Threatpost | The first stop for security news

The First Stop For Security News

08/18/2017 01:32 AM
Hacker Publishes iOS Secure Enclave Firmware Decryption Key
A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor.

08/17/2017 08:55 PM
Cisco Patches Privilege Escalation Bugs in APIC
Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine.

08/17/2017 08:50 PM
Drupal Patches Critical Access Bypass in Core Engine
A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

08/17/2017 06:48 PM
Rowhammer Attacks Come to MLC NAND Flash Memory
IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory.

08/16/2017 10:41 PM
Locky Ransomware Variant Slips Past Some Defenses
Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.

08/16/2017 06:59 PM
Flash’s Final Countdown Has Begun
The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

08/16/2017 06:33 PM
Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack
A.P. Moller -Maersk said June's NotPetya wiper malware attacks would cost the world's largest shipping container company $300M USD in lost revenue.

08/16/2017 04:14 PM
Google Removes Chrome Extension Used in Banking Fraud
Google has removed the Interface Online Chrome extension from the Chrome Web Store. The plugin was used by criminals in Brazil to target corporate users with the aim of stealing banking credentials.

08/15/2017 07:58 PM
Seven More Chrome Extensions Compromised
The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims’ browsers grows.

08/15/2017 07:00 PM
Attackers Backdoor Another Software Update Mechanism
Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad.