15946 matches found
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware
Two of NVIDIA’s code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered – certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines. The Feb. 23 attack saw 1TB of data bleed fro...
FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
The Feds have cleared malicious web shells from hundreds of vulnerable computers in the United States that had been compromised via the now-infamous ProxyLogon Microsoft Exchange vulnerabilities. ProxyLogon comprises a group of security bugs affecting on-premises versions of Microsoft Exchange...
SAP Bugs Under Active Cyberattack
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a range of attacks, according to an alert from SAP and security firm Onapsis issued Tuesday – including theft of sensitive...
Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices
Owners of popular QNAP Systems network attached storage NAS devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360’s...
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of...
Lifeline Assistance Phone Users Targeted with 'Uninstallable' Adware
Government-funded, low-cost cell phones are shipping with pre-installed malware aimed at bombing users with unwanted ads, according to researchers. The UMX U686CL Android-based phone, which is made available to low-income citizens in the U.S. via the Lifeline Assistance Program for $35, uses a...
Targeted Espionage-as-a-Service Takes Hold on the Dark Web
The cybercrime underground has become a service-driven, on-demand economy, including making available targeted corporate espionage services. According to an analysis, about 40 percent of Dark Web merchants offer spearphishing-as-a-service and targeted hacking services, aimed at infiltrating Fortu...
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...
A Blockchain Primer and Bored Ape Headscratcher – Podcast
Why in the world would a collection of nonfungible token NFT gorilla avatars called the Bored Ape Yacht Club BAYC, run by 30-somethings using aliases like “Emperor Tomato Ketchup” and “No Sass” and adored by celebrities, spiral on up to a multibillion-dollar valuation …and, by the way, how can yo...
Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments
Cyberattackers are targeting uninterruptible power supply UPS devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT...
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...
Email Campaign Spreads StrRAT Fake-Ransomware RAT
An email campaign is delivering a Java-based remote access trojan RAT that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence MSI team has outlined details of a “massive email...
Nvidia Warns Gamers of Severe GeForce Experience Flaws
Nvidia, which makes gaming-friendly graphics processing units GPUs, has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card — it keeps users’ drivers up-to-date,...
Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI
More than 1,000 technology experts and academics from organizations such as MIT, Microsoft, Harvard and Google have signed an open letter denouncing a forthcoming paper describing artificial intelligence AI algorithms that can predict crime based only on a person’s face, calling it out for...
Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing
Two open-redirect vulnerabilities in Bridge, a commercial WordPress theme purchased more than 120,000 times, would allow an attacker to mount spearphishing attacks against site administrators. An open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. F...
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
A critical Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A fix has been proposed but has not yet been incorporated into the Linux kernel. The flaw CVE-2019-17666, which was classified as critical in severity, exists in the “rtlwifi” driver, whic...
GitHub Code Execution Bug Fetches $18,000 Bounty
GitHub recently awarded $18,000 to a researcher after he came across a bug in its GitHub Enterprise management console that could have resulted in remote code execution. The company patched the vulnerability at the end of January, but news of the flaw didn’t surface until this week when GitHub an...
White House Denies Mulling Massive Cyberattacks Against Russia
The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia – attacks designed to disrupt the country’s ability to sustain its military operations in Ukraine. NBC News on Thursday reported that the options includ...
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege escalation bug, affecting versions of Windows 10, received a workaround fix by Microsoft Wednesday to prevent attackers from accessing data and creating new accounts on compromised systems. The bug, dubbed SeriousSAM, affects the Security Accounts Manager SAM database in all versions ...
FIN7 Backdoor Masquerades as Ethical Hacking Tool
The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...
Working from Home: COVID-19's Constellation of Security Challenges
As the threat of coronavirus continues to spread, businesses are sending employees home to work remotely, and students are moving to online classes. But with the social distancing comes a new threat – a cyber-related one. As organizations rush to shift their businesses and classes online,...
Spycams Secretly Live-Streamed 1,600 Motel Guests
Four people have been arrested for taking secret videos of guests at motels and live-streaming them to paying audiences. According to Seoul police, the perps filmed about 1,600 motel guests in the past year in various states of undress and having sex. They did so with tiny wireless spy cameras se...
MacOS Zero-Day Exposes Apple Keychain Passwords
A researcher claims to have found a new Apple zero-day impacting macOS that could allow an attacker to extract passwords from a targeted Mac’s keychain password management system. However, the researcher refuses to disclose the alleged vulnerability citing Apple’s lack of macOS bug bounty program...
Microsoft to Eliminate Weak MD5 Crypto Algorithm
The clock is running on Windows administrators to sweep out MD5 implementations before a February 2014 patch from Microsoft slams the door shut on the broken, aged crypto algorithm. Microsoft released a pair of advisories yesterday in addition to its regular Patch Tuesday security updates alertin...
Apple Plugs Severe WebKit Remote Code-Execution Hole
Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. The mobile giant released security updates on Monday for the flaw, for its Safari browser, as well as devices runni...
Diebold ATM Terminals Jackpotted Using Machine’s Own Software
Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by...
Snake Ransomware Delivers Double-Strike on Honda, Energy Co.
The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina. In a tweet on Monday, the Honda Automobile Customer Service said it was “experiencing technical difficulties and are unavailable.” And later,...
Cisco Warns of Critical Network Security Tool Flaw
A critical Cisco vulnerability exists in its administrative management tool for Cisco network security solutions. The flaw could allow an unauthenticated, remote attacker to gain administrative privileges on impacted devices. The flaw exists in the web-based management interface of the Cisco...
High-Severity Cisco Flaw in IOS XE Enables Device Takeover
Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System IOS, is software for Cisco routers and...
GandCrab Ransomware Shutters Its Operations
The GandCrab ransomware group is shutting down, according to posts on the Dark Web. Researchers David Montenegro and Damian spotted the announcements over the weekend. Start of GandCrab Ransomware : 28-1-2018 .. 🦀🦀🦀 Close of GandCrab Ransomware : 1-6-2019 .. ☠️☠️☠️@RajSamani @ValthekOn @JohnFokker...
SMBv1 to be Disabled in Windows Fall Creators Update
The crusty SMBv1 file-sharing protocol, abused by a NSA exploit last month that spread WannaCry, will be removed from Windows 10 starting with the upcoming Redstone 3 update. “We can confirm that SMBv1 is being removed for Redstone 3,” a Microsoft representative told Threatpost. Redstone 3, a...
Dennis Fisher and Mike Mimoso on VENOM, Marketing Bugs, and More
Dennis Fisher and Mike Mimoso talk about the VENOM vulnerability, the idea of marketing bugs, Microsoft’s new Edge browser security features and the awesome CSI: Cyber finale. Download: digitalunderground203.mp3 Music by Chris Gonsalves...
MS12-020 RDP Code Leak Mystery Deepens As Microsoft Remains Silent
Microsoft has a big, ugly problem on its hands. The company is caught in the middle of what’s rapidly become a major controversy centered on the leak of proof-of-concept exploit code for the MS12-020 RDP vulnerability. Many researchers, including the one who first discovered the bug and reported ...
MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said. Researchers from Proofpoint sai...
Brand-New Log4Shell Attack Vector Threatens Local Hosts
Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution RCE on servers locally, via drive-by compromise. In other words, an exploit...
10K Microsoft Email Users Hit in FedEx Phishing Attack
Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers – including FedEx and DHL Express. Click to Register Both scams have targeted Microsoft email users and aim to swipe their work email account credentials...
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. First detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly...
High-Severity Chrome Bugs Allow Browser Hacks
Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise. On Friday,...
Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks
Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information PII to financial data – is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership’s finance specialis...
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...
Amazon Kindle, Embedded Devices Open to Code-Execution
Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose. Researche...
Mozilla and Google Browsers Get Security, Anti-Tracking Boosts
Browsers Firefox and Chrome received updates this week, both adding security and privacy tools that help with password management and help block sites that track users. Mozilla’s Firefox browser introduced an “Enhanced Tracking Protection” feature that blocks over 1,000 third-party companies that...
Lenovo Patches Intel Firmware Flaws in Multiple Product Lines
Lenovo has patched several several high-severity vulnerabilities tied to Intel flaws that could enable escalation of privilege, information disclosure, or even denial of service. Overall the device maker patched flaws tied to 16 high-severity CVEs on Thursday. Those include five related to Intel...
Adobe Re-Patches Critical Acrobat Reader Flaw
A week after Adobe fixed a critical zero-day vulnerability in its Acrobat Reader, the company issued another patch after a researcher dug up a way to bypass the original fix. This previous vulnerability CVE-2019-7089 was fixed in Adobe’s regularly scheduled security update last week. But Adobe sa...
Malaysia Airlines Flight 370 spear phishing emails spotted
Hold off on the notion that watering hole attacks may supplant phishing as the initial means of compromise in advanced attacks. A number of recent targeted campaigns have used the crash of Malaysia Airlines 370 as a lure to infect government officials in the U.S. and Asia-Pacific. FireEye today...
NetTraveler Espionage Malware Campaign Ties to Gh0st RAT
A new cyberespionage malware campaign with ties to China going back to the Titan Rain and Gh0stNet attacks has been targeting diplomats, military contractors and government agencies in 40 countries. Researchers at Kaspersky Lab today unveiled details on NetTraveler, a data exfiltration tool, whic...
Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System CVSS, is...
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell
Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and...
Safari Zero-Day Used in Malicious LinkedIn Campaign
Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. That’s the word from researchers from Google Threat Analysis Group TAG and Google Project Zero, who...
TrickBot Spruces Up Its Banking Trojan Module
The TrickBot trojan is adding man-in-the-browser MitB capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated and common modular threat known for...