its Oracle E-Business Suite of business applications that allows for the download of business documents.
Categories: Threat Post

CoinDash Hacked During its ICO

Threat Post - Tue, 07/18/2017 - 3:02pm
Hackers hijacked CoinDash’s initial coin offering Monday, stealing $7.7 million in cryptocurrency from the nascent trading platform.
Categories: Threat Post

Privacy Activists Suffer Legal Setback In National Security Letter Case

Threat Post - Tue, 07/18/2017 - 2:34pm
Cloudflare and network operator Credo Mobile suffered a legal defeat when U.S. appeals court ruled to uphold a gag order on FBI surveillance data.
Categories: Threat Post

Botnet Tweeting, Spamming Porn Shut Down

Threat Post - Mon, 07/17/2017 - 5:17pm
Researchers discovered an active Twitter botnet made up of 38,000 bots, generating 8.5 million tweets and netting over 30 million clicks from its victims.
Categories: Threat Post

Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Threat Post - Mon, 07/17/2017 - 4:26pm
Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco's WebEx extension for Chrome and Firefox that allows for remote code execution.
Categories: Threat Post