Mobile Carrier Customer Service Ushers in SIM-Swap Fraud
Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.
Vulnerabilities
Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?
Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?
News Wrap: PoC Exploits, Cable Haunt and Joker Malware
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.
The flaws affect a key tool for managing its network platform and switches.
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.
Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted.
The software giant patched 300+ bugs in its quarterly update.
The flaw, in Intel VTune Profiler, could enable privilege escalation.
Magecart groups using automated infection scans infected the site, which was running outdated Magento software.
