15946 matches found
Guess Fashion Deals With Data Loss, Post-Ransomware
A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...
DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack
Threat actors behind last week’s Colonial Pipeline ransomware attack that crippled a major U.S. oil pipeline said that financial gain–not political, economic or social disruption–is the goal of their nefarious activities, vowing to choose their targets more carefully in the future. Join Threatpos...
Novel Online Shopping Malware Hides in Social-Media Buttons
A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...
Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards
Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the...
SAS 2019: Genesis Marketplace Peddles 60K Stolen Digital Identities
SINGAPORE – A newly-discovered underground marketplace, dubbed Genesis, is peddling tens of thousands of stolen digital “masks” — i.e., identities — which equip cybercriminals with the tools they need to get away with online fraud. Researchers at Kaspersky Lab’s Security Analyst Summit 2019, whic...
Google Play Touts Certs in Quest For Enterprise Security
Google is now touting three new security certifications for Managed Google Play, which the company hopes will serve as a badge of security honor for companies thinking about using its enterprise-focused app marketplace. The move comes as Google continues to try to amp up efforts around the securi...
New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace
Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...
Tax-Season Scammers Spoof Fintechs, Including Stash, Public
Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. Novel email campaigns are spoofing popular financial technology fintech applications and their tax notifications to try to dupe victims into givin...
Microsoft Teams Targeted With Takeover Trojans
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops...
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s...
Magecart Goes Server-Side in Latest Tactics Changeup
Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still “very...
Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims
More information has come to light about the Sunburst backdoor that could help defenders get a better handle on the scope of the sprawling SolarWinds espionage attack. The campaign is known to have affected six federal departments, Microsoft, FireEye and dozens of others so far. Sunburst, a.k.a...
Zerologon Attacks Against Microsoft DCs Snowball in a Week
A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. The flaws, both use-after-free bugs, have been part of “targeted attacks in the wild,” according to a Mozilla Foundation security advisory posted Friday. Both bugs have critical ratings and allow...
Apple Fixes iOS Flaw That Opened iPhones to Jailbreaks
Apple has released an emergency patch fixing a kernel vulnerability – for the second time – after it was accidentally unpatched in iOS 12.4. The flaw CVE-2019-8605, a use-after-free issue existing in the kernel, could enable a malicious application to execute arbitrary code with system privileges...
Exploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub
Join vulnerability experts Michiel Prins, cofounder of HackerOne, and Greg Ose, GitHub’s application security engineering manager, as Threatpost editor Tom Spring moderates a discussion on the 15 most common vulnerability types. Registration Required Originally presented in March 2019, this webin...
WordPress Sites Worldwide Hit with 'Call-Girl' Search-Engine Pollution
A web spam campaign that targets Koreans is creating problems for site administrators all around the world. Hackers are compromising vulnerable Korean-language WordPress websites, but are also polluting search engine results for non-hacked sites globally. Researchers at Sucuri initially uncovered...
Siemens Warns of Critical Remote-Code Execution ICS Flaw
Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management DRM solution that affects the SICAM 230 process control system. SICAM 230 is used for a broad range of industrial contr...
"Collection #1" Data Dump Hacker Identified
UPDATE Researchers say they have identified the threat actor behind the massive “Collection 1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the monikor “C0rpz” has claimed as early...
Microsoft SHA-2 Advisory Causing 'Infinite Loop' Issues
Problems with a security update issued this week by Microsoft have surfaced on a number of technology forums. Windows users say Microsoft Security Advisory 303929, which adds SHA-2 code-signing and verification support for Windows 7 client machines and Windows Server 2008 R2 boxes, is causing...
Microsoft Unveils New Windows Defender Offline Tool
Microsoft has released a beta version of a new tool that can help victims of malware attacks recover from ugly infections, even if they don’t have the ability to reach the Internet. The Windows Defender Offline tool enables users to clean their systems of malware from a CD or other removable medi...
Microsoft Releases Anti-XSS Web Protection Library
Microsoft has released an open-source Web Protection Library WPL to help developers protect web sites from cross-site scripting attacks. The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding...
Millions of Routers Exposed to RCE by USB Kernel Bug
Millions of popular end-user routers are at risk of remote code execution RCE due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables remote devices to connect to routers over IP and access any USB devices such as printers, speakers, webcams, flash drives and other...
Intel Plugs 29 Holes in CPUs, Bluetooth, Security
Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library. Details about the advisories can be foun...
Google Patches Critical Android RCE Bug
Google patched more than 90 security vulnerabilities in its Android operating system impacting its Pixel devices and third-party Android handsets, including a critical remote code-execution bug that could allow an attacker to commandeer a targeted vulnerable mobile device. That bug CVE-2021-0507...
Critical WordPress Plugin Flaw Allows Site Takeover
Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata and edit...
MacOS Users Targeted By OceanLotus Backdoor
A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the...
Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks
The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability. While the company didn’t specify what kinds of potential attacks...
Major Airport Malware Attack Shines a Light on OT Security
A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” bu...
Google July Android Security Bulletin Fixes 3 Critical RCE Bugs
Google has released fixes for three critical remote code execution bugs in the media framework of its Android operating system. These flaws could allow a remote attacker to execute arbitrary code. The flaws are part of Google’s July Android Security Bulletin, which included fixes for 12 critical...
Mozilla Confirms Premium Firefox Browser With Security Features
Mozilla Corporation is launching a premium version of the Firefox browser that will tout improved security features such as virtual private network and secure cloud storage, according to CEO Chris Beard. In a Friday interview with German media publication T3N, Beard said that the premium service,...
Critical WinRAR Flaw Found Actively Being Exploited
A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could...
Critical OkCupid Flaw Exposed Daters to App Takeovers
A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...
ThreatList: Banking Trojans Are Still The Top Big Bad for Email
While APT activity and a raft of malware types continue to capture the notice of researchers and journalists, it turns out that trusty old banking trojans remain the top email-borne threat out there. According to Proofpoint’s latest quarterly report, analyzing trends for the fourth quarter of 201...
May Patch Tuesday Fixes Two Bugs Under Active Attack
Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack. The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website. “A user need only visit a...
Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware
Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms. According to FireEye researchers who identified the campaigns, attackers are attempti...
Unpatched Windows 10 Zero-Day Allows Privileged File Access
An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation LPE, researchers have warned. The issue CVE-2021-24084 has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security...
Amazon Kindle Vulnerable to Malicious EBooks
A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...
Attackers Breach Microsoft Customer Service Accounts
The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...
LAPD Bans Facial Recognition, Citing Privacy Concerns
The Los Angeles Police Department LAPD has banned the use of commercial facial-recognition services – citing “public trust” considerations. The move comes in the wake of a report that showed that more than 25 employees of the department had performed 475 searches so far using the Clearview AI, an...
Encrypted Emails on macOS Found Stored in Unprotected Way
A database on Apple’s macOS computers is storing emails that are supposed to be protected with encryption as readable files, a problem of which the company has been aware for months and still has yet to solve, according to a researcher. Apple IT specialist Bob Gendler discovered the problem while...
Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
A researcher has disclosed a zero-day privilege-escalation vulnerability for the Steam gaming client after he said he was barred from the bug bounty program of Steam’s owner, Valve. The vulnerability is the second zero-day privilege-escalation vulnerability that has been released by independent...
Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices
Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University. An academic team at BU uncovered the flaws, which exi...
Bug in Anesthesia Respirators Allows Cyber-Tampering
A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...
How the Dark Web Data Bazaar Fuels Enterprise Attacks
It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privac...
Cybercriminals Aim for the Super Bowl Goal Posts
Ah, the Super Bowl. For some, this Sunday’s show down between the Los Angeles Rams and the New England Patriots will be about gathering family and friends around for a great American pastime: The Super Bowl party. Some are just in it for the commercials. Some see a gambling opportunity; and for...
Attacks on SCADA, ICS Honeypots Modified Critical Operations
With antiquated gear running the country’s industrial control systems that oversee critical infrastructure, it’s no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment. A researcher decided to put that theory to a practical test...
Microsoft to Fix 28 Vulnerabilities in June Patch Tuesday
Microsoft has been busy of late, what with the scramble surrounding the Flame malware and the forged certificate that the attackers were able to use to spread the malware via a fake Windows Update service. Now, the company is planning to release seven bulletins next Tuesday covering 28...
Microsoft Names Chinese Firm Hangzhou DPTech as Source of RDP Code Leak
Two months after exploit code the Microsoft RDP MS12-020 vulnerability made its way into the open before the company released a patch, Microsoft has put the blame for the leak on a Chinese security company, Hangzhou DPTech Technologies. Microsoft said Thursday that it has removed the company from...