Thursday, July 20, 2017
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks.
Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update Adobe only fixed six vulnerabilities in two products, making it the company's smallest security bulletin of the year.
Micro Market Vendor Warns of Bankcard And Biometric Data Breach Avanti Markets notified customers of a possible breach of personal and payment card data as well as biometric user information that likely occurred July 4.
Classic Ether Wallet Compromised via Social Engineering Developers of Classic Ether Wallet said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening.

Latest News

Free Certs Come With a Cost

Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost.

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Researchers have spotted malicious email campaigns using Zip archives to spread NemucodAES ransomware and the Kovter click-fraud Trojan, simultaneously distributing both pieces of malware.

Siemens Patches Authentication Bypass Flaw in SiPass Server

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.

Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE

Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software.

Threatpost News Wrap, July 14, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including the Verizon breach, the Oracle session hijacking attack, a Telegram-based hacking tool, and a free EternalBlue scanner.

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.

Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines

Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr.

Attackers Using Automated Scans to Takeover WordPress Installs

Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.

Google Changes How it Analyzes Misbehaving Mobile Apps

Google has a new machine-learning algorithm it uses to compare new apps to known secure apps, improving the way it classifies submissions to Google Play.

Third Party Exposes 14 Million Verizon Customer Records

Data belonging to 14 million Verizon customers was exposed by a partner, which misconfigured a repository storing the personal information it had access to.