15946 matches found
Microsoft Agrees to Modify Windows 8 Following EU Complaint
Microsoft announced Wednesday it will tweak the release of its forthcoming Windows 8 operating system to comply with the European Commission, which argues that in its current state, the software fails to offer customers a browser choice screen to let them “easily choose their preferred web...
New Trojan For Mac Used In Attacks On Tibetan NGOs
The security firm Alienvault reports that its own research on phishing attacks against non governmental organizations supporting the Tibetan Government in Exile is now being used as bait in a new round of phishing attacks on those same NGOs. The firm warned the public on Monday about a round of...
The Ryan & Roel Show Episode 7
Emergency IE Patch – Fri, January 9, 2009 Ryan and Roel dissect the latest wave of malware attacks against Microsoft Internet Explorer browser and discuss the company’s plans to ship an emergency out-of-band update. Download episode...
Top Six Security Bad Habits, and How to Break Them
Cybercrime is on the rise, and attacks are getting faster, more nuanced and increasingly sophisticated. The number of cyberattack-related data breaches rose 27 percent in 2021 — an upward trend that shows no signs of slowing down. Bad security habits, such as using the same password more than onc...
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and...
‘Lone Wolf’ APT Uses Commodity RATs
An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager
Adobe is urging its throngs of Acrobat Reader users to update their software to fix critical vulnerabilities that could allow adversaries to execute arbitrary code on unpatched versions. The warnings are part of the firm’s September monthly security update, which this month addresses 59 bugs foun...
Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins
A tiny-sized malware that packs a big punch has been targeting supercomputers, especially those used in academia and scientific enterprises. It allows initial access for a variety of follow-on attacks, including credential theft – and potentially data exfiltration or cryptomining. That’s accordin...
Trump, Sanders Are the Top Brands for Cybercriminals
Unwanted and malicious emails using political-themed lures has spiked as the presidential primary season cranks into high gear – with Donald Trump and Bernie Sanders representing the lion’s share of subject line themes. Since the beginning of the year, Proofpoint researchers have tracked subject...
New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...
The Case for Cyber-Risk Prospectuses
Sometimes our investments lose money. It’s not for lack of trying, indeed most investment firms make money off the growth of our investments. But despite best intentions and detailed investment plans, we sometimes end up with less than that with which we started. This can be due to outside forces...
Wawa Data Breach: Malware Stole Customer Payment Card Info
Popular convenience-store chain Wawa Inc. has disclosed a data breach potentially affecting all of its 850 locations. The breach stemmed from malware on its in-store payment processing systems that collected customers’ payment card data – for almost 10 months. The popular chain of Wawa convenienc...
Unique Monokle Android Spyware Self-Signs Certificates
A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan RAT for Android called Monokle, has been spotted using novel techniques to exfiltrate data. According to the Lookout researchers who discovered Monokle in the wild, the malware has the ability to self-sign...
Protecting Against Ransomware Attacks: A Checklist
Sometimes all it takes is a malicious email to infect an entire municipality with ransomware, freezing important city systems from water utilities or websites. That was the case with the Florida city of Riviera Beach, which paid hackers $600,000 after being hit by a ransomware attack that downed...
Popular Samsung, LG Android Phones Open to 'Spearphone' Eavesdropping
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers motion sensors to infer speech from the devices’ speakers. An acronym for “Speech privacy exploit via accelerometer-sensed...
How to Model Risk in an Apex Predator Cyber-World
The threat-intelligence researchers at Alphabet’s Chronicle have borrowed the apex predator concept from ecology to describe today’s multi-organizational, multinational threat actors — the evolution of which could provoke an overhaul of risk analysis and management. However, it’s important to kee...
Cardinal RAT Resurrected to Target FinTech Firms
A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...
Researcher Says NSA's Ghidra Tool Can Be Used for RCE
Ghidra, a free, open-source software reverse-engineering tool that was released by the National Security Agency at RSA, has been found to be a potential conduit to remote code-execution. Ghidra is a disassembler written in Java; software that breaks down executable files into assembly code that c...
Threatpost Poll: Are Password Managers Too Risky?
Do you use a password manager? Or do you think they pose too much of a risk, holding all the keys to the kingdom? Weigh in with our poll, below. A little background: There have been vulnerabilities found before in this kind of software, which is meant to take the headache out of remembering...
Eight Cryptojacking Apps Booted From Microsoft Store
Microsoft booted eight malicious apps from its official desktop and mobile app store after researchers found the programs surreptitiously mined for Monero cryptocurrency. Researchers who discovered the apps said that an unspecified, but significant number, of users may have downloaded the rogue...
Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE
For a long time, Microsoft’s monthly Patch Tuesday security bulletins have periodically addressed use-after free vulnerabilities, the latest class of memory corruption bugs that have already found their way into a number of targeted attacks. Microsoft has implemented mitigations to address memory...
Interview with Kaspersky Chief Malware Expert Alex Gostev
The last year has seen a lot of changes in the threat landscape, with the emergence of a number of new cyber espionage tools such as Gauss and Flame, as well as an increase in the volume of malware targeting mobile platforms such as Android. Recently, Alex Gostev, the chief malware expert at...
Microsoft Takes Aim at Malvertising Threat
Less than a week after a malicious advertising attack against the New York Times ad servers, Microsoft filed five civil lawsuits against companies allegedly using online advertising to serve malware. The lawsuits allege that individuals using the business names “Soft Solutions,” “Direct Ad,”...
Ken "Skywing" Johnson joins Microsoft security team
Microsoft has hired yet another well-known security researcher to join its ever-growing team of exploit and defense experts. This time it’s Ken Johnson, known in the hacker world as Skywing. Johnson is known as an expert on debugging and reverse engineering, and has done a tremendous amount of wo...
iPhone Users Urged to Update to Patch 2 Zero-Days
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. Patches are available fo...
Starlink Successfully Hacked Using $25 Modchip
A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat. Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal UT—or...
DragonForce Gang Unleash Hacks Against Govt. of India
According to a new advisory from Radware, a hacktivist group called DragonForce Malaysia, “with the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India.” In addition to DDoS, their...
‘Elephant Beetle’ Lurks for Months in Networks
Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity. The Sygnia Incident...
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Researchers have discovered a Nigerian threat actor trying to turn an organization’s employees into insider threats by soliciting them to deploy ransomware for a cut of the ransom profits. Researchers at Abnormal Security identified and blocked a number of emails sent earlier this month to some i...
WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin that has more than...
Ransomware Gang Arrested for Spreading Locky to Hospitals
A cybercriminal gang have been arrested for spreading the Locky ransomware among hospitals, among other crimes. In an operation spearheaded by Romania’s law enforcement department, four people have been taken into custody after their houses were raided – three in Romania and one in neighboring...
Bitcoin Stealers Hide in 700+ Ruby Developer Libraries
About 760 malicious libraries, bent on stealing Bitcoin, have been identified so far in the open-source Ruby programming language code base. According to Tomislav Maljic, threat analyst at ReversingLabs, cybercriminals have been using simple typosquatting to carry out their plan – which is the...
Evil Corp Returns With New Malware Infection Tactic
Cybercrime group Evil Corp a.k.a. Dudear is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware. Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors. Microsoft is unclear...
10 Steps for Ransomware Protection
Just the thought of ransomware is enough to keep CISOs and security teams up at night. Victims are caught in an awful choice between paying a ransom to a criminal who may or may not release their captured network and data, or potentially spending millions of dollars to remove the ransomware on...
Google Play Malicious Apps Racked Up 335M+ Installs In September
Despite Google’s stepped up efforts to ban malicious apps hosted on Google Play 172 harmful apps – installed 335 million times by users – have been discovered on the platform in September alone. ESET researcher Lukas Stefanko said on Tuesday that the majority of those 172 malicious apps were...
CISOs: Support vendor security ops for best cloud results
Data from McKinsey Insights suggests that many CISOs are uneasy about increasing dependence on SaaS applications and the security risks – real or perceived – the cloud represents. Their apprehension isn’t slowing down cloud adoption. As McKinsey put it, “Most companies … will eventually confront...
VLC Media Player Allows Desktop Takeover Via Malicious Video Files
Two high-risk vulnerabilities in the VLC media player could allow an adversary to craft a malicious .MKV video file that could be used in an attack to gain control of the victim’s PC. The flaws were made public Monday by the developer of the open-source VLC media player, VideoLAN project, who als...
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
LAS VEGAS – Apple is giving its bug bounty program a much-needed makeover. The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilitie...
Large-Scale Government Hacks Hit Russia, Bulgaria
A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russia’s main security agency FSB that represents the largest data heist ever experienced there. In Bulgaria, cybercriminals were able to infiltrate...
Privacy Experts: Facebook's $5B Fine Unlikely to Do Much
The $5 billion fine that the Federal Trade Commission has slapped on Facebook for privacy violations may be the largest ever levied by the agency, but it’s being derided as “chump change” and ineffective by lawmakers and privacy analysts. The settlement, reported Friday evening, stems from...
Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders
The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...
Windows 10 Update Bricks PCs, Microsoft Offers Workarounds
Microsoft has acknowledged that a Windows 10 bug is causing some users’ systems to freeze after using their System Restore feature. The issue arose after users complained that when they updated Windows 10 and attempted to restart their system, they were met with a “Stop error” that blocked them...
Extinguishing the IoT Insecurity Dumpster Fire
It’s no secret IoT security has been a dumpster fire. Last week, it was reported two million IP security cameras, baby monitors and smart doorbells have serious IoT flaws with no known patches. The list, of course, is added to a long list of IoT nightmares that have been reported over the past fi...
Oracle Squashes 53 Critical Bugs in April Security Update
Oracle is urging customers to patch critical vulnerabilities in its products as part of its massive April update, which fixes a whopping 297 flaws. Of those flaws, 53 vulnerabilities in Oracle products had a CVSS score of 9.0 or higher, making them “critical” severity – and in fact, 49 of those...
Privacy Regulations Needed for Next-Gen Cars
Driverless automobiles, long-haul trucks and military transport vehicles are on a fast track for wide deployment over the next five to 10 years. That much is clear. Vehicle manufacturers are all in, and innovation is racing forward. Meanwhile, captains of industry and political leaders are eager ...
Podcast: RSA Conference 2019 Preview
The RSA 2019 conference is right around the corner, kicking off next week in San Francisco. As they prepare to cover the show, Threatpost editors Lindsey O’Donnell, Tom Spring and Tara Seals break down the biggest news, stories and trends – from artificial intelligence and government security to...
Coffee Meets Bagel Dating App Warns Users of Breach
Popular dating app Coffee Meets Bagel has sent its users an email notifying them that their data may have been “acquired by an unauthorized party.” The news comes days after a massive database containing the information of around 6.2 million Coffee Meets Bagel users showed up on the Dark Web. Use...
Black Hole Exploit Kit Targeting Java CVE-2012-1723 Flaw
A new fork of the Black Hole exploit kit is making quick work of a recently patched Java vulnerability and security researchers say that the attackers are registering new sites quickly to exploit users with vulnerable browsers. The CVE-2012-1723 Java vulnerability that the Black Hole exploit kit ...
Popular Sports Site Goal.com Serves Malware
Goal.com, a popular football aka “soccer” for all us Yanks news site was hacked and found serving malware via drive-by-downloads between April 27 and 28, according to a post by Web security firm Armorize. In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker...
Mitel VoIP Bug Exploited in Ransomware Attacks
Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP Voice over Internet Protocol application and using it as a springboard plant malware on targeted systems. The critical remote code execution RCE flaw, tracked as CVE-2022-29499, was first report by Crowdstrike in April a...