15946 matches found
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers from Huawei – Yiqi Sun and Kevin Wang – have discovered a vulnerability in the “control groups” feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary...
Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware
Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials — they think they’re about to stream Oscar-nominated films, but the reality turns out to be much different. Prior to the winners being announced...
Hackers Amp Up COVID-19 IP Theft Attacks
Attackers are looking to the healthcare space as a rich repository of intellectual property IP now more than ever, as critical research of COVID-19 therapeutics are developed and Pfizer, Moderna and other biotech firms begin to mass produce vaccines. Several incidents show that nation-states are...
News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams
A slew of strange security news stories made headlines this week, from scams to hacks. The Threatpost team breaks down the top stories that made everyone scratch their heads, including: –Cartoon Network streaming websites being hacked to play Brazilian stripper videos. – A Catholic church in...
HubSpot Data Breach Ripples Through Crytocurrency Industry
A rogue employee working at HubSpot – used by more than 135,000 and growing customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the...
PS3 Players Ban: Victims of Surging Gaming Attacks
A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform. This is just the latest in a shocking spike in attacks on unsuspecting gamers. Sony reportedly left a folder with every PS3...
Critical Exim Flaw Opens Servers to Remote Code Execution
A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...
Data Breach Lessons from the Trenches
In this webcast Threatpost editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. He shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against futu...
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
UPDATE A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to an analysis from Eclypsium, the...
DLL Hijacking Exploit Code Posted for PowerPoint, Other Apps
A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some application...
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
iPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren’t getting a...
Ransomware: A Deep Dive into 2021 Emerging Cyber-Risks
Ransomware has been a growing scourge for years, but recent attacks illustrate a growing sophistication by attackers within this slice of the cybercrime underbelly. Snowballing assaults against the business sector, schools and government organizations are now a primary cybersecurity concern. Maki...
Critical MobileIron RCE Flaw Under Active Attack
Advanced persistent threat APT groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question CVE-2020-15505 is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it...
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three...
Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week. The flaw CVE-2020-6492 is a use-after-free vulnerability in the WebGL We...
Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity
Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres...
Researchers: PlugX More Prominent Than Ever
Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...
APT41 Spies Broke Into 6 US State Networks via a Livestock App
USAHerds – an app used PDF by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by...
Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out
Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data – they do anyway. “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas...
Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures. Overall, Google’s release of Chrome 85.0.4183.121 for...
Report: Microsoft’s GitHub Account Gets Hacked
Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports. A group that calls itself Shiny Hunters claims it stole and then leaked the data, which did not appear to include...
RAMBleed Side-Channel Attack Exposes Privileged Memory
A team of academic researchers has discovered a follow-on to the Rowhammer class of attacks that allows attackers to read memory data on a target Windows computer, without actually accessing the memory itself. The method is dubbed RAMBleed. Andrew Kwong and Daniel Genkin at the University of...
Okta Says It Goofed in Handling the Lapsus$ Attack
On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover ATO at one of its...
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws. This is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing...
BazarLoader Malware Abuses Slack, BaseCamp Clouds
The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts fr...
Threat Actors Introduce Unique ‘Newbie’ Hacker Forum
A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals. Digita...
Gamers Are Easy Prey for Credential Thieves
Gamers are soft targets for credential-thieving hackers who see them as young, naive and playing it fast and loose with security. “A 14-year-old kid’s gaming credentials are worth more than you think,” said Mike Wilson, CTO at Enzoic. He said credentials tied to Fortnite, Minecraft and RuneScape...
Critical Magento Flaws Allow Code Execution
Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...
Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline
Multiple TCP-based remote denial-of-service vulnerabilities have been uncovered in the FreeBSD and Linux kernels by Netflix researchers. Exploitation would interrupt TCP connections and therefore streaming content flows to vulnerable Linux-based PCs putting a crimp in binge-watching, for instance...
Emotet Now Spreading Through Malicious Excel Files
The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its...
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
ForcedEntry – the exploit of a zero-click iMessage zero day that circumvented Apple’s then-brand-new BlastDoor security feature starting a year ago – was picked apart not just by NSO Group with its Pegasus spyware but also by a newly uncovered, smaller smartphone-hacking toolmaker named QuaDream...
Why I Love (Breaking Into) Your Security Appliances
Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...
Critical Cisco VM Bug Allows Remote Takeover of Routers
A critical remote authentication-bypass vulnerability – with the highest possible severity level of 10 out of 10 on the CvSS scale – has been found in the Cisco REST API virtual service container for Cisco IOS XE Software. The bug CVE-2019-12643 affects the following hardware if running the REST...
Gitrob Combs Github Repositories for Secret Company Data
Free online code repositories such as GitHub provide a valuable collaboration service for enterprise developers. But it’s also a trove of potentially sensitive company and project information that’s likely to warrant attention from hackers. An application security specialist from Berlin has...
SAP Patches Nine Critical & High-Severity Bugs
SAP has released 19 new and updated security patches, three of them rated as “HotNews” critical and six as high-priority. “HotNews” is the severity rating that SAP gives to critical vulnerabilities. Two of this month’s sizzlers have a CVSS score of 9.9 and affect SAP Business One and SAP NetWeave...
REvil Ransomware Code Ripped Off by Rivals
They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit CTU found that it...
New Attacks Slaughter All Spectre Defenses
All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago. A paper published on Friday by a team of computer scientists from the...
APT Charming Kitten Pounces on Medical Researchers
Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBloo...
Ring Adds End-to-End Encryption to Quell Security Uproar
Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they s...
Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply...
Redaman Spams Russian Banking Customers with Rotating Tactics
The Redaman banking trojan ramped up its activity in the last part of 2018, employing ongoing back-end changes in order to evade detection, according to a new Wednesday report. Redaman as a malware first came on the scene in 2015, and since then has consistently targeted victims that use Russian...
Second Try at LSASS Patch Addresses Vulnerability
Microsoft’s second try at patching a vulnerability in a critical Windows process apparently is more successful than its first attempt. Yesterday, as part of its monthly Patch Tuesday release of security bulletins, Microsoft sent out an update that fixed a denial-of-service vulnerability in the...
QNAP: Get NAS Devices Off the Internet Now
Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...
High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers ASR. The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System IOS. The OS powers the Cisco ASR 9000 serie...
SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day
On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning. On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation LPE, by importing legacy tasks from other...
SolarWinds 2.0 Could Ignite Financial Crisis – Podcast
Could a cyberattack spark the next financial crisis? Following the calamitous, widespread SolarWinds attacks in April, that’s exactly what the New York State Department of Financial Services DFS has suggested. “This incident confirms that the next great financial crisis could come from a...
From PowerShell to Payload: An Analysis of Weaponized Malware
UPDATE Click, and boom, your network is compromised. All a hacker needs is one successful exploit and you could have a very bad day. Recently we uncovered one artifact that we would like to break down and showcase. We will get “into the weeds” here and really deep-dive on the technical details, s...
D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw
Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...
Inside the Hoaxcalls Botnet: Both Success and Failure
The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service DDoS attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise. Researchers, however, have discovered th...
DroidSheep Android App Hijacks Sessions in One Click, Developer Meant Well
Following the success of the Firesheep application, a new Android application called DroidSheep allows users to hijack Web sessions of popular online services over insecure Wifi connections. DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including...