15946 matches found
Malformed URL Prefix Phishing Attacks Spike 6,000%
Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URL...
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
Hackers have stolen the account details of 250,000 users of Dutch sex-work forum Hookers.nl – including email addresses of both escorts and customers. The website provides a forum for escorts and customers to discuss sex work — including clients discussing their experiences with sex workers. A...
Indictments, Attribution Unlikely to Deter Chinese Hacking
The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity. On Monday,...
A Peek Inside the Underground Ransomware Economy
Ransomware is not just a type of malware – it’s also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce. It’s a community made up of major malware developers, affiliates and channel partners, and those that provide adjacent...
Insurance Giant CNA Hit with Novel Ransomware Attack
A novel ransomware attack forced insurance giant CNA to take systems offline and temporarily shutter its website. The attack occurred earlier this week and leveraged a new variant of the Phoenix CryptoLocker malware. The Chicago-based company—the seventh largest commercial insurance provider in t...
How Email Attacks are Evolving in 2021
Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise BEC attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari. These type of attacks don’t garner the same attention...
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
A new “zero-click” MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. The exploit chain,...
DarkCrewFriends Returns with Botnet Strategy
The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service DDoS attacks, command execution, information...
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...
Adobe Patches Flash Zero Day Exploited by Black Oasis APT
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group. The group known as Black Oasis was, as recently as this month, using exploits for the flaw to drop FinSpy as a payload. Sold by the controversial...
Threat Actors Use Google Docs to Host Phishing Attacks
Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials. Researchers at email and collaboration security firm Avanan discovered the campaign, which is th...
Florida Water Plant Hack: Leaked Credentials Found in Breach Database
Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...
CISOs Prep For COVID-19 Exposure Notification in the Workplace
With the potential of employees going back into the workplace on the horizon, chief information security officers CISOs are mulling applications that utilize exposure notifications in order to track COVID-19’s spread in the office. Steve Moore, chief security strategist with Exabeam, said he is...
Containerd Bug Exposes Cloud Account Credentials
A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host’s registry or users’ cloud-account credentials. Containerd bills itself as a runtime tool that “manages the complete container lifecycle of its host system, from image transfer and storage to...
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
Apple has rolled out 173 patches across in various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch. The update also includes a patch for the side-channel vulnerabilities in Intel chips disclosed on Tuesday,...
Fake AVG: Scam Software Cops Name and Logo of Real AV
We’ve noted for a while that the practices of rogue antivirus software have started to mimic those of legitimate antivirus software vendors. But a new version of FakeXPA scareware take things a bit further: posing as a legitimate commercial AV package, AVG Antivirus 2011. Microsoft’s Malware...
Fishwrap Campaign Sways Social Media Users with Old News
An influence operation that recycles old news about terror incidents and re-publishes them as if they were new is making the rounds on social media, according to Recorded Future analysis. The technique, which the researchers have dubbed Fishwrap since it repurposes old news, is also using a speci...
Phishing Campaign Dangles SharePoint File-Shares
Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is “sneakier than usual” and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered. Microsoft Security...
Stalkerware Volumes Remain Concerningly High, Despite Bans
Tens of thousands of mobile users were infected by the class of software known generically as stalkerware last year. According to just-published research by Kaspersky, 2020 lockdowns related to the global COVID-19 pandemic put a damper on installations, but the scourge of privacy-busting software...
News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security
For the week ended April 24, Threatpost editors discuss the hottest cybersecurity news stories, including: Apple zero days disclosed in the iPhone iOS that researchers say have been exploited for years. Meanwhile, Apple has pushed back and said there’s no evidence to support such activity. Ninten...
Microsoft Patches 26 Critical Bugs in Big March Update
Microsoft tackled 115 bug fixes as part of its March Patch Tuesday update – 26 rated critical and 88 rated medium severity. The bugs patched span its product catalog, from Azure DevOps to Windows 10. This month’s haul is notable in its quantity and that there are only a few stand-out bugs causing...
Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
UPDATE Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary. A remote attacker would not need to be authenticated to exploit the flaw, according to...
‘WannaCry Hero’ Avoids Jail Time in Kronos Malware Charges
Marcus Hutchins, the researcher hailed for squashing the WannaCry ransomware outbreak in May 2017, has been spared jail time over the creation of the infamous Kronos banking malware. The 25-year-old British researcher was sentenced on Friday to time served and one year of supervised release over...
Demo of ASP.NET Padding Oracle Attack
In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET. You can read the full story of their attack in this article, “Padding Orac...
Sextortion Rears Its Ugly Head Again
A new French-language sextortion campaign is making the rounds, researchers warn. As noted by Sophos researchers in a Monday report, sextortion is one of the oldest tricks in the book, but its popularity has waned in recent years due to effective cybersecurity, law enforcement crackdowns and the...
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted...
IoT Piranhas Are Swarming Industrial Controls
Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was. One day he got flooded over IRC and was fascinated: What just happened? And how did it happen? He’s since spent the vast...
Fleeceware Apps Bank $400M in Revenue
About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automati...
Critical F5 BIG-IP Flaw Now Under Active Attack
Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated. The unauthenticated remote command execution flaw CVE-2021-22986 exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full contro...
Misconfigured Baby Cams Allow Unauthorized Viewing
A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera’s video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said. The issue exists in the manufacturers’ implementation of the Real-Time Streaming...
Zusy Malware Installs Via Mouseover – No Clicking Required
Researchers are warning of several recent spam campaigns delivering PowerPoint files that when opened contain a mouseover link that installs a variant of the Zusy malware. The malware is novel because it does not rely on macros, JavaScript or VBA macros to be enabled for the dropper file to...
Stuxnet LNK Exploits Still Widely Circulated
One of the alleged mandates around the development of the Stuxnet worm was that malware’s numerous components—which included a handful of zero days—should never escape the Natanz uranium enrichment facility in Iran. Eight years later, evidence continues to mount as to how that mandate was...
Medusa Malware Joins Flubot’s Android Distribution Network
Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot,...
COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent
As Moderna, Pfizer and Johnson & Johnson roll out COVID-19 vaccines cybercriminals are preying on the those hungry to get in line for immunization. Between October and January the average number of COVID-19 vaccine-related spear-phishing attacks grew 26 percent, said Barracuda Networks researcher...
DHS Issues Dire Patch Warning for ‘Zerologon’
Federal agencies that haven’t patched their Windows Servers against the ‘Zerologon’ vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security. With only hours until the deadline for the directive, issued on Friday,...
Critical Android Flaw Leads to 'Permanent DoS’
Google has released an update stomping out three critical-severity vulnerabilities in its Android operating system — one of which could result in “permanent denial of service” on affected mobile devices if exploited. The vulnerabilities are part of Google’s December 2019 Android Security Bulletin...
Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch
An array of phishing emails harboring Word attachments with embedded macros have been infecting systems with a deadly malware and ransomware duo. The campaign, spotted by researchers at Carbon Black, has hit infected systems with a lethal attack combination that harvests credentials, gathers syst...
Researchers Crack Furtim, SFG Malware Connection
New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies. According to security experts at Damballa, Furtim and the recently discovered SFG malware a...
Pandemic-Bored Attackers Pummeled Gaming Industry
Attacks on the gaming industry skyrocketed during the year of the pandemic, with attacks on web applications shooting up 340 percent in 2020. According to Akamai Technologies’ latest State of the Internet and Security report, Gaming in a Pandemic PDF, cyberattack traffic targeting the video game...
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was...
A Brisk Private Trade in Zero-Days Widens Their Use
There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more...
Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP...
Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population
The entire population of Ecuador has been impacted by an open database on an unsecured server, housing a massive amount of personal information collected from public-sector sources by a marketing analytics company. The leaked database, which was found by vpnMentor’s research team, includes record...
GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams
Researchers at the security firm Palo Alto Networks worked with domain registrar and web hosting firm GoDaddy to shut down 15,000 subdomains pitching ‘snake oil’ products and other scams. The takedowns are linked to affiliate marketing campaigns peddling everything from weight-loss solutions and...
Malware Infests Popular Pirate Streaming Hardware
You get what you pay for when you pirate content. That’s the takeaway from the latest report by Digital Citizens Alliance. It found that pirating hardware, which enables free streaming copyright-protected content, comes packed with malicious malware. The devices give criminals easy access to rout...
Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug
An audit of the SSH keys associated with more than a million GitHub accounts shows that some users have weak, easily factorable keys and many more are using keys that are still vulnerable to the Debian OpenSSL bug disclosed seven years ago. The public SSH keys that users associate with their GitH...
Tool Scans for RTF Files Spreading Malware in Targeted Attacks
Exploits embedded inside Microsoft Office documents such as Word, PDFs and Excel spreadsheets have been at the core of many targeted attacks during the past 24 months. Detection of these attack methods is improving and nimble hackers are recognizing the need for new avenues into enterprise...
6 Cyber-Defense Steps to Take Now to Protect Your Company
The headlines feel like Groundhog Day, if each of Bill Murray’s repeated days grew increasingly threatening: Ransomware attacks rise again. Ransomware attacks up over last quarter. Ransomware attacks tower over previous year. You get the idea. And yet again, a new report from Ivanti sends a clear...
Apple Pushes Back Against Zero-Day Exploit Claims
Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it’s found no evidence to support such activity. Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two...
Why This New Cybergang is Heralding a New Age For BEC
A newly-uncovered business email compromise BEC cybergang, dubbed Silent Starling, has found success using a tricky technique to swindle funds from more than 500 organizations worldwide. The West African cybergang has been using a method that researchers with Agari – who discovered them in late...