Threat Post

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling

Threat Post - Thu, 05/27/2021 - 9:56am
Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.
Categories: Threat Post

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues

Threat Post - Thu, 05/27/2021 - 8:00am
David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous proposition: "Mistakes will be made, creating opportunities for our adversaries.
Categories: Threat Post

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Threat Post - Wed, 05/26/2021 - 4:14pm
Researchers found flaws most of the ‘popular’ PDF applications tested.
Categories: Threat Post

VMware Sounds Ransomware Alarm Over Critical Severity Bug

Threat Post - Wed, 05/26/2021 - 3:45pm
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”.
Categories: Threat Post

BazaLoader Masquerades as Movie-Streaming Service

Threat Post - Wed, 05/26/2021 - 1:44pm
The website for “BravoMovies” features fake movie posters and a FAQ with a rigged Excel spreadsheet for “cancelling” the service, but all it downloads is malware.
Categories: Threat Post

‘Privateer’ Threat Actors Emerge from Cybercrime Swamp

Threat Post - Wed, 05/26/2021 - 8:01am
‘Privateers’ aren’t necessarily state-sponsored, but they have some form of government protection while promoting their own financially-motivated criminal agenda, according to Cisco Talos.
Categories: Threat Post

A Peek Inside the Underground Ransomware Economy

Threat Post - Wed, 05/26/2021 - 8:00am
Threat hunters weigh in on how the business of ransomware, the complex relationships between cybercriminals, and how they work together and hawk their wares on the Dark Web.
Categories: Threat Post

Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets

Threat Post - Tue, 05/25/2021 - 4:26pm
The group is using ransomware intended to make its espionage and destruction efforts appear financially motivated.
Categories: Threat Post

Trend Micro Bugs Threaten Home Network Security

Threat Post - Tue, 05/25/2021 - 12:41pm
The security vendor's network management and threat protection station can open the door to code execution, DoS and potential PC takeovers.
Categories: Threat Post

Combatting Insider Threats with Keyboard Security

Threat Post - Tue, 05/25/2021 - 11:20am
Dale Ludwig, business development manager at Cherry Americas, discusses advances in hardware-based security that can enhance modern cyber-defenses.
Categories: Threat Post

Bose Admits Ransomware Hit: Employee Data Accessed

Threat Post - Tue, 05/25/2021 - 11:06am
The consumer-electronics stalwart was able to recover without paying a ransom, it said.
Categories: Threat Post

Pulse Secure VPNs Get Quick Fix for Critical RCE

Threat Post - Tue, 05/25/2021 - 10:57am
One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.
Categories: Threat Post

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots

Threat Post - Tue, 05/25/2021 - 8:25am
Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.
Categories: Threat Post

American Express Fined for Sending Millions of Spam Messages

Threat Post - Mon, 05/24/2021 - 4:53pm
British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers.
Categories: Threat Post

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Threat Post - Mon, 05/24/2021 - 3:33pm
A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners.
Categories: Threat Post

FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel

Threat Post - Mon, 05/24/2021 - 12:23pm
An FBI employee allegedly made off with top-secret documents, keeping them in her home for more than a decade.
Categories: Threat Post