15946 matches found
Critical RCE Bug Found Lurking in Avaya VoIP Phones
A decade-old remote code-execution RCE bug has been found, unpatched, in an Avaya desk phone that’s used at 90 percent of Fortune 100 companies. If exploited, attackers could remotely take over the operation of the phone, exfiltrate audio and potentially even “bug” the phone to listen in...
Tackling the Collaboration Conundrum
It’s 8 a.m. and you’ve just polished off a full cup of dark-roast coffee to jump-start your day. After booting up your PC, you instinctively open up Outlook, along with Slack or Teams or TeamViewer. While chatting with a co-worker, you recall that you need to send administrative credentials to he...
Troy Hunt: 'Messy' Password Problem Isn't Getting Better
LONDON, UK – The security world is facing a major issue that has led to widespread breaches, data exposure, and more – and it all stems from millions of insecure passwords used for everything from enterprise PCs to internet of things IoT devices. Poor password hygiene – including reusing password...
The Rise of the Rogue AV Testers
By Costin Raiu Recently, I was sitting around with a number of colleagues from Kaspersky Lab, discussing everybody’s favorite subject: the state of anti-virus testing these days. During the talks, somebody brought up the name of a new, obscure testing organization in the Far East. Nobody else had...
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software. A patch is available, as part of the company’s Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application...
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency NSA, which...
IBM Squashes Critical Remote Code-Execution Flaw
IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. If exploited, the flaw could enable remote code execution. Click to Register The flaw CVE-2020-27221 has a...
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs...
UPDATE: Canon Ransomware Attack Results in Leaked Data, Report
UPDATE The Maze ransomware gang has reportedly leaked Canon U.S.A. data online. Researchers said in April that the Maze gang had created a dedicated web page, which lists the identities of its non-cooperative victims who don’t pay ransoms and regularly publishes samples of the stolen data. This s...
Office for Mac Users Warned of Malicious SYLK Files
Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning com...
Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
A critical denial-of-service DoS vulnerability in Facebook’s open-source implementation of the transport layer security TLS 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it. Kevin Backhouse, a researcher at Semmle, discovered the bug in the project...
The APT Name Game: How Grim Threat Actors Get Goofy Monikers
What’s in a name? When it comes to advanced persistent threat groups, it is often quite a bit. While their monikers’ may seem whimsical – Fancy Bear, Nomadic Octopus, Ocean Lotus and Darkhotel – the reality is these are not arbitrary names. In fact, many are similar to schoolyard nicknames or a...
Sofacy APT28 Gang Using New Backdoors, Zero Days
A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine. Researchers at...
Mystery Windows 7 Update An Accidental Test Update
A suspicious Windows 7 update today raised concern on a number of Microsoft and technology forums that the Windows Update service had been compromised. Microsoft, however, cleared the air several hours later admitting that the update was their mistake. “We incorrectly published a test update and...
No-Joke Borat RAT Propagates Ransomware, DDoS
Attackers are using a newly released remote access trojan RAT to spread ransomware and distributed denial of service DDoS — in addition to the traditional RAT function of backdooring victims’ systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it us...
BlueKeep Attacks Have Arrived, Are Initially Underwhelming
The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared. Security researchers have seen evidence of the first wave of attacks on the zero-day Windows Remote...
Phishing Scam Cloaks Malware With Fake Google reCAPTCHA
A recently-discovered phishing scam was found peddling malware, using a new technique to mask its malicious landing page: A fake Google reCAPTCHA system. The campaign targeted a Polish bank and its users with emails, said researchers with Sucuri. These emails contained a link to a malicious PHP...
Fake Windows 8 Key Generators Found Tricking Users
Attackers continue to exploit the buzz behind the launch of Windows 8, Microsoft’s latest operating system. The latest attack attempts to trick users into using fake key generators that claim they’ll install the software to computers free of charge. Key generators, or keygens, are programs that...
Attackers Targeting MSXML Flaw With Malicious Flash Files
The unpatched vulnerability in Internet Explorer’s MSXML component that Microsoft warned users about earlier this month is being used in attacks that employ malicious Flash files. Researchers say that the attacks are taking the form of drive-by downloads launched from compromised legitimate sites...
DeadBolt Ransomware Resurfaces to Hit QNAP Again
DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage NAS devices by the fledgling threat, researchers said. Researchers from Censys, which provides attack-surface management solutions,...
Microsoft Patches Actively Exploited Windows Zero-Day
In September’s Patch Tuesday crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which – the Windows MSHTML zero-day – has been under active attack for nearly two weeks. One other bug is listed as publicly known but isn’t yet being...
We COVID-Clicked on Garbage, Report Finds: Podcast
Squawking pets, stir-crazy kids, Tiger King: Is it any wonder that work-from-home humans clicked on malicious CAPTCHAs at the astonishing rate of 50 times more than the non-pandemic year before? In the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the...
Euros Football Fever Nets Dumb Passwords
The European soccer championship a.k.a. the Euros is stoking maximum football fever, which has slopped over into easy-to-crack passwords. Such as, say, “football.” That password is of course easy as pie to crack via a dictionary attack – a type of brute-force attack that involves trying thousands...
What's Next for Ransomware in 2021?
Ransomware works. That’s the simplest way to explain why incidents of ransomware attacks have sharply increased over the last year — with no end in sight. The number of ransomware attacks has jumped by 350 percent since 2018, the average ransom payment increased by more than 100 percent this year...
Cisco Webex Bug Allows Remote Code Execution
Cisco Systems has fixed two high-severity vulnerabilities in its products, including one in its popular Webex video conferencing platform that could enable a remote attacker to execute commands. The high-severity Webex flaw exists in the web-based management interface of Cisco Webex Video Mesh, a...
Takeaways from the Colonial Pipeline Ransomware Attack
If you feel like you’ve read a lot about ransomware in recent months, it’s because these attacks have indeed intensified. In 2020, ransomware attacks surged by 150 percent, with the average payment size increasing by more than 170 percent. Some of the notable victims include United Health Service...
5 Tips to Prevent and Mitigate Ransomware Attacks
Ransomware attacks cost companies over $100 billion a year. Making matters worse, the overwhelming majority of ransomware attacks now include a threat to leak stolen data if the ransom isn’t paid, a technique called “double extortion.” Cybercriminals like ransomware because the entry barrier is...
Malware Loader Abuses Google SEO to Expand Payload Delivery
The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a “renaissance” when it comes to payload delivery. New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now...
Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices
Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...
Naikon APT Hid Five-Year Espionage Attack Under Radar
After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around th...
Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs
About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller ADC and Citrix Gateway are still at risk from a trivial attack on their internal operations. If exploited, the flaw could allow unauthenticated attackers to gain remote access to a...
Security Watch: Elon Musk's NeuraLink Links Brains to iPhones via Bluetooth
Technologist Elon Musk has unveiled a plan for embedding Bluetooth-enabled implants into a human brain, to enable disabled persons to regain motor and cognitive function. IT experts however noted that along with FDA approval, the idea faces hurdles in the form of significant scrutiny on the...
Microsoft Management Console Bugs Allow Windows Takeover
A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine. The bugs are grouped under one umbrella CVE-2019-0948...
MS12-020 RDP Exploit Found, Researchers Say Code May Have Leaked From Security Vendor
There is a confirmed legitimate working exploit for the MS12-020 RDP vulnerability in Windows circulating already and researchers say it is capable of either crashing or causing a denial-of-service condition on vulnerable machines. Microsoft has warned customers about the possibility of the explo...
Metamorfo Banking Trojan Abuses AutoHotKey
The Metamorfo banking trojan is abusing AutoHotKey AHK and the AHK compiler to evade detection and steal users’ information, researchers have warned. AHK is a scripting language for Windows originally developed to create keyboard shortcuts i.e., hot keys. According to the Cofense Phishing Defense...
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System DNS responses for home and commercial routers and servers. The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks also...
Millions of Dell PCs Vulnerable to Flaw in Third-Party Component
Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability CVE-2019-12280 stems from a component in...
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in ...
ThreatList: DDoS Attack Sizes Drop 85 Percent Post FBI Crackdown
The average size of distributed denial of service DDoS attacks decreased significantly, dropping by 85 percent in the fourth quarter of 2018. Researchers with NexusGuard said in a Tuesday report shared with Threatpost, that the number of DDoS attacks also dipped significantly, sinking by almost 1...
Microsoft Invents New Way To Measure Online Safety (And Finds That Consumers Stink At It)
Computer users are taking steps to mitigate online security threats, but still only score a paltry 34 out of 100 – a solid “F” – according to a new study by Microsoft. The study, sponsored by Microsoft’s Trustworthy Computing Group TwC, introduces a new metric, the Microsoft Computing Safety Inde...
PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept PoC exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The vulnerability CVE-2020-0601 could enable an attacker to spoof a code-signing certificate necessary for validati...
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called PerlBot or Shellbot. Researchers a...
Malware That Targets Both Microsoft, Apple Operating Systems Found
Researchers came across a malicious Word document last week that doesn’t discriminate between OS platforms. The malicious Word document is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened. Like many other strains of malware these days, the sample,...
Cobalt Strike Usage Explodes Among Cybercrooks
The use of Cobalt Strike – the legitimate, commercially available tool used by network penetration testers – by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now “gone fully mainstream in the crimeware world.” The researchers have tracked a...
Adobe Patches Five Critical Illustrator CC Flaws
Adobe has released patches for five critical vulnerabilities in Adobe Illustrator CC, its popular vector graphics editor tool, which if exploited could enable arbitrary code execution. Overall Adobe patched nine vulnerabilities as part of its regularly-scheduled updates on Tuesday, including five...
Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update
Microsoft has released out-of-band security updates addressing two vulnerabilities – including an Internet Explorer zero-day vulnerability being actively exploited in the wild. The Internet Explorer zero-day vulnerability CVE-2019-1367 is a remote code execution flaw that could enable an attacker...
'USBAnywhere' Bugs Open Supermicro Servers to Remote Attackers
Authentication vulnerabilities in the baseboard management controllers BMCs of Supermicro X9-X11 servers have been discovered that allow a remote attacker to easily connect to a server and mount any virtual USB device of their choosing. The bugs, collectively dubbed USBAnywhere, allow an attacker...
Norsk Hydro Calls Ransomware Attack 'Severe'
Aluminum giant Norsk Hydro has fallen victim to a serious ransomware attack that has forced it to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning. Oslo, Norway-based Norsk Hydro, one of the world’s largest makers of aluminum, employs...
Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. The warning comes amid shared reports of multiple services and...
Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices
A new variant of the Mirai botnet has been discovered targeting a slew of vulnerabilities in unpatched D-Link, Netgear and SonicWall devices — as well as never-before-seen flaws in unknown internet-of-things IoT gadgets. Since Feb. 16, the new variant has been targeting six known vulnerabilities ...