15946 matches found
Nation-State Actors Go All-In on Mobile Malware
APTs, including a range of nation-state groups operating in China, North Korea, Pakistan and Russia, are shifting their malware development focus to target mobile users for intelligence gathering, financial gain and disruption of national rivals. That’s according to CrowdStrike’s Mobile Threat...
Cisco Releases Flood of Patches for IOS XE, But Leaves Some Routers Open to Attack
UDPATE Cisco Systems issued 24 patches Wednesday tied to vulnerabilities in its IOS XE operating system and warned customers that two small business routers RV320 and RV325 are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated high severity by...
Free HermeticRansom Ransomware Decryptor Released
A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week. The fact that there was...
Oil & Gas Targeted in Year-Long Espionage Campaign
A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans RATs for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious...
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
A pair of billing and tech support “vishing” attacks using Geek Squad and Norton Antivirus as cover managed to hit 25,000 mailboxes recently, questing after victims’ credit-card details. Vishing a contraction of “voice phishing” generally involves stealing personal information from victims over t...
National Surveillance Camera Rollout Roils Privacy Activists
While controversy over the potential overreach of neighborhood and law-enforcement video surveillance has focused mainly on Ring, an Atlanta-based startup has quietly rolled out its own network of smart surveillance cameras across the country that is again raising questions of privacy and the ire...
CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The...
Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points APs used by mid-size enterprises in their offices or small warehouses. It also issued a slew of additional patches addressin...
CVS Health Records for 1.1 Billion Customers Exposed
More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...
U.S. Weapons Programs Lack 'Key' Cybersecurity Measures
Weapons programs from the U.S. Department of Defense DoD are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out...
Sprawling Cyberattack Breaches Several Airlines
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger...
Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. The data contained in the files appears to be from a 2014 incident in which 33 million accounts were hacked, according to a published report...
Microsoft Tackles Election Security with Bug Bounties
As the 2020 presidential election draws closer and primary season looms around the corner, Microsoft has launched a bug-bounty program specifically aimed at its ElectionGuard product, which the software giant has positioned as performing “end-to-end verification of elections.” ElectionGuard is a...
Microsoft to Investigate Alleged Xbox Credit Card Hack
Microsoft is looking into a potential security issue affecting its Xbox 360 video game console this week after a group of college students claimed they were able to extract the credit card information of a console’s previous owner from the machine. Ashley Podhradsky, Rob D’Ovidio, and Cindy Casey...
Deepfake Attacks Are About to Surge, Experts Warn
Artificial intelligence and the rise of deepfake technology is something cybersecurity researchers have cautioned about for years and now it’s officially arrived. Cybercriminals are increasingly sharing, developing and deploying deepfake technologies to bypass biometric security protections, and ...
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
About 80 percent of company web domains don’t have standard email authentication protections in place. That’s according to 250ok’s Global DMARC Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal, financial services, SaaS and nonprofit sectors, as well as the...
Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep
The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with Threatpost about how...
Buggy Phishing Kits Allow Criminals to Cannibalize Their Own
They say it’s a dog-eat-dog world out there, but in cybercrime terms, perhaps it should be called a “phish-eat-phish” situation. Researchers recently discovered that several widely used phishing kits harbor vulnerabilities that can be exploited by other criminals to hijack operations – and...
It's The Stupidity, Stupid: How Absurd Pitches Help Online Scammers Find Their Marks
Do you find e-mail pleas for help from the widow of Democratic Republic of the Congo strongman Mobutu Sese Seko unconvincing or downright silly? That may be the point, according to Microsoft researcher Cormac Herley. The outlandish claims of Nigerian Letter – or “419” – scams serve a critical...
‘CatalanGate’ Spyware Infections Tied to NSO Group
An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists. Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday tha...
Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus AV solutions. While analyzing suspicious applications on the store, the Check Point Research CPR team found what purported to be genuine AV...
2021 Attacker Dwell Time Trends and Best Defenses
Cyberattacks have shifted from the usual smash-and-grab type of heists to stealthier campaigns where hackers silently camp out on networks for long periods, stealing anything they can get their hands on. Called attacker dwell time, this is part of an adversarial approach that has become even more...
Ryuk Ransomware Attack Sprung by Frugal Student
A European biomolecular research institute involved in COVID-19 research lost a week’s worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software. Security researchers at Sophos described the attack in a report...
‘StrandHogg’ Vulnerability Allows Malware to Pose as Legitimate Android Apps
Researchers have discovered a new Android vulnerability that could allow malware to pose as popular apps and ask for various permissions, potentially allowing hackers to listen in on users, take photos, read and send SMS messages, and basically take over various functions as if they are the...
Solar, Wind Power Utility Disrupted in Rare Cyberattack
A cyberattack on the U.S. energy grid has just come to light, so to speak, which disrupted plant visibility at Utah-based sPower back in March. sPower, a Utah-based wind and solar provider, began experiencing a series of lost connections between its main control center and remote power-generation...
Google Patches Critical Remote Code-Execution Flaws in Android
Google patched four remote code-execution RCE flaws as part of its May Android Security Bulletin. Three of the critical bugs are tied to the System portion of the Android platform architecture, responsible for core apps such as the dialer, email and camera. A fourth critical RCE bug opens the doo...
Faulty Microsoft Exchange Server 2013 Patch Pulled Back
Microsoft announced Wednesday afternoon that it has pulled MS13-061, one of the patches issued yesterday for vulnerabilities in Exchange Server 2013. Microsoft said the patch is causing issues with the content index for mailbox databases. Organizations would still be able to send and receive emai...
Google Chrome Bug Actively Exploited as Zero-Day
Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrom...
Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix
As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept PoC whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity. The good news, however, is that Microsoft...
Cyberattacks Launch Against Vietnamese Human-Rights Activists
Human-rights activists are being targeted by cyberattacks as part of a wider effort by the Vietnamese state to censor anyone speaking out against the government, Amnesty International’s Security Lab alleges. Ocean Lotus, a well-known threat actor dating back to 2013, is behind the spyware campaig...
Masslogger Swipes Outlook, Chrome Credentials
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
Oracle Ties Previous All-Time Patch High with January Updates
Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update CPU. Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in Ju...
Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
A pair of bugs in the Kubernetes open-source cloud container software can be “highly dangerous” under some Kubernetes configurations, according to researchers. The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2. Exploitation of the first...
Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’
A critical remote code-execution vulnerability in Apache Struts 2, the popular open-source framework for developing web applications in the Java programming language, is threatening a wide range of applications, even when no additional plugins have been enabled. Successful exploitation could lead...
Microsoft Submits Tracking Protection Proposal to W3C
Microsoft has submitted its proposal for web tracking protection to the W3C for consideration as a standard, hoping to get the organization’s stamp of approval for its browser privacy technology. The proposal is in the earliest stages of the process and has not been approved, a process that can...
Can Nanotech Secure IoT Devices From the Inside-Out?
Another day, another incident of internet-of-things IoT gadgets falling flat on their faces and spilling users’ privacy, if not getting hooked into a botnet, used for cryptomining or opening a network backdoor that allows intruders to move laterally through a network. It’s only Wednesday, but...
Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica
Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica...
Alleged Mariposa Botmaster in Court
One of the men authorities allege to have been behind the massive–and now dead–Mariposa botnet, has gone on trial in Slovenia, more than two years after the initial arrests and takedown of the network. Mariposa was one of the first handful of botnets that authorities and security researchers work...
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
What researchers are calling a “horde” of miner bots and backdoors are using the Log4Shell bug to take over vulnerable VMware Horizon servers, with threat actors still actively waging some attacks. On Tuesday, Sophos reported that the remote code execution RCE Log4j vulnerability in the ubiquitou...
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group APT to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during...
Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest
Racial bias against non-white skin in facial recognition landed Nijeer Parks ten days in jail in 2019 after the technology falsely identified him as a shoplifting suspect, a new lawsuit says. It didn’t matter that he hadn’t been to the location of the crime, a Hampton Inn hotel in Woodbridge, New...
Critical Steam Flaws Could Let Gamers Crash Opponents’ Computers
Game developer Valve has fixed critical four bugs in its popular Steam online game platform. If exploited, the flaws could allow a remote attacker to crash an opponent’s game client, take over the computer – and hijack all computers connected to a third-party game server. Steam is utilized by mor...
Roaming Mantis Expands Android Backdoor to Europe
The Roaming Mantis Android malware campaign has buzzed into Europe, quickly infesting France in particular, where there have been 66,789 downloads of the group’s specific remote access trojan RAT as of January. The campaign pushes the Android RAT known as Wroba aka Moqhao or XLoader onto victim...
Critical Flash Player Flaw Opens Adobe Users to RCE
Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems. The vulnerability is the only flaw released this month as part of Adobe’s regularly scheduled patches markedly less than the 18 flaws addressed during it...
Apache Guacamole Opens Door for Total Control of Remote Footprint
Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol RDP, researchers have warned. Admins should update their systems to avoid attacks bent on stealing information or remote code-execution. “Once in...
Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials
An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to “update,” only to steal their credentials for Cisco’s Webex web conferencing platform instead. The campaign is looking to leverage the...
Google Warns of Android Zero-Day Bug Under Active Attack
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the...
Threatpost News Wrap Podcast For Jan. 25
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the biggest news from this week. That includes a rare “emergency directive” issued by the Department of Homeland Security on Tuesday, which warned that multiple government domains have been targeted by DNS hijacking attacks...
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution RCE as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of...