A joint Technical Alert, TA17–293A, describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems.
Browsing Tag: vulnerabilities
Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch.
Google announced a public bug bounty for Google Play that brings developers and researchers together to find and patch flaws in popular apps.
The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents.
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis.
The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.
Staff writer Chris Brook says farewell to Threatpost after eight years on the site. He and Mike Mimoso talk about Threatpost’s early days and how the site grew up alongside the security industry.
RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems.
During the Virus Bulletin closing keynote, Brian Honan urged the security industry to share more, victim-shame less and work harder to establish trust.
Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature.