Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues. Source link
Tag: Mobile Security
High-Severity Cisco Webex Flaws Fixed
The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution. Source link
Trump, Sanders Are the Top Brands for Cybercriminals
An analysis of spam subject lines and malicious domains shows that attackers have been betting on Trump and Sanders to snag public interest. Source link
Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates
While 1.7 million of the certificates potentially affected by a CAA bug have already been replaced, around 1 million are still active. Source link
Critical Netgear Bug Impacts Flagship Nighthawk Router
Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws. Source link
Microsoft OneNote Used To Sidestep Phishing Detection
A recent phishing campaign used OneNote to distribute the Agent Tesla keylogger. Source link
Loyalty Cards Targeted in Tesco Clubcard Attack
Around 600,000 of the supermarket’s 12 million loyalty program members have been warned about a cyberattack. Source link
Cobalt Ulster Strikes Again With New ForeLord Malware
Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks’ Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT. Source link
Let’s Encrypt to Revoke Millions of TLS Certs
On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug. Source link
MediaTek Bug Actively Exploited, Affects Millions of Android Devices
An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices. Source link
Have I Been Pwned No Longer For Sale
Troy Hunt said the popular HIBP will continue to be run as an independent service. Source link
DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution. Source link
Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver
Several flaws found in Nvidia’s graphics drivers could enable denial of service, remote code execution and other malicious attacks. Source link
Forrester: Keeping Smart Cities Safe From Hacks
As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more. Source link
TrickBot Adds ActiveX Control, Hides Dropper in Images
The tricky trojan has evolved again, to stay a step ahead of defenders. Source link
Walgreens Mobile App Leaks Prescription Data
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Bruce Schneier Proposes ‘Hacking Society’ for a Better Tomorrow
The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today’s world, said security technologist Bruce Schneier. Source link
RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus
The federal agency plans a slew of initiatives to address industrial control security this year. Source link
Patrick Wardle: Apple Devices Hit With Recycled macOS Malware
Patrick Wardle talks about the biggest threats he’s seeing impacting Apple devices. Source link
Google’s War on Android App Permissions, 60 Percent Successful
An automated Google warning to Android app developers regarding mobile app permissions has cut the number of requests in half. Source link
RSAC 2020: GM’s Transportation Future Hinges on Cybersecurity
CEO Mary T. Barra addressed the high stakes in rolling out self-driving cars and biometric-enhanced vehicles, where one cyber-event could derail plans for emerging automotive technologies. Source link
IoT Insecurity: When Your Vacuum Turns on You
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others. Source link