Threatpost

Syndikovat obsah Threatpost | The first stop for security news
The First Stop For Security News
Aktualizace: 24 min 36 sek zpět

Oracle Patches 250 Bugs in Quarterly Critical Patch Update

13 hodin 12 min zpět
Three critical SQL injection vulnerabilities in Oracle's popular E-Business Suite make up a part of 250 bugs patched for the company's quarterly Critical Patch Update,
Kategorie: Hacking & Security

Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones

17 Říjen, 2017 - 15:00
Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices.
Kategorie: Hacking & Security

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

16 Říjen, 2017 - 20:05
A flawed Infineon Technology chipset left HP, Lenovo and Microsoft devices open to what is called a 'practical factorization attack,' in which an attacker computes the private part of an RSA key.
Kategorie: Hacking & Security

Adobe Patches Flash Zero Day Exploited by Black Oasis APT

16 Říjen, 2017 - 17:46
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis.
Kategorie: Hacking & Security

KRACK Attack Devastates Wi-Fi Security

16 Říjen, 2017 - 16:16
The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.
Kategorie: Hacking & Security

Cyberespionage Group Steps Up Campaigns Against Japanese Firms

14 Říjen, 2017 - 16:00
Researchers unearth new tactics and strategies used by the criminals behind the hacking group known as Bronze Butler.
Kategorie: Hacking & Security

Hyatt Hit By Credit Card Breach, Again

13 Říjen, 2017 - 18:33
Hyatt said its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries between March and July this year.
Kategorie: Hacking & Security

Google Busy Removing More Malicious Chrome Extensions from Web Store

13 Říjen, 2017 - 17:59
Three malicious Chrome extensions spoofing AdBlock Plus were removed from the Chrome Web Store this week.
Kategorie: Hacking & Security

Chris Brook Says Farewell to Threatpost

13 Říjen, 2017 - 17:00
Staff writer Chris Brook says farewell to Threatpost after eight years on the site. He and Mike Mimoso talk about Threatpost's early days and how the site grew up alongside the security industry.
Kategorie: Hacking & Security

Legacy Office Feature Used In Novel Document Attacks

13 Říjen, 2017 - 15:00
A forgotten feature in Microsoft Office allows attackers to bypass antivirus scanners and pull off document-based attacks to install malware.
Kategorie: Hacking & Security

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

12 Říjen, 2017 - 20:53
Researchers say in a 30-day period cybercriminals behind the Locky ransomware have updated the malware three times and have stepped up spam campaigns.
Kategorie: Hacking & Security

Equifax Takes Down Compromised Page Redirecting to Adware Download

12 Říjen, 2017 - 18:32
Equifax has temporarily taken down one of its consumer-facing credit report services after the webpage was compromised and serving adware via a phony Flash Player download.
Kategorie: Hacking & Security

Down the Rabbit Hole with a BLU Phone Infection

12 Říjen, 2017 - 16:00
Much-maligned BLU phones have been a privacy and spyware nightmare. Threatpost shares the story of one victim who experienced firsthand a relentless wave of unwanted programs, spyware and frustration.
Kategorie: Hacking & Security

Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software

11 Říjen, 2017 - 20:23
A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor.
Kategorie: Hacking & Security

iOS Password Prompts are Ripe for Abuse

11 Říjen, 2017 - 19:24
Apple’s password prompts for iOS devices are an easy target for phishing attacks to steal iTunes passwords and IDs.
Kategorie: Hacking & Security

RubyGems Patches Remote Code Execution Vulnerability

11 Říjen, 2017 - 17:36
RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems.
Kategorie: Hacking & Security

Microsoft Patches Office Bug Actively Being Exploited

10 Říjen, 2017 - 22:44
Microsoft’s Patch Tuesday security bulletin includes 62 fixes for vulnerabilities tied to Office, SBM1 and the Windows DNS client.
Kategorie: Hacking & Security

Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

10 Říjen, 2017 - 21:32
Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket.
Kategorie: Hacking & Security

Microsoft Patches Critical Windows DNS Client Vulnerabilities

10 Říjen, 2017 - 20:00
Microsoft patched three memory corruption vulnerabilities in the Windows DNS client that could be abused by a man-in-the-middle attacker to run arbitrary code.
Kategorie: Hacking & Security

Porn Site Becomes Hub for Malvertising Campaigns

10 Říjen, 2017 - 19:53
A popular porn site is used by KovCoreG Group to launch multiple malvertising campaigns exposing millions to fake browser updates and malware.
Kategorie: Hacking & Security