Threat Post

Subscribe to Threat Post feed
The First Stop For Security News
Updated: 33 min 7 sec ago

4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users

Fri, 07/31/2020 - 5:05pm
The flaws have been confirmed by Grandstream, but no firmware update has yet been issued.
Categories: Threat Post

Authorities Arrest Alleged 17-Year-Old ‘Mastermind’ Behind Twitter Hack

Fri, 07/31/2020 - 4:21pm
Three have been charged in alleged connection with the recent high-profile Twitter hack - including a 17-year-old teen from Florida who is the reported "mastermind" behind the attack.
Categories: Threat Post

CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report

Fri, 07/31/2020 - 12:08pm
The corporate-travel leader has confirmed an attack that knocked systems offline.
Categories: Threat Post

Anti-NATO Disinformation Campaign Leveraged CMS Compromises

Fri, 07/31/2020 - 12:03pm
Researchers uncovered a disinformation campaign aiming to discredit NATO via fake news content on compromised news websites.
Categories: Threat Post

Twitter: Epic Account Hack Caused by Mobile Spearphishing

Fri, 07/31/2020 - 9:21am
Hackers "mislead certain employees" to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.
Categories: Threat Post

Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More

Fri, 07/31/2020 - 6:30am
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 - from election security to remote work and the pandemic.
Categories: Threat Post

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

Thu, 07/30/2020 - 5:40pm
Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.
Categories: Threat Post

Doki Backdoor Infiltrates Docker Servers in the Cloud

Thu, 07/30/2020 - 1:00pm
The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.
Categories: Threat Post

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Thu, 07/30/2020 - 10:36am
The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.
Categories: Threat Post

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

Thu, 07/30/2020 - 9:32am
A vulnerability in the state’s system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online.
Categories: Threat Post

Critical Magento Flaws Allow Code Execution

Wed, 07/29/2020 - 5:22pm
Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.
Categories: Threat Post

Billions of Devices Impacted by Secure Boot Bypass

Wed, 07/29/2020 - 3:53pm
The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.
Categories: Threat Post

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Wed, 07/29/2020 - 2:02pm
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.
Categories: Threat Post

Critical Security Flaw in WordPress Plugin Allows RCE

Wed, 07/29/2020 - 12:32pm
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
Categories: Threat Post

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems

Wed, 07/29/2020 - 8:35am
Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.
Categories: Threat Post

OkCupid Security Flaw Threatens Intimate Dater Details

Wed, 07/29/2020 - 6:00am
Attackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.
Categories: Threat Post

Lazarus Group Brings APT Tactics to Ransomware

Tue, 07/28/2020 - 5:20pm
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.
Categories: Threat Post

Podcast: Security Lessons Learned In Times of Uncertainty

Tue, 07/28/2020 - 9:23am
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020.
Categories: Threat Post

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Tue, 07/28/2020 - 9:11am
A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.
Categories: Threat Post

Microsoft Revamps Windows Insider Preview Bug Bounty Program

Mon, 07/27/2020 - 4:17pm
Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.
Categories: Threat Post