JavaScript is not available.

Sep 12, 2017

In in lieu of a patch... “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” bit.ly/2jhkqY6

110

Apr 3, 2019

Breaking: Hundreds of millions of #Facebook records – including account names and plaintext #passwords – have been found in two separate publicly-exposed app datasets, researchers at

@UpGuard

found.

Facebook Data, Passwords Exposed Again in Leaky Datasets

Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords.

296

172

Jun 19, 2019

#Mozilla released an emergency patch for a critical #Firefox flaw that is being actively exploited in targeted attacks.

Mozilla Releases Emergency Patch for Firefox Zero Day

Mozilla is urging users to update to Firefox 67.0.3 and Firefox ESR 60.7.1 after discovering a critical flaw under active attack.

227

179

Jul 7, 2020

#Citrix warned of multiple #security flaws that could allow code injection and data theft - including four that are exploitable by unauthenticated, remote attackers.

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Admins should patch their Citrix ADC and Gateway installs immediately.

123

150

Feb 20, 2019

Secure password firms (1Password, Dashlane, KeePass and LastPass) are blasting a #security report highlighting how the utilities can be cracked open to steal #passwords.

Password Manager Firms Blast Back at ‘Leaky Password’ Revelations

1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.

139

131

May 2, 2020

Two separate attacks have targeted as many as 50,000 different #Teams users, with the goal of phishing #Microsoft Office 365 logins.

Microsoft Teams Impersonation Attacks Flood Inboxes

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

128

116

Sep 12, 2020

This Office 365 #phishing attack leverages real-time Active Directory validation of credentials. #Office365

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

118

Jul 8, 2020

15 billion usernames and #passwords are currently for sale on underground forums - over three times the number available two years ago. (via @digitalshadows)

15 Billion Credentials Currently Up for Grabs on Hacker Forums

Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.

118

107

Mar 19, 2019

Researchers have released a proof-of-concept showing how a XXE #security vulnerability can be exploited to attack #Ghidra project users.

NSA’s Ghidra Reverse-Engineering Tool Can Be Used for RCE

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.

105

Sep 1, 2017

WooCommerce #WordPress plugin, used by 28% of all online stores, patched against #XSS -

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

Jul 10, 2019

The latest #iOS and Android versions of the FinSpy #malware have been deployed in the wild. The espionage tool can eavesdrop on Signal, Telegram and WhatsApp messages and calls.

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.

May 1, 2020

A highly targeted phishing attack, abusing #Microsoft Sway, has successfully compromised the #Office365 credentials of more than 150 executives.

Microsoft Sway Abused in Office 365 Phishing Attack

The "PerSwaysion" attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.

100

Nov 16, 2018

A strange glitch in #Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them.

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

The issue comes from how Gmail automatically files messages into the "Sent" folder.

116

100

Aug 7, 2020

A ‘zero-click’ #MacOS exploit chain using #Microsoft Office macros was revealed at Black Hat.

Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros

At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.

Jul 3, 2019

#Amazon admitted it saves #Alexa voice recordings indefinitely - and even if customers delete their data, third-party developers can still save records of interactions.

Amazon Admits Alexa Voice Recordings Saved Indefinitely

Amazon's acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotli...

133

Jun 5, 2020

A U.S. military nuclear contractor was hit with the Maze #ransomware - and cybercriminals have started to leak its documents online. #ICYMI

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military.

112

Sep 12, 2017

"Basically, everything was pwned, from the LAN to the WAN." - bit.ly/2jhkqY6

Oct 16, 2018

A “critical water utility” in a county crippled by Hurricane #Florence was hit by a #ransomware attack. The #cyberattack has significantly impeded its ability to provide service to residents impacted by the #hurricane.

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority.

112

It’s not just

’s peripherals that gobble up #Windows10’s SYSTEM privileges: A

@SteelSeries

#vulnerability also tosses off #Win10 admin rights if you just plug in a device or use an #LPE script to imitate a human interface. via

@zux0x3a

#cybersecurity

Win10 Admin Rights Tossed Off by Yet Another Plug-In

Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.

Oct 3, 2019

A new hack, called PDFex, allows attackers to break the #encryption of PDF files and access content or forge signed #PDF files.

Hack Breaks PDF Encryption, Opens Content to Attackers

PDFex can bypass encryption and password protection in most PDF readers and online validation services

theorizes RATs becoming popular w/ campaign because more flexible than single-purpose ransomware:

‘HoeflerText’ Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus “HoeflerText” popup warnings is back in full swing targeting Google Chrome and Firefox browsers with Locky ransomware attacks and the NetSupport Manager RAT.

Aug 10, 2020

A vulnerability in #Google’s Chromium-based browsers allows attackers to bypass the Content #Security Policy on websites, in order to steal data and execute rogue code.

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.

112

Jan 9, 2021

In all, #Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first #security update of 2021.

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Jun 11, 2021

A monster #cyberattack on #SITA, a global IT provider for 90% of the world’s airline industry, is slowly unfurling to reveal the largest #SupplyChain attack on the #airline industry in history. #cybersecurity threatpost.com/supply-chain-a

Oct 23, 2019

Hackers are still using #Metasploit and a highly effective technique called Shikata Ga Nai to slip past modern day endpoint protections, said @FireEye researchers.

15 Years Later, Metasploit Still Manages to be a Menace

A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves even against modern defenses.

May 8, 2020

Hackers broke into #Microsoft’s GitHub account and stole 500 GB of data from its private repositories, according to reports.

Report: Microsoft’s GitHub Account Gets Hacked

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

Jan 2, 2020

Top 2020 #security predictions: -Mobile will become a prime phishing attack vector -Hackers will increasingly employ machine learning in attacks -Cloud increasingly seen as fertile ground for compromise Add your own 2020 predictions in the comments ⤵️

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Nov 24, 2019

The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption #security vulnerabilities.

Critical Flaws in VNC Threaten Industrial Environments

Some of the bugs allow remote code-execution.

Jun 20, 2020

A former analyst for the U.S. Defense Intelligence Agency was sentenced to 2+ years in prison after sharing highly classified, national defense intelligence with two reporters.

Former DIA Analyst Sentenced to Prison Over Data Leak

A former Defense Intelligence Agency analyst leaked classified information to two journalists – one of whom he was dating – shedding light on insider threats.

Sep 3, 2020

A U.S. court ruled that the #NSA mass #surveillance program was illegal – seven years after it was exposed by Snowden.

NSA Mass Surveillance Program Illegal, U.S. Court Rules

The NSA argued its mass surveillance program stopped terrorist attacks – but a new U.S. court ruling found that this is not legal, and may have even been unconstitutional.

Mar 14, 2019

Multiple zero-days in a Counter-Strike client were used to build a major #botnet - and almost 40 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious.

Zero-Days in Counter-Strike Client Used to Build Major Botnet

A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious.

Oct 15, 2019

A fake website claims to give #iPhone users the ability to jailbreak their phones. In reality,

@TalosSecurity

researchers warn, the site ultimately enables attackers to conduct click fraud. #Checkm8

Fake iOS Jailbreak Site Lures in Apple Users

A fake website purports to enable iPhone users to download an iOS jailbreak – but ultimately prompts them to download a gaming app and conducts click fraud.

Jun 4, 2020

The Maze #ransomware has hit a U.S. military contractor involved in the maintenance of the country’s Minuteman III #nuclear arsenal.

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military.

Sep 16, 2019

The entire population of #Ecuador has been impacted by an open database on an unsecured server. Exposed data includes: -Full name -Date and place of birth -Home address -Cell phone numbers/emails -Taxpayer IDs -Marital status (Via

@vpnmentor

)

Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population

Julian Assange is among those impacted.

Jul 1, 2020

A seven-year #Android surveillance campaign has been exposed, which used four malware tools to spy on the Uyghur ethnic minority group. (via

@Lookout

)

New Android Spyware Tools Emerge in Widespread Surveillance Campaign

Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group – since 2013.

Oct 11, 2018

A fake #Adobe update actually updates victims’ Flash Player – but also installs malicious #cryptomining malware. Researchers at

@Unit42_Intel

warned that the fake updates also borrow pop-up notifications from the official Adobe installer. threatpost.com/stealthy-fake-

225

Sep 9, 2020

A memory-corruption bug in #Microsoft Exchange allows remote #code execution - just by sending an email to a target.

Microsoft’s Patch Tuesday Packed with Critical RCE Bugs

The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.

Apr 1, 2020

Two zero-day #security flaws have been uncovered in #Zoom’s macOS client version. The flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.

Two Zoom Zero-Day Flaws Uncovered

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.

Aug 13, 2019

A researcher dropped a zero-day #security vulnerability that affects the Steam game client for #Windows. Valve has published a patch - but the same researcher said it can be bypassed.

Gamers Beware: Zero-Day in Steam Client Affects All Windows Users

An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges.

Oct 31, 2017

Firefox 58 will remove canvas fingerprinting.

Firefox Bolsters Privacy, Pulls Plug on Browser Canvas Fingerprinting

Firefox is to stop using the privacy-busting canvas-based browser fingerprinting that allows websites to track users’ online activities.

Sep 12, 2017

Wireless #BlueBorne attacks target billions of #Bluetooth devices - bit.ly/2f2w3kt

141

Aug 28, 2020

A #Tesla employee was reportedly approached by a Russian national and asked to install #malware on the company’s systems.

Elon Musk Confirms, Tesla Factory A Target of Foiled Cyberattack

A Tesla employee was reportedly approached by a Russian national and asked to install malware on the company's systems.

Apr 30, 2020

The operators of Shade #ransomware called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware.

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.

Jun 24, 2020

A new self-propagating #malware, dubbed Lucifer, is targeting #Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. (via

@Unit42_Intel

)

Self-Propagating Lucifer Malware Targets Windows Systems

A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities.

Nov 5, 2018

Yet another side-channel attack was discovered in CPUs. A glitch in the simultaneous multithreading (SMT) process in #CPUs - including #Intel chips - allows #hackers to siphon processed data. #PortSmash

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

An exploit was released for a flaw existing in a process in CPUs called Simultaneous Multithreading (SMT).

Jan 29, 2019

#Apple has made Group FaceTime temporarily unavailable following a major flaw discovered on Monday evening that allows eavesdropping via #FaceTime. More to come soon on Threatpost.

The #NSA and #CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S.

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.

Jul 4, 2020

Trojans, backdoors and droppers are the top three #malware types being analyzed by threat intelligence teams.

Trojans, Backdoors and Droppers: The Most-Analyzed Malware

Even so, backdoors and droppers are rare in the wild.

Apr 16, 2020

#Cisco is warning of a critical #security flaw in the web server of its IP phones. An unauthenticated, remote attacker could exploit the flaw to execute code with root privileges or launch a DoS attack.

Cisco IP Phone Harbors Critical RCE Flaw

Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker.

Jan 10, 2021

Major browsers - including #Chrome and #Firefox - are getting an update to fix bugs that could allow for remote attacks.

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Aug 6, 2020

A stack of #Linux backdoor malware used for espionage is being used as a shared resource by five different Chinese-language #APT groups.

Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo.

May 20, 2020

A #hacker who allegedly sold millions of stolen credentials from last year’s “Collection 1” #data dump was arrested.

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said.

May 30, 2019

A new strain of #malware targeting #Linux systems has been identified by researchers.

New Linux Malware ‘HiddenWasp’ Borrows from Mirai, Azazel

HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control them.

Nov 24, 2020

Researchers demonstrated for the third time how #hacking into the key fob of a #Tesla can allow someone to access and steal the car in minutes.

Tesla Hacked and Stolen Again Using Key Fob

Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.

May 23, 2019

As promised, SandboxEscaper has dropped four more exploits - three impacting #Windows and one an Internet Explorer #ZeroDay vulnerability.

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day

As promised, developer SandboxEscaper has dropped exploit code for four more bugs, on the heels of releasing a Windows zero day yesterday.

Oct 23, 2020

A Dutch ethical #hacker claims it only took 5 attempts to guess the password to President #Trump’s Twitter account: “maga2020!”

Researcher: I Hacked Trump’s Twitter by Guessing Password

Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.

May 26, 2017

"The problem is this green lock... It means the connection is encrypted, not that the content of the site is safe.” bit.ly/2rotZrI

May 21, 2020

A threat actor known as “Sanix” was taken into custody, for allegedly posting 773 million e-mail addresses and 21 million passwords on a #hacker forum last year. #ICYMI

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said.

Mar 18, 2019

A new variant of the #Mirai IoT botnet is targeting wireless presentation systems and LG display systems used by enterprises. threatpost.com/mirai-enterpri

A #Bluetooth flaw that allows spoofing attacks potentially impacts billions of #IoT devices.

Bluetooth Spoofing Bug Affects Billions of IoT Devices

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.

Jul 21, 2020

A series of #hacks against ATM terminals across Europe are forcing the machines to dispense cash to crooks.

Diebold ATM Terminals Jackpotted Using Machine’s Own Software

The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe.

Jul 1, 2020

#Microsoft quietly pushed out an emergency update to fix critical and important-severity RCE flaws in #Windows Codecs Library.

Microsoft Releases Emergency Security Updates for Windows 10, Server

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.

Feb 28, 2019

Researchers are urging #Ring users to update to the latest version of the smart doorbell after a serious flaw triggered #privacy concerns. threatpost.com/ring-doorbell-

The recently discovered #Windows zero-day – which still doesn’t have a patch – has been used in the wild for the last week:

Active Spy Campaign Exploits Unpatched Windows Zero-Day

The PowerPool gang launched its attack just two days after the zero-day in the Windows Task Scheduler was disclosed.

Sep 4, 2020

A new #phishing campaign steals #Outlook credentials using an overlay screen on top of targeted employees' legitimate company webpages. (

@Cofense

)

Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites

A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.

Oct 16, 2019

Unencrypted mobile traffic on #Tor network is leaking personal identifiable information, researchers say. That includes GPS coordinates, web addresses, phone numbers and keystrokes.

Unencrypted Mobile Traffic on Tor Network Leaks PII

Researchers create digital dossiers of mobile users scraped from Tor network traffic.

Gamer alert!

bugs allow privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure-- YIKES bit.ly/3u73aFe #patchoftheday #CyberSecurity

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

May 1, 2020

Researchers are warning of a convincing #cyberattack that impersonates notifications from #Microsoft Teams in order to steal employee Office 365 credentials.

Microsoft Teams Impersonation Attacks Flood Inboxes

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

Jan 7, 2021

#WhatsApp is asking users to accept a new privacy policy that will share all of their data with #Facebook beginning Feb. 8 - drawing ire from some.

Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire

The messaging platform will update its privacy platform on Feb. 8 to integrate further with its parent company, prompting users to cry foul over privacy issues.

Oct 8, 2018

A new #hacking technique used against vulnerable #MikroTik routers gives attackers the ability to execute remote code on affected devices. Researchers

@TenableSecurity

outlined the attack at #DerbyCon2018. threatpost.com/poc-attack-esc

Jun 24, 2019

A money-siphoning #malware has been found hiding in seemingly legitimate photo editing apps available on the #Google Play store.

MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash

Pink Camera apps secretly signed users up for premium subscription services.

May 14, 2019

New: #Intel has disclosed a new class of speculative execution attacks impacting all of its modern CPUs.

Intel CPUs Impacted By New Class of Spectre-Like Attacks

Intel has disclosed a new class of speculative execution side channel attacks.

Jun 23, 2019

More than 2 million #IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response.

Consumers Urged to Junk Insecure IoT Devices

A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state...

Apr 29, 2020

A high-severity flaw was discovered in a #WordPress plugin installed on more than 100,000 sites. The vulnerability could lead to XSS and the injection of malicious #JavaScript anywhere on a victim's site.

WordPress Plugin Bug Opens 100K Websites to Compromise

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

May 14, 2020

#Facebook awarded a #security researcher $20,000 for discovering a XSS vulnerability in the Facebook Login SDK.

The cross-site scripting vulnerability could have allowed trivial account takeover.

Dec 31, 2018

#Facebook tracks #Android users via apps - even if they aren’t Facebook users. That's according to a new report by

@privacyint

presented at #35C3.

How Facebook Tracks Non-Users via Android Apps

Facebook tracks Android users via apps, even if they aren’t Facebook users.

Aug 24, 2020

The University of Utah paid a $457,000 ransom after a #ransomware attack hit the university’s servers.

University of Utah Pays $457K After Ransomware Attack

The university said that it paid $457,000 to retrieve a decryption key after a ransomware attack encrypted student and faculty data on its servers.

May 10, 2019

A #biometric USB that claims to be "unhackable" actually offers up passwords in plain text.

‘Unhackable’ Biometric USB Offers Up Passwords in Plain Text

A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive.

Jun 18, 2020

#Cisco is warning of three high-severity #Webex flaws, including one that could allow unauthenticated attackers to remotely execute code on impacted systems.

Cisco Webex, Router Bugs Allow Code Execution

High-severity flaws plague Cisco's Webex collaboration platform, as well as its RV routers for small businesses.

Apr 22, 2019

More than 2 million #passwords for Wi-Fi hotspots were leaked online by the #Android app developer behind the mobile application called WiFi Finder.

Wi-Fi Hotspot Finder Spills 2 Million Passwords

China-based app maker ignored repeated warnings by researchers that its password database – stored in plain text – was accessible to anyone online.

Hackers take down

Reader,

Safari,

Edge +

at day one of #Pwn2Own 2017 - bit.ly/2mwUnbH #CanSecWest

Oct 18, 2019

A critical #Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A #security fix has been proposed but has not yet been incorporated into the Linux kernel.

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

A patch is currently under revision but has not yet been incorporated into the Linux kernel.

Sep 12, 2019

A vulnerability discovered in #mobile SIM cards is being actively exploited to track phone users – all merely by sending an #SMS message to victims, researchers say.

1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack

More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn.

Feb 10, 2020

#Emotet can now hack insecure Wi-Fi networks nearby an infected device - a tactic that rapidly escalates the #malware's spread, researchers say.

Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm

The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops.

Dec 18, 2018

Researchers have found a new type of #malware that receives instructions via hidden code embedded in #memes... posted to #Twitter.

Hidden Code in Memes Instruct Malware via Twitter

Analysts discover malicious code embedded in tweeted images.

Jun 28, 2020

The first-stage Golang malware loader, spotted in active campaigns, has added additional exploits and a new backdoor capability.

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability.

Sep 23, 2019

Researchers are warning of a dangerous spearphishing campaign, which has targeted 17 U.S. utility companies with a new #malware variant. The malware, which

@proofpoint

calls LookBack, has capabilities to view system data and reboot machines.

LookBack Malware Targets More Utilities Firms With New Macros, Tactics

A spearphishing campaign first uncovered in July is hitting more utilities firms and spreading the LookBack malware, which has capabilities to view system data and reboot machines.

Sep 7, 2020

An attacker can execute remote code with no user interaction, thanks to the critical #Cisco flaw.

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.

Jan 4, 2019

An insidious #phishing method evades detection using a never-before-seen technique that leverages custom fonts, according to

@proofpoint

researchers. threatpost.com/phishing-custo

Jun 26, 2020

#Nvidia warned of high-severity flaws in its graphics drivers for #Windows users.

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.

Nov 11, 2019

A database on #Apple’s macOS computers is storing emails, that are supposed to be protected with encryption, as readable files. It's a problem that the company has been aware for months - and still has yet to solve.

Encrypted Emails on macOS Found Stored in Unprotected Way

Apple is investigating an issue raised by a Mac specialist discovered to be storing emails that are supposed to be S/MIME-encrypted as readable files.

Feb 17, 2019

Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job.

Where’s the Equifax Data? Does It Matter?

Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job.

Oct 31, 2017

Popular parental monitoring device patched. threatpost.com/popular-circle

Jun 6, 2020

A researcher found that phone numbers tied to #WhatsApp accounts are indexed publicly on #Google Search creating what he claims is a “privacy issue” for users.

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?

A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.

Nov 29, 2018

A critical Zoom #vulnerability allows remote #hackers to hijack conference meetings and kick attendees out. Researchers at

@TenableSecurity

disclosed the unauthorized command execution flaw today.

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings

Hackers can spoof messages, hijack screen controls and kick others out of meetings.

Aug 5, 2020

The #NSA - known for its own questionable surveillance activity - released an advisory warning of various ways #mobile phones give up location data.

NSA Warns Smartphones Leak Location Data

The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are.

Aug 21, 2020

Threat actors can easily build #malware-laced Community Amazon Machine Images (AMI) and make them available to unsuspecting #AWS customers, researchers warn.

Researchers Sound Alarm Over Malicious AWS Community AMIs

Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.

Jul 20, 2020

Less than 500 machines have been patched since

@US_CYBERCOM

issued an alert to fix a critical F5 BIG-IP #security bug that’s under active exploit.