The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations. Source link
Tag: Web Security
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims’ Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs. Source link
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Source link
WordPress Plugin Flaw Allows Attackers to Forge Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. Source link
Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns
Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers. Source link
Razer Gaming Fans Caught Up in Data Leak
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks
The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0. Source link
Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans
Cyberattacks have caused several school systems to delay students’ first day back - and experts warn that new Covid-related threats will continue plaguing classrooms. Source link
Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
CDRThief Malware Targets VoIP Gear in Carrier Networks
The Linux-targeted code can steal phone-call metadata, likely in spy campaigns or for use in VoIP fraud. Source link
Zeppelin Ransomware Returns with New Trojan on Board
The malware has popped up in a targeted campaign and a new infection routine. Source link
Google Squashes Critical Android Media Framework Bug
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall. Source link
TeamTNT Gains Full Remote Takeover of Cloud Instances
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors on targeted Docker and Kubernetes clusters. Source link
Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS vendors like Rockwell Automation and Siemens. Source link
Spyware Labeled ‘TikTok Pro’ Exploits Fears of US Ban
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials. Source link
Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email. Source link
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems. Source link
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Source link
Cryptobugs Found in Numerous Google Play Store Apps
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map’s export function, which earned him $10,000 in bug bounty rewards. Source link
How Zero Trust and SASE Can Redefine Network Defenses for Remote Workforces
The SASE model for remote access and security coupled with Zero Trust can help redefine network and perimeter defenses when a traditional “perimeter” no longer exists. Source link
CEOs Could Be Held Personally Liable for Cyberattacks that Kill
As IT systems, IoT and operational technology converge, attacks on cyber-physical systems in industrial, healthcare and other scenarios will come with dire consequences, Gartner predicts. Source link
Social Media: Thwarting The Phishing-Data Goldmine
Cybercriminals can use social media in many ways in order to trick employees. Source link
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical. Source link