15946 matches found
StrongPity APT Returns with Retooled Spyware
UPDATE The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples first...
Why Election Trust is Dwindling in a Post-Cambridge Analytica World
LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...
Microsoft Warns Customers Away From RC4, SHA-1
The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that...
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware. That’s according to researchers at Pradeo, who said the a...
Russian APTs Furiously Phish Ukraine – Google
While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat APT groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. Researchers from...
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned. For anyone who downloaded the “Fast Cleaner” app, it’s time to nuke it from orbit. According to a ThreatFabric analysis, Xenomorph has a...
Android Users Hit with 'Undeletable' Adware
UPDATE A healthy percentage of Android users targeted by mobile malware or mobile adware last year suffered a system partition infection, making the malicious files virtually undeletable. That’s according to research from Kaspersky, which found that 14.8 percent of its users who suffered such...
Hack of High-End Hotel Smart Locks Shows IoT Security Fail
LAS VEGAS – A vulnerability in a popular IoT lock key – used chiefly by a high-end hotel in Europe – allowed researchers to break into hotel rooms. The locks in question are dubbed “mobile keys” because of their reliance on mobile phones as opposed to card-based access such as those based on...
New Loader Variant Behind Widespread Malware Attacks
Behind a recent wave of cyberattacks, pelting PCs with FormBook, LokiBot, SmokeLoader malware, is an updated version of a malware-loading technique called TxHollower. It is described as a new “significant threat”, according to researchers, who added, attacks using TxHollower have “spread like...
5,000 Twitter Accounts Linked to Disinformation Campaigns
Twitter has removed six sets of accounts that the site has deemed to be devoted to coordinated, state-backed propaganda activities – totaling about 5,000 accounts in all. “We believe that people and organizations with the advantages of institutional power and which consciously abuse our service a...
Wipro Confirms Hack and Supply Chain Attacks on Customers
IT systems consulting behemoth Wipro Ltd. has confirmed that its network was hacked and used for mounting attacks on its customers. After multiple unnamed sources independently told Brian Krebs that a “multi-month intrusion” occurred and is likely the work of an advanced persistent threat APT act...
Fallout EK Retools for a Fresh New 2019 Look
A new version of the Fallout exploit kit EK has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware. The development shows that EKs have a lot of life yet left in them, researchers say. The Fallout EK generally finds its victims by way of malvertising campaigns,...
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...
APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...
DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure
The last 30 days has seen a renewed increase in distributed denial-of-service DDoS activity, according to researchers, who said that they have observed a number of criminal campaigns mounting TCP reflection DDoS attacks against corporations. Researchers at Radware said that the list of victims...
UNICEF Leaks Personal Data of 8,000 Users via Email Blunder
The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and...
68% of Overwhelmed IT Managers Say They Can't Keep Up with Cyberattacks
IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm. That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers...
Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
In the era of the cloud, enterprises house sensitive corporate data outside of the traditional perimeter; employees can access this from any endpoint, including mobile devices, and from any network. This presents a host of new challenges for companies looking to protect their sensitive informatio...
Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday
Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday release. Researchers with FireEye who uncovered the three vulnerabilities said the bugs were actively being exploited by threat actors Turla and APT28. Two of the zero day vulnerabilities...
Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage
Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...
Critical Adobe Photoshop Flaws Patched in Emergency Update
Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices. Overall,...
AMD: Fixes For High-Severity SMM Callout Flaws Upcoming
Three high-severity vulnerabilities have been disclosed in AMD’s client and embedded processors that came out between 2016 and 2019. An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware. AMD...
Sharing Threat Intelligence: Time for an Overhaul
Most organizations don’t really have a good way of sharing threat-related data outside of their own industry verticals. Sure, there are Information Sharing and Analysis Centers ISACs; i.e. FS-ISACs for the financial-services industry. But the information still tends to stay in industry-specific...
Word Attachment Delivers FormBook Malware, No Macros Required
A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...
IE 12 to Support HSTS Encryption Protocol
Microsoft confirmed today it will support HTTPS Strict Transport Protocol HSTS in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol. Browsers supporting HSTS force any sessions sent over HTTP to be sent instead over HTTPS, encrypting...
Microsoft Releases Five Bulletins For September Patch Tuesday
Microsoft on Tuesday released again the five security bulletins for its September Patch Tuesday. None of the fixes being released today is rated critical, with all five being rated important. Three of the bulletins fix flaws that could result in code execution. Microsoft also updated the security...
Unpatched Fortinet Bug Allows Firewall Takeovers
UPDATE An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall WAF platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said. FortiWeb is a cybersecurity defense platform, aimed at...
Bogus Android Clubhouse App Drops Credential-Swiping Malware
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can...
Black-T Malware Emerges From Cryptojacker Group TeamTNT
Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras. TeamTNT is known for its targeting of Amazon Web Services AWS credentials, to break into the cloud and...
Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege EoP bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows. Of note, both flaws were...
Advanced Obfuscation Marks Widespread Info-Stealing Campaign
A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format RTF documents that act as...
Calypso APT Emerges from the Shadows to Target Governments
A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India 34 percent, Brazil and Kazakhstan 18 percent respectively, Russia and Thailand 12 percent respective...
BRATA Android RAT Steals Banking Info in Real Time
A powerful Android remote access tool RAT family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for the instant messaging...
DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack
LAS VEGAS – Researchers at Check Point have identified a new class of vulnerabilities targeting SQLite, outside the context of a browser for the first time. The new attack techniques exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code...
Adware-Ridden Apps in Google Play Infect 30 Million Android Users
More than 50 malicious apps have been discovered on the Google Play app marketplace, peddling adware to millions of Android victims. The 50 adware apps, which have been since removed, include fitness, photoshopping and gaming apps, and were installed a total of 30 million times, researchers at...
Trickbot Malware Goes After Remote Desktop Credentials
The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...
Adobe Fixes 43 Critical Acrobat and Reader Flaws
Adobe issued patches for 43 critical vulnerabilities in Acrobat and Reader – including a fix for a zero-day flaw that researchers at 0patch temporarily fixed on Monday. That bug could enable bad actors to steal victims’ hashed password values. Overall, Adobe patched 75 important and critical...
Sony Smart TV Bug Allows Remote Access, Root Privileges
As the number of smart TVs grows, so does the number of vulnerabilities inside of them. On Thursday, security researchers revealed that eight Sony Bravia smart TV models are vulnerable to three separate bugs, one rated critical. The flaws – a stack buffer overflow, a directory traversal and a...
Despite Ringleader’s Arrest, Cobalt Group Still Active
Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...
Office 365 Vulnerability Exposed Any Federated Account
A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in position to have access to any account and data, including email messages and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5,...
Active DoS Exploits for MS15-034 Under Way
UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop. In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack,...
Windows XP End of Life Breeding FUD, Legit Concerns
For those of you anticipating the start of a Walking Dead-style malware apocalypse next Tuesday, calm yourselves. The official end of security support for Windows XP is upon us, but it’s important to check some anxiety at the door and keep some perspective. “I’ve been a forensics investigator 14...
The Log4j Vulnerability Puts Pressure on the Security World
It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...
Major Gaming Companies Hit with Ransomware Linked to APT27
A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat APT is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says...
Male Chastity Device Comes with Massive Security Flaws
Researchers at Pen Test Partners recently uncovered concerning security issues with a connected male chastity device and are calling on the entire connected sex toy industry — known as “teledildonics” — to make security a priority. The Qiui Cellmate chastity cage has a Bluetooth lock that could...
TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act FMLA to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently. Recent analysis from spam honeypots set by IBM X-Force discovered actors...
Calibration Attack Drills Down on iPhone, Pixel Users
A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse acros...
ZombieLoad Pioneer: The Story Behind Intel’s Latest Side Channel Flaw
The release of a new speculative execution vulnerability called ZombieLoad last week follows a similar disclosure path as Meltdown and Spectre. Threatpost caught up with one of the researchers behind the discovery of ZombieLoad to find out how. ZombieLoad was discovered and reported by Michael...
Grand Theft Auto Panda APT Espionage Attack Platform
Researchers have discovered a mature attack platform that’s enjoyed great success eluding detection and made good use of an exploit present in a number of espionage campaigns. The attacks have concentrated largely on the automotive industry, hitting large companies primarily in Asia and only afte...
Microsoft Sues British Electronic Dealer in Alleged Counterfeit Scam
Microsoft announced today it is suing Britain’s second-largest electronics retailer Comet for allegedly creating and selling more than 94,000 back-up discs of its Windows Vista and Windows XP product. Comet Group PLC allegedly produced counterfeit versions of the software in a factory in Hampshir...