Tag: Threatpost

Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.   Advertise on IT Security News. Read the complete article: Mobile Carrier Customer Service Ushers in SIM-Swap…

Read more →

Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?   Advertise on IT Security News. Read the complete article: Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?

Read more →

Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.   Advertise on IT Security News. Read the complete article: News…

Read more →

The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure.   Advertise on IT Security News. Read the complete article: FBI Plans…

Read more →

The flaws affect a key tool for managing its network platform and switches.   Advertise on IT Security News. Read the complete article: Critical Cisco Flaws Now Have PoC Exploit

Read more →

iPhone users can now use Bluetooth to secure their Google accounts.   Advertise on IT Security News. Read the complete article: Google Account Security Keys Launch for iPhone

Read more →

A hellish mix of features shows the 5ss5c ransomware to be the son of Satan.   Advertise on IT Security News. Read the complete article: Satan Ransomware Reborn to Torment Businesses

Read more →

Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.   Advertise on IT Security News. Read the complete article: PoC Exploits Published For Microsoft Crypto Bug

Read more →

New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store.   Advertise on IT Security News. Read the complete article: ‘Fleeceware’ Apps Downloaded 600M Times from Google Play

Read more →

There are five different pillars to implement when moving to a modern, zero-trust security model.   Advertise on IT Security News. Read the complete article: A Practical Guide to Zero-Trust Security

Read more →

Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.   Advertise on IT Security News. Read the complete article: Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Read more →

Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted.   Advertise on IT Security News. Read the complete article: Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft

Read more →

A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure.   Advertise on IT Security News. Read the complete article: U.N. Weathers Storm of Emotet-TrickBot Malware

Read more →

Class members have until Jan. 22, next week, to claim benefits.   Advertise on IT Security News. Read the complete article: Equifax Settles Class-Action Breach Lawsuit for $380.5M

Read more →

Legal battle pitting Feds against the tech giant over data privacy and device security in criminal cases seems inevitable.   Advertise on IT Security News. Read the complete article: Trump Slams Apple for Refusing to Unlock Suspected Shooter’s iPhones

Read more →

The malware is new and in the early stages of its development — but packs a sophisticated punch.   Advertise on IT Security News. Read the complete article: Oski Data-Stealing Malware Emerges to Target North America, China

Read more →

The software giant patched 300+ bugs in its quarterly update.   Advertise on IT Security News. Read the complete article: Oracle Ties Previous All-Time Patch High with January Updates

Read more →

Magecart groups using automated infection scans infected the site, which was running outdated Magento software.   Advertise on IT Security News. Read the complete article: Card Skimmer Hits Australian Bushfire Donation Site

Read more →

The flaw, in Intel VTune Profiler, could enable privilege escalation.   Advertise on IT Security News. Read the complete article: Intel Fixes High-Severity Flaw in Performance Analysis Tool

Read more →

January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches.   Advertise on IT Security News. Read the complete article: Microsoft Patches Major Crypto Spoofing Bug

Read more →

Google says it has a two-year timeline for phasing out support for third-party cookies in its Chrome web browser.   Advertise on IT Security News. Read the complete article: Google to Nix Chrome Support for Third-Party Cookies by 2022

Read more →

The cloud-focused program will pay out $10,000 as its top reward.   Advertise on IT Security News. Read the complete article: Public Bug Bounty Takes Aim at Kubernetes Container Project

Read more →

Overall Adobe patched nine flaws in Illustrator CC and Experience Manager.   Advertise on IT Security News. Read the complete article: Adobe Patches Five Critical Illustrator CC Flaws

Read more →

Refusal to unlock the phones of a Florida shooter could set up another legal battle between Apple and the Feds over data privacy in the case of criminal investigations.   Advertise on IT Security News. Read the complete article: Apple…

Read more →

The wide-scale phishing scam reportedly started in early November and continued through December, before it was discovered by the Texas school district.   Advertise on IT Security News. Read the complete article: Scammers Dupe Texas School District Out of $2.3M

Read more →

Google has removed 17,000 Joker-infested apps from the Play store to date.   Advertise on IT Security News. Read the complete article: Joker Android Malware Snowballs on Google Play

Read more →

CES wiz-bang surveillance tech gives privacy advocates the willies.   Advertise on IT Security News. Read the complete article: CES Surveillance Hype Worries Privacy Advocates

Read more →

The issue lies in underlying reference software used by multiple cable-modem manufacturers to create device firmware.   Advertise on IT Security News. Read the complete article: ‘Cable Haunt’ Bug Plagues Millions of Home Modems

Read more →

Over 25,000 servers globally are vulnerable to the critical Citrix remote code execution vulnerability.   Advertise on IT Security News. Read the complete article: Unpatched Citrix Flaw Now Has PoC Exploits

Read more →

A Virgin Mobile-branded phone distributed by Assurance Wireless to low-income U.S. citizens has a trojan pre-installed that can download additional malware.   Advertise on IT Security News. Read the complete article: Lifeline Assistance Phone Users Targeted with ‘Uninstallable’ Adware

Read more →

Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products.   Advertise on IT Security News. Read the complete article: Cisco Webex Bug Allows Remote Code Execution

Read more →

Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well.   Advertise on IT Security News. Read the complete article: Oil-and-Gas APT Pivots to U.S. Power Plants

Read more →

Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well.   Advertise on IT Security News. Read the complete article: Oil-and-Gas Specialist APT Pivots to U.S. Power Plants

Read more →

Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.   Advertise on IT Security News. Read the complete article: Exploit Fully Breaks SHA-1, Lowers the Attack Bar

Read more →

Ring said that four employees were fired because they for inappropriate access to customers’ connected video feeds.   Advertise on IT Security News. Read the complete article: 4 Ring Employees Fired For Spying on Customers

Read more →

The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.   Advertise on IT Security News. Read the complete article: California’s Tough New Privacy Law and…

Read more →

The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection.   Advertise on IT Security News. Read the complete article: TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

Read more →

A hacker who apparently likes the musician Drake leaves lyrics from the artist’s song In My Feelings behind in an attack that delivers malware Lokibot or Azorult.   Advertise on IT Security News. Read the complete article: Drake Lyrics Used…

Read more →

A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.   Advertise on IT Security News. Read the complete article: Man Sentenced in ATM Skimming Conspiracy

Read more →

Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.   Advertise on IT Security News. Read the complete article: Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy

Read more →

Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature .   Advertise on IT Security News. Read the complete article: Mozilla Releases Firefox 72: High-Severity Bugs…

Read more →

The case highlights the rising issue of stalkerware, which has reached epidemic proportions.   Advertise on IT Security News. Read the complete article: Liverpool Voyeur Used IM-RAT to Video Women at Home

Read more →

The video sharing app has fixed several flaws allowing partial account takeover and information exposure.   Advertise on IT Security News. Read the complete article: TikTok Riddled With Security Flaws

Read more →

Google’s first security update of 2020 addressed seven high and critical severity Android flaws.   Advertise on IT Security News. Read the complete article: Google Fixes Critical Android RCE Flaw

Read more →

Researchers suspect the cybercriminals attacked using an unpatched critical vulnerability in the company’s seven Pulse Secure VPN servers.   Advertise on IT Security News. Read the complete article: Sodinokibi Ransomware Behind Travelex Fiasco: Report

Read more →

It’s unclear yet whether the Cupertino giant will assist, given past history of court battles over such incidents.   Advertise on IT Security News. Read the complete article: FBI Taps Apple to Unlock Pensacola Shooter’s iPhone

Read more →

Despite the difficulties of identifying deepfakes, social media sites are recognizing the need to crack down on the manipulated, misleading videos.   Advertise on IT Security News. Read the complete article: Facebook Cracks Down on Deepfake Videos

Read more →

The latest attack takes aim at a vertical-specific e-commerce platform.   Advertise on IT Security News. Read the complete article: Magecart Hits Parents and Students via Blue Bear Attack

Read more →

The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.   Advertise on IT Security News. Read the complete article: ToTok Returned to Google Play Despite ‘Spy Tool’ Claims

Read more →

One threat actor appears to be behind several ongoing, related campaigns.   Advertise on IT Security News. Read the complete article: DeathRansom Campaign Linked to Malware Cornucopia

Read more →

The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.   Advertise on IT Security News. Read the complete article: Hackers Deface U.S. Gov Website With Pro-Iran Messages

Read more →

Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.   Advertise on IT Security News. Read the complete article: 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches

Read more →

Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was “temporarily suspending operations.”   Advertise on IT Security News. Read the complete article: Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless

Read more →

Gas stations will become liable for card-skimming at their pay-at-the-pump mechanisms starting in October.   Advertise on IT Security News. Read the complete article: Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline

Read more →

The foreign-currency-exchange giant said that it has been hit by a virus, affecting retail customers and banking partners alike.   Advertise on IT Security News. Read the complete article: Travelex Knocked Offline by System-Wide Malware Attack

Read more →

The issue came to light after a Reddit user claimed being able to see strangers on his Xiaomi Mijia smart camera.   Advertise on IT Security News. Read the complete article: Google Boots Security Camera Maker From Nest Hub After…

Read more →

Landry’s announced that more than 60 of its restaurants may be affected by payment processing system malware.   Advertise on IT Security News. Read the complete article: Data Breach Affects 63 Landry’s Restaurants

Read more →

On Wednesday California adopted the strictest privacy law in the United States.   Advertise on IT Security News. Read the complete article: California Adopts Strictest Privacy Law in U.S.

Read more →

The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform’s relationship with China grows.   Advertise on IT Security News. Read the complete article: TikTok Banned By U.S. Army Over China Security Concerns

Read more →