Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. [...]
Showing only posts by Tom Spring. Show all posts.
No Patch for High-Severity Bug in Legacy IBM System X Servers
Two of IBM's aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw. [...]
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop. [...]
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex. [...]
Proxyware Services Open Orgs to Abuse – Report
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn. [...]
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability. [...]
Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions. [...]
Cisco Issues Critical Fixes for High-End Nexus Gear
Networking giant issues two critical patches and six high-severity patches. [...]
US Media, Retailers Targeted by New SparklingGoblin APT
The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors. [...]
Custom WhatsApp Build Delivers Triada Malware
Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK. [...]
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools. [...]
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. [...]
Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets
Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets. [...]
Black Hat: Novel DNS Hack Spills Confidential Corp Data
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS. [...]
Crypto Hack Earned Crooks $600 Million
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network. [...]
Black Hat: Scaling Automated Disinformation for Misery and Profit
Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0. [...]
Black Hat: New CISA Head Woos Crowd With Public-Private Task Force
Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime. [...]
Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say
Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera. [...]
Black Hat: Let’s All Help Cyber-Immunize Each Other
We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity. [...]
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware. [...]
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. [...]
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems. [...]
French Launch NSO Probe After Macron Believed Spyware Target
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. [...]
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking. [...]
SonicWall Warns Secure VPN Hardware Bugs Under Attack
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack. [...]
page 1 | older articles »