North Korea’s Hidden Cobra Strikes U.S. Targets with HOPLIGHT
The custom malware is a spy tool and can also disrupt processes at U.S. assets. Go to Source
WordPress Yellow Pencil Plugin Flaws Actively Exploited
Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered. Go to Source
ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps
Convincing phishing pages and millions of suspicious apps are plaguing tax season. Go to Source
WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited
A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild. Go to Source
SAS 2019: Fake News Peddlers Adopt Clever New Trick to Fool Facebook, Twitter
At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news. Go to Source
Amazon Auditors Listen to Echo Recordings, Report Says
Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings. Go to Source
Verizon Router Command Injection Flaw Impacts Millions
A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection. Go to Source
SAS 2019: Joe FitzPatrick Warns of the ‘$5 Supply Chain Attack’
At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats. Go to Source
Yahoo Offers $117.5M Settlement in Data Breach Lawsuit
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016. Go to Source
SAS 2019: Triton ICS Malware Hits A Second Victim
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit. Go to Source