15946 matches found
Google Discloses Chrome Flaw Exploited in the Wild
UPDATE Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers. The flaw CVE-2019-13720, discovered by security researchers Anton Ivanov and Alexey Kulaev at Kaspersky, exists in Google Chrome’s audio...
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...
Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From...
Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers
Nvidia, which makes gaming-friendly graphics processing units GPUs, has patched two high-severity flaws in its GeForce Experience software, which could allow denial of service, information disclosure and privilege escalation on impacted systems. GeForce Experience is software for gamers utilizing...
Prepare to Defend Your Network Against Swarm-as-a-Service
The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, has arisen due to dramatic advances in swarm-based...
On xDedic, a Flash Zero Day, Facial Recognition, and More
Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: ThreatpostNewsWrapJune172016.mp3 Music by Chris Gonsalves...
Icefog Targeted APT Attacks Hit South Korea, Japan
An espionage campaign featuring precise targeting of victims and malware that allows the attackers one-on-one interaction with compromised systems has been uncovered. Government agencies, manufacturers, high tech companies and media organizations in South Korea and Japan have been the primary...
Discord CDN and API Abuses Drive Wave of Malware Detections
Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with Discord are at risk. Discord creates servers or specific groups or communities of users who can send voice, text and other media messages between one...
Security Bug Allows Attackers to Brick Kubernetes Clusters
A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service DoS for the CRI-O and Podman container engines. The bug CVE-2021-20291 affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 4...
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. The Apple notary service is an automated system on recent macOS versions that scans software ranging from macOS apps, kernel extensions, disk images and installer...
SMS Attack Spreads Emotet, Steals Bank Credentials
Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its...
Linux Webmin Servers Under Attack by Roboto P2P Botnet
Vulnerable Linux Webmin servers are under active attack by a newly-discovered peer-to-peer P2P botnet, dubbed Roboto by researchers. The botnet is targeting a remote code-execution vulnerability CVE-2019-15107 in Webmin, a web-based system configuration tool for Linux servers. CVE-2019-15107 was...
Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns
Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique. The hack...
Implementing Bug Bounty Programs: The Right and Wrong Approaches
While bug-bounty programs may seem like a cure-all solution for companies looking discover vulnerabilities in their systems more efficiently, the fact remains that a program could overwhelm a firm’s internal security team and cause other major headaches if implemented the wrong way. “You have to...
Newly-Identified BEC Cybergang Targets U.S. Enterprise Victims
LONDON, U.K. – Researchers have identified a highly-sophisticated Nigerian business email compromise gang targeting U.S enterprises and government institutions. The cybercrime group, dubbed Scattered Canary, has evolved over the past 10 years from a one-man shop working Craigslist scams into a...
RSAC 2019: TLS Markets Flourish on the Dark Web
SAN FRANCISCO – Thriving marketplaces for TLS certificates have emerged on the Dark Web, which are hawking the certs both as individual goods and packaged with an array of malware and other ancillary services. The research, from Venafi, the University of Surrey and the Evidence-based Cybersecurit...
Highly Critical Drupal CMS Flaw Affects Millions of Websites
The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...
Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities
Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...
Sharp SIM-Swapping Spike Causes $68M in Losses
SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...
ADT Security Camera Flaws Open Homes to Eavesdropping
UPDATE Researchers have publicly disclosed security flaws found in ADT-owned LifeShield security cameras, which, if exploited, could have allowed a local attacker to eavesdrop on victims’ conversations or tap into a live video feed. The LifeShield brand is owned by security giant ADT. Specificall...
Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed their pleas to businesses and end users to update Windows systems with a patch...
Breached Passwords Still in Use By Hundreds of Thousands
Hundreds of thousands of web visitors continue utilizing passwords that have previously been compromised. Worse, they are reusing the breached credentials for some of their most sensitive financial, government and email accounts. That’s according to a new Google study released this week, which wa...
How Decoding Network Traffic Can Save Your Data Bacon
The number of breaches impacting corporate networks has reached epidemic proportions. This year is currently on track to break all records for breaches. Already this year there have been 1,900 reported breaches in just the past three months, according to Risk Based Security. One of the troubling...
Where's the Equifax Data? Does It Matter?
It’s been 17 months since the infamous 2017 Equifax data breach was revealed to have compromised the data of about 147.9 million people i.e., almost every adult in the U.S., with more than 45 percent of the population directly affected by the incident. But an investigative report from CNBC found...
Critical WordPress Plugin Flaw Allows Complete Website Takeover
A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...
Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware
Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page. There are several clues something is amiss, namely part of the GUI for the supposed Flash 1...
Research Reveals Huge Cache of FTP, Email Credentials Stolen by Waledac
Researchers have discovered that the gang behind the once-and-future botnet Waledac has gathered nearly 500,000 stolen passwords for email accounts, along with close to 125,000 sets of pilfered credentials for FTP accounts. The discovery isn’t so surprising in its details, but rather in its scope...
MS10-015 Restart Issues Are the Result of Rootkit Infection
Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the...
Microsoft warns of dangerous DirectShow flaw, attacks
Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support. The company has activated its security response process to deal with the zero-day attacks has issued a pre-patc...
Ukraine-Russia Cyber Warzone Splits Cyber Underground
The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online. On Monday, vx-underground – an internet collection of malware source code, samples and papers that’s generally...
Kaseya Patches Imminent After Zero-Day Exploits
UPDATE 3 The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator VSA platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the...
Microsoft Teams: Very Bad Tabs Could Have Led to BEC
Attackers could have stepped through a yawning security hole in Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee by reading and sending email on their behalf. On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microsoft...
Ransomware Attacks Hit Major Utilities
Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Centrais Eletrica...
How to Update Your Remote Access Policy – And Why You Should Now
For close to two decades, organizations have allowed privileged employees to work remotely by offering remote access solutions as a part of the daily work environment. But until recently, working remotely was more of a luxury than a necessity. With the rise of COVID-19, many organizations moved...
Microsoft Tackles 123 Fixes for July Patch Tuesday
A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft’s July Patch Tuesday list of 123 fixes. The DNS flaw is a remote code-execution bug and is touted as one of the most critical Windows vulnerabilities released this year, earning the highest-severity CVSS score of 10...
ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes
As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...
20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users
A 20-year-old vulnerability present in all versions of Microsoft Windows could allow a non-privileged user to run code that will give him or her full SYSTEM privileges on a target machine. The bug is notable because of where it resides: In a legacy, omnipresent protocol named Microsoft CTF. First...
Apple Transparency Report Now Includes App Store Takedown Requests
For the first time Apple added to its transparency report the number of App Store takedown requests it has received from governments. The report, released Tuesday, also puts some hard numbers on how often law enforcement and governments request device and user data. App Takedown Request Apple’s...
Windows Zero-Day Drops on Twitter, Developer Promises 4 More
UPDATE A Windows zero-day exploit dropped by developer SandboxEscaper would allow local privilege-escalation LPE, by importing legacy tasks from other systems into the Task Scheduler utility. It’s the latest zero-day from SandboxEscaper, who said that she has four more in the hopper that she’d li...
RSA Conference 2019: The Expanding Automation Platform Attack Surface
SAN FRANCISCO – Automation platforms are increasingly being used to chain multiple IoT devices together to create user-friendly smart applications – but that’s also creating unpredictable attack surfaces that can be hard to manage. A Trend Micro report released at RSA Conference 2019 warns that...
Microsoft Waits for Patch Tuesday to Fix SMB Zero Day
Microsoft will not rush out an emergency patch for a zero-day vulnerability disclosed on Wednesday in the Windows implementation of the Server Message Block protocol. Researcher Laurent Gaffie announced in a tweet, below, that he’d found a zero-day vulnerability in SMBv3 and released a...
Upatre Downloader Spreading Dyreza Banking Trojan
The Upatre downloader is the vehicle that has driven numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost. Microsoft on Thursday warned of a wire-transfer spam campaign that it’s spotted that is spreading Upatre and eventually loading the dangerous...
New Unpatched Flaw Surfaces in SQL Server
There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008. The SQL Server vulnerability was discovered last fall by database-security vendor Sentrigo, which then report...
CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug
The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...
Embryology Data Breach Follows Fertility Clinic Ransomware Hit
A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...
Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data
The U.S. Supreme Court has granted LinkedIn another legal option to try to prevent rival hiQ Labs from scraping public information from its user profiles, something the Microsoft-owned professional networking platform has claimed is a violation of user privacy and a misuse of its data. The court...
On the Taxonomy and Evolution of Ransomware
Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...
Mimecast: SolarWinds Attackers Stole Source Code
Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the...
Nefilim Ransomware Gang Hits Jackpot with Ghost Account
A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said. Nefilim a.k.a. Nemty is a ransomware strain that emerged in 2020, with its operators adopting the...
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that allows remote attackers to infect...