15946 matches found
What You Need to Know About Next Gen EDR
Endpoint Detection & Response EDR is the main mode of cybersecurity utilized by many organizations. Already recognized in 2012 as its own category, EDR was pushed as the ideal response to the rapidly changing threatscape that until then had been dealt with though not so successfully primarily...
News Wrap: Emotet's Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
From the re-emergence of an infamous malware, to a new lawsuit against Edward Snowden, Threatpost editors Lindsey O’Donnell and Tara Seals break down this week’s top news. Top stories include: Emotet, the notorious banking trojan, is back after a summer hiatus. The U.S. sued Edward Snowden over h...
DEF CON 2019: Picture Perfect Hack of a Canon EOS 80D DSLR
LAS VEGAS – Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users. The bugs, outlined in a session here at DEF CON, open the door to a range of hacks via a Wi-Fi network or a PC’s USB connection to a camera. Eyal...
Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer
Never-before-seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted on various websites masquerading as an Adobe Flash Player installer, drops malicious applications and browser extensions on victims’ systems when downloaded. OSX/CrescentCore is spread via...
Second Florida City Pays Hackers $500k Post-Ransomware Attack
UPDATE A city in Florida has paid hackers almost $500,000 after suffering a ransomware attack that locked down its email systems and servers – only the latest municipality to be hit by ransomware and pay the ransom. The Florida municipality, Lake City, has a population of 12,046 and is located in...
Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited
UPDATE Users of the popular Yuzo Related Posts plugin are being urged to uninstall the plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk. Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is...
FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors
The Federal Emergency Management Agency exposed the personal identifiable information of 2.3 million survivors of hurricanes Harvey, Irma and Maria and the California wildfires in 2017, by oversharing survivor data with a contractor when it wasn’t necessary. Worse, the contractor’s networks has...
Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection
UPDATE Fujitsu is stopping sales for its popular wireless keyboard after a researcher discovered it is vulnerable to keystroke injection attacks that could allow an adversary to take control of a victim’s system. Researchers with Germany-based SySS reported on Friday that the high-severity...
Cisco Accidentally Released Dirty CoW Exploit Code in Software
Cisco Systems revealed in a security bulletin Wednesday that it “inadvertently” shipped in-house exploit code that was used in security tests of scripts as part of its TelePresence Video Communication Server and Expressway Series software. The code exploits the Dirty Cow vulnerability...
Microsoft Plans to Disable SSLv3 in IE, All Online Services
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...
Ryan Naraine on Exploit Mitigations and the MS12-020 RDP Bug
Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release. Podcast audio courtesy of sykboy65...
Microsoft Fixes BEAST SSL Bug in January Patch Tuesday
Microsoft on Tuesday patched the vulnerability in Windows that was exploited by the BEAST SSL attack tool developed by Juliano Rizzo and Thai Duong last year. The patch is one of several rated important that was issued by Microsoft in January’s Patch Tuesday release, and there also was a critical...
Microsoft To Patch Critical Office Flaw
Microsoft will use its monthly patch to fix a critical security hole in versions of its Microsoft Office suit that could allow attackers to run malicious code on vulnerable systems. The company announced details of its upcoming monthly patch for November on Thursday. This months patch also includ...
MS Denies Windows 7 Backdoor Allegations
Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency NSA official testified before Congress that the agency had worked on the operating system. “Microsoft has not and will not put ‘backdoors’ into Windows,” a...
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Researchers have found financial and technological links between the Karakurt cybercriminal group and two high-profile ransomware actors that signal a shift in business operations and an expansion of opportunities for the threat actors to target victims, they said. Karakurt—a financially motivate...
VMware Warns of Ransomware-Friendly Bug in vCenter Server
VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers. They’re all serious, but one –...
Apple Patches Zero-Day MacOS Bypass Bug
Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracke...
Utah Ponders Making Online ‘Catfishing’ a Crime
Legislature introduced in Utah means it could soon be illegal there to pretend to be someone else when engaging in certain types of deceptive activities on the internet, a practice known as “catfishing.” The Online Impersonation Prohibition up for debate this week in the Utah House of...
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
Microsoft has addressed 58 CVEs nine of them critical for its December 2020 Patch Tuesday update. This brings the computing giant’s patch tally to 1,250 for the year – well beyond 2019’s 840. This month’s security bugs affect Microsoft Windows, Edge EdgeHTML-based, ChakraCore, Microsoft Office an...
NSA Warns: Patched VMware Bug Under Active Attack
Active attacks against a flaw in VMware’s Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug classified as a zero-day at the time. Now the U.S. National Security Agency NSA has escalated concerns and on Monday warned that foreig...
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
A massive Intel security update this month addresses flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth – including...
Update: VLC Media Player Plagued By Unpatched Critical RCE Flaw
UPDATE After a German security agency reported a critical vulnerability existed in VLC open-source media player that could enable remote code execution and other malicious actions, the developers of VLC said that the media player is not vulnerable. The VLC media player, developed by the VideoLAN...
AI Isn't Good Enough When Lives Are on the Line, Experts Warn
LONDON, UK – With the infosec community eyeing artificial intelligence as the next big frontier for cyber defense, experts here at Infosecurity Europe on Tuesday warned that several challenges in how AI processes and interprets data need to first be fleshed out before widespread adoption. AI, in...
WhatsApp Zero-Day Exploited in Targeted Spyware Attacks
UPDATE WhatsApp is urging users to update as soon as possible, after a zero-day vulnerability found in its messaging platform was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. First reported by the Financial Times, the popular messaging app...
Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
UPDATE Microsoft patched a zero-day in its JET Database Engine this week – but the patch was incomplete, according to researchers at 0patch. The company has developed a micropatch that corrects that hole, it said Friday. The memory corruption vulnerability CVE-2018-8423 could allow remote...
Threatlist: Hackers Turn to Python as Attack Coding Language of Choice
Python was recently touted as on track to become the world’s most prevalent coding language, looking to swallow, as it were, the majority of the market share for developers. According to recent analysis, Python’s popularity also extends to black hats. Mirroring the findings around its use by code...
Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers. Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform...
Microsoft, Adobe Exploits Top List of Crooks’ Wish List
A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. According to researchers see chart below Microsoft products made up a whopping 47 percent of th...
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
Intel patched a critical privilege escalation vulnerability in its Active Management Technology AMT, which is used for remote out-of-band management of PCs. AMT is part of the Intel vPro platform Intel’s umbrella marketing term for its collection of computer hardware technologies and is primarily...
'EmoCrash' Exploit Stoppered Emotet For 6 Months
A researcher was able to exploit a vulnerability in Emotet – effectively causing the infamous malware to crash and preventing it from infecting systems for six months. Emotet, which first emerged in 2014 and has since then evolved into a full fledged botnet that’s designed to steal account...
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps
A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity. Research uncovered th...
Email Voted a Weak Link for Election Security, with DMARC Lagging
As the 2020 Presidential election looms closer in the United States, a key focus will be on securing election infrastructure to prevent tampering. In a recent analysis, researchers found that email remains a potential weak link, with most counties failing to implement DMARC protections. DMARC whi...
Linux Bug Opens Most VPNs to Hijacking
A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...
Double Vision: Stealthy Malware Dropper Delivers Dual RATs
A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...
News Wrap: Office 365 Voicemail Phish and Bed Bath and Beyond Breach
Threatpost editors Tara Seals and Lindsey O’Donnell break down the top security news of this week, from data breaches to advanced persistent threat APT activity. Top stories include: A Microsoft alert that APT group Fancy Bear has targeted anti-doping authorities and sporting organizations around...
Driver Disaster: Over 40 Signed Drivers Can’t Pass Security Muster
LAS VEGAS – An insecure driver can be just what a hacker needs to get its foot in the door to a Windows environment. Compromised drivers are at the heart of massive security headaches ranging from recent Slingshot APT campaigns and LoJax malware. That’s why researchers at Eclypsium are sounding t...
EA Games Patches Account-Hijacking Bug
Researchers chained together two vulnerabilities in the Electronic Arts EA gaming platform and developed a proof-of-concept attack that allowed for possible account takeovers. A successful attack could allow a malicious actor to gain access to a user’s account and steal credit card information or...
Newly-Discovered Malware Targets Unpatched MacOS Flaw
Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS...
Cybercrime Gang Behind GozNym Banking Malware Dismantled
The cybercrime network behind the GozNym malware, used to siphon $100 million out of its victims, has been dismantled in a massive international investigation, according to authorities. Europol said on Thursday that they are charging 10 members of the GozNym criminal network with spreading the...
Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
Hacking tools allegedly developed by the National Security Agency NSA were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with t...
Cisco Patches Critical ‘Default Password’ Bug
Cisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating systems and hardware. The disclosure is part of a Cisco...
Necurs Botnet Evolves to Hide in the Shadows, with New Payloads
Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a fresh hiding technique to avoid detection while quietly adding more bots to its web. According to research from Black Lotus Labs, which is telecom and ISP provider CenturyLink’s network...
What are Data Manipulation Attacks, and How to Mitigate Against Them
Conventional wisdom says that once an attacker is in the system, moving laterally from network to network, the damage is already done. The adversary has found a way in and more than likely identified the data they’re after. They simply need to exfiltrate it, the last step of the kill chain, to la...
Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked
UPDATE – Hundreds of websites running on the Drupal content management system – including those of the San Diego Zoo and the National Labor Relations Board – have been targeted by a malicious cryptomining campaign taking advantage of unpatched and recently revealed vulnerabilities. The attacks,...
How I Got Here: Katie Moussouris
Dennis Fisher talks with Katie Moussouris of Microsoft about her childhood exploits with Commodore 64 programming, ignoring her Barbies, growing up as a hacker, her days as a pen tester and the challenges of working on security at Microsoft. Download: 12moussouris.mp3 Microsoft image via Robert...
Richard Boscovich on the Zeus Botnet Takedown
Dennis Fisher talks with Richard Boscovich of the Microsoft Digital Crimes Unit about the operation to take down the Zeus botnet, how the company works with partners and law enforcement on these operations and the importance of getting the word out to consumers about the danger of botnets. Podcas...
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
No, you’re not seeing triple: On Friday, Apache released yet another patch – version 2.17 – for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug. Trouble comes in threes, and this is the third one for log4j. The latest bug isn’t a variant of the Log4Shell...
9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery
Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 trojanized games that Doctor Web malware analysts have found on AppGallery, the official app store for Huawei Android. They’re littering the Androi...
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash...
Ransomware Attack Foils IoT Giant Sierra Wireless
A ransomware attack on leading internet-of-things IoT manufacturer Sierra Wireless this week ground its production activity to a halt and froze various other internal operations. The Canadian multinational manufacturer creates a broad array of communications equipment – from gateways to routers,...