16Shop Phishing Gang Goes After PayPal Users A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies. threatpost.com/16shop-phishing

Citrix Accelerates Patch Rollout For Critical RCE Flaw Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products. threatpost.com/citrix-patch-ro

FTCODE Ransomware Now Steals Chrome, Firefox Credentials New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook. threatpost.com/ftcode-ransomwa

Microsoft Zero-Day Actively Exploited, Patch Forthcoming CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover. threatpost.com/microsoft-zero-

Hacker Leaks More Than 500K Telnet Credentials for IoT Devices Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port. threatpost.com/hacker-leaks-mo

New JhoneRAT Malware Targets Middle East Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter. threatpost.com/new-jhonerat-ma

Feds Cut Off Access to Billions of Breached Records with Site Takedown The WeLeakInfo "data breach notification" domain is no more. threatpost.com/feds-cut-off-ac

Mobile Carrier Customer Service Ushers in SIM-Swap Fraud Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts. threatpost.com/mobile-customer

Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea? Are publicly released proof-of-concept exploits more helpful for system defenders -- or bad actors? threatpost.com/poll-published-

News Wrap: PoC Exploits, Cable Haunt and Joker Malware Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week's news wrap. threatpost.com/news-wrap-poc-e

FBI Plans to Inform States of Election Breaches The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure. threatpost.com/fbi-plans-to-in

Critical Cisco Flaws Now Have PoC Exploit The flaws affect a key tool for managing its network platform and switches. threatpost.com/cisco-dcnm-flaw

Google Account Security Keys Launch for iPhone iPhone users can now use Bluetooth to secure their Google accounts. threatpost.com/google-account-

Satan Ransomware Reborn to Torment Businesses A hellish mix of features shows the 5ss5c ransomware to be the son of Satan. threatpost.com/satan-ransomwar

PoC Exploits Published For Microsoft Crypto Bug Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability. threatpost.com/poc-exploits-pu

‘Fleeceware’ Apps Downloaded 600M Times from Google Play New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store. threatpost.com/fleeceware-apps

Critical WordPress Bug Leaves 320,000 Sites Open to Attack Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack. threatpost.com/wordpress-bug-l

A Practical Guide to Zero-Trust Security There are five different pillars to implement when moving to a modern, zero-trust security model. threatpost.com/practical-guide

Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted. threatpost.com/podcast-nsa-rep

U.N. Weathers Storm of Emotet-TrickBot Malware A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure. threatpost.com/un-weathers-emo

Show more
mhc.social

Lokale Instanz der MHC SoftWare GmbH