15946 matches found
Adobe Critical Code-Execution Flaws Plague Windows Users
Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe’s Framemaker document processor, designed for writing and editing large or complex documents;...
AWS Cryptojacking Worm Spreads Through the Cloud
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services AWS cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency. According to researchers at Cado Security, the...
Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service DoS attacks in impacted Windows gaming devices. Nvidia’s graphics driver also known as the G...
Sodinokibi Ransomware Behind Travelex Fiasco: Report
The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services. The criminals behind the attack are demanding a six-figure sum in return for the decryption...
Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn
UPDATE Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 Video4Linux 2 driver, which is the Android media driver...
Linux Kernel Flaw Allows Remote Code-Execution
Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel. Kernel versions prior to 5.0.8 are affected by the vulnerability CVE-2019-11815, which exists in the rdstcpkillsock in net/rds/tcp.c. “There is a race condition leading to a use-after-free UAF,...
Houzz Urges Password Resets After Data Breach
Interior decorating website Houzz on Friday issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.” Houzz connects consumers to varying home-goods departments or professionals for purchasing furniture. The Palo Alto,...
COVID-19 Results for 25% of Wyoming Accidentally Posted Online
The Wyoming Department of Health WDH said on Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets. The WDH said in a public advisory that an employee fumbled the health information of about 164,021 Wyoming residents and of people from oth...
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...
Potent Emotet Variant Spreads Via Stolen Email Credentials
Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants of the malware. The “new and improved” version...
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access...
Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites
Quick-response QR codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of “obstructing operations carried out relative to COVID-19 und...
Mac Malware Targets Apple’s New M1 Processor
Three months after Apple launched its new M1 system-on-a-chip SoC, cybercriminals have developed what may be the first malicious macOS application targeting the mobile giant’s first in-house silicon. Click to Register The recently uncovered malicious application, called GoSearch22, natively runs ...
Heather Mills Gets An Apology and 'Substantial' Settlement in Spyware Case
The 2010-2011 News of the World phone hacking scandal – in which it was revealed that the tabloid dropped malware on celebrity targets’ phones in order to gather dirt for news stories – is still playing out in court. The latest is a settlement for a “substantial” sum paid to Heather Mills and her...
Unusual Linux Ransomware Targets NAS Servers
A rare instance of ransomware targeting Linux-based file storage systems network-attached storage servers, specifically has been spotted, spreading via 15 separate but related campaigns. The adversaries behind the effort are continuing their depredations on an ongoing basis, according to...
Supply Chain Update Software Unknowingly Used in Attacks
Microsoft said a recent attack it calls Operation WilySupply utilized the update mechanism of an unnamed software editing tool to infect targets in the finance and payment industries with in-memory malware. The unnamed editing tool was used to send unsigned malicious updates to users in targeted...
Samsung Screwed Up Encryption on 100M Phones
Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the...
JBS Paid $11M to REvil Gang Even After Restoring Operations
JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend. The company made the payment to cybercriminals to ensure the protection of its data and mitigate any...
Various Malware Lurks in Discord App to Target Gamers
A rise in online gaming, tied to pandemic-mandated social distancing, has led to a spike in criminals targeting the demographic. The latest effort to exploit the trend is malicious files planted inside the Discord platform designed to trick users into downloading malware-laced files. Researchers...
Hybrid, Older Users Most-Targeted by Gmail Attackers
Users whose personal details have been exposed by a third-party breach, Australians, older folks and those who use both desktops and mobile devices are at the highest risk of becoming the victim of a malicious email attack, according to Google and researchers from Stanford, who teamed up to...
Cisco Warns of Severe DoS Flaws in Network Security Software
Cisco has stomped out a slew of high-severity vulnerabilities across its lineup of network-security products. The most severe flaws can be exploited by an unauthenticated, remote attacker to launch a passel of malicious attacks — from denial of service DoS to cross-site request forgery CSRF. The...
MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash
A powerful money-siphoning malware known as MobOk has been found hiding in seemingly legitimate photo editing apps available on the Google Play store. The Pink Camera and Pink Camera 2 apps, now removed, had been installed around 10,000 times, according to researchers at Kaspersky. They included...
Fake Jason Statham Bilks a Fan Out of Serious Money
English actor Jason Statham – a.k.a. “the Transporter” – is cozying up to people who like his Facebook page – or at least, someone purporting to be him is. A fraudster managed to bilk a vulnerable and unsuspecting Statham fan out of a “significant amount” of money after approaching her while she...
ThreatList: Credential-Sniffing Phishing Attacks Erupted in 2018
Phishing attacks have continued to grow over the past year – but now, it appears that more bad actors are launching these tricky attacks in hopes of scooping up credentials, rather than a previously-popular goal of infecting victims’ devices with malware. The new trend was outlined by Proofpoint...
Carrier IQ Hires a Chief Privacy Officer
Carrier IQ, a startup heavily bruised last fall by harsh criticism of its handset diagnostic software, today announced it’s hired a high-profile lawyer as its Chief Privacy Officer. According to a news release, Magnolia Mansourkia Mobley, a CIPP and former Verizon executive, will be tasked with...
Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims
A posse of alleged SIM-swapping cybercriminals has been rounded up across Europe by law-enforcement after the crooks finagled more than $100 million from U.S. celebrities and their families. Eight people in the U.K. were arrested in connection with the crime ring, in addition to individuals in...
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...
New FormBook Dropper Harbors Obfuscation, Persistence
Researchers are warning that a future data-theft attack may be brewing after discovering a new sample of the FormBook malware, with a never-before-seen dropper — i.e. a malicious file that is used in the initial infection stage and installs malware on the system. FormBook, a browser form-stealer...
PHP Infiltrated with Backdoor Malware
The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It...
RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework
Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. However, those that maintain Zend Framework emphasize that t...
Xerox DocuShare Bugs Allow Data Leaks
Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. On Wednesday, the Cybersecurity and Infrastructure Security Agency...
Critical Cisco 'CDPwn' Protocol Flaws Explained: Podcast
Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol CDP, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Researchers say that the vulnerabilities, which they collectively call CDPw...
Microsoft Issues Out-of-Band Update for SharePoint Bug
UPDATE Microsoft has added a fresh CVE to its security portal, linking it to the existing November security updates the patch itself was already included in the updates, but not specifically named. The CVE describes a vulnerability in SharePoint Server. According to a Microsoft Security Advisory,...
Adobe Issues Unscheduled Updates for Experience Manager Platform
Adobe has issued unscheduled patches for vulnerabilities rated “important” across its Experience Manager platform, which allows developers to create mobile apps, social campaigns and landing pages. Overall, Adobe issued three fixes, including an “important” flaw CVE-2018-19726 and a “moderate” fl...
TrickBot Takes a Break, Leaving Researchers Scratching Their Heads
The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers — but it’s now operating with diminished activity. They concluded that the pause could be due to the TrickBot gang making a large operational shift to focus on partner malware,...
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
An unpatched stored cross-site-scripting XSS security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, K...
Bugs Lurking in Cisco UC Provisioning Platform
The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
The SideWinder advanced persistent threat APT group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in Nepal and Afghanistan...
Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...
Critical VMware Bug Opens Up Corporate Treasure to Hackers
A critical information-disclosure bug in VMware’s Directory Service vmdir could lay bare the contents of entire corporate virtual infrastructures, if exploited by cyberattackers. The vmdir is part of VMware’s vCenter Server product, which provides centralized management of virtualized hosts and...
BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
The operators behind the RobbinHood ransomware are using a vulnerable, legacy driver from Taiwan-based motherboard manufacturer Gigabyte in order to get around antivirus protections. The “bring-your-own-bug” tactic is likely to crop up in other attacks going forward, according to security analyst...
Intel ZombieLoad Side-Channel Attack: 10 Takeaways
Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling MDS, which impact all its modern CPUs. The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in...
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally
A newly-discovered state-sponsored campaign is targeting national security organizations across the Middle East and North Africa MENA – and elsewhere – with domain name system DNS hijacking attacks, used to scoop up credentials. The campaign, dubbed “Sea Turtle” by the Cisco Talos researchers who...
Xiaomi M365 Electric Scooter Hacked and Remotely Controlled
A serious design flaw in a popular electric scooter has allowed researchers to hack into it when they were up to 100 meters away – and ultimately force it to brake or speed up. Researchers at Zimperium on Tuesday released a proof-of-concept PoC for the attack, which impacts Xiaomi M365 scooters...
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...
Microsoft Exchange Servers Face APT Attack Tsunami
Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat APT groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that ...
Unpatched Bug in WiFi Mouse App Opens PCs to Attack
The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw. Impacted is the Android app’s...
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution RCE bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in...
Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products. The majority of the disclosed bugs are critical-severity problems, and most allow arbitrary code execution ACE. Privilege escalation, denial-of-service and memory leaks/information...
WP Statistics Bug Lets Attackers Lift Sites’ Data
WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases, including emails, credit-card data, passwords and more. WP Statistics, as its na...