Threatpost

Threatpost The First Stop for Security News Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.

Join us on Monday for: Security Innovation: Secure Systems Start with Foundational Hardwarehttps://bit.ly/3ywedfM
08/07/2022

Join us on Monday for: Security Innovation: Secure Systems Start with Foundational Hardware

https://bit.ly/3ywedfM

LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of a dynamic threat landscape and what Intel Security learned from their latest study in partnership with Ponemon Institue.

yay or nay? Weigh in during our upcoming roundtable on lessons learned from and how to prepare for future attacks....
08/03/2022

yay or nay? Weigh in during our upcoming roundtable on lessons learned from and how to prepare for future attacks. Register now for the free event on Thursday, March 10 at 2PM ET https://bit.ly/3ptX9ln

Register NOW for this LIVE event to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk.

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny ...
03/03/2022

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny T***a, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

https://threatpost.com/russia-leaks-data-thousand-cuts-podcast/178749/

It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny T***a, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices —Register NOW for this LIVE event on Thursday, March 10...
03/03/2022

Log4j Exploit: Lessons Learned and Risk Reduction Best Practices —
Register NOW for this LIVE event on Thursday, March 10 at 2PM ET to learn why the vulnerability remains so severe and what the easy steps are to mitigate risk. Join Threatpost's Becky Bracken in conversation with Justin Young from Sonatype

https://bit.ly/3IwGoxs

Register NOW for this LIVE event to learn why the Log4j vulnerability is so severe and easy steps you can take to mitigate your risk.

Join our upcoming cybersecurity event on keeping your organization's secrets safe. Register for the free, live roundtabl...
18/02/2022

Join our upcoming cybersecurity event on keeping your organization's secrets safe. Register for the free, live roundtable on 2-23 at 2pm ET and submit your questions ahead of time. Sponsored by Keeper Security.

Register NOW for this LIVE event to learn what the pitfalls of insecure cloud data is, how to lock secrets down and thwart attacks.

We're looking for cybersecurity pros to join our live roundtable event all about finding and securing your organization'...
18/02/2022

We're looking for cybersecurity pros to join our live roundtable event all about finding and securing your organization's most valuable data. Register now for this free roundtable event below. Sponsored by Keeper Security.

https://bit.ly/3rHbEnu

Register NOW for this LIVE event to learn what the pitfalls of insecure cloud data is, how to lock secrets down and thwart attacks.

Check the forecast for cloud security in 2022 and cut your chances of being caught in the middle of a storm. # https...
17/02/2022

Check the forecast for cloud security in 2022 and cut your chances of being caught in the middle of a storm. #

https://bit.ly/3gR4rLm

Stay ahead of learning what the emerging cloud trends are for defenders and attackers. Get the whole story and download this FREE eBook today!

Not the chips! Maker behind chip brands Popchips, Tyrrell's and others hit with which could delay deliveries to retail...
03/02/2022

Not the chips! Maker behind chip brands Popchips, Tyrrell's and others hit with which could delay deliveries to retailers through March.

The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening supermarket shelves that could stay empty for weeks.

Wearable medical devices put patients at risk of tracking, data theft, Kaspersky researchers found — including devices f...
03/02/2022

Wearable medical devices put patients at risk of tracking, data theft, Kaspersky researchers found — including devices from Fitbit, Apple and Samsung.

Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.

Running Saba for file sharing? You're gonna need to patch that.
02/02/2022

Running Saba for file sharing? You're gonna need to patch that.

The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.

Nifty Penguin Magic (npm) JavaScript repository turns out to be a great way to deliver malicious code for and more....
02/02/2022

Nifty Penguin Magic (npm) JavaScript repository turns out to be a great way to deliver malicious code for and more. https://threatpost.com/malicious-npm-packages-web-apps/178137/

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.

Charming Kitten APT back with new tools, likely eyeing bigger targets, Cybereason researchers say.
02/02/2022

Charming Kitten APT back with new tools, likely eyeing bigger targets, Cybereason researchers say.

The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.

Group is using Windows Update to spray malware in a campaign powered by a GitHub C2 server, Malwarebytes Labs research...
28/01/2022

Group is using Windows Update to spray malware in a campaign powered by a GitHub C2 server, Malwarebytes Labs researchers have found.

The APT is (again) dangling job opportunities in front of engineers in a spear-phishing campaign. This time, the North Korean APT was masquerading as Lockheed Martin לוקהיד מרטין ישראל recruiters.

https://threatpost.com/lazarus-apt-windows-update-malware-github/178096/

The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.

’s payout is (temporarily) up to $400K: Not surprising, given Trustwave SpiderLabs’ discovery of a new way to bypass an...
28/01/2022

’s payout is (temporarily) up to $400K: Not surprising, given Trustwave SpiderLabs’ discovery of a new way to bypass an security feature to dump malicious links into victims' laps.

https://threatpost.com/zerodium-payout-outlook-zero-days/178089/

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

The malicious 2FA app was finally yanked from Google Play, but not before being downloaded >10K times. It came loaded wi...
28/01/2022

The malicious 2FA app was finally yanked from Google Play, but not before being downloaded >10K times. It came loaded with the stealer malware that swoops down on financial data. Report from .
https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been...
28/01/2022

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled. Thanks for the input, .
https://threatpost.com/conti-deadbolt-delta-qnap-ransomware/178083/

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.

& Cofense researchers separately spotted threat actors increasingly using scams that spoof package couriers like DHL o...
27/01/2022

& Cofense researchers separately spotted threat actors increasingly using scams that spoof package couriers like DHL or the USPS in authentic-looking phishing emails.
https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Apple put out fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild, the other bein...
26/01/2022

Apple put out fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild, the other being that nasty WebKit flaw Fingerprintjs found.

Thanks for your input, NetEnrich Corp.
https://threatpost.com/apple-zero-day-security-exploited/178040/

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Zimperium found ~500 malicious apps lurking on Google Play Store that successfully snuck Dark Herring cash-stealing malw...
26/01/2022

Zimperium found ~500 malicious apps lurking on Google Play Store that successfully snuck Dark Herring cash-stealing malware charges onto mobile carrier bills on >100M Androids.
https://threatpost.com/dark-herring-billing-malware-android/178032/

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant shares hers in th...
26/01/2022

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant shares hers in this detailed breakdown.
https://threatpost.com/tips-activate-cyber-defense/177955/

Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown.

Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intel...
26/01/2022

Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at , discusses how spoofing is evolving and what to do.
https://threatpost.com/cybercriminals-supply-chain-protect-inbox/178002/

Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

It’s ubiquitous and it has NSA Director of Cybersecurity Rob Joyce “concerned,” but Qualys says it has *not* seen in-the...
26/01/2022

It’s ubiquitous and it has NSA Director of Cybersecurity Rob Joyce “concerned,” but Qualys says it has *not* seen in-the-wild exploits of the it’s-in-all-major-Linux distros bug.

Just excited researchers so far, though lord knows that won't last.

https://threatpost.com/linux-bug-in-all-major-distros-an-attackers-dream-come-true/177996/

Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits. Found in polkit’s pkexec – a tool for controlling system-wide privileges in Unix-like operating s...

Bitdefender Labs found a raft of active campaigns delivering the Flubot and Teabot trojans through smishing and maliciou...
26/01/2022

Bitdefender Labs found a raft of active campaigns delivering the Flubot and Teabot trojans through smishing and malicious Google Play apps – including a QR reader – to target victims across the globe.
https://threatpost.com/threat-actors-androids-flubot-teabot-campaigns/177991/

Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.

A massive tournament styled after the blockbuster Squid Game (aka “SquidCraft”) apparently inspired a DDoS attack th...
25/01/2022

A massive tournament styled after the blockbuster Squid Game (aka “SquidCraft”) apparently inspired a DDoS attack that took down the sole (and state-owned) ISP in Andorra in the Pyrenees.
https://threatpost.com/cyberattacks-squid-game-minecraft-andorra-internet/177981/

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.

Segway, maker of cartoony people-movers, has been serving a nasty credit-card harvesting skimmer via its website that’s ...
25/01/2022

Segway, maker of cartoony people-movers, has been serving a nasty credit-card harvesting skimmer via its website that’s likely linked to Group 12.

Via Malwarebytes. Thnx, PerimeterX & KnowBe4.

https://lnkd.in/eaJNJjxt

Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.

Ozzy & Sharon Osbourne’s launch of was clouded by grifters who used an abandoned vanity Discord URL to drain users’ cr...
25/01/2022

Ozzy & Sharon Osbourne’s launch of was clouded by grifters who used an abandoned vanity Discord URL to drain users’ crypto wallets out of at least $150K ETH.

Sutter Systems: quick-fix of goof. Discord: slow fix. Chiroptera: adorable, fuzzy little wind chimes

https://threatpost.com/ozzy-osbourne-nfts-cryptocurrency/177969/

A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.

Two new PITAs for WordPress users: one bug in WordPress AdSanity plugin (found by Ninja Technologies Network, 40 comprom...
25/01/2022

Two new PITAs for WordPress users: one bug in WordPress AdSanity plugin (found by Ninja Technologies Network, 40 compromised themes/53 AccessPress Themes plugins found by Jetpack for WordPress.

Thanks for your input, NTT Application Security, nVisium, Vulcan Cyber
https://threatpost.com/adsanity-accesspress-plugins-wordpress-sites-takeover/177932/

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.

ESET has detailed a powerful new backdoor–dubbed DazzleSpy–used in the August watering-hole attacks meant to entangle Ho...
25/01/2022

ESET has detailed a powerful new backdoor–dubbed DazzleSpy–used in the August watering-hole attacks meant to entangle Hong Kong pro-democracy activists.

https://threatpost.com/macos-malware-dazzlespy-watering-hole-attacks/177943/

A pro-democracy Hong Kong site was hijacked and used to launch watering-hole attacks that exploited a Safari exploit to drop a powerful macOS backdoor.

Cleafy researchers found new variants of the BRATA banking trojan targeting Android devices since November: able to stea...
25/01/2022

Cleafy researchers found new variants of the BRATA banking trojan targeting Android devices since November: able to steal user data, wipe devices after, track devices via GPS, and w/novel obfuscation.
https://threatpost.com/brata-android-trojan-kill-switch-wipes/177921/

Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.

Address


Website

Alerts

Be the first to know and let us send you an email when Threatpost posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Threatpost:

Shortcuts

  • Address
  • Alerts
  • Contact The Business
  • Claim ownership or report listing

  • Want your business to be the top-listed Media Company?

Share