15946 matches found
Ransomware Attack Foils IoT Giant Sierra Wireless
A ransomware attack on leading internet-of-things IoT manufacturer Sierra Wireless this week ground its production activity to a halt and froze various other internal operations. The Canadian multinational manufacturer creates a broad array of communications equipment – from gateways to routers,...
Amazon Kindle RCE Attack Starts with an Email
Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices...
Microsoft Warns of Critical Windows Zero-Day Flaws
Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...
ThreatList: Healthcare Breaches Spike in October
October experienced a 44.44 percent month-over-month increase in healthcare data breaches, resulting in 661,830 healthcare records exposed or stolen during the month. That’s according to the Health and Human Services HHS Office for Civil Rights’ monthly report reported via HIPAA Journal. The...
AI, the Mandatory Element of 5G Mobile Security
THE HAGUE, Netherlands – Artificial intelligence will be a requirement for securing carrier 5G networks – which is shaping up to be a technology juggernaut that presents unique challenges unlike any ever seen in the world of telecom until now. That was the assessment at the GSMA Mobile 360 Securi...
Critical Flaws in Khan Academy Opened Door to Account Takeovers
Two critical cross-site request forgery CSRF flaws in educational non-profit Khan Academy’s website may have affected some users by allowing account takeover. Khan Academy, a non-profit learning organization, produces short lessons in the form of videos that can be accessed online. The two critic...
Clever Phishing Attack Enlists Google Translate to Spoof Login Page
UPDATE Recently-discovered phishing emails scoop up victims’ Facebook and Google credentials and hides its malicious landing page via a novel method – Google Translate. The phishing campaign uses a two-stage attack to target both Google and Facebook usernames and passwords, according to researche...
EternalBlue Exploit Spreading Gh0st RAT, Nitol
EternalBlue, the exploit used in the WannaCry ransomware outbreak, is now being leveraged to distribute the Nitol backdoor and Gh0st RAT malware. Security researchers at FireEye said, just as WannaCry criminals did, threat actors are leveraging the same Microsoft Server Message Block SMB protocol...
Microsoft Shuts Down Patch Tuesday Advanced Notifications
Microsoft today pulled the plug on its Advanced Notification Service ANS, offering it going forward only to paying Premier customers. ANS preceded the release of Microsoft’s monthly Patch Tuesday security bulletins; on the Thursday prior, Microsoft would provide users via its security website a...
Microsoft to Fix Broken Patch Tuesday Security Update
Microsoft is still hammering away at a fix for a security update released last week that caused a small number of computers to crash and blue screen. “We are aware of some issues related to the recent updates and we are working on a fix,” a Microsoft representative today told Threatpost. MS14-045...
Microsoft Patches Windows Flaw Exploited by Duqu
Microsoft on Tuesday released 13 security bulletins, including three for critical flaws in Windows Media and in the Windows kernel-mode drivers. The company had planned on releasing 14 bulletins in December’s Patch Tuesday shipment, but officials said that one of the planned fixes was causing a...
Microsoft develops secure Windows XP for military
Microsoft has developed an ultra-secure version of Windows XP, with many settings locked down by default. But the hardened OS isn’t for sale to the general public; it’s made specifically for the military. Microsoft built the secure version of XP a few years ago at the direction of the Air Force,...
Microsoft explains how ActiveX in Office is abused by attackers
On the Microsoft Secure Windows Iniative blog, software engineer Chengyun discusses the default behaviour of ActiveX controls embedded in Office documents. The software giant also provides information on how can an attacker abuse ActiveX and how Office users can change the behavior of ActiveX...
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution RCE zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the...
PDF Feature ‘Certified’ Widely Vulnerable to Attack
Certified portable document format PDF files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of...
Google Patches Actively Exploited Flaw in Chrome Browser
Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw. The vulnerability is one of 47 security fixes that the tech giant rolled out on Tuesday in Chrome 89.0.4389.72, including patches for eight high-severi...
From Triton to Stuxnet: Preparing for OT Incident Response
From an irked former contractor in Australia sabotaging a sewage plant in 2000, to the more high-level 2017 Triton malware attacks on Saudi Arabian petrochemical plants, operational technology OT for critical infrastructure has increasingly been a cybersecurity concern. But now, the COVID-19...
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft
The hotly anticipated release of blockbuster video game FIFA 21 on Oct. 6, along with the return of professional play, are giving soccer fans reason to celebrate. And, unsurprisingly, cybercriminals are already figuring out how to capitalize. A report from researcher Christopher Boyd at...
SAS@Home Virtual Summit Showcases New Threat Intel, Industry Changes
As the COVID-19 pandemic continues to force in-person cybersecurity event cancellations, Kaspersky is forging ahead with a virtual security summit, SAS@home. Topics on the agenda include threat intel on advanced persistent threats APTs, new vulnerability research, and topics related to a...
sLoad Malware Revamped as Powerful 'StarsLord' Loader
The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning. After discovering it being used in several campaigns over the holidays, researchers...
Religious Website Data Exposed for Months
Religious website service Clover Sites exposed customer data for at least six to seven months, with the dataset found twice in two separate, insecure cloud databases. Clover offers a content management system for building and managing faith-based websites, with a “Clover Donations” module for...
Unencrypted Mobile Traffic on Tor Network Leaks PII
Unencrypted, sensitive and confidential user data originating from millions of mobile devices is carried on the Tor network every day. Now researchers say they have devised away to scoop up that data and create personal profiles for specific mobile users, that include GPS coordinates, web...
Sudo Bug Opens Root Access on Linux Systems
A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users or groups of users the ability to run commands in...
Phish Uses Google's URL Decoding to Swim Past Defenses
A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...
Google Triples Some Bug Bounty Payouts
Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...
Shade Ransomware Expands to U.S. Targets
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...
Slack Bug Allows Remote File Hijacking, Malware Injection
A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the...
Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked
For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8...
RatVermin Spyware Targets Ukraine Gov Agencies
Researchers have uncovered an ongoing spear-phishing campaign, targeting the Ukraine government and military with emails aiming to distribute the RatVermin malware, which carries out various info-gathering activities. Researchers said that an infrastructure analysis of the attack indicates that t...
TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack
Two models of TP-Link’s budget routers are vulnerable to zero-day flaws that allow attackers to take control of both. The routers in question are models TP-Link WR940N and TL-WR941ND, according IBM Security, which found the bugs and posted a technical analysis on its discoveries on Monday. “In th...
Anthem, Apple and the Pentagon: A Data-Breach Cornucopia
Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...
New Magniber Ransomware Targets South Korea, Asia Pacific
Researchers identified a new ransomware family called Magniber that uniquely targets only users in South Korea and the Asia-Pacific regions. The ransomware is primarily being distributed by the Magnitude exploit kit, a primary distribution vehicle in the past for Cerber ransomware. Because of...
Wireless 'BlueBorne' Attacks Target Billions of Bluetooth Devices
Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol. Worse, according to researchers at IoT security firm Armis that fou...
Patched Windows Machines Exposed to Stuxnet LNK Flaw All Along
A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability CVE-2015-0096. It is unknown...
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...
Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April. Parallels Desktop, now...
100m T-Mobile Customer Records Purportedly Up for Sale
A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...
Cisco Smart Switches Riddled with Security Holes
Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. It also issued fixes for high-severity problems in the AnyConne...
Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...
Bluetooth Spoofing Bug Affects Billions of IoT Devices
A team of academic researchers have discovered a Bluetooth Low Energy BLE vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks. It potentially impacts billions of Internet of Things IoT devices, researchers said, and remains unpatched in Android...
Overlay Malware Exploits Chrome Browser, Targets Banks and Heads to Spain
Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image...
Magecart Cyberattack Targets NutriBullet Website
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...
Lawsuit Claims Google Collects Minors’ Locations, Browsing History
Google was slapped with a lawsuit this week that alleges that it has been covertly collecting data of students via its G Suite for Education program, which offers its productivity services to students for free. Google’s G Suite for Education program formerly known as Google Education offers free...
7 Tips for Maximizing Your SOC
It takes a special sort of person to be a security analyst. The person must be detail-oriented, curious, intelligent and hard-working, and with a quick reaction time as constant attacks unfold. These analysts have deep expertise that they use during their long shifts to sort through what’s worth...
Twitter Uses Phone Numbers, Emails to Sell Ads
Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads. It calls the move an accident. The revelation is being widely criticized for its obvious breach of user privacy,...
Employers Beware: Microsoft Word 'Resume' Phish Delivers Malware
Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage. Researchers with Cofense said they have recently spotted emails with maliciou...
Trivial Bug Turns Home Security Cameras Into Listening Posts
A vulnerability in the consumer-grade Amcrest IP2M-841B IP home security video camera would allow an attacker to remotely listen to the camera’s audio over the internet, without authentication. “Essentially, if this thing is connected directly to the internet, it’s anyone’s listening device,”...
News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?
The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...
Google Stored G Suite Passwords in Plaintext Since 2005
Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...
Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers
Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code. The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco RV110W Wireless-N VPN...