Sponsor of the Day:
Jerkmate
https://threatpost.com/fancy-bear-nuke-threat-lure/180056/
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug | Threatpost
Jun 23, 2022 - The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
fancy bearbug threatpostusesnukelure
https://threatpost.com/whatsapp-downplays-damage-of-a-group-invite-bug/129387/
WhatsApp Downplays Damage of a Group Invite Bug | Threatpost
Jan 12, 2018 - WhatsApp said that claims that infiltrators can add themselves to an encrypted group chat without being noticed is incorrect.
bug threatpostwhatsappdownplaysdamagegroup
https://threatpost.com/vmware-patch-critical-bug/180346/
VMWare Urges Users to Patch Critical Authentication Bypass Bug | Threatpost
Aug 4, 2022 - Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
urges usersauthentication bypassbug threatpostvmwarepatch
https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk | Threatpost
May 10, 2022 - A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices.
puts millionsiot devicesunpatcheddnsbug
https://threatpost.com/facebook-bug-bounty-loyalty-program/159993/
Facebook Debuts Bug Bounty ‘Loyalty Program’ | Threatpost
Oct 9, 2020 - Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports — which will dictate new bonus...
bug bountyfacebookdebutsthreatpost
https://threatpost.com/category/bug-bounty/
Category: Bug Bounty | Threatpost
bug bountycategorythreatpost
https://threatpost.com/linux-bug-in-all-major-distros-an-attackers-dream-come-true/177996/
Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost
Jan 26, 2022 - The 12-year-old flaw in the sudo-like Polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
linux bugdream comeubiquitousthreatpost
https://threatpost.com/twitter-fixes-bug-that-enabled-takeover-of-android-app-accounts/151393/
Twitter Fixes Bug that Enabled Takeover of Android App Accounts | Threatpost
Dec 23, 2019 - Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to...
fixes bugandroid appaccounts threatposttwitterenabled
https://threatpost.com/xiaomi-phones-found-vulnerable-to-payment-forgery/180416/
Xiaomi Phone Bug Allowed Payment Forgery | Threatpost
Aug 16, 2022 - Mobile transactions could’ve been disabled, created and signed by attackers.
xiaomi phonebugallowedpaymentforgery
https://threatpost.com/bug-bounty-fall-flat/166568/
Where Bug Bounty Programs Fall Flat | Threatpost
Sep 16, 2021 - Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough .
bug bounty programsfall flatthreatpost
https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/
Windows Hello Bypass Bug Patch is Faulty, Researchers Say | Threatpost
Aug 5, 2021 - Black Hat: Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
windows helloresearchers saybypassbugpatch
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack | Threatpost
Oct 19, 2020 - Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
ryuk ransomwaregang useslightning fastattack threatpostzerologon
https://threatpost.com/google-patches-zero-day-browser/160393/
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser | Threatpost
Oct 21, 2020 - The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
actively exploited zerogoogle patchesday bugchrome browserthreatpost
https://threatpost.com/cisa-urges-patch-11-bug/180235/
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2 | Threatpost
Jul 18, 2022 - Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
cisa urgeswindows 11aug 2patchexploited
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Firewall Bug Under Active Attack Triggers CISA Warning | Threatpost
Aug 23, 2022 - CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
active attackfirewallbugtriggerscisa