Threat Post

VLC Media Player Allows Desktop Takeover Via Malicious Video Files

Threat Post - Mon, 08/19/2019 - 4:59pm
VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs.
Categories: Threat Post

Apple Sues Corellium Over iOS ‘Replica’ Security Testing Software

Threat Post - Mon, 08/19/2019 - 4:46pm
The phone company has sued the startup for copyright infringement.
Categories: Threat Post

Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware

Threat Post - Mon, 08/19/2019 - 3:49pm
A detailed look at underground forums shows that cybercriminals aren't sure where to look on the heels of the GandCrab ransomware group shutting its doors - and low-level actors are taking advantage of that by developing their own strains.
Categories: Threat Post

Google Nest Security Cam Bugs Allow Device Takeover

Threat Post - Mon, 08/19/2019 - 2:31pm
Eight vulnerabilities would allow a range of attacker activities, including taking the Nest camera offline, sniffing out network information and device hijacking.
Categories: Threat Post

Coordinated Ransomware Attack Hits 23 Texas Government Agencies

Threat Post - Mon, 08/19/2019 - 9:38am
Researchers say that the targeted ransomware cyberattack on 23 Texas local and state entities represents a shift from "attacks of opportunity" to more targeted, malicious attacks.
Categories: Threat Post

Fake News and Influence: Information Warfare in the Digital Age

Threat Post - Fri, 08/16/2019 - 5:05pm
It's been around forever, but in a modern digital era marked by influence campaigns and deep fakes, information warfare has become much easier to carry out.
Categories: Threat Post

ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019

Threat Post - Fri, 08/16/2019 - 3:54pm
The number of exposed records has hit record highs in just the first two quarters.
Categories: Threat Post

Breached Passwords Still in Use By Hundreds of Thousands

Threat Post - Fri, 08/16/2019 - 3:40pm
More than 300,000 users still utilize credentials that have been compromised - with people visiting video streaming and porn sites most at fault, Google found in a new study.
Categories: Threat Post

News Wrap: DejaBlue Bugs and Biometrics Data Breaches

Threat Post - Fri, 08/16/2019 - 3:05pm
From the biometrics of one million being exposed, to new Microsoft Bluekeep-like threats, Threatpost discusses the top news of the week.
Categories: Threat Post

HTTP Bugs Open Websites to DoS Attacks

Threat Post - Thu, 08/15/2019 - 3:20pm
Eight vulnerabilities in the HTTP/2 server implementations were found in vendors Amazon, Apple, Microsoft and Apache.
Categories: Threat Post

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

Threat Post - Thu, 08/15/2019 - 2:49pm
The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.
Categories: Threat Post

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

Threat Post - Thu, 08/15/2019 - 2:41pm
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.
Categories: Threat Post

Choice Hotels Breach Showcases Need for Shared Responsibility Model

Threat Post - Thu, 08/15/2019 - 1:04pm
700,000 customer records were exposed after being housed on a vendor's server that lacked appropriate security.
Categories: Threat Post

Clickjacking Evolves to Hook Millions of Top-Site Visitors

Threat Post - Thu, 08/15/2019 - 12:16pm
Researchers said that clickjacking is a threat that's evolving, with new tactics just starting to emerge.
Categories: Threat Post

Fingerprints of 1M Exposed in Public Biometrics Database

Threat Post - Wed, 08/14/2019 - 3:46pm
A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.
Categories: Threat Post

Lenovo Warns on ThinkPad Bugs, One Unpatched

Threat Post - Wed, 08/14/2019 - 1:56pm
The notebook maker is warning users of three separate vulnerabilities.
Categories: Threat Post

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

Threat Post - Wed, 08/14/2019 - 1:35pm
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.
Categories: Threat Post

Windows Users at Risk From High-Severity Intel Software Flaw

Threat Post - Wed, 08/14/2019 - 11:00am
Overall, Intel stomped out three high-severity vulnerabilities and five medium-severity flaws.
Categories: Threat Post

DEF CON and Feds Partner on Anonymous Bug Submission Program

Threat Post - Wed, 08/14/2019 - 10:53am
Bug submission program uses the SecureDrop platform to ensure anonymity.
Categories: Threat Post

Facebook Records User Audio, Sparking Privacy Questions

Threat Post - Wed, 08/14/2019 - 10:06am
Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm -- raising questions about what Facebook does with the data.
Categories: Threat Post