Threat Post

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threat Post - 3 hours 12 min ago
A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers.
Categories: Threat Post

State Government Online Payment Service Exposes 14M Customers

Threat Post - 5 hours 41 min ago
Outdated security practices made it simple to access other people's receipts for everything from traffic tickets to paying bail.
Categories: Threat Post

Dangerous Pegasus Spyware Has Spread to 45 Countries

Threat Post - 8 hours 12 min ago
The malicious spyware has also been found in use in countries known for targeting human rights.
Categories: Threat Post

Insiders Continue to be Data Theft’s Best Friend

Threat Post - 9 hours 27 sec ago
The enemy within the enterprise is often employees who are either malicious or unwittingly allowing attackers inside a protected network.
Categories: Threat Post

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Threat Post - Mon, 09/17/2018 - 5:13pm
Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.
Categories: Threat Post

Facebook Now Offers Bounties For Access Token Exposure

Threat Post - Mon, 09/17/2018 - 1:43pm
The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.
Categories: Threat Post

Old WordPress Plugin Being Exploited in RCE Attacks

Threat Post - Mon, 09/17/2018 - 1:19pm
Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.
Categories: Threat Post

CSS-Based Attack Causes iOS, macOS Devices to Crash

Threat Post - Mon, 09/17/2018 - 11:20am
The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser.
Categories: Threat Post

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

Threat Post - Fri, 09/14/2018 - 5:45pm
The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.
Categories: Threat Post

E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content

Threat Post - Fri, 09/14/2018 - 4:32pm
The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they’re not based there.
Categories: Threat Post

Five Weakest Links in Cybersecurity That Target the Supply Chain

Threat Post - Fri, 09/14/2018 - 12:09pm
Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]
Categories: Threat Post

Magecart Threat Group Racks Up More Hack Victims

Threat Post - Fri, 09/14/2018 - 9:26am
The threat group has racked up a list of victims including Feedify, Groopdealz and British Airways.
Categories: Threat Post

OilRig APT Continues Its Ongoing Malware Evolution

Threat Post - Thu, 09/13/2018 - 5:19pm
The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world.
Categories: Threat Post

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

Threat Post - Thu, 09/13/2018 - 3:26pm
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.
Categories: Threat Post

Experts Bemoan Shortcomings with IoT Security Bill

Threat Post - Thu, 09/13/2018 - 9:14am
The infosec community say California's IoT security bill is "nice," but doesn't hit on the important issues.
Categories: Threat Post

PowerShell Obfuscation Ups the Ante on Antivirus

Threat Post - Wed, 09/12/2018 - 4:07pm
The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.
Categories: Threat Post

Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw

Threat Post - Wed, 09/12/2018 - 12:17pm
A flaw in Safari - that allows an attacker to spoof websites and trick victims into handing over their credentials - has yet to be patched.
Categories: Threat Post

Osiris Banking Trojan Displays Modern Malware Innovation

Threat Post - Wed, 09/12/2018 - 12:12pm
Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years.
Categories: Threat Post

Threatlist: Email Attacks Surge, Targeting Execs

Threat Post - Tue, 09/11/2018 - 6:17pm
Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.
Categories: Threat Post

Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday

Threat Post - Tue, 09/11/2018 - 5:04pm
Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild.
Categories: Threat Post