15946 matches found
Microsoft Says IE8 Weakness Not an Exploitable Flaw
Microsoft on Friday said that a weakness in Internet Explorer 8 identified by security researcher Ruben Santamarta recently is not an exploitable vulnerability, but rather a “technique for bypassing ASLR.” ASLR Address Space Layout Randomization is a memory protection that, along with DEP Data...
Microsoft spars with researcher over security patch
One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security. According to Tyler Reguly, a senior security engineer at...
Authorities Fully Behead Hydra Dark Marketplace
German authorities have taken down the Hydra marketplace – a popular destination on the Dark Web for trading in illicit goods and services, including cyberattack tools and stolen data. This week, they were able to commandeer and take offline underpinning infrastructure such as servers, plus insta...
Supply Chain Security Is Not a Problem…It’s a Predicament
In the late 19th century, many large cities faced an unpleasant predicament due to too much horse manure piling up in the streets. Aside from the direct impact of the odors and unsightly excrement, it indirectly poisoned the water supply and accelerated the spread of disease. There were some ways...
Working PoC Is Out for VMware vCenter CVE-2021-22005 Flaw
A fully working exploit for the critical CVE-2021-22005 remote code-execution RCE vulnerability in VMware vCenter is now public and being exploited in the wild. Released on Monday by Rapid7 security engineer William Vu who goes by the Twitter handle wvu, this one’s different from the incomplete...
Dtrack RAT is Behind Virulent ATM-Espionage Campaign
An espionage malware called Dtrack – and a related variant, ATMDtrack – has been traced back to the notorious North Korea-linked Lazarus Group APT. Both have been identified this month targeting victims in India. According to researcher Konstantin Zykov of Kaspersky, researchers first uncovered...
Amazon Admits Alexa Voice Recordings Saved Indefinitely
Amazon has acknowledged that it retains the voice recordings and transcripts of customers’ interactions with its Alexa voice assistant indefinitely. The admission raises questions about how long companies should be able to save highly-personal data collected from voice assistant devices. After U....
The Inside Story of the Kelihos Botnet Takedown
Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks. Kaspersky Lab played a critical role in this botn...
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...
SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’
The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that’s been around for quite a while: namely, China-linked Grayfly espionage group. ESET researchers, who named and discovered the new “SparklingGoblin”...
Sophisticated Android Ransomware Executes with the Home Button
A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices – surfacing its ransom note when a user hits the Home button. According to research from Microsoft, MalLocker is spreading via malicious website downloads disguised as popular apps, cracked games or...
High-Severity Android RCE Flaw Fixed in August Security Update
Google has released patches addressing a high-severity issue in its Framework component, which if exploited could enable remote code execution RCE on Android mobile devices. Overall, 54 high-severity flaws were patched as part of Google’s August security updates for the Android operating system,...
UCSF Pays $1.14M After NetWalker Ransomware Attack
The University of California, San Francisco UCSF has paid a $1.14 million ransom to recover data related to “important” academic work. The data was encrypted after the NetWalker ransomware reportedly hit the UCSF medical school. The UCSF, which includes a medical school and a medical center UCSF...
Adobe Warns of Critical Flaws in Flash Player, Framemaker
Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. The bugs, if exploited, could enable arbitrary code-execution. In Tuesday’s June Adobe security updates, critical flaws tied to three CVEs were patch...
Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service DoS attacks against affected gear...
WhatsApp Remote Code Execution Triggered by Videos
Facebook has quietly patched a vulnerability in the popular WhatsApp messaging platform, which could be exploited to launch remote-code-execution or denial-of-service attacks on victims. Attackers can exploit the flaw merely by sending a target user a video — specifically, a specially crafted MP4...
Website, Know Thyself: What Code Are You Serving?
When we think of “securing our website” from attackers, we often think of securing against hooded figures somewhere in Eastern Europe working out of a smoky office above an illegal gambling den. Not only is that probably geographically insensitive, it’s also not necessarily the best way threat to...
Zappos Offers Users 10% Discount in 2012 Breach Settlement
Online retailer Zappos will give customers a 10 percent discount to its online store as settlement for a 2012 data breach that affected 24 million customers, while lawyers in the case will win $1.6 million in fees. The news shows customers once again getting the short end of the stick when it com...
DoorDash Data Breach Impacts Personal Data of Almost 5M Users
Food delivery service DoorDash disclosed a data breach that affects almost 5 million customers, drivers and merchants using its platform. DoorDash, an on-demand food delivery service, connects end users with local restaurants and relies on contracted drivers who use their own vehicles for deliver...
Microsoft Silent Update Torpedoes Windows Defender
A broken Microsoft Windows Defender signature file that was causing system file checks to fail got a patch this week – but the patch caused an even bigger issue, making Defender user-triggered antivirus scans fail altogether. The issue was in place for about a day before Microsoft re-patched the...
Firefox 69 Release Kills Default Tracking Cookies, Flash Support
Mozilla has released its latest Firefox browser iteration, Firefox 69, which by default blocks third-party cookies and cryptominers; it also disables default support for Adobe Flash Player. In addition, the browser has squashed several critical and high-severity vulnerabilities. Mozilla has long...
Backdoor Found in Utility for Linux, Unix Servers
In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery. T...
Amazon Alexa, Google Home Are On a Collision Course With Regulation
Voice assistants are growing rapidly in popularity — but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo and Google Home are peaking too. Earlier in July, Amazon came under fire after acknowledging that it retains the voice recording...
Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain
A Hong Kong-based advertiser has mounted a snowballing campaign, compromising more than 100 million ads to date by forming relationships with legitimate ad platforms to gain access to premium audiences. From there, it often pushes malware onto victim machines. The malvertiser, operating under the...
Years-Long Phishing Campaign Targets Saudi Gov Agencies
An ongoing three-year-old phishing campaign has been targeting the credentials of Saudi Arabian government agencies — with a financially motivated actor the likely culprit. The campaign, code-named “Bad Tidings,” has siphoned victims’ credentials by pretending to be the Kingdom’s Ministry of...
Adobe Fixes Two Critical Acrobat and Reader Flaws
Adobe on Thursday released unscheduled security updates for Adobe Acrobat and Reader for Windows and MacOS. The updates fix two critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725. Successful exploitation of the flaws could lead to arbitrary code execution in the context of the current...
Microsoft Issues FixIt For XML Flaw
With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...
Barracuda Networks Launches Bug Bounty Program
Following the lead of Mozilla and Google, Barracuda Networks is launching a bug bounty program that will pay out cash rewards for vulnerabilities found in the company’s own products. The move by Barracuda, a maker of mail security and data protection products, is the first such bug bounty program...
Student Loan Breach Exposes 2.5M Records
EdFinancial and the Oklahoma Student Loan Authority OSLA are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, accordin...
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Rarely a month goes by without the infosec industry being plagued by a new zero-day apocalypse. Most recently in December 2021, the world was swept by a series of vulnerabilities in Log4J – a popular logging system used by thousands of systems around the world. While writing this article, the...
Spear-Phishing Attack Spoofs EE To Target Executives
Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details. Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be...
Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
UPDATE Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The a patch for the vulnerability, tracked as CVE-2020-0796, is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft. On...
Magecart Hits Parents and Students via Blue Bear Attack
Blue Bear Software, an administration and e-commerce platform for K-12 schools and other educational institutions, is warning its customers that it has suffered a Magecart attack. Blue Bear’s platform enables management of school accounting, student fees and online stores. In a letter to those...
News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware
On this week’s news wrap podcast, Threatpost editors Tara Seals and Lindsey O’Donnell break down the top news, including: Despite claiming they were retiring, GandCrab’s authors have been linked to the REvil/Sodinokibi ransomware via a technical analysis. A spearphishing campaign, first spotted i...
New Cryptominer Distributes XMRig in Aggressive Attacks
Hackers behind cryptominer attacks are growing more aggressive and ruthless. Case and point, a cryptominer malware sample dubbed WinstarNssmMiner has been tracked in 500,000 attacks in the past three days, earning the crooks $28,000, according to researchers. What makes the cryptominer so vicious...
Researcher Will Demo Bypass of Windows Service Isolation Feature
A prominent researcher will use an upcoming security conference in Buenos Aires to demonstrate an exploit that allows hackers to bypass the Windows Service Isolation feature, despite Microsoft’s efforts to close the security loophole. Security researcher Cesar Cerrudo of Argeniss Information...
Microsoft warning to XP users: Update Flash Player Now
Microsoft has shipped a security advisory with an urgent message for Windows XP users: Update your Flash Player immediately. The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to t...
Attackers Pounce on Microsoft FTP in IIS Vulnerability
Less than a week after the publication of exploit code for a gaping hole in the FTP Service in Microsoft Internet Information Services IIS, attackers are launching what is described as “limited attacks” against Windows users. Microsoft has updated its security advisory to warn of the new attacks...
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...
Menswear Brand Zegna Reveals Ransomware Attack
High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The Milan-based firm already had revealed on Aug. 6, 2021, that it became aware of...
iPhone Wi-Fi Crushed by Weird Network
FUD is spreading about a weirdly named personal network that a reverse engineer stumbled across and which he said “permanently” wrecked his iPhone’s Wi-Fi. TL;DR version: The twitching inflicted on his iPhone, which he demonstrated in the 4-second Tweet below, wasn’t permanent. As replies to the...
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Advanced persistent threat APT group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom “Caterpillar” webshell and the “Explosive RAT” remote access trojan RAT, both of which...
Microsoft Azure Flaws Open Admin Servers to Takeover
Researchers have disclosed two flaws in Microsoft’s Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft...
ISS World Hit with Malware Attack that Shuts Down Global Computer Network
A Denmark-based global facility-management company was hit with a major cyber attack this week that shut down its worldwide computer systems for a few days and disrupted operations across its global network of employees. ISS World cut off access to shared IT services across its customer sites and...
Ransomware Attacks Leave U.S. Hospitals Turning Away Patients
A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments. A ransomware attack, reported on Tuesday,...
Smart TVs, Subscription Services Leak Data to Facebook, Google
Smart TVs and so-called “over the top” OTT platforms are the latest IoT devices found “spying” on users and leaking sensitive data to companies such as Facebook, Amazon, Google and Netflix, according to two separate studies conducted by university researchers as well as independent research done ...
LenovoEMC Storage Gear Leaks Sensitive Financial Data
Researchers are warning of a vulnerability in LenovoEMC storage hardware and legacy Iomega-branded network attached storage NAS appliances that could lead to a breach of data stored on the devices. The bug, disclosed Tuesday by Lenovo, is rated high-severity and can be triggered via specially...
Google Announces DNS over HTTPS 'General Availability'
Google announced general availability of its Public DNS-over-HTTPS service Wednesday, based on the Internet Engineering Task Force’s RFC 8484 standard. The move is a culmination of three years of Google fine-tuning DNS over HTTPS, otherwise known as DoH. “Today we are announcing general...
Apple iOS 12.2 Patches 51 Serious Flaws
Apple patched 51 vulnerabilities rated serious with its iOS 12.2 update. One of the most serious bugs could allow apps to secretly listen to end users. Apple’s iOS security updates, announced Monday during its March product announcement event, are for the iPhone 5s and later, iPad Air and later a...
Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access
A local-privilege escalation vulnerability in the Linux kernel affects all current versions of Red Hat Enterprise Linux and CentOS, even in their default/minimal installations. It would allow an attacker to obtain full administrator privileges over the targeted system, and from there potentially...