Threat Post

The TikTok Ban: Security Experts Weigh in on the App’s Risks

Threat Post - Fri, 09/18/2020 - 5:22pm
With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers said in our exclusive roundtable.
Categories: Threat Post

Stubborn WooCommerce Plugin Bugs Get Third Patch

Threat Post - Fri, 09/18/2020 - 5:07pm
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch.
Categories: Threat Post

SecOps Teams Wrestle with Manual Processes, HR Gaps

Threat Post - Fri, 09/18/2020 - 2:16pm
Enterprise security teams are "drowning in alerts."
Categories: Threat Post

Security Takeaways from the Great Work-from-Home Experiment

Threat Post - Fri, 09/18/2020 - 1:56pm
As the pandemic drags on and remote workforces stay remote, zero-trust and other lessons learned should come to the fore.
Categories: Threat Post

Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach

Threat Post - Fri, 09/18/2020 - 12:29pm
Maze continues to adopt tactics from rival cybercrime gangs.
Categories: Threat Post

Mozi Botnet Accounts for Majority of IoT Traffic

Threat Post - Thu, 09/17/2020 - 5:00pm
Mozi’s spike comes amid a huge increase in overall IoT botnet activity.
Categories: Threat Post

Apple Bug Allows Code Execution on iPhone, iPad, iPod

Threat Post - Thu, 09/17/2020 - 4:23pm
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.
Categories: Threat Post

Google Play Bans Stalkerware and ‘Misrepresentation’

Threat Post - Thu, 09/17/2020 - 12:46pm
The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.
Categories: Threat Post

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Threat Post - Thu, 09/17/2020 - 11:31am
Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
Categories: Threat Post

California Elementary Kids Kicked Off Online Learning by Ransomware

Threat Post - Thu, 09/17/2020 - 10:05am
The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.
Categories: Threat Post

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

Threat Post - Wed, 09/16/2020 - 4:01pm
The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.
Categories: Threat Post

DDoS Attacks Skyrocket as Pandemic Bites

Threat Post - Wed, 09/16/2020 - 1:14pm
More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.
Categories: Threat Post

DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages

Threat Post - Wed, 09/16/2020 - 11:25am
The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.
Categories: Threat Post

Report Looks at COVID-19’s Massive Impact on Cybersecurity

Threat Post - Wed, 09/16/2020 - 9:00am
Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.
Categories: Threat Post

Bluetooth Spoofing Bug Affects Billions of IoT Devices

Threat Post - Wed, 09/16/2020 - 8:52am
The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.
Categories: Threat Post

Data Breaches Exposes Vets, COVID-19 Patients

Threat Post - Tue, 09/15/2020 - 6:02pm
Social engineering and employee mistakes lead to breach Veteran's Administration and the National Health Service.
Categories: Threat Post

QR Codes Serve Up a Menu of Security Concerns

Threat Post - Tue, 09/15/2020 - 3:09pm
QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about.
Categories: Threat Post

IBM Spectrum Protect Plus Security Open to RCE

Threat Post - Tue, 09/15/2020 - 3:08pm
Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution.
Categories: Threat Post

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Threat Post - Tue, 09/15/2020 - 11:59am
Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.
Categories: Threat Post

MFA Bypass Bugs Opened Microsoft 365 to Attack

Threat Post - Tue, 09/15/2020 - 7:47am
Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.
Categories: Threat Post