Threat Post

5 Tips to Prevent and Mitigate Ransomware Attacks

Threat Post - 55 min 18 sec ago
Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.
Categories: Threat Post

Avaddon Ransomware Gang Evaporates Amid Global Crackdowns  

Threat Post - 1 hour 51 min ago
Ransomware group releases decryptors for nearly 3,000 victims, forfeiting millions in payouts.    
Categories: Threat Post

Researchers: Booming Cyber-Underground Market for Initial-Access Brokers

Threat Post - 2 hours 4 min ago
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.
Categories: Threat Post

Peloton Bike+ Bug Gives Hackers Complete Control

Threat Post - 2 hours 36 min ago
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.
Categories: Threat Post

Millions of Connected Cameras Open to Eavesdropping

Threat Post - Tue, 06/15/2021 - 4:51pm
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
Categories: Threat Post

Malicious PDFs Flood the Web, Lead to Password-Snarfing

Threat Post - Tue, 06/15/2021 - 1:05pm
SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.
Categories: Threat Post

Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign

Threat Post - Tue, 06/15/2021 - 12:46pm
Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.
Categories: Threat Post

Insider Risks In the Work-From-Home World

Threat Post - Tue, 06/15/2021 - 10:47am
Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters.
Categories: Threat Post

SASE & Zero Trust: The Dream Team

Threat Post - Tue, 06/15/2021 - 10:47am
Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.
Categories: Threat Post

Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data

Threat Post - Tue, 06/15/2021 - 8:39am
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.
Categories: Threat Post

Apple Hurries Patches for Safari Bugs Under Active Attack

Threat Post - Tue, 06/15/2021 - 7:43am
Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.
Categories: Threat Post

Utilities ‘Concerningly’ at Risk from Active Exploits

Threat Post - Mon, 06/14/2021 - 4:45pm
Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.  
Categories: Threat Post

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Threat Post - Mon, 06/14/2021 - 4:26pm
Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services.
Categories: Threat Post

Moobot Milks Tenda Router Bugs for Propagation

Threat Post - Mon, 06/14/2021 - 1:43pm
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
Categories: Threat Post

Volkswagen Vendor Exposed Data of 3.3m Drivers

Threat Post - Mon, 06/14/2021 - 11:12am
Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.
Categories: Threat Post

Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC

Threat Post - Fri, 06/11/2021 - 5:09pm
A trio of security flaws open the door to remote-code execution and a malware tsunami.
Categories: Threat Post

Baby Clothes Giant Carter’s Leaks 410K Customer Records

Threat Post - Fri, 06/11/2021 - 2:29pm
Purchase automation software delivered shortened URLs without protections.
Categories: Threat Post

REvil Hits US Nuclear Weapons Contractor: Report

Threat Post - Fri, 06/11/2021 - 2:16pm
"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote.
Categories: Threat Post

Cyberpunk 2077 Hacked Data Circulating Online

Threat Post - Fri, 06/11/2021 - 12:39pm
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.
Categories: Threat Post

Monumental Supply-Chain Attack on Airlines Traced to State Actor

Threat Post - Fri, 06/11/2021 - 10:23am
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.
Categories: Threat Post