15946 matches found
Scammers Prey on Instagram Vanity and 'Verified Account' Status
UPDATE A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information. The scam centers around Instagram’s labeling of verified accounts, which indicates that the account user is a...
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public...
Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller ADC and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary co...
IoT Flaw Allows Hijacking of Connected Construction Cranes
A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over. The internet of things IoT continues to add new types of objects to its footprint, as industries start leveraging connectivity to increa...
Unpatched Citrix Flaw Now Has PoC Exploits
Proof-of-concept PoC exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller ADC and Citrix Gateway products. The vulnerability CVE-2019-19781, which Threatpost reported on in December, already packs a double-punch in terms...
Square, PayPal POS Hardware Open to Multiple Attack Vectors
Mobile point-of-sale POS terminals have revolutionized the retail space in many ways, with devices such as Square offering locations like mall kiosks, small coffee shops and roadside stands a handy and cost-effective way to accept credit cards. Unfortunately, more than half of leading mobile POS...
Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack
UPDATE Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments and used in millions of wireless access points open corporate networks to crippling stealth attacks. Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable...
Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat APT espionage campaign this summer. The exploit chain ended with a freshly discovered remote access...
WordPress Plugin Bug Opens 100K Websites to Compromise
A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...
Google Warning Gmail users on China Spying Attempts
Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply rand...
Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”
A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Ax...
Most ServiceNow Instances Misconfigured, Exposed
Nearly 70 percent of instances of the software-as-a-service SaaS platform ServiceNow Customers aren’t locking down access correctly, leading to 70 percent of ServiceNow implementations tested by AppOmni being potentially exposed to the public. ServiceNow is a $4.5 billion company whose software...
Agent Tesla RAT Returns in COVID-19 Vax Phish
The Agent Tesla remote access trojan RAT is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure. Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with...
Nation-State Phishing: A Country-Sized Catch
Thanks to the traditional role of phishing in widespread email scams, there is a general tendency to equate it with clearly fraudulent and obnoxiously implausible emails. While this misperception has not evolved, phishing campaigns have. Andrea Little Limbago Once a threat that went hand-in-hand...
Girl Scouts Issues Data Breach Warning to 2,800 Members
The Orange County, Calif. branch of the Girl Scouts of America has been hacked, potentially exposing personal information for thousands of members. Rest assured though: The cookies are safe, even those of the computing type. According to a letter to members filed with the state PDF, an...
Hackers Compromise Cisco Servers Via SaltStack Flaws
Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...
Obamacare Sign-Up Channel Breach Affects 75K Consumers
A hack of the government’s Affordable Care Act-mandated healthcare exchanges has exposed the files of 75,000 individuals. According to the Centers for Medicare and Medicaid Services CMS, its staff detected “anomalous activity” in the Direct Enrollment pathway on Oct. 13 – with a breach declared...
Android Devices Hunted by LodaRAT Windows Malware
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both...
Cisco ASA Bug Now Actively Exploited as PoC Drops
Researchers have dropped a proof-of-concept PoC exploit on Twitter for a known cross-site scripting XSS vulnerability in the Cisco Adaptive Security Appliance ASA. The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for...
Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab...
Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw
UPDATE A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers. The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching...
Forget BlueKeep: Beware the GoldBrute
While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...
Google Updates reCAPTCHA: No More Boxes to Check
Google this week has rolled out its latest version of the reCAPTCHA mechanism, which is meant to weed out spam and abuse by robots on websites. It marks a dramatic departure from previous reCAPTCHA efforts by eliminating the need for visitors to take any extra steps in order to log onto a website...
Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft
Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...
U.S. Elections True Test for Facebook’s Disinformation Crackdown
As the U.S. midterm elections commence on Tuesday, all eyes are on Facebook and other social-media companies to see how they continue to crack down on misinformation and other political meddling efforts on their platforms. Facebook for its part on Monday evening said it has barred an additional 1...
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...
SandboxEscaper Debuts ByeBear Windows Patch Bypass
Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation LPE flaw — again without notifying Microsoft. The exploit, dubbed “ByeBear,” enables attackers to get past the patch to attack a permissions-overwrite,...
PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking
A proof-of-concept PoC attack details how an attacker can gain access a victim’s Microsoft Live webmail session, without having the person’s credentials. It relies upon the hijack of a Microsoft-owned Live.com website subdomain. The PoC, developed by CyberInt, demonstrates what it characterizes a...
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
A just-patched, critical remote code-execution RCE vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned – as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platfor...
Microsoft Pulls Bad Windows Update After Patch Issue
Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...
Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28
U.S. and U.K. authorities are warning that the APT28 advanced-threat actor APT – a.k.a. Fancy Bear or Strontium, among other names – has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets...
ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms
A study of abandoned websites owned by leading global corporations hammers home the point that old web applications need to be properly mitigated or retired. Otherwise, these resources often haunt a firm long after they have been forgotten. Researchers at High-Tech Bridge used the Financial Times...
Kraken Ransomware Upgrades Distribution with RaaS Model
The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service RaaS model to underground forum customers, via a video...
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
UPDATE Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting XSS flaws could allow attackers to execute JavaScript in targets’ browsers. Including Adobe Experienc...
Critical WordPress Plugin Bug Can Lock Admins Out of Websites
A pair of security vulnerabilities in the WordPress search engine optimization SEO plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000...
Critical SAP Bug Allows Full Enterprise System Takeover
A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers. SAP’s widely deployed collection of enterprise resource planning ERP software is used to manage their financials, logistics, customer-facing organizations, hum...
TeaBot Trojan Haunts Google Play Store, Again
The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps,...
COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware
Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread medi...
19-Year-Old WinRAR Flaw Plagues 500 Million Users
Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on...
Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws
Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets – now targeting well-known vulnerabilities in Apache Struts and SonicWall. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a...
UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forge
As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports. Two days earlier, on...
Critical Security Flaw in WordPress Plugin Allows RCE
Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files including PHP files and ultimately execute remote code on vulnerabl...
Google Warns Spyware Being Deployed Against Android, iOS Users
Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group TAG revealed details in a blog post...
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and...
Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other...
Exploit Code Released for ASP.NET Flaw
A few days after MIcrosoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability. The proof-of-concept exploit code was posted to the Full Disclosure mailing list and is available for download from...
Critical Intel Flaws Fixed in Active Management Technology
Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges. The critical flaws exist in Intel’s Active Management Technology AMT, which is used for remote out-of-band management of personal...
New Microsoft Excel Attack Vector Surfaces
UPDATE A feature in Microsoft Office’s Excel spreadsheet program called Power Query can be exploited to plant malware on remote systems. Researchers at Mimecast Threat Center say they have developed a proof-of-concept attack scenario and reported the vulnerability Thursday. The exploitable featur...