Attack Method Highlights Weaknesses in Microsoft CFG

As Microsoft hardens its defenses with tools such as Control Flow Guard, researchers at Endgame are preparing for the reality of Counterfeit Object-Oriented Programming attacks to move from theoretical to real. Source:...

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there...

APT Trends report, Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there...

Air Force Hopes To Attract Hackers With Bug Bounty Program

The Hack the Air Force bug bounty program invites white hats from inside and outside the U.S. to hack its websites. Source: Threadpost

Lack of Security Talent Afflicts Healthcare

At Source Boston, Josh Corman of the Atlantic Council said that healthcare is suffering from a lack of security talent, devices rife with vulnerabilities, and government incentivizing bad behavior. Source: Threadpost

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A trove of consumer auto loan data—some 1 million records—has been locked down after a researcher found an exposed and accessible database online. Source: Threadpost

Atlassian Resets HipChat Passwords Following Breach

Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service. Source: Threadpost

xDedic Market Spilling Over With School Servers, PCs

Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States. Source: Threadpost

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning. Source: Threadpost

Zimperium Acquisition Program Publishes Exploits for Patched Android Bugs

Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program. Source: Threadpost
- Advertisement -

APLICATIONS

Threatpost News Wrap, September 30, 2016

The latest on the Yahoo breach, Germany's problem with WhatsApp-Facebook, Facebook's osquery tool for Windows, and Zerodium's $1.5M iOS bounty are all discussed. Source: Threadpost