Vulnerabilities

Say Goodbye to SMBv1 in Windows Fall Creators Update

The SMBv1 file-sharing protocol abused by the NSArsquo;s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3.

FIN10 Extorting Canadian Mining Companies, Casinos

A string of data thefts targeting North American mining companies and casinos are extorting as much as $620,000 from victims.

Mexican Journalists, Lawyers Focus of Government Spyware

Dozens of Mexican journalists, lawyers, and even a child, were hit with Pegasus, commercially-produced spyware, as part of a campaign believed to be carried out by the nationrsquo;s government.

Republican Data Broker Exposes 198M Voter Records

Almost 200 million voter profiles culled by Republican data broker Deep Root Analytics were left exposed on an Amazon S3 server.

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

Patches are available for a newly discovered Linux, BSD and Solaris vulnerability called Stack Clash that bypasses stack guard-page mitigations and enables root access.

VU#489392: Acronis True Image fails to update itself securely

Acronis True Image fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

IoT Malware Activity Already More Than Doubled 2016 Numbers

The number of new malware samples in the wild this year targeting connected internet-of-things (IoT) devices has already more than doubled last yearrsquo;s total.

Wikileaks Alleges Years of CIA D-Link and Linksys Router Hacking Via...

The latest dump from Wikileaks alleges the CIA installed custom router firmware on unsuspecting targets in order to spy on internet activity.

Someone Failed to Contain WannaCry

As reports of the NSA officially connecting WannaCry to North Korea surface, experts are saying developers failed to contain the ransomware before it was ready for deployment.

Threatpost News Wrap, June 16, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including Microsoft's XP patches, Hidden Cobra, a Nigerian BEC campaign, MacRansom, and more.

Erosion of ISP Privacy Rules Sparks New Anti-Snooping Efforts

After lawmakers struck down ISP privacy protections earlier this year, new efforts are underway to help consumers win back control of their personal information from their service providers.

Nigerian BEC Scams Hit 500 Companies in 50 Countries

A Kaspersky Lab report on Thursday said an especially potent Nigerian Business Email Compromise campaign has stolen sensitive data from over 500 companies in 50 countries.