15946 matches found
WhatsApp Flaw Opens Android Devices to Remote Code Execution
A security researcher has identified a flaw in the popular WhatsApp messaging platform on Android devices, which could allow attackers to launch privilege elevation and remote code execution RCE attacks on victims. Exploiting the flaw—described in a Wednesday post on GitHub by a Singapore-based...
Defense Takeaways from Three Adversary Playbooks
In these days of advanced threats, the perimeter defense strategy – though still useful and necessary – is incomplete. IT security teams need as much information about existing threats as possible, so they know what to look for and how to position proactive countermeasures. Creating and using...
New Linux Malware ‘HiddenWasp’ Borrows from Mirai, Azazel
A new strain of malware targeting Linux systems has been identified by researchers. The malware, dubbed HiddenWasp, is believed to be used as part of a second-stage attack against already-compromised systems and is composed of a rootkit, trojan and deployment script. “The ratio of Linux threats h...
Google Play Cracks Down on Malicious Apps
Google Play is ramping up its offensive against malicious apps, which have continued to plague the official app store for Android devices over the years. In a Wednesday post, Andrew Ahn, product manager at Google Play, said that the number of app submissions that were rejected on the app...
Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation
Facebook has booted hundreds of Iran-linked pages, groups and accounts from its social media platform that it claimed were promoting misinformation. According to Facebook, it removed 783 pages, groups and accounts that engaged in “coordinated inauthentic behavior” that were misleading users about...
Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket
Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket configured for public access. The data was a backup stored in AWS by Election Systems & Software ES&S, a voting machine and election management...
Remote Code Execution in Popular Hikvision Surveillance DVR
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices. According to a report written by the security firm Rapid7, Hikvision’s DVRs contain three fairly typical buffer overflows in the request...
Revamped Pwn2Own to Offer $105K in Prizes, Cash From Google for Chrome 0-Days
The Pwn2Own contest at the CanSecWest conference has become one of the landmark events on the calendar each year, as researchers gather with nervous vendors in a tiny room to see who can own which browser on which platform and how quickly. But this year’s contest will have a much different look...
FireSheep Fallout: Microsoft Adds HTTPS Option for Hotmail
Three weeks after researchers unveiled a plugin that allows Firefox Web browser users to snoop on the Webmail and social networking sessions of those around them, Microsoft has announced an option that will allow users of its Hotmail Web e-mail program to browse securely. The company said on...
Microsoft Battles Alureon Rootkit
For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates. Read the full article. Computerworld...
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
The inexorable movement of data and applications to the cloud that began several years ago and accelerated during the pandemic shows no signs of slowing down. The rationale for this transformation is driven by a desire to outsource non-critical functions building and maintaining data centers,...
80% of Global Enterprises Report Firmware Cyberattacks
Attacks against firmware are snowballing, outstripping many organizations’ cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years – but only 29 percent of security budgets...
Google Rolls Out Fixes for High-Severity Android System Flaws
Google has released patches addressing high-severity flaws in its System component. The flaws could be remotely exploited to gain access to additional permissions. Overall, 50 flaws were patched as part of Google’s October security update for the Android operating system, released on Monday. As...
Android Keyboard App Could Swindle 40M Users Out of Millions
Researchers are warning users to delete a popular Android keyboard app that, once downloaded, makes unauthorized purchases of premium digital content. Google told Threatpost it has removed the app from its Google Play marketplace – but researchers say it was downloaded on at least 40 million phon...
Google Adds Password Checkup Feature to Chrome Browser
Google will soon alert Chrome browser users of weak or compromised passwords. The checks will be in real time as Chrome users visit a password protected website. Bad passwords will trigger a red dialogue box alerting users to take action to better protect their account. The move integrates a...
Adobe Unscheduled Update Fixes Critical ColdFusion Flaws
Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. Overall, Adobe released three patches – one for an...
Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal
A vulnerable municipality payment software, which previously led to the breach of hundreds of thousands of payment cards in 2017, has been targeted once again. This time it was part of a breach involving of eight cities in August. The hack targets a flaw in Click2Gov software, which is used in...
Mobile Risks Boom in a Post-Perimeter World
Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites...
RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel
Researchers at CyberArk have created a proof-of-concept attack that allows adversaries to bypass container security, escape the container and compromise an entire host system. However, the attack scenario is limited, in that a successful attack depends on unpatched vulnerabilities to be present i...
Zero-Day Flash Exploit Targeting Middle East
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability CVE-2018-5002, a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today ...
Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws
Intel introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. Spectre and Meltdown, which account for three variants of a side-channel analysis security issue...
Tales of WordPress Plugin Insecurity Overblown Researchers Say
The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim. Hendrik Buchwald, a researcher and cofounder of RIPS, a German firm that performs static source code analysis, recently combe...
Researcher Says 5 Million Machines Exposing RDP Service Online
With exploit code for the MS12-020 RDP vulnerability available in various places, the question now becomes, if a worm or large-scale attack appears, how big is the target base? As it turns out, it’s pretty big. As in, five million machines big. Dan Kaminsky, a network security researcher, last we...
APT Lazarus Targets Engineers with macOS Malware
North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems. The campaign, identified by...
Black Hat and DEF CON Roundup
There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...
The Harsh Truths of Cybersecurity in 2022, Part Two
In part one of this series, I outlined some harsh truths of cybersecurity in 2022 and the first three of the top six steps you should take to ensure resiliency against today’s most pervasive threat—ransomware. Here, I’ll cover the remaining three: But first, let’s take a quick step back. It used ...
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...
The 5 Most-Wanted Threatpost Stories of 2021
As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends gleaned from looking at the most-read stories on the Threatpost site. While 2020 was all about...
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution RCE, gaining root privileges and worm-style lateral movement, according to researchers. The Qualys Research Team has...
Japanese Aerospace Firm Kawasaki Warns of Data Breach
Japanese aerospace company Kawasaki Heavy Industries on Monday warned of a security incident that may have led to unauthorized access of customer data. According to the company’s data breach notification, it first discovered unauthorized parties accessing a server in Japan, from an overseas offic...
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
Researchers have disclosed a slew of critical-severity, patched flaws in flagship Samsung smartphones – including the Galaxy S7, S8 and S9 models. The vulnerabilities specifically stem from Samsung’s “Find My Mobile” service, a feature built into the smartphones allowing users to locate their...
Data Breach Affects 63 Landry's Restaurants
Dining giant Landry’s disclosed a data breach, Thursday, warning that malware had infected its order-entry systems to steal customers’ payment card information. Landry’s, which owns over 600 popular American restaurants across 35 states, such as Del Frisco’s Grill, McCormick & Schmick’s, Rainfore...
Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent
As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats. This podcast is brought to you by Code42. Threatpost talks to Tim Brown, vice president of security at...
Some ASUS Updates Drop Backdoors on PCs in 'Operation ShadowHammer'
A supply-chain attack dubbed “Operation ShadowHammer” has been uncovered, targeting users of the ASUS Live Update Utility with a backdoor injection. The China-backed BARIUM APT is suspected to be at the helm of the project. According to Kaspersky Lab, the campaign ran from June to at least Novemb...
YouTuber PewDiePie Promoted Via 50K Hacked Printers
A hacker claims to have commandeered 50,000 printers globally in order to print pamphlets promoting YouTube star “PewDiePie.” The alleged widespread hack sheds light on just how insecure printers are, and how precarious printer vulnerabilities could be when they offer an easy route into the...
An End to Offensive Security Research? Unlikely
Many industries tend to run in identifiable cycles. Financial services, the auto industry, entertainment–they all have cycles. Because the security industry isn’t nearly as old as any of these, it hasn’t had much of a chance to establish such cycles. But one seems to be appearing now in the form ...
Yandex Pummeled by Potent Meris DDoS Botnet
Technical details tied to a record-breaking distributed-denial-of-service DDoS attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the sam...
Critical Cisco RCE Bug in Small Business Routers to Remain Unpatched
A critical security vulnerability in Cisco Small Business Routers RV110W, RV130, RV130W and RV215W models allows remote code execution RCE and denial of service DoS. The networking giant said that no patch or workaround will be coming for the bug, since the routers reached end-of-life back in 201...
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other...
What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis
Few could have anticipated the impact COVID-19 has had on business. It spread from an isolated outbreak to a global pandemic seemingly overnight, and IT leaders across the planet have had mixed success adjusting to the changes and uncertainty it has brought. While COVID-19 caught many businesses...
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious action...
ZLoader-Laced Emails Masquerade As CVs From Job-Seekers
Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers – but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed maliciou...
Emerging APT Mounts Mass iPhone Surveillance Campaign
A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain...
Execs Could Face Jail Time For Privacy Violations
A new data privacy bill threatens large tech firms, like Facebook, with tough penalties – including monetary fines and up to 20 years of jail time for executives – if they violate user privacy policies. The “Mind Your Own Business Act,” proposed by Sen. Ron Wyden D-Ore. on Thursday, gives the...
Facebook Faces Lawsuit Over Massive 2018 Data Breach
Facebook lost a key court ruling last week and now must face a lawsuit tied to a data breach of its platform disclosed in 2018, which impacted nearly 30 million of its users. The data breach, first disclosed by Facebook in September 2018, directly impacted the access tokens of 30 million accounts...
Oracle Warns of New Actively-Exploited WebLogic Flaw
Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild. The remote code execution flaw CVE-2019-2729 impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability...
Linux Command-Line Editors Vulnerable to High-Severity Bug
A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text fil...
Intel VISA Tech Can Be Abused, Researchers Allege
UPDATE Researchers allege that a technology in Intel microchips could potentially be activated and abused by bad actors – giving them complete access to all data across an affected device. The Intel technology is called Visualization of Internal Signals Architecture VISA, and is used for...
Insider Threats Get Mean, Nasty and Very Personal
SAN FRANCISCO – Companies keep watchful eyes on disgruntled employees who are insider threat risks. But Code42’s CISO Jadee Hanson said distraught employees, that are particularly vulnerable to outside ploys, should be equally scrutinized. Hanson said factors such as terminal illnesses, divorce o...