Exploit Details Emerge for Unpatched Microsoft Bug
A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.
View ArticleLazarus Targets Defense Companies with ThreatNeedle Malware
A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies.
View ArticleGoogle Chrome V8 Bug Allows Remote Code-Execution
The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities.
View ArticleFour Android Bugs Being Exploited in the Wild
On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.
View ArticlePodcast: The State of Ransomware
In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.
View ArticleResearchers: Booming Cyber-Underground Market for Initial-Access Brokers
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.
View ArticleMy Book Live Users Wake Up to Wiped Devices, Active RCE Attacks
“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit.
View ArticleMercedes-Benz Customer Data Flies Out the Window
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.
View ArticleCobalt Strike Usage Explodes Among Cybercrooks
The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
View ArticleMicrosoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
View Article
