Foxit PDF Reader, PhantomPDF Open to Remote Code Execution

Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms. The most severe of the bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems. Overall, Foxit Software...

SoundCloud Tackles DoS, Account Takeover Issues

Online music platform SoundCloud, which can be thought of as an audio-based YouTube for music creators, has addressed several security bugs in its APIs that could lead to denial-of-service DoS or account takeover via credential-stuffing. SoundCloud recently sold a $75 million stake to satellite...

Google Squashes High-Severity Flaws in Chrome Browser

On Thursday, Google released security patches to stomp out high-severity vulnerabilities in its Chrome browser. Patches for all the bugs Google disclosed in its security advisory roll out over the next few days. Overall, eight security bugs were addressed in Chrome browser version 80.0.3987.162 f...

DHS Urges Pulse Secure VPN Users To Update Passwords

The Department of Homeland Security DHS is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have...

Microsoft Exchange Server Flaw Exploited in APT Attacks

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability in question CVE-2020-0688 exists in the control panel of...

Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA

Cisco has stomped out 12 high-severity vulnerabilities across several network security products. The flaws can be exploited by unauthenticated remote attackers to launch an array of attacks – from denial of service DoS to sniffing out sensitive data. Specifically affected is Cisco’s Firepower...

Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

UPDATE Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do...

Cisco Patches 'High-Severity' Bugs Impacting Switches, Fibre Storage

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet...

Self-Propagating Lucifer Malware Targets Windows Systems

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service DDoS attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of...

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...

Muhstik Botnet Exploits Highly Critical Drupal Bug

Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month...

Apple Jailbreak Zero-Day Gets a Patch

Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. In its notes for the release, Apple says very little else about the patches overall that it pushed o...

Researcher Publishes Patch Bypass for vBulletin 0-Day

A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation,” Austin-bas...

Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover

About 8,000 users of F5 Networks’ BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution RCE, despite a patch for a critical flaw being available for two weeks. The BIG-IP family consists of application delivery controllers, Local Traffic Managers...

PHP Bug Allows Remote Code-Execution on NGINX Servers

A buffer underflow bug in PHP could allow remote code-execution RCE on targeted NGINX servers. First discovered during a hCorem Capture the Flag competition in September, the bug CVE-2019-11043 exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to...

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Download “The Evolution of Ransomware” to gain valuable...

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution RCE flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support...

PowerPoint Files Abused to Take Over Computers

Attackers are using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings to take over an end user’s computer, researchers have found. It’s one of a number of stealthy ways threat actors recently have been targeting desktop users through trust...

Exchange Servers Under Active Attack via ProxyShell Bugs

Researchers’ Microsoft Exchange server honeypots are being actively exploited via ProxyShell: The name of an attack disclosed at Black Hat last week that chains three vulnerabilities to enable unauthenticated attackers to perform remote code execution RCE and snag plaintext passwords. In his Blac...

Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches

Microsoft has issued one of its largest Patch Tuesday updates for the shortest month of the year, addressing 99 security vulnerabilities across a range of products. Twelve of the bugs are listed as critical – and the rest are rated as being important. The update includes a patch for the zero-day...

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe. Pulse Secure also patched thre...

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Proof-of-concept exploit code surfaced on GitHub on Friday, raising the stakes on two existing Apache Struts 2 bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations. The Cybersecurity and Infrastructure Security Agency CISA issued an alert regarding t...

8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...

Stealthy Malware Hidden in Images Takes to GoogleUserContent

Malware that uses Exchangeable Image File Format EXIF data to hide its code has migrated to a new platform: GoogleUserContent sites, such as Google+ and blogger forums. In this technique, previously seen on Pastebin and GitHub, hackers embed malicious code within uploaded images – a stealthy...

Pioneer Kitten APT Sells Corporate Network Access

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity. Pioneer Kitten is a hacker group that specializes...

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

UPDATE Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and...

New 'Sodinokibi' Ransomware Exploits Critical Oracle WebLogic Flaw

A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant. The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. Th...

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things IoT devices that are based on ARM and MIPS CPUs. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules...

200M Adult Cam Model, User Records Exposed in Stripchat Breach

UPDATE A database containing the highly sensitive information on both users and models on the popular adult cam site Stripchat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more. Stripchat is a popular site founded ...

Citrix Warns of Critical Flaws in XenMobile Server

Citrix is urging users to immediately patch a pair of critical flaws in its flagship mobile device management software. If exploited, the flaws could allow remote, unauthorized attackers to access domain account credentials – ultimately opening the door to a treasure trove of corporate data,...

Massive Meris Botnet Embeds Ransomware Notes from REvil

Hey webop\geeks, you\are\already\dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. Imperva reported the interesting twist on Friday – one of several it’s seen in the evolution of...

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical...

Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver

Nvidia issued patches for high-severity vulnerabilities in its graphics driver, which can be exploited by a local attacker to launch denial-of-service DoS or code-execution attacks. Nvidia’s graphics processing unit GPU display driver is used in devices targeted for enthusiast gamers; it’s the...

Thousands of Fortinet VPN Account Credentials Leaked

UPDATE: Subsequent reporting and disclosures show “Groove” was a hoax intended to lure media outlets into reporting on fake potential threats against U.S. government interests. Threatpost regrets falling for a troll. Lesson learned and apologies to our readers. Credentials pilfered from 87,000...

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller ADC and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker. The Citrix products...

ThreatList: Skype-Themed Apps Hide a Raft of Malware

Popular conferencing apps have become a major cybercrime lure during the COVID-19 work-from-home era – and Skype is the undisputed leader when it comes to being impersonated by malicious downloads, researchers have found. An April analysis from Kaspersky uncovered a total of 120,000 suspicious...

Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist

Wormhole – a web-based blockchain “bridge” that enables users to convert cryptocurrencies – said on Thursday that “all funds are safe” after attackers abused a vulnerability to shake it down for 120,000 Ethereum approximately $314 million. In a postmortem shared with Threatpost on Thursday,...

Ramsay Malware Targets Air-Gapped Networks

A cyber-espionage malware has been discovered that’s capable of collecting and exfiltrating sensitive documents from within air‑gapped networks. The malware, dubbed Ramsay, is still under active development — so far, researchers have found three different samples, with each sample adding new...

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability CVE-2019-2725 is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto...

Windows Zero-Day Emerges in Active Exploits

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover. Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw...

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.” Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities...

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month. Oracle WebLogic Server is a popular application server used in...

Phishers Delivering Increasingly Convincing Lures

Innovative twists on banking scams and corporate-account hunters wielding increasingly clever lures, including those with COVID-19 vaccine promises, are likely to dominate the spam and phishing landscape throughout Q2 2021, according to researchers. And although no new wild trends have emerged,...

Oracle Solaris Zero-Day Attack Revealed

A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that the group was exploiting the bug when it wa...

Accenture Confirms LockBit Ransomware Attack

081321 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “Whi...

Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express CCX. Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. Th...

3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I

Be forewarned—I’m about to lay down some harsh truths here. First, ransomware is prevalent, and there is no way to completely eliminate the threat. Second, at this point, you should operate under the assumption that hackers are already in your systems or could easily access them at any moment. It...

MediaTek Bug Actively Exploited, Affects Millions of Android Devices

Google has addressed a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices – and which has an exploit already circulating in the wild. Also in its March 2020 Android Security bulletin, issued this week, Google disclosed and patched a critical...