15946 matches found
Chase Bank Phish Swims Past Exchange Email Protections
Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to...
IKEA Hit by Email Reply-Chain Cyberattack
As of Friday – as in, shopping-on-steroids Black Friday – retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads. BleepingComputer got a look at internal emails – one of which is replicated below –...
High-Severity Cisco Flaw Found in CMX Software For Retailers
A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found...
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privilege...
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
Microsoft’s August Patch Tuesday release contains updates for 93 CVEs, including 29 that are rated critical in severity. The highest priority of these include four critical remote code-execution RCE vulnerabilities in Remote Desktop Services RDS and a critical RCE flaw in Microsoft Word. Also, tw...
WordPress Plugin WP Statistics Patches XSS Flaw
WordPress plugin WP Statistics has patched a cross-site scripting XSS vulnerability that could allow for full website takeover, if the website is operating under certain non-default settings. WP Statistics gives website owners a tool to analyze site statistics, such as the number of visitors on t...
Zero-Day No More: Windows Bug Gets a Fix
The local privilege-escalation LPE zero-day bug in Microsoft Task Scheduler, disclosed by SandboxEscaper on Twitter in late May by way of making public a fully functioning exploit, now has a micropatch. The interim fix, from 0patch, was issued Tuesday to address the vulnerability. The bug would...
Trove of Hotmail Passwords Posted Online
If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that t...
Chrome Zero-Day Under Active Attack: Patch ASAP
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that’s actively being jumped on by attackers in the wild. In a brief update, Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation...
Black Hat: Novel DNS Hack Spills Confidential Corp Data
LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...
'Cable Haunt' Bug Plagues Millions of Home Modems
UPDATED Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture that would allow an attacker full remote control of the device. The footprint for the affected devices numbers in the hundreds of millions worldwide...
Firefox and Edge Fall to Hackers on Day Two of Pwn2Own
Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pwn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had anothe...
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications. The patch came as part of the computing giant’s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. Th...
Annoyingly Believable Tax Refund Scam Targets Mobile
A text message-based tax scam is making the rounds in the U.K., in a probable harbinger of things to come as the U.S. tax season gets underway in earnest. SMS messages are going out to unsuspecting U.K. citizens claiming to be from Her Majesty’s Revenue and Customs HMRC, the country’s...
Virus Bulletin 2019: Japanese Attacks Highlight Savvy APT Strategy
LONDON — Three separate, multi-year APT campaigns targeting region-specific software showcase a savvy technique of leveraging zero-day vulnerabilities in niche software in order to infect victims with malware. According to researchers at JPCERT in Japan, speaking at Virus Bulletin 2019, both the...
Microsoft Pushes Azure Users to Patch Linux Systems
Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...
VMWare Urges Users to Patch Critical Authentication Bypass Bug
VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. The bug—tracked as CVE-2022-31656—earned a rating of 9.8 on the CVSS...
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...
US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
U.S. Cyber Command has confirmed that MuddyWater – an advanced persistent threat APT cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that’s historically targeted government victims in the Middle East – is an Iranian intelligence outfit. The link has been suspected, and no...
Zero-Day Used to Wipe My Book Live Devices
Western Digital will start providing free data-recovery services in July for people whose data was wiped off their network-attached storage NAS devices last week, the company said in an update on Tuesday. The company is also planning to offer a trade-in program to get customers onto the cloud –...
Google Chrome Zero-Day Afflicts Windows, Mac Users
Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers. A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming...
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research CPR, which are being cherry-picked for victimization. According t...
Golang Cryptomining Worm Offers 15% Speed Boost
A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm...
Yandex Data Breach Exposes 4K+ Email Accounts
Yandex – one of Europe’s largest internet companies – is warning of a data breach that compromised 4,887 email accounts. The breach stems from an insider threat. Yandex is the most-used search engine in Russia – and the fifth most-popular search engine worldwide. Beyond its search engine, Yandex’...
FritzFrog Botnet Attacks Millions of SSH Servers
A peer-to-peer P2 botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January. SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connectio...
China's APT3 Pilfers Cyberweapons from the NSA
The advanced persistent threat APT group known as APT3, which researchers across the board link to the Chinese government, has built a full in-house battery of exploits and cybertools collectively dubbed “UPSynergy.” An analysis of the toolkit has uncovered a geopolitical cat-and-mouse spy game: ...
Microsoft Settles With Kelihos Botnet Defendant, Says He Didn't Run the Network
Microsoft on Friday said it has reached a settlement with a Russian programmer it named as a defendant in a lawsuit related to the operation of the notorious Kelihos botnet. The company said that it no longer believes Andrey N. Sabelnikov was the operator of the botnet, but was instead responsibl...
Inside Patch Tuesday at the Microsoft Security Response Center
In this video, Dustin Childs of the Microsoft Security Response Center gives an inside look at what it’s like in Redmond on Patch Tuesday and what goes into the efforts that Microsoft makes to get fixes out every month. View the video at Microsoft’s Security TechCenter...
Phishing Campaign Targeted Those Aiding Ukraine Refugees
Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...
5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack
A patch for the popular WordPress plugin called Contact Form 7 was released Thursday. It fixes a critical bug that allows an unauthenticated adversary to takeover a website running the plugin or possibly hijack the entire server hosting the site. The patch comes in the form of a 5.3.2 version...
NTP Amplification Blamed for 400 Gbps DDoS Attack
For those of you who thought the infamous Spamhaus distributed denial-of-service attack set an ugly bar for the volume of spurious traffic sent at a target, gird yourself for worse. A massive DDoS attack, reaching at its peak 400 Gbps of bad traffic, was detected late yesterday against a number o...
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild. The bug CVE-2022-34713 is tied to a Microsoft Windows Support Diagnostic Tool and allows a remote attacker to execute code on a vulnerable system. “The volume of fixes released...
80% of Net Neutrality Comments to FCC Were Fudged
Broadband providers and a 19-year-old college student were among those who successfully hijacked public comments during a crucial decision-making process in 2017 to overturn net neutrality by flooding the Federal Communications Commission FCC with fraudulent comments indicating their position on...
Hacked Hair Straighteners Can Threaten Homes
Researchers have found a way to successfully hack connected hair straighteners to turn them on and increase the heating element up to its maximum temperature—causing a serious fire hazard for unsuspecting owners. Pen Test Partners decided to put the Glamoriser hair straightener through its securi...
Security Camera Firm Arlo Zaps High-Severity Bugs
Two high-severity vulnerabilities in Arlo Technologies’ wireless home security camera gear have been patched. The flaws, which indirectly impact Arlo’s popular fleet of wireless home security cameras, are limited to adversaries with local network and physical access to Arlo Base Stations. Both...
Infosecurity Europe: Cryptojacking is Making a Comeback
LONDON, UK – With cryptocurrency prices skyrocketing, the threat of cryptomining malware, used to mine various types of cryptocurrencies, is continuing to worry the security industry. Case in point: Recently researchers uncovered the Nansh0u campaign, a cryptojacking campaign that mines an...
‘Privateer’ Threat Actors Emerge from Cybercrime Swamp
A new type of cybercriminal is emerging in a cyber-threat landscape that’s historically been dominated by either state-sponsored threat actors or financially-motivated criminals that are hunted and prosecuted by law enforcement. Dubbed “privateers” by researchers at Cisco Talos Intelligence, thes...
REvil Hits US Nuclear Weapons Contractor: Report
Sol Oriens, a subcontractor for the U.S. Department of Energy DOE that works on nuclear weapons with the National Nuclear Security Administration NNSA, last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service RaaS gang. The Albuquerque, N.M...
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...
DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down
The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General OAG on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware...
Critical Security Bug Can Knock Smart Meters Offline
Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution RCE, or to reboot the meter causing a denial-of-service DoS condition on the device. Schneider Electric’s PowerLogic ION/PM smart meter product line, like other smart meter...
Huawei Router Flaw Leaks Default Credential Status
A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them. CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simp...
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. Lapsus$ claimed to have gotten itself “superuser/admin” access to internal systems at authentication firm Okta. It also posted 40GB worth of files to its...
Former Researcher Iceman Sentenced to 13 Years
A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers. Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in...
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
An advanced persistent threat APT group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace. A threat researc...
Macy's Suffers Data Breach by Magecart Cybercriminals
The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card...
Attacks on New Microsoft Zero Day Using Multi-Stage Malware
Attackers exploiting the Microsoft Windows and Office zero day revealed yesterday are using an exploit that includes a malicious RAR file as well as a fake Office document as the lure, and are installing a wide variety of malicious components on newly infected systems. The attacks seen thus far a...
Lapsus$ ‘Back from Vacation’
The Lapsus$ data extortionists are back from a week-long “vacation,” they announced on Telegram, posting 70GB worth of data purportedly stolen from software development giant Globant. “We are officially back from a vacation,” the gang wrote on their Telegram channel, posting images of exfiltrated...
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Among other things, Bridgestone is a major supplier of...
FIDO: Here’s Another Knife to Help Murder Passwords
We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...