threatpost.com


Turla APT Returns with New Malware, Anti-Censorship Angle

threatpost.com :: A dropper called “Topinambour" is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.

google  archive  twitter  tumblr  facebook 


Zoom Pushes Emergency Patch for Webcam Hijack Flaw

threatpost.com :: After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.

google  archive  twitter  tumblr  facebook 


Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking

threatpost.com :: The vulnerability can be exploited on a drive-by basis by a malicious website.

google  archive  twitter  tumblr  facebook 


WordPress Plugin WP Statistics Patches XSS Flaw

threatpost.com :: A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.

google  archive  twitter  tumblr  facebook 


Scammers Prey on Instagram Vanity and ‘Verified Account’ Status

threatpost.com :: Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.

google  archive  twitter  tumblr  facebook 


LoudMiner Cryptominer Uses Linux Image and Virtual Machines

threatpost.com :: A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally.

google  archive  twitter  tumblr  facebook 



Irked Researcher Discloses Facebook WordPress Plugin Flaws

threatpost.com :: Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.

google  archive  twitter  tumblr  facebook 


WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution

threatpost.com :: A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.

google  archive  twitter  tumblr  facebook 


Buggy Phishing Kits Allow Criminals to Cannibalize Their Own

threatpost.com :: The vulnerable kits also offer a point of entry to compromise legitimate website servers.

google  archive  twitter  tumblr  facebook 


WordPress Plugin Has Unpatched Privilege Escalation Flaw, Warn Researchers

threatpost.com :: Researchers are warning of flaws in two WordPress plugins - Slick Popup and WP Database Backup - including one that remains unpatched.

google  archive  twitter  tumblr  facebook 


Joomla and WordPress Found Harboring Malicious Redirect Code

threatpost.com :: New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.

google  archive  twitter  tumblr  facebook 


WordPress WP Live Chat Support Plugin Fixes XSS Flaw

threatpost.com :: A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

google  archive  twitter  tumblr  facebook 


WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

threatpost.com :: After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.

google  archive  twitter  tumblr  facebook 


Ad Server Patched to Stop Possible Malware Distribution

threatpost.com :: Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.

google  archive  twitter  tumblr  facebook 


Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

threatpost.com :: Researchers are urging Oracle WebLogic users to update quickly - after new Muhstik botnet samples started targeting a critical flaw in the servers.

google  archive  twitter  tumblr  facebook 


Users Urged to Update WordPress Plugin After Flaw Disclosed

threatpost.com :: Yet another WordPress plugin vulnerability has put thousands of websites at risk.

google  archive  twitter  tumblr  facebook 


Exploits for Social Warfare WordPress Plugin Reach Critical Mass

threatpost.com :: More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.

google  archive  twitter  tumblr  facebook 


Rogue Waves: Preparing the Internet for the Next Mega DDoS Attack

threatpost.com :: Why many attack techniques can be reused – but organizations can't defend against them.

google  archive  twitter  tumblr  facebook 


WordPress Yellow Pencil Plugin Flaws Actively Exploited

threatpost.com :: Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.

google  archive  twitter  tumblr  facebook 


Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited

threatpost.com :: A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.

google  archive  twitter  tumblr  facebook 


Lazarus Group Widens Tactics in Cryptocurrency Attacks

threatpost.com :: MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

google  archive  twitter  tumblr  facebook