Bookmarks (394)

  • screenshot

    Will 2022 Be the Year of the Software Bill of Materials?

    Praise be & pass the recipe for the software soup: There's too much scrambling to untangle...

  • screenshot

    The Log4j Vulnerability Puts Pressure on the Security World

    It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions...

  • screenshot

    New ‘White Rabbit’ Ransomware May Be New FIN8 Tool | Threatpost

    It's a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and...

  • screenshot

    Organizations Face a ‘Losing Battle’ Against Vulnerabilities

    Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that...

  • screenshot

    Top Illicit Carding Marketplace UniCC Abruptly Shuts Down

    UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.

  • screenshot

    Real Big Phish: Mobile Phishing & Managing User Fallibility

    Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing,...

  • screenshot

    Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

    Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access...

  • screenshot

    ‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

    As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be...

  • screenshot

    Three Plugins with Same Bug Put 84K WordPress Sites at Risk

    Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for...

  • screenshot

    Microsoft Yanks Buggy Windows Server Updates

    Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops...

  • screenshot

    North Korean APTs Stole ~$400M in Crypto in 2021

    Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr....

  • screenshot

    US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

    US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite...

  • screenshot

    New GootLoader Campaign Targets Accounting, Law Firms

    GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.

  • screenshot

    Adobe Cloud Abused to Steal Office 365, Gmail Credentials

    Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that...

  • screenshot

    Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

    Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to...

  • screenshot

    Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

    Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.

  • screenshot

    Phishers Rip Off High-Profile EA Gamers | Threatpost

    Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some...

  • screenshot

    Here's REALLY How to Do Zero-Trust Security

    It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps...

  • screenshot

    Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

    The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a...

  • screenshot

    Critical SonicWall NAC Vulnerability Stems from Apache Mods

    Researchers offer more detail on the bug, which can allow attackers to completely take over targets.

  • screenshot

    Millions of Routers Exposed to RCE by USB Kernel Bug

    The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from...

  • screenshot

    URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

    Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a...

  • screenshot

    Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

    Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of...

  • screenshot

    EoL Systems Stonewalling Log4j Fixes for Fed Agencies

    End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a...

  • screenshot

    Cyberattackers Hit Data of 80K Fertility Patients

    Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at...

  • screenshot

    QNAP: Get NAS Devices Off the Internet Now

    There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device...

  • screenshot

    Activision Files Unusual Lawsuit over Call of Duty Cheat Codes

    Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders...

  • screenshot

    Google Voice Authentication Scam Leaves Victims on the Hook

    The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated...

  • screenshot

    Attackers Exploit Flaw in Google Docs’ Comments Feature

    A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both...

  • screenshot

    1.1M Compromised Accounts Found at 17 Major Companies

    The accounts fell victim to credential-stuffing attacks, according to the New York State AG.

  • screenshot

    ‘Elephant Beetle’ Lurks for Months in Networks

    The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too...

  • screenshot

    Broward Breach Highlights Healthcare Supply-Chain Problems

    More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in...

  • screenshot

    Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails

    A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating...

  • screenshot

    FTC to Go After Companies that Ignore Log4j

    Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque...

  • screenshot

    ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

    The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware –...

  • screenshot

    Microsoft Sees Rampant Log4j Exploit Attempts, Testing

    Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems...

  • screenshot

    SEGA's Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

    SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.

  • screenshot

    Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

    The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.

  • screenshot

    McMenamins Data Breach Affects 12 Years of Employee Info

    The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.

  • screenshot

    What the Rise in Cyber-Recon Means for Your Security Strategy

    Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly...

  • screenshot

    APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

    Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military...

  • screenshot

    5 Cybersecurity Trends to Watch in 2022

    Here’s what cybersecurity watchers want infosec pros to know heading into 2022.  

  • screenshot

    2021 Wants Another Chance (A Lighter-Side Year in Review)

    The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer...

  • screenshot

    Global Cyberattacks from Nation-State Actors Posing Greater Threats

    Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of...

  • screenshot

    The 5 Most-Wanted Threatpost Stories of 2021

    A look back at what was hot with readers in this second year of the pandemic.

  • screenshot

    4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

    The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and...

  • screenshot

    Telegram Abused to Steal Crypto-Wallet Credentials

    Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials...

  • screenshot

    ‘Spider-Man: No Way Home’ Download Installs Cryptominer

    The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers...

  • screenshot

    All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

    A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.

  • screenshot

    Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

    Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching...