Insurance Giant CNA Hit with Novel Ransomware Attack
The incident, which forced the company to disconnect its systems, caused significant business disruption. [...]
Showing only posts in Threatpost. Show all posts.
Fleeceware Apps Bank $400M in Revenue
The cache of apps, found in Apple and Google's official marketplaces is largely targeted towards children, including several "slime simulators." [...]
Microsoft Offers Up To $30K For Teams Bugs
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. [...]
Facebook Disrupts Spy Effort Aimed at Uyghurs
The social-media giant took down legions of fake profiles aimed at spreading espionage malware. [...]
Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk
New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities. [...]
ProtonVPN CEO Blasts Apple for ‘Aiding Tyrants’ in Myanmar
CEO says Apple rejected a security update needed to protect human-rights abuse evidence. [...]
Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates. [...]
Ransomware Attack Foils IoT Giant Sierra Wireless
The ransomware attack has impacted the IoT manufacturer's production lines across multiple sites, and other internal operations. [...]
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
Vast swathes of companies were likely compromised before patches were applied, so the danger remains. [...]
Purple Fox Malware Targets Windows Machines With New Worm Capabilities
A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing. [...]
Security Analysis Clears TikTok of Censorship, Privacy Accusations
TikTok’s source code is in line with industry standards, security researchers say. [...]
Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail
A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts. [...]
MangaDex Site Offline Following Hacking Incident
A cyberattacker taunted the site about open security vulnerabilities, prompting a code review. [...]
Hobby Lobby Exposes Customer Data in Cloud Misconfiguration
The arts-and-crafts retailer left 138GB of sensitive information open to the public internet. [...]
Podcast: Microsoft Exchange Server Attack Onslaught Continues
Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week. [...]
Energy Giant Shell Is Latest Victim of Accellion Attacks
Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched. [...]
CISA Warns of Security Flaws in GE Power Management Devices
The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition. [...]
Critical Security Bugs Fixed in Virtual Learning Software
Remote ed software bugs give attackers wide access student computers, data. [...]
Adobe Fixes Critical ColdFusion Flaw in Emergency Update
Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks. [...]
Critical F5 BIG-IP Flaw Now Under Active Attack
Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure. [...]
Office 365 Phishing Attack Targets Financial Execs
Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. [...]
Bogus Android Clubhouse App Drops Credential-Swiping Malware
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon. [...]
CopperStealer Malware Targets Facebook and Instagram Business Accounts
A previously undocumented password and cookie stealer has been compromising accounts of big guns like Facebook, Apple, Amazon and Google since 2019 and then using them for cybercriminal activity. [...]
Fiserv Forgets to Buy Domain It Used as System Default
Fintech security provider Fiserv acknowledges it used unregistered domain as default email. [...]
Trojanized Xcode Project Slips MacOS Malware to Apple Developers
In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects. [...]
« newer articles | page 55 | older articles »