15946 matches found
Intel Squashes High-Severity Graphics Driver Flaws
Intel has issued fixes for five high-severity vulnerabilities in its graphics drivers. Attackers can exploit these flaws to launch an array of malicious attacks – such as escalating their privileges, stealing sensitive data or launching denial-of-service attacks. The graphics driver is software...
Billions of Devices Impacted by Secure Boot Bypass
Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 which stands for the GRand Unified Bootloader version 2 is the default bootloader for the majority of computing systems. Its job is to manage part of th...
Ransomware 'Remediation' Firm Exposed; Researchers Weigh in on Paying
A company that claimed to use technology tools to help victims with ransomware cleanup was found to secretly be paying the ransom, while collecting a premium from their clients, according to an expose out this week. The situation brings the core dilemma of business-focused ransomware directly int...
Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update
Apple has patched a major flaw in its Group FaceTime feature that allowed callers to eavesdrop on people they called even if they never picked up. It also said it would pay a reward to the teen that identified the bug. The update comes along with a slew of other fixes in its release of iOS 12.1.4...
Darkhotel Exploits Microsoft Zero-Day VBScript Flaw
Researchers have discovered that the Darkhotel APT is exploiting a recently-patched zero-day vulnerability impacting Microsoft VBScript. Researchers at Trend Micro recently disclosed the flaw in Microsoft Visual Basic Scripting Engine VBScript, an active scripting language developed by Microsoft...
GhostHook Attack Bypasses Windows 10 PatchGuard
A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particula...
CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack
An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy...
China PLA Unit 78020 Cyberespionage Naikon APT
Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up? Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers...
Russia May Use Ransomware Payouts to Avoid Sanctions
Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine. The Financial...
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...
Relentless Log4j Attacks Include State Actors, Possible Worm
Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning. Researchers manning...
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...
Mac-Focused Malvertising Campaign Abuses Google Firebase DBs
A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...
Flaw in snapd Allows Root Access to Linux Servers
A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...
Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...
Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code...
Microsoft Sway Abused in Office 365 Phishing Attack
A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to...
Lazarus APT Collaborates with Trickbot's Anchor Project
Researchers have found evidence of a link between global crimeware organization Trickbot and North Korean APT group Lazarus, observing direct collaboration via an all-in-one attack framework developed by Trickbot called Anchor Project. The move appears to be the first time an APT group has aligne...
News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit
Threatpost editors break down the biggest news stories of this week ended Sept. 13, including: Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors A Telnet backdoor opened more than 1 million Imperial Dabman IoT...
Spyware App on Google Play Gets Boot, Returns Days Later
A music-streaming app offered on Google Play, harboring spyware that stole victims’ contacts, files and SMS messages, made its way onto the official Android app marketplace not once, but twice. The spyware was hidden in an app called Radio Balouch also known as RB Music. The app itself was actual...
Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk
A critical denial-of-service DoS vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 drive component...
ThreatList: Phishing Attacks Doubled in 2018
Phishing attempts more than doubled in 2018, as bad actors sought to trick victims into handing over their credentials. They used both old tricks – such as scams tied to current events – as well as other stealthy, fresher tactics. Researchers with Kaspersky Lab said in a Tuesday report that durin...
FireOS Flaw Allowed Limited Content Injection in Amazon Tablets
A vulnerability in the operating system of Amazon’s Fire Tablets could allow a hacker to inject malicious content into Settings, Legal and Compliance, Terms of Use and Privacy sections of the device. The bug could also allow an adversary to capture the serial number of the tablet. The Fire Tablet...
Slack Plugs Token Security Hole
Popular collaboration and communication firm Slack rushed to plugged a security hole in its platform Thursday that was leaking some of its users’ private chats and files for anyone to access. Slack, a leading tool used by companies to communicate internally, was alerted by security firm Detectify...
APT Threat Targets Tibetans, Journalists and Human Rights Workers
Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File RTF documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back ...
Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
A critical security bug in the Citrix Application Delivery Controller ADC and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products formerly the NetScaler ADC and Gateway are used for application-aware traffi...
15 Cybersecurity Pitfalls and Fixes for SMBs
Small- to medium-sized businesses SMBs, those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. The good news is that there are many things they can do, with extraordinarily little added investment, that will help IT managers lock down...
Tax Season Ushers in Quickbooks Data-Theft Spike
Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. Attackers use email to deliver the malware, which the ThreatLocker’s CEO Danny Jenkins told Threatpost is a simple, 15-line pie...
Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft
A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup “group,” access the group’s member details and even redirect Meetup payments to an attacker-owned PayPal account. Meetup is a service...
Hackers Turn to OpenDocument Format to Avoid AV Detection
Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because the...
Irked Researcher Discloses Facebook WordPress Plugin Flaws
UPDATE A WordPress security researcher claims he has found two WordPress plugins developed by Facebook called Facebook for WooCommerce and Messenger Customer Chat. The researcher claims both have cross-site request forgery flaws. The researcher published the bugs on the Plugin Vulnerabilities...
A Spate of University Breaches Highlight Email Threats in Higher Ed
Oregon State University announced Friday that hackers potentially made off with 636 student records and family records of students containing personally identifiable information PII, after a successful email attack in early May. This comes on the heels of email-based breaches at Graceland...
Details Surface on Stuxnet Patch Bypass
It took 10 hours to find what had eluded others for close to five years. German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and...
Issues Arise With MS14-066 Schannel Patch
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometim...
Microsoft Releases Automatic Updater for Certificate Revocation Lists, Plans to Invalidate Short RSA Keys
As part of its response to the Flame malware and its usage of a forged Microsoft certificate to sign malicious files, Microsoft has changed the way that Windows handles certificates, releasing an automatic updater function that will recognize and flag untrusted certificates. The new functionality...
Vancouver Metro Disrupted by Egregor Ransomware
The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. Translink, the Canadian city’s public...
BlueKeep Flaw Plagues Outdated Connected Medical Devices
While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol RDP flaw. Researchers said they found tha...
Windows Users at Risk From High-Severity Intel Software Flaw
Intel is warning of a high-severity vulnerability existing in its software that identifies the specification of Intel processors in Windows systems. The flaw could have an array of malicious impacts on affected systems, such as opening systems up to information disclosure or denial of service...
WordPress WP Live Chat Support Plugin Fixes XSS Flaw
For the second time this month a patch has been issued for the WordPress add-on called WP Live Chat Support Plugin. This time around it’s a cross-site scripting XSS vulnerability. The WP Live Chat Support is a popular WordPress plugin that allows users to install a pop-up “chat” plugin to their...
Drones are Quickly Becoming a Cybersecurity Nightmare
Drones are a growing threat for law enforcement and business security officers. In the run-up to Christmas 2018, rogue drones grounded planes at London Gatwick, the UK’s second-busiest airport. But, increasingly it’s not just the air traffic controllers sounding the alarms over drones, it’s also...
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
You know that hazy window that’s been obscuring the cyber threat landscape, leaving the feds squinting to try to see what’s really going on? The government has recently pulled out some squeegees. Case in point: the government spending deal that President Biden signed into law on Friday. The bill...
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
Three critical security vulnerabilities in widely used smart uninterruptible power supply UPS devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. Researchers a...
Protecting Phones From Pegasus-Like Spyware Attacks
Pegasus spyware from the Israeli firm NSO Group is nearly invisible. It sends messages to compromise targeted phones without setting off any alarm bells to the phone’s user. There’s little you can do to protect yourself, say experts. But little isn’t nothing. Our guest today is Adam Weinberg, whi...
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Zero-day disclosures, those known bugs without a fix, can have potentially catastrophic results. One of the best ways to combat them is by discovering them before the bad guys do. Some of the biggest tech brands on the planet have been pummeled by a rash of high-profile zero-day exploits. In the...
Identity Theft Spikes Due to COVID-19 Relief
Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission FTC, which received about 1.4 million reports of...
Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
Researchers have discovered a new backdoor written in the Go programming language Golang, which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access...
Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says
A group of hackers tied to Iran has been attempting to break into accounts associated with the 2020 reelection campaign of President Trump, researchers have discovered. Researchers from the Microsoft Threat Intelligence Center said they first observed activity from a group called Phosphorus in...
Lenovo Warns of ThinkPad Bugs, One Unpatched
Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched. The most severe of the three bugs is a...
Norman Cryptominer Employs Sophisticated Obfuscation Tactics
A never-before-seen cryptomining variant, dubbed “Norman” after one of its executable files, has been spotted in the wild using various techniques to hide and avoid discovery. The levels of obfuscation are notable for their sheer depth, according to an analysis. Varonis uncovered an initial sampl...
Reddit Gold: Alice and Bob, Caught in a Web of Lies
Alice and Bob, the beloved or not-so-beloved, depending placeholder characters often used in cryptography examples, have been spotted in the middle of a web of deceit and intrigue by eagle-eyed Redditers. Think lies. Broken hearts. Even…murder. Yep, you heard that right. It all starts with the...