Vulnerabilities

2fa bypass account compromise Breach challenge questions customer service line porting mobile security sim swap Two Factor Authentication Vulnerabilities weak authentication Wireless carriers 

Mobile Carrier Customer Service Ushers in SIM-Swap Fraud

Saturday January 18th, 2020 Tara Seals

Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.

Read more

Cisco citrix exploit code Hacks Microsoft poc exploit Vulnerabilities zero day Zero Day Flaw 

Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?

Friday January 17th, 2020 Lindsey O'Donnell vulnerability

Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?

Read more

cable haunt critical vulnerability exploit code Google google play Hacks ISP joker malware poc podcast Podcasts proof-of-concept exploit Vulnerabilities zero day 

News Wrap: PoC Exploits, Cable Haunt and Joker Malware

Friday January 17th, 2020 Lindsey O'Donnell

Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.

Read more

Cisco critical Cisco flaws CVE-2019-15975 CVE-2019-15976 CVE-2019-15977 dcnm Exploit Proof of Concept Vulnerabilities 

Critical Cisco Flaws Now Have PoC Exploit

Friday January 17th, 2020 Lindsey O'Donnell

The flaws affect a key tool for managing its network platform and switches.

Read more

crypto-spoofing bug Exploit Microsoft microsoft bug NSA patch patch Tuesday poc poc exploit code Vulnerabilities Web Security 

PoC Exploits Published For Microsoft Crypto Bug

Thursday January 16th, 2020 Lindsey O'Donnell vulnerability

Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.

Read more

Base64 InfiniteWP Client JSON Vulnerabilities Web Security WebArx WordPress 

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Thursday January 16th, 2020 Tom Spring

Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.

Read more

crypto-spoofing bug fix Government Microsoft Microsoft patch NSA NSA microsoft patch Tuesday Vulnerabilities 

Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft

Thursday January 16th, 2020 Lindsey O'Donnell vulnerability

Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted.

Read more

CPU Critical Patch Update january 2020 Oracle quarterly update security patches Vulnerabilities 

Oracle Ties Previous All-Time Patch High with January Updates

Wednesday January 15th, 2020 Tara Seals

The software giant patched 300+ bugs in its quarterly update.

Read more

Atom Celeron Core CVE-2019-14600 CVE-2019-14613 CVE-2019-14615 high severity flaw Intel intel VTune profiler patch Pentium privilege escalation Vulnerabilities Windows Xeon 

Intel Fixes High-Severity Flaw in Performance Analysis Tool

Wednesday January 15th, 2020 Lindsey O'Donnell vulnerability

The flaw, in Intel VTune Profiler, could enable privilege escalation.

Read more

Atom Celeron Core CVE-2019-14600 CVE-2019-14613 CVE-2019-14615 high severity flaw Intel intel VTune profiler patch Pentium privilege escalation Vulnerabilities Windows Xeon 

Intel Fixes High-Severity Flaw in Performance Analysis Tool

Wednesday January 15th, 2020 Lindsey O'Donnell vulnerability

The flaw, in Intel VTune Profiler, could enable privilege escalation.

Read more