15946 matches found
FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics
The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors — however, the Federal Bureau of Investigation’s Cyber Division has issued a chilling warning the Games’ TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that...
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered — and it had been sitting there for a decade, researchers said. The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without...
Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
With Magento 1 reaching end-of-life EOL on Tuesday, Adobe is making a last-ditch effort to urge the 100,000 online stores still running the outdated version to migrate to Magento 2. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. After June 30...
Wiper Malware Called "Coronavirus" Spreads Among Windows Victims
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record MBR. It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that...
U.S. Pipeline Disrupted by Ransomware Attack
A ransomware attack has hit a natural gas compression facility in the U.S., the feds have warned. The attack resulted in a two-day pipeline shutdown as the unnamed victim worked to bring systems back online from backups. The attackers were able penetrate the IT portion of the facility’s network,...
It’s Time for Your SOC to Level Up
Given an ever-increasing cyberattack surface, a global security workforce shortage, as well as an increased frequency and sophistication of attacks, security operations centers SOCs need to leverage better tools – namely artificial intelligence AI – in order to manage threats. An organization’s S...
Microsoft Patches RCE Bug Actively Under Attack
A critical bug in a Microsoft scripting engine, under active attack, has been patched as part of Microsoft’s Patch Tuesday security roundup. The vulnerability exists in Internet Explorer and allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page, or, if...
Docker Containers Riddled with Graboid Crypto-Worm
The Docker cloud containerization technology is the target for a just-discovered cryptojacking worm dubbed Graboid. According to researchers at Palo Alto’s Unit 42, the worm, which looks to mine the Monero cryptocurrency, has infected more than 2,000 unsecured Docker Engine Community Edition host...
Gamers Warned of High-Severity Intel, Nvidia Flaws
Chip giants Intel and Nvidia have stomped out high-severity flaws in two popular products, both commonly used by gamers. Impacted are the Nvidia Shield TV and Intel NUC short for Next Unit of Computing mini-PC kit. Nvidia Shield TV is a media streaming box powered by Nvidia’s Tegra X1...
Facebook Records User Audio, Sparking Privacy Questions
Facebook has admitted that it has been transcribing audio chats between its users on its Messenger platform. Sources said that it’s paying hundreds to third-party outside contractors to do so. The latter calls into question Facebook’s data-handling practices when it comes to being open with its...
Citrix Confirms Password-Spraying Heist of Reams of Internal IP
UPDATE Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network. The attackers intermittently accessed Citrix’ infrastrucur...
The Future is Female: A Key to the Cybersecurity Workforce Challenge
By 2022, 2 million cybersecurity positions globally are projected to be open, even as the threat landscape accelerates and becomes more complex. To meet this growing workforce shortage, women are a crucial, largely untapped reservoir of talent that businesses should be courting. In this Threatpos...
Extinguishing the IoT Insecurity Dumpster Fire
It’s no secret IoT security has been a dumpster fire. Last week, it was reported two million IP security cameras, baby monitors and smart doorbells have serious IoT flaws with no known patches. The list, of course, is added to a long list of IoT nightmares that have been reported over the past fi...
Qualcomm Critical Flaw Exposes Private Keys For Android Devices
Researchers have uncovered a side-channel attack that enables a bad actor to extract sensitive data from Qualcomm’s secure keystore. The critical flaw impacts most modern Android devices that use Qualcomm chips. The issue stems from an issue in Qualcomm technology, dubbed the Qualcomm Secure...
Mobile-First Phishing Kit Targets Verizon Customers
As people increasingly go mobile-first in their work and personal lives, cybercrime is keeping up: The latest is a phishing kit that specifically targets Verizon Wireless customers in the U.S. According to Jeremy Richards, a researcher at Lookout Security, the kit pushes phishing links to users v...
UCL Ransomware Linked to AdGholas Malvertising Group
A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit...
Office Zero Day Delivering FINSPY Spyware to Victims in Russia
Since at least January, unidentified state-sponsored attackers have been targeting victims in Russia with FINSPY spyware delivered in exploits for an Office and WordPad zero-day vulnerability patched on Tuesday by Microsoft. Separately, the same zero-day has been leveraged in financially motivate...
EFF Blasts Microsoft Over Windows 10 Rollout
The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10. The digital watchdog group says Microsoft’s strategy of pushing the Windows 10 upgrade application onto users...
iOS Developer Site at Core of Facebook, Apple Watering Hole Attack
UPDATE – The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers’ forum called iPhoneDevSDK which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond t...
Attackers Can Use 'Self-Destruct' Feature to Kill Flame
The attackers behind Flame can easily clean up compromised computers, according to research by security firm Symantec who found that some attackers have been able to use command-and-control C&C servers to completely remove the malware from certain machines. According to a post on Symantec’s...
Waves of Attacks Target Adobe Reader Bug From 2010
Thanks to the wonderful tendency of users not to update their applications, old vulnerabilities never die, they just get overtaken by newer and shinier ones. The attackers know this well, and every once in a while they serve up a nice reminder to the rest of us. The most recent one of these is a...
Ten Years After Gates's Memo, Effects Still Being Felt
Ten years. That’s a really long time. Think about what you were doing 10 years ago. Can you even remember? Maybe you were in college or high school, or cripes, even grade school. Or maybe you were working in security already, trying to figure out why your network kept getting overrun by viruses a...
Mobile Madness
Admit it. It would scarcely break your heart if the legions of slack-jawed smartphone Facebook and FourSquare gawkers were forced to confront their own digital mortality – however briefly – with a few scary exploits made just for them. In 2011, the untethered among us saw several mobile security...
After attacks, Microsoft readies security patches
From CIO Robert McMillan Corporate IT staffers will get a double whammy next week, as both Microsoft and Oracle are set to release critical security updates cio.com on the same day, including a likely fix for an Excel bug that has been used by cybercriminals. This month, Oracle’s quarterly softwa...
Mitel VoIP Bug Exploited in Ransomware Attacks
Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP Voice over Internet Protocol application and using it as a springboard plant malware on targeted systems. The critical remote code execution RCE flaw, tracked as CVE-2022-29499, was first report by Crowdstrike in April a...
Android Patches Actively Exploited Zero-Day Kernel Bug
Among Google’s November Android security updates is a patch for a zero-day weakness that “may be under limited, targeted exploitation,” the company said. Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework and system components and another 18 address vulnerabilities in...
Compromised Website Images Camouflage ObliqueRAT Malware
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan RAT, which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were...
Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
New research has found evidence that a Chinese-affiliated threat group APT31 has hijacked a hacking tool previously used by the Equation Group which has been tied to the U.S. National Security Agency, or NSA. The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation LPE...
Nvidia Warns Windows Gamers of GeForce NOW Flaw
Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices. GeForce NOW is the brand used by Nvidia for its cloud-based gaming servic...
Zoom Scrutinized As Security Woes Mount
The New York attorney general, Letitia James, is demanding more information about how Zoom secures user data. The inquiry comes amidst mounting public scrutiny of the web conferencing platform’s data privacy and security policies. In a Monday letter, James questioned whether Zoom’s security...
Fake Smart Factory Honeypot Highlights New Attack Threats
A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems ICS face with increased exposure to the internet...
Public Bug Bounty Takes Aim at Kubernetes Container Project
A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation CNCF. The Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling...
Rooster Teeth Attack Showcases New Magecart Approach
The online store for the Rooster Teeth video-streaming service has been hit with a malicious web redirect attack by Magecart, which allowed the cybercriminals to harvest users’ payment-card details. The attack marks a slight departure from the group’s typical tactics. Rooster Teeth, which offers...
APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims
The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, linked to its own...
Apple Issues Silent Update Removing Zoom's Hidden Server
Apple has pushed a silent update to Mac users that removes a hidden web server from Zoom users’ machines. The Zoom web- and video-conferencing service has come under scrutiny for its handling of a zero-day bug CVE-2019–13450 found by researcher Jonathan Leitschuh, which would allow an attacker to...
DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws
A Department of Homeland Security DHS order now requires agencies to remediate critical vulnerabilities discovered on their systems in 15 days – cutting in half the previous deadline of 30 days. That’s according to a Tuesday binding directive, which is a compulsory order for federal, executive...
Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities
LockerGoga, the malware that took down Norsk Hydro last week, has taken the industrial world by storm, as researchers race to uncover more about the mysterious ransomware that crippled several of the aluminum maker’s plants. Questions still remain about how the malware first infects the system it...
Malware Payloads Hide in Images: Steganography Gets a Reboot
One of the challenges of cybersecurity is that overfocusing on one threat trend means that another one can sneak up on you. This is especially problematic as our networks and the attack surface expands. Beyond threat vectors, though, we also need to pay attention to the entire spectrum of threat...
TheMoon Rises Again, With a Botnet-as-a-Service Threat
TheMoon, an IoT botnet targeting home routers and modems, is entering a new phase, as it were: It has added a previously undocumented module that allows it to be sold as-a-service to other malicious actors. This has already had significant real-world consequences, according to CenturyLink Threat...
Misunderstanding APT Indicators of Compromise
Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. Reports of APT activities detail compromises spanning multiple organizations, sectors, industry...
Facebook Releases osquery to Open Source
Facebook is in a giving mood today. The social networking giant announced today that it will release to open source a framework that detects and logs state changes in an operating system likely caused by an attack or performance meltdown. It also announced that it will hand out up to $300,000 nex...
Researchers Investing in EMET Bypasses More than Hackers
Exploits bypassing Microsoft’s Enhanced Mitigation Experience Toolkit, or EMET, are quickly becoming a parlor game for security researchers. With increasing frequency, white hats are poking holes in EMET, and to its credit, Microsoft has been quick to not only address those issues but challenge a...
Microsoft Pushes Emergency Patch For ASP.NET Flaw
Microsoft has released the emergency out-of-band patch for the ASP.NET padding oracle attack, less than two weeks after a pair of researchers discussed the flaw and a reliable attack against it at a security conference in Argentina. The patch for the ASP.NET bug is only available through...
Firewall Bug Under Active Attack Triggers CISA Warning
Software running Palo Alto Networks’ firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency CISA to issue a warning to public and federal IT security teams to apply available fixes. Federal agencies urged to patch the bug by September 9. Earlier this month, Pal...
Russia Issues Its Own TLS Certs
Russia is offering its own trusted Transport Layer Security TLS certificate authority CA to replace certificates that need to be renewed by foreign countries. As it is, a pile of sanctions imposed in the wake of Russia’s invasion of Ukraine is gumming up its citizen’s access to websites. As it is...
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...
Android Malware ‘FlyTrap’ Hijacks Facebook Accounts
Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. In a report posted on Monday, Zimperium’s zLabs mobile threat research teams wrote that FlyTrap has...
MacOS Being Picked Apart by $49 XLoader Data Stealer
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...
Fujitsu SaaS Hack Sends Govt. of Japan Scrambling
Threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu’s software-as-a-service SaaS platform and gaining access to its systems. The Japan-based tech giant temporarily disabled ProjectWEB enterprise after learning of the attack, which is known to...
DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates
Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal foru...