Threatpost News Wrap Podcast For Oct. 12
Threatpost’s editors discuss the top news of this week. Go to Source
Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
The official update from Microsoft only limits the vulnerability, according to 0Patch. Go to Source
Shining a Light on a New Technique for Stealth Persistence
Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence. Go to Source
Facebook Bans More Than 800 Accounts in Disinformation Purge
The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation. Go to Source
FitMetrix Exposes Millions of Customer Details, Accessed by Criminals
Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks. Go to Source
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Go to Source
ThreatList: Credential Theft Spikes by Triple Digits in U.S.
Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging. Go to Source
Adaptable, All-in-One Android Trojan Shows the Future of Malware
GPlayed may be the new face of malware — flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone. Go to Source
Fake Adobe Flash Updates Hide Malicious Crypto Miners
A fake Adobe update actually updates victims’ Flash – but also installs malicious cryptomining malware. Go to Source
ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume
Most of the attacks originated in China. Go to Source