Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-05-13 16:46:00 |
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks (lien direct) |
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT. |
Malware
|
APT 37
|
|
|
2019-05-13 16:38:03 |
ThreatList: Top 5 Most Dangerous Attachment Types (lien direct) |
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments. |
Spam
|
|
|
|
2019-05-10 21:29:02 |
FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug (lien direct) |
Using a bug patched in March, the attacks are starting to ramp up worldwide. |
|
|
|
|
2019-05-10 18:48:00 |
News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras (lien direct) |
From a creepy Airbnb incident to Verizon's Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10. |
Data Breach
|
|
|
|
2019-05-10 16:53:03 |
The WannaCry Security Legacy and What\'s to Come (lien direct) |
The WannaCry attack proved pivotal, changing the way organizations go about securing their environments. |
|
Wannacry
|
|
|
2019-05-10 15:43:05 |
Nvidia Warns Windows Gamers on GPU Driver Flaws (lien direct) |
Nvidia has patched three vulnerabilities in its Windows GPU display driver that could enable information disclosure, denial of service and privilege escalation. |
|
|
|
|
2019-05-10 12:45:00 |
ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018 (lien direct) |
Nigerian scam groups launched even more attacks in 2018 - and used more complex types of malware to reach more victims. |
Malware
|
|
|
|
2019-05-09 21:08:04 |
\'Unhackable\' Biometric USB Offers Up Passwords in Plain Text (lien direct) |
A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive. |
|
|
|
|
2019-05-09 21:07:00 |
Chinese Hackers Behind 2015 Anthem Data Breach Indicted (lien direct) |
Two have been indicted in the 2015 massive data breach of health insurer Anthem, which compromised the data of at least 78 million customers. |
Data Breach
|
|
|
|
2019-05-09 19:08:04 |
Hackers Take Over IoT Devices to \'Click\' on Ads (lien direct) |
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab. |
|
|
|
|
2019-05-09 17:06:01 |
Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked (lien direct) |
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password. |
|
|
|
|
2019-05-09 16:00:02 |
Serious Phar Flaw Allows Arbitrary Code Execution on Drupal (lien direct) |
Drupal, Typo3 and Joomla are all impacted by the bug. |
|
|
|
|
2019-05-09 14:49:00 |
Researchers in the Dark on Powerful LightNeuron Malware for Years (lien direct) |
LightNeuron is the first to target Microsoft Exchange transport agents -- and is used as a hub for major Turla APT espionage efforts. |
Malware
|
|
|
|
2019-05-08 20:18:04 |
Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera (lien direct) |
The incident is only the latest in a string of disturbing horror stories of guests finding live, recording cameras hidden in their Airbnb flats. |
|
|
|
|
2019-05-08 17:35:02 |
Google Patches Critical Remote Code-Execution Flaws in Android (lien direct) |
The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity. |
|
|
|
|
2019-05-08 17:14:05 |
Lax Telco Security Allows Mobile Phone Hijacking and Redirects (lien direct) |
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls. |
|
|
|
|
2019-05-08 16:03:05 |
Google Touts Android Q\'s New Security Update Process and Better Privacy Controls for Apps (lien direct) |
At Google I/O, the tech giant announced it is beefing up security in phones with its latest Android Q operating system by offering direct updates and privacy controls. |
|
|
|
|
2019-05-08 16:01:04 |
Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise (lien direct) |
Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year. |
Data Breach
|
|
|
|
2019-05-08 12:01:03 |
Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats (lien direct) |
Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources. |
Tool
|
|
|
|
2019-05-07 20:38:03 |
Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover (lien direct) |
Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller. |
|
|
|
|
2019-05-07 17:52:02 |
Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak (lien direct) |
Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. |
|
|
|
|
2019-05-07 15:30:01 |
Ukrainian Charged With Launching 100 Million Malicious Ads (lien direct) |
Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions. |
|
|
|
|
2019-05-06 21:42:00 |
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw (lien direct) |
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. |
|
|
|
|
2019-05-06 20:04:05 |
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig (lien direct) |
Snowballing attacks using a recently patched critical bug show no sign of abating. |
|
|
|
|
2019-05-06 19:03:05 |
High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack (lien direct) |
Cisco patches two high-severity bugs that could be exploited by remote attackers. |
|
|
|
|
2019-05-06 16:00:05 |
Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting (lien direct) |
Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar. |
|
|
★★★★★
|
|
2019-05-06 15:13:03 |
High-Severity PrinterLogic Flaws Enable Remote Code Execution (lien direct) |
The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. |
|
|
★★★
|
|
2019-05-06 14:42:02 |
Tor Security Add-On Abruptly Killed by Mozilla Bug (lien direct) |
A digital signing flaw killed add-ons for Firefox as well as Tor -- and no patch is yet available for Tor users. |
|
|
★★★★★
|
|
2019-05-06 14:10:01 |
Extinguishing the IoT Insecurity Dumpster Fire (lien direct) |
Will connected devices be insecure forever? Or will legislation - such as the recent UK mandate announced this week - help boost IoT security? |
|
|
★★★★★
|
|
2019-05-06 13:00:03 |
Amid Bug Bounty Hype, Sometimes Security is Left in the Dust (lien direct) |
Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind. |
|
|
★★★★
|
|
2019-05-03 21:16:05 |
Researchers Weigh in on Trump\'s Cyber Workforce Executive Order (lien direct) |
Short on concrete details but long on affirming cybersecurity skills as a critical piece of federal defense, the White House executive order aims to bolster the national cyber workforce. |
|
|
★★★★★
|
|
2019-05-03 19:14:00 |
News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams (lien direct) |
The Threatpost team breaks down the strangest security stories this week - from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million. |
|
|
★★★★
|
|
2019-05-03 14:58:01 |
Retefe Banking Trojan Resurfaces, Says Goodbye to Tor (lien direct) |
The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app. |
Malware
|
|
|
|
2019-05-03 14:36:02 |
Multiple Sierra Wireless AirLink Routers Open to Remote Code Execution (lien direct) |
Critical flaws in the software of Sierra Wireless' AirLink routers enable an array of malicious attacks. |
|
|
|
|
2019-05-02 21:15:03 |
Critical Flaws Found in Eight Wireless Presentation Systems (lien direct) |
Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws. |
|
|
|
|
2019-04-29 20:31:03 |
Malware Infests Popular Pirate Streaming Hardware (lien direct) |
Hardware that supports pirated video streaming content comes packed with malware. |
Malware
|
|
|
|
2019-04-29 20:04:03 |
MuddyWater APT Hones an Arsenal of Custom Tools (lien direct) |
The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level. |
|
|
|
|
2019-04-29 14:13:02 |
Docker Hub Hack Affects 190K Accounts (lien direct) |
Github and Bitbucket tokens for Docker autobuilds are also impacted. |
Hack
|
|
|
|
2019-04-29 13:37:04 |
2 Million IoT Devices Vulnerable to Complete Takeover (lien direct) |
Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available. |
|
|
|
|
2019-04-26 19:44:05 |
Users Urged to Disable WordPress Plugin After Unpatched Flaw Disclosed (lien direct) |
Yet another WordPress plugin vulnerability has put thousands of websites at risk. |
Vulnerability
|
|
★★★★★
|
|
2019-04-26 17:47:00 |
GoDaddy Shutters 14,000 Subdomains Tied to \'Snake Oil\' Scams (lien direct) |
GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns. |
Spam
|
|
★★
|
|
2019-04-26 16:12:00 |
Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection (lien direct) |
The wireless gateways are used in PoS, industrial IoT and distributed enterprise settings. |
|
|
|
|
2019-04-26 12:10:01 |
Facial Recognition \'Consent\' Doesn\'t Exist, Threatpost Poll Finds (lien direct) |
Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition. |
|
|
|
|
2019-04-25 21:13:03 |
Android-Based Sony Smart-TVs Open to Image Pilfering (lien direct) |
A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it. |
|
|
|
|
2019-04-25 15:55:01 |
Amazon Employees Given \'Broad Access\' to Personal Alexa Info (lien direct) |
An auditing program for the voice assistant technology exposes geolocation data that can be personally identified, sources said. |
|
|
|
|
2019-04-25 15:19:02 |
Qualcomm Critical Flaw Exposes Private Keys For Android Devices (lien direct) |
A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys. |
|
|
|
|
2019-04-24 20:57:05 |
Facebook May Face $5 Billion FTC Fine for Data Misuse (lien direct) |
Facebook may be fined as much as $5 billion by the FTC for data issues related to the Cambridge Analytica incident. |
|
|
|
|
2019-04-24 16:55:02 |
Adware-Ridden Apps in Google Play Infect 30 Million Android Users (lien direct) |
Google Play has removed up to 50 apps that once downloaded plagued systems with full-screen ads. |
|
|
|
|
2019-04-19 19:45:04 |
Three-Fourths of Consumers Don\'t Trust Facebook, Threatpost Poll Finds (lien direct) |
On the heels of several Facebook data privacy snafus this week - and over the past year - users no longer trust the platform. |
|
|
|
|
2019-04-19 16:37:03 |
Insecure Ride App Database Leaks Data of 300K Iranian Drivers (lien direct) |
A researcher said that millions of records were leaking 300,000 Tap30 drivers' names, ID numbers and phone numbers. |
|
|
★★
|