15946 matches found
ThreatList: Latest DDoS Trends by the Numbers
Fresh statistics reveal a mix bag of good news and bad when it comes to distributed denial-of-service attacks in Q4 2018. According to the latest numbers available, the sheer number of attacks are down, but the length of time those attacks last have reached record lengths. The numbers come from...
Picking Up Where Neutrino Left Off: RIG Pushing CrypMIC Ransomware
When an exploit kit fades away, it usually doesn’t take long for another to take its place in the limelight, especially when the kit is an integral part of the ransomware ecosystem. That’s exactly what’s happened over the past few weeks as researchers say they’ve seen an uptick in RIG Exploit Kit...
Fortune Favors the Bold? Man Steals Microsoft Founder's Identity, Credit Card
When one Pennsylvanian man couldn’t foot his bills, he opted to steal the identity of someone that could – one of the world’s richest men, Microsoft co-founder and billionaire Paul Allen. An AWOL solider from Pittsburgh swiped Allen’s Citibank credit card account information earlier this year to...
Google Patches Actively Exploited Chrome Bug
While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year. Chrome 103...
Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. In a Tuesday security bulletin, which included...
‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800
Law enforcement agencies have been selling encrypted phones to organized crime gangs for years, monitoring their conversations in what’s being called the biggest law enforcement sting ever. Since 2018, agencies have been overseeing the distribution of hardened, encrypted devices that have enabled...
Manchester United: IT Systems Disrupted in Cyberattack
The Manchester United football club in the U.K. has confirmed that the team fell victim to a cyberattack on its systems. Man U., one of the most popular soccer teams in the world, said that it was suffering ongoing IT disruptions. “The club has taken swift actions to contain the attack and is...
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft is warning that an Iranian nation-state actor is now actively exploiting the Zerologon vulnerability CVE-2020-1472, adding fuel to the fire as the severe flaw continues to plague businesses. The advanced persistent threat APT actor, which Microsoft calls MERCURY also known as MuddyWater...
Mac Users Targeted by Spyware Spreading via Xcode Projects
A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...
Cisco Webex, Router Bugs Allow Code Execution
Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products,...
OpenBSD Hit with Authentication, LPE Bugs
An authentication bypass and three local privilege-escalation LPE bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections. The most severe of the vulnerabilities is the bypass CVE-2019-19521, which is remotely exploitable. OpenBSD uses BS...
Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session SSH; but, luckily, such an attack would be difficult to...
Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files
An ongoing spam campaign has been spotted using ISO disk image file attachments to disguise various information-stealing trojans, including LokiBot and NanoCore. Researchers said that they first spotted the malware-laced spam emails being distributed in April 2019. Spam sent to victims claim to b...
Intel CPUs Impacted By New Class of Spectre-Like Attacks
A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling MDS, consist o...
Badlock Bug in Samba SMB Protocol
Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website. Nonetheless, we have a little more than two week...
Microsoft Interflow Information-Sharing Platform Preview Open
Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a...
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The U.S. Department of Justice DOJ has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in...
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The private company, called variously Candiru, Grindavik, Saito Tech and Taveta and dubbed “Sourgum” by...
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology OT gear and internet of things IoT, respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armi...
TA416 APT Rebounds With New PlugX Malware Variant
The TA416 advanced persistent threat APT actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. TA416, which is also known as “Mustang Panda” and “RedDelta,” was spott...
Microsoft's Patch Tuesday Packed with Critical RCE Bugs
Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said. The most severe issue in the bun...
Google Fixes Critical Android RCE Flaw
Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Compared to last year’s monthly tally, the number of CVEs patched this month were relatively few. The...
Microsoft Zaps Actively Exploited Zero-Day Bug
Microsoft has issued fixes for 36 CVEs for December 2019 Patch Tuesday across a range of products, with seven of them rated critical in severity – and one that’s already being exploited in the wild as a zero-day bug. The computing giant’s scheduled security update this month is relatively light,...
Troy Hunt Looks to Sell Have I Been Pwned
Citing overwhelming demands on his time, Troy Hunt is looking for a buyer for his site, Have I Been Pwned HIBP. HIBP offers a free service for consumers wanting to know if their user names and passwords have been compromised in a data breach; it also offers commercial services that include alerts...
On Microsoft's XP Patches, Hidden Cobra, MacRansom, and More
Mike Mimoso and Chris Brook discuss the news of the week, including Microsoft’s XP patches, Hidden Cobra, a Nigerian BEC campaign, MacRansom, and more. Download: ThreatpostNewsWrapJune162017.mp3 Music by Chris Gonslaves...
Microsoft Withdraws Outlook Update After Gmail Conflicts
Microsoft says a recent patch for Outlook 2007 after it caused slow performance and problems with third party e-mail services. Microsoft withdrew a software update released last week after reports that the update, to its Outlook 2007 e-mail product, was causing problems for customers connecting t...
Windows Zero-Day Still Circulating After Faulty Fix
A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 CVE-2020-0986 exists in the Print Spooler API. It could allow a local attack...
Electrolux, Others Conned Out of Big Money by BEC Scammer
A 64-year-old business email compromise BEC guru has plead guilty in Houston to bilking appliance giant Electrolux and one other company out of a combined half a million dollars — in addition to other fraud schemes. Kenenty Hwan Kim a.k.a. Myung Kim admitted in federal court the Southern District...
New SWAPGS Side-Channel Attack Bypasses Spectre and Meltdown Defenses
Millions of newer Intel microprocessors manufactured after 2012 are vulnerable to a new type of side-channel attack dubbed SWAPGS. SWAPGS is similar to existing side-channel attacks such as Spectre and Meltdown and similarly could allow a hacker to gain access to sensitive data such as passwords...
News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws
This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including: A WhatsApp zero-day vulnerability being exploited in...
Microsoft Patches Two Win32k Bugs Under Active Attack
Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way...
Unpatched Bugs, Windows XP End of Life and Public Disclosure
Windows XP security support ends Tuesday and until now, most of the public hand-wringing over XP’s end-of-life has been about the potential for malware outbreaks against unpatched vulnerabilities that have been stockpiled by hackers anxiously awaiting April 8, 2014. But what about vulnerabilities...
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...
New APT ChamelGang Targets Russian Energy, Aviation Orgs
A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm...
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps...
Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download
Threat actors continue to take advantage of the hype surrounding the release of the videogame Cyberpunk 2077 in a variety of ways. The latest twist is ransomware targeting Android devices disguised as a legitimate download of the new open-world game. Kaspersky researcher Tatyana Shishkova...
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import Magmi plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the model...
Connected Home Hubs Open Houses to Full Remote Takeover
Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit CCU2 and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle MiTM attacks and unauthenticated remote code execution RCE,...
Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites
UPDATE A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Over the past few weeks, the group h...
Rash of Exploits Targets Critical vBulletin RCE Bug
A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...
Critical RCE Flaw in Palo Alto Gateways Hits Uber
A remote code-execution RCE vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companie...
IBM Patches Critical, High-Severity Flaws in Spectrum Protect
IBM has disclosed critical and high-severity vulnerabilities in Spectrum Protect, Big Blue’s security tool under the umbrella of its Spectrum data storage software branding. The most severe of these flaws could cause a remote attacker to execute arbitrary code on impacted systems. Overall, IBM...
Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player
Adobe has fixed 24 critical arbitrary code execution vulnerabilities across multiple products, including Acrobat Reader, Adobe Flash, and Adobe Shockwave Player. Overall, Adobe issued fixes for 43 different CVE numbers across eight different products, Tuesday, as part of a regularly-scheduled...
RSA Conference 2019: BleedingBit Flaws Continue to Plague Firms
UPDATE SAN FRANCISCO – Mobile key platform UniKey has patched vulnerabilities related to the infamous BleedingBit attack in its platform. BleedingBit is an issue in Bluetooth Low-Energy chips made by Texas Instruments and used in millions of wireless access points, which was disclosed in November...
Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps
In a week full of cyber-incidents and marked by the Valentine’s Day holiday, data breach news was surging. Equifax may have been hacked by spies, two huge credential spills on the Dark Web did their part to endanger people online and several companies admitted to data exposures, data breaches and...
Actively Exploited Zero-Day Bug Patched by Microsoft
Microsoft has revealed 73 new patches for May’s monthly update of security fixes, including a patch for one flaw–a zero-day Windows LSA Spoofing Vulnerability rated as “important”—that is currently being exploited with man-in-the-middle attacks. The software giant’s monthly update of patches that...
Ransomware Attack Strikes Spain’s Employment Agency
The Spanish State Employment Service SEPE in Spain has been hit by a cyberattack, suspending its communications systems across hundreds of offices and delaying thousands of appointments. SEPE is an “autonomous body” in Spain that manages and controls unemployment benefits. The cyberattack hit...
2 More Google Chrome Zero-Days Under Active Exploitation
Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to compromise an affected system via the web. And both are being actively exploited in the...
Newsletter WordPress Plugin Opens Door to Site Takeover
Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...
Mobile Carrier Customer Service Ushers in SIM-Swap Fraud
Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found. SIM swapping is a form of fraud that allows crooks to bypass SMS-based two-factor authentication 2FA and crack online banking or other high-value accounts...