15946 matches found
Lenovo High-Severity Bug Found in Pre-Installed Software
Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving ...
Tor Browser Issues Update for Critical System Takeover Flaw
Tor Browser has updated to version 8.5.2, to address a critical security flaw in Mozilla’s Firefox browser that is under active exploit in the wild. The critical flaw CVE-2019-11707 is a type confusion vulnerability in the Array.pop, which is an array method that is used in JavaScript objects in...
Full Insight into the Internal Environment with Cynet Free Visibility
Organizational IT security teams have the enormous job of protecting their assets while monitoring and eliminating exposed attack surfaces. Achieving real-time visibility and doing so quickly and efficiently is integral to this, unfortunately though, it eats into resources, frequently requiring...
'Unhackable' Biometric USB Offers Up Passwords in Plain Text
A USB stick dubbed eyeDisk that uses iris recognition to unlock the drive claims to be “unhackable” – only, it isn’t. In fact, a simple Wireshark analysis revealed the device’s password – in plain text. David Lodge of Pen Test Partners noticed the product on Kickstarter, where it amassed enough...
Top 5 Configuration Mistakes That Create Field Days for Hackers
Sometimes it’s the little things that lead to big consequences. When it comes to cybersecurity, hacks more often than not stem from minor missteps – or even completely preventable, obvious mistakes. Common security mistakes and overlooked misconfigurations can open the door for attackers to drop...
Facial Recognition 'Consent’ Doesn’t Exist, Threatpost Poll Finds
Half of respondents in a recent Threatpost poll said that they don’t believe consent realistically exists when it comes to real-life facial recognition. The recent poll of 170 readers comes as facial recognition applications continue to pop up in the real world – from airports to police forces...
Financial Apps are Ripe for Exploit via Reverse Engineering
A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface API keys and use them to attack the vendor’s...
Grindr Poses National Security Risk, U.S. Gov Says
UPDATE The Committee on Foreign Investment in the United States CFIUS has named the ownership of popular gay dating app Grindr a national security risk, according to a report. Grindr describes itself as “the world’s largest social networking app for gay, bisexual, transgender and queer people.” A...
Thunderclap Flaws Shatter Peripheral Security
UPDATE A set of vulnerabilities collectively dubbed “Thunderclap” is putting computers at risk from weaponized peripheral devices think network cards, storage and graphics cards, and even chargers and video projectors. The flaws reside in the Thunderbolt hardware interface developed by Intel in...
Ever-Changing Emotet Evolves Again with Fresh Evasion Tactic
The Emotet trojan has seen a spike in activity in the last month, with a campaign that once again showcases its ability to evolve quickly: It’s now employing a different delivery mechanism than has previously been seen, in what appears to be an effective tactic for evasion. Emotet, which has beco...
Threatpost Poll: Is It Impossible to Secure Mobile Devices?
Between applications and operating systems, a slew of mobile threats continue to pop up – and when it comes to security, it’s getting harder and harder for enterprises to keep up. Just in the past week, Apple patched a massive flaw in its FaceTime allowing a bad actor to eavesdrop on victims; whi...
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol OCSP was patched this week, closing a denial-of-service weakness in affected servers. The patch was the most severe of 14 released yesterday by OpenSSL. OCSP is an alternative in many cases to Certificate...
China APT Gang Targets Hong Kong Media via Dropbox
An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a...
Microsoft Considering Public-Key Pinning for Internet Explorer
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks...
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities. The Mac OS X v10.6.3 update, which is considered “critical,” covers flaws that could lead to...
Inside Microsoft's July Security Patch Batch
Microsoft released six security bulletins today — three rated Critical and three rated Important. Two of the issues are being actively exploited on the Internet and four of the issues are client-side vulnerabilities, which means the exploit can only occur if a user visits an evil website or opens...
HPE Fixes Critical Zero-Day in SIM
Hewlett Packard Enterprise HPE has fixed a critical zero-day remote code execution RCE flaw in its HPE Systems Insight Manager SIM software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers,...
Google Warns Mac, Windows Users of Chrome Zero-Day Flaw
Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems. The vulnerability exists in Blink, the browser...
Mysterious Silver Sparrow Malware Found Nesting on 30K Macs
Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware dubbed Silver Sparrow has been executing on...
Microsoft Edge, Google Chrome Roll Out Password Protection Tools
Two major browsers –Microsoft Edge and Google Chrome – are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Edge and Chrome’s moves signify a bigger push by browsers to solve the big “passwo...
Dickey's BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker's Stash
Popular U.S. smoked-meat franchise Dickey’s Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data – 3 million payment cards – on the popular Joker’s Stash underground marketplace this week. The Dallas-based franchise, which is a subsidiary o...
Rare Bootkit Malware Targets North Korea-Linked Diplomats
A firmware bootkit has been spotted in the wild, targeting diplomats and members of non-governmental organizations NGOs from Africa, Asia and Europe. It has turned out to be part of a newly uncovered framework called MosaicRegressor. According to researchers from Kaspersky, code artifacts in some...
NSA Mass Surveillance Program Illegal, U.S. Court Rules
A U.S. federal appeals court ruled that the controversial National Security Agency NSA mass surveillance program exposed in 2013 was illegal – and may have even been unconstitutional. The call comes seven years after former NSA contractor and whistleblower Edward Snowden outed the mass surveillan...
Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection
A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...
Malicious Google Web Extensions Harvest Cryptowallet Secrets
Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims. Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search...
PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack
A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up...
Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability HA service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet. Cisco Smart Software...
Ashley Madison Breach Extortion Scam Targets Hundreds
Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. The 2015 data breach of the adultery website led to 32 million accounts being publicly dumped online, including victims’ names,...
News Wrap: Deepfake CEO Voice Scam, Facebook Phone Data Exposed
In this week’s news wrap ended Sept. 6, the Threatpost team breaks down the biggest news of the week, including: Cybercrooks successfully fooling a company into a large wire transfer using an AI-powered deepfake of a chief executive’s voice and Facebook, Microsoft and a number of universities...
The Texas Ransomware Attacks: A Gamechanger for Cybercriminals
Texas officials have been left scrambling after up to 22 Texas entities – the majority of which are local governments – were hit by a coordinated ransomware attack on Friday. So far, these include the cities of Borger and Keene, and Texas officials say the attacks are all connected and carried ou...
Black Hat 2019: WhatsApp Users Still Open to Message Manipulation
LAS VEGAS – Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Facebook-owned WhatsApp is a popular end-to-end encrypted messaging platform with at least 1.5 billion users. Researchers with Check Point...
ThreatList: Top 8 Threat Actors Targeting Canada in 2019
Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019. In particular, campaigns are typically launched by...
Salesforce Woes Linger as Admins Clean Up After Service Outage
After a massive service outage on Friday, software-as-a-service giant Salesforce restored partial access to its affected customers over the weekend, while admins continued with cleanup into Monday. The outage was brought on by a scripting error that affected all Pardot marketing automation softwa...
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
There was a lot more to the name game behind choosing titles for ZombieLoad, Spectre and Meltdown than picking cool and edgy attack titles. If you have ever wondered why they were named what they were, Threatpost tracked down one of the researchers behind the naming convention and discovery and...
BEC Hack Cons Catholic Church Out of $1.75 Million
A church in Brunswick, Ohio was scammed out of a whopping $1.75 million as a result of a business email compromise BEC attack. St. Ambrose Catholic Parish, which has around 16,000 members, has been working on a massive $4 million church renovation, dubbed “Vision 20/20” – but attackers figured ou...
Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks
SAN FRANCISCO – Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at...
Google Ditches Passwords in Latest Android Devices
Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password. On Monday, Google and the Fast IDentity Online FIDO Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users...
NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
The massive NotPetya ransomware outbreak that crippled organizations around the world last year turns out to have links to the Industroyer backdoor, which targets industrial control systems ICS and took down the Ukrainian power grid in Kiev in 2016. In fact, the same threat actor – dubbed TeleBot...
Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks
NTLM has a long history of serious vulnerabilities and of causing anxiety for Windows and UNIX server admins. Their collective angst is unlikely to lessen today with the disclosure of a pair of new vulnerabilities in the protocol suite. Microsoft today patched one of the issues among its Patch...
Swagger Vulnerability Leads to Arbitrary Code Injection
An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...
End of Life Internet Explorer 8, 9, 10 Security Support
Anxiety was high around April 8, 2014 when Microsoft officially closed the door on security support for Windows XP. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed. The anticipated malware apocalypse, however, never...
Dennis Fisher and Mike Mimoso on the End of the Patch Tuesday Era, Section 215 and More
Dennis Fisher and Mike Mimoso talk about the end of the Patch Tuesday era for most Microsoft customers, the appeals court ruling on Section 215 metadata collection and Dennis’s idea for a security industry commission. Download: digitalunderground201.mp3 Music by Chris Gonsalves...
Free Beacon Article Redirects to ZeroAccess Rootkit, Fake AV
Update: Aaron Harison, president of the Center for American Freedom, told Threatpost this morning that the issue has been resolved and the site is no longer serving malware. Hackers have latched on to the NSA surveillance story—literally. A news story on the outing of whistleblower Edward Snowden...
Katie Moussouris on the Microsoft Blue Hat Prize
Dennis Fisher talks with Katie Moussouris of Microsoft about the company’s new Blue Hat Prize for innovative defensive security technology, why Microsoft didn’t start a bug bounty program and whether this will become an annual contest. Podcast audio courtesy of sykboy65 Subscribe to the Digital...
Fake Reservation Links Prey on Weary Travelers
A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied to COVID-related travel restrictions, the threat group has ramped up campaigns to exploit an uptick in travel and related airline and hotel...
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand...
Gaming, Banking Trojans Dominate Mobile Malware Scene
The number of cyberattacks launched against mobile users was down last year, researchers have found — but don’t pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed ...
Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover
A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed full remote takeover of accounts, with admin rights to read, write and delete any information to a database instance. According to researchers at Wiz, any Azure customer could access...
Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots
Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability—discovered by researchers at enterprise...
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control C2 servers. That’s according to researchers who...