15946 matches found
Insider Threats Get Mean, Nasty and Very Personal
SAN FRANCISCO – Companies keep watchful eyes on disgruntled employees who are insider threat risks. But Code42’s CISO Jadee Hanson said distraught employees, that are particularly vulnerable to outside ploys, should be equally scrutinized. Hanson said factors such as terminal illnesses, divorce o...
Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes
A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in...
Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws
UPDATE LAS VEGAS — Multiple critical vulnerabilities in the commonly used Remote Desktop Protocol RDP would allow a malicious actor to achieve remote code-execution over a client’s computer. According to Check Point research released Tuesday at the CPX360 event in Las Vegas, both open-source and...
Critical MySQL Vulnerabilities Can Lead to Server Compromise
Critical vulnerabilities in MySQL and vendor deployments by database servers MariaDB and PerconaDB have been identified that can lead to arbitrary code execution, root privilege escalation and server compromise. Dawid Golunski of Legal Hackers published details around two proof-of-concept exploit...
August 2013 Microsoft Patch Tuesday Security Updates
Microsoft took less than a month to incorporate an Oracle Outside In patch and fix a critically rated remote code execution bug in Exchange Servers. The Microsoft patch is among three critical bulletins—eight overall—released today as part of its August 2013 Patch Tuesday security updates. Oracle...
The Security of the Android Operating System
In this video, Tim Armstrong, a malware researcher at Kaspersky Lab talks with Ryan Naraine about the strengths and weaknesses of the Android operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting...
MacOS Malware: Myth vs. Truth – Podcast
Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac. … as if any machine that runs code could possibly be immune to malware…? Boy, was that a stretch. Th...
InkySquid State Actor Exploiting Known IE Bugs
The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...
Mercedes-Benz Customer Data Flies Out the Window
Ahh, the luxury of Mercedes-Benz cars: The high-end upholstery, plush carpeting, polished wood trim, LED mood lighting. “Even the scent signals that this vehicle is special,” as the automaker sighs. Of course, even a company like Mercedes-Benz can inadvertently fart out customer data. That’s what...
Accellion FTA Zero-Day Attacks Tied to Clop, FIN11
Researchers have identified a set of threat actors dubbed UNC2546 and UNC2582 with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Click to Register Multiple...
DanaBot Malware Roars Back into Relevancy
Researchers are warning that a new fourth version of the DanaBot banking trojan has surfaced after months of mysteriously going quiet. The latest variant, still under analysis by researchers, is raising concerns given the number of past DanaBot effective campaigns. From May 2018 to June 2020,...
Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat
Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge — a handful for malicious reasons. The survey conducted during Novemb...
Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager. The critical unpatched bug is a command injection vulnerability. In a separate VMware advisory,...
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...
Citrix SD-WAN Bugs Allow Remote Code Execution
Three security bugs in the Citrix software-defined SD-WAN platform would allow remote code-execution and network takeover, according to researchers. The flaws affect the Citrix SD-WAN Center in versions before 11.2.2, 11.1.2b and 10.2.8. They consist of an unauthenticated path traversal and shell...
Fitbit Spyware Steals Personal Data via Watch Face
A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit...
Cisco Patch-Palooza Tackles 29 High-Severity Bugs
Cisco Systems released a barrage of patches, Thursday, aimed at fixing bugs in the networking giant’s ubiquitous IOS operating system. The patches plug holes in a wide range of products and address denial-of-service, file overwrite and input validation attacks. The advisory was planned and part o...
MFA Bypass Bugs Opened Microsoft 365 to Attack
Bugs in the multi-factor authentication system used by Microsoft’s cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The flaws exist in the implementation o...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
DeathRansom Campaign Linked to Malware Cornucopia
An ongoing DeathRansom malware campaign has been found by researchers to be part of a larger collection of malicious offensives, all carried out by an actor going by the nickname “scat01.” According to Artem Semenchenko and Evgeny Ananin at FortiGuard Labs, evidence found on Russian underground...
Mattress Company Leaks Data Records of 387K Customers
A Wisconsin mattress company leaked the records of 387,000 customers online in a database that lacked password protection, a security researcher has found. The incident once again demonstrates the potential security consequences of failing to take even the simplest security measures to protect...
Honda's Security 'Soft Spots' Exposed in Unsecured Database
An unsecured database belonging to Honda Motor Company was found leaking crucial information about its global systems, including which devices aren’t up-to-date or protected by security solutions. The exposed ElasticSearch database contained approximately 134 million documents, and amounted to...
Tap 'n Ghost Attack Creatively Targets Android Devices
Researchers have created a novel proof-of-concept PoC attack named Tap ‘n Ghost, which targets Near Field Communication NFC-enabled Android smartphones. This allows an attacker to take control of a target phone simply by tricking the victim into placing their handset on a specially crafted surfac...
Multiple Sierra Wireless AirLink Routers Open to Remote Code Execution
Sierra Wireless is warning that additional AirLink router models, which are targeted toward IoT applications, are vulnerable to previously-disclosed critical flaws. The vulnerabilities are part of the 11 critical bugs disclosed on Sierra Wireless’ AirLink ES450 LTE router last week – only now,...
Cisco Patches Critical Flaw In ASR 9000 Routers
Cisco has rushed out patches for a critical vulnerability in its ASR 9000 routers that could give remote, unauthenticated attackers access to the devices – as well as the power to launch denial-of-service DoS attacks against them. The flaw is specifically in Cisco Aggregation Services Routers ASR...
RSA Conference 2019: NIST's Privacy Framework Starts to Take Shape
Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus. The National Institute of Standards and Technology has plans to help companies address data privacy with the...
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...
RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions
SAN FRANCISCO – Much has been made of the cybersecurity workforce gap, and it appears to be a persistent issue: A full 69 percent of respondents in a recent survey said that they have cybersecurity teams that are understaffed. According to ISACA’s State of Cybersecurity 2019 survey, released at t...
Microsoft Adds New Exploit Mitigations to IE 10
Windows 8 is still off on the horizon somewhere, but the new version of Internet Explorer that’s coming with it–IE 10–already is in consumer preview and it includes some major changes to the exploit mitigations. In addition to the existing implementations of ASLR, DEP and others technologies in...
Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion
“As tanks rolled into Ukraine, so did malware,” summarized humanitarian author Andreas Harsono, referring to the novel malware that Microsoft has named FoxBlade. On Monday, the company reported that its Threat Intelligence Center MSTIC had detected cyberattacks launched against Ukraine’s digital...
Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data
Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. The vulnerability is under active exploitation in the wild, it said, and could allow attackers to access sensitive information. According to a securit...
VMware Sounds Ransomware Alarm Over Critical Severity Bug
VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10. The company said the flaw could allow a remote attacker to exploit its products and take control of a company’s affected system. VMware went a step further on Tuesday, calling on IT securi...
$100K Paid Out for Google Cloud Shell Root Compromise
Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...
Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms. The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rati...
Critical Cisco ‘CDPwn’ Flaws Affect Millions of Devices
Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol CDP, the info-sharing layer that maps all Cisco equipment on a network. Researchers at Armis say that the vulnerabilities, which they disclosed on Wednesday and collectively dubbed...
Mean Time to Hardening: The Next-Gen Security Metric
On average, it takes an organization 15 times longer to close a vulnerability than it does for attackers to weaponize and exploit one. Seven days to weaponize and 102 days to patch. Let that sink in. Once a vulnerability is disclosed, it’s you against them in a race to either secure or exploit; a...
Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS
An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting XSS attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and...
Iran-linked APT33 Shakes Up Cyberespionage Tactics
Following a recent report detailing APT33’s infrastructure and tactics, the Iranian state-sponsored threat actor shook up its cyberespionage efforts by adopting new tools and reassigning key domain infrastructure. The infrastructure overhaul stems from a March 2019 Symantec report exposing the...
Lax Telco Security Allows Mobile Phone Hijacking and Redirects
As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security...
Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
Hacking tools allegedly developed by the National Security Agency NSA were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with t...
Host of Flaws Found in CUJO Smart Firewall
Multiple vulnerabilities have been uncovered in the CUJO Smart Firewall, which is a security hardware device aimed at protecting home networks against malware, phishing websites and hacking attempts. CUJO is widely available, including on Amazon where it has racked up 1,000+ customer reviews. The...
Cisco Accidentally Released Dirty CoW Exploit Code in Software
Cisco Systems revealed in a security bulletin Wednesday that it “inadvertently” shipped in-house exploit code that was used in security tests of scripts as part of its TelePresence Video Communication Server and Expressway Series software. The code exploits the Dirty Cow vulnerability...
Firms Detail Zero Days Targeting Windows Kernel
After they were patched in yesterday’s round of Patch Tuesday security bulletins, security firms have begun to peel back the layers on two zero-day vulnerabilities that are being used in limited, targeted attacks against Microsoft’s Windows Kernel. According to FireEye, one of the firms that...
Windows XP End of Life a Security Milestone
Forget for a moment the impending cryptoapocalypse because of aging and/or subverted encryption standards and algorithms. Microsoft this week put out the word on the scourge that is Windows XP. The latest Microsoft Security Intelligence Report goes to great pains to encourage users to move off th...
Microsoft Warns Users About ChapCrack Tool Availability
Microsoft is warning customers about the availability of the ChapCrack tool that Moxie Marlinspike built to crack the VPN credentials for systems built on MS-CHAPv2 protocol. The company said that while it’s not aware of any active attacks using the tool, customers can protect themselves by...
Moobot Botnet Chews Up Hikvision Surveillance Systems
Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder NVR products are being actively targeted by the Mirai-based botnet known as Moobot. FortiGuard Labs has released a report detailing how the Moobot botnet is leveraging a known remote code executio...
VMware Warns of Ransomware-Friendly Bug in vCenter Server
VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers. They’re all serious, but one –...
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
A massive Intel security update this month addresses flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth – including...
Attacks on Linksys Routers Trigger Mass Password Reset
UPDATE Home Linksys router users were targeted in a cyberattack that changed router settings, and redirected requests for specific webpages and domains to malicious Coronavirus-themed landing pages that were booby-trapped with malware. Researchers identified the attack last month, and earlier thi...