15946 matches found
Apple Sues Corellium Over iOS 'Replica' Security Testing Software
Apple has sued startup Corellium for copyright infringement, alleging that the company has developed “exact digital replicas” of its iPhone operating system without authorization – from the code down to the graphical user interface. While details about Florida-based Corellium on its website are...
Clickjacking Evolves to Hook Millions of Top-Site Visitors
Clickjacking, where links on a website redirect unknowing users to spam, advertising or malware, has been around for decades. However, new tactics that defy the best mitigation efforts of browsers has led to it affecting millions of internet users browsing the web’s top sites, researchers found i...
Researcher: Not Hard for a Hacker to Capsize a Ship at Sea
Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively low-skill enterpris...
Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies
Equifax, the credit agency behind this summer’s breach of 143 million Americans, said this week the number of victims implicated in the breach has increased. Paulino do Rego Barros, Jr., the company’s interim CEO, announced Monday that 2.5 million additional Americans were also impacted, bringing...
Complete Microsoft EMET Bypass Developed
SAN FRANCISCO — Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit EMET. Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning...
Microsoft to Pay $200,000 for Innovative Defense Technology in Blue Hat Prize Program
LAS VEGAS–In the face of mounting external pressure to begin paying bug bounties, Microsoft is instead launching a new program that will pay a $200,000 top prize to a security researcher who develops the most innovative defensive security technology. The program is designed to “inspire researcher...
BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
The BotenaGo botnet source code has been leaked to GitHub, putting millions of routers and internet-of-things IoT devices at risk, researchers said. In a Wednesday report, AT&T Alien Labs – which first discovered the difficult-to-detect malware in November – said it expects that the ready...
TA505 Gang Is Back With Newly Polished FlawedGrace RAT
The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...
A New Security Paradigm: External Attack Surface Management
Ran Nahmias, Co-founder and CBO, Cyberpion In the past, a web application or online service could be taken at face value by your customers and employees. It was created, developed, and secured by your organization, and every element of the IT infrastructure that supported that service was under...
How To Defend the Extended Network Against Web Risks
Smart cybercriminals are going after web servers and browsers, more so than after individuals. Unfortunately, these types of attacks often go ignored, as they’re harder to test for in terms of pen-testing. With much of the world now working remotely, this threat has intensified. Attackers use...
TrickBot Takes Over, After Cops Kneecap Emotet
A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall f...
Cloud Attacks Are Bypassing MFA, Feds Warn
The Feds are warning that cybercriminals are bypassing multi-factor authentication MFA and successfully attacking cloud services at various U.S. organizations. According to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency CISA, there have been “several recent...
Microsoft Exchange, Outlook Under Siege By APTs
New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access OWA and Outlook on the Web – in order to steal business credentials and other sensitive data. Both Microsoft’s Exchange mail server and...
Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers
A ransomware gang that just emerged this month dubbed Egregor claims to have hacked the source code to the upcoming gaming release, Watch Dogs: Legion. And in separate gaming news, a popular fantasy title called Albion — a massive multiplayer online role-playing game MMORPG — has been hacked...
WordPress Plugin Flaw Allows Attackers to Send Forged Emails
More than 100,000 WordPress websites are affected by a high-severity flaw in a plugin that assists websites in sending out emails and newsletters to subscribers. The vulnerability exists in the Email Subscribers & Newsletters plugin by Icegram, which enables users to collect leads, send automated...
Bluetooth Impersonation Attacks Affect Legions of Devices
Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to...
Microsoft Teams Impersonation Attacks Flood Inboxes
A convincing cyberattack that impersonates notifications from Microsoft Teams in order to steal the Office 365 credentials of employees is making the rounds, according to researchers. Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal...
Hacker Scheme Threatens AdSense Customers with Account Suspension
A new e-mail based extortion attack threatens users of Google’s AdSense banner-ad program with creating online behavior that will warrant them an account suspension—perhaps a permanent one–from Google if they don’t pay the attackers in bitcoin. The scam—revealed in a post by security writer and...
Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges
Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access DMA capability. DMA is a processing-efficiency approach for peripherals such as PCI cards or network interface cards that, as the name suggests,...
Card Skimmer Hits Australian Bushfire Donation Site
Concerned global citizens making donations to help fight the massive Australia bushfires have been caught up in a Magecart attack, after one of the groups implanted a payment-card skimmer on the check-out page of a legitimate online donation site. Researchers ran across the Magecart script, named...
SDKs Misused to Scrape Twitter, Facebook Account Info
Twitter and Facebook are warning of software development kits SDKs that could be embedded within a mobile application and used to harvest personal user information. The SDKs, which the tech giants said are maintained by oneAudience and MobiBurn, could be used by mobile app developers to craft...
Download: 2019 Security Team Assessment Template
As a security professional, it is critical that you assess the performance of your security team and keep in-the-know regarding your current security posture, in addition to planning ahead. ‘The Ultimate 2019 Security Team Assessment Template‘ is a first-of-its-kind tool that encapsulates all the...
James Clapper: Lessons Learned in a Post-Snowden World
LAS VEGAS – The 2013 leaks by Edward Snowden highlight holes in the U.S. government around transparency and proactively dealing with insider threats, former national intelligence director James Clapper acknowledged. The U.S. intelligence community needs to be more transparent with the public, whi...
Threat Actor Impersonates USPS to Deliver Backdoor Malware
A new threat actor has been found impersonating the U.S. Postal Service USPS and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. The campaigns, which researchers from cybersecurity firm...
HP Touchpoint Analytics Opens PCs to Code Execution Attack
A security flaw, discovered in an open-source software program that is a key component of HP’s TouchPoint Analytics service, is opening up a wide swath of HP computers to attack. The vulnerability, if exploited by local attackers with administrative privileges, can allow them to execute arbitrary...
GandCrab Operators Resurface with REvil Malware
The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...
Dangerous Cryptomining Worm Racks Up 850K Infections, Self-Destructs
A French and U.S. law-enforcement effort has neutralized 850,000 infections by a cryptomining worm known as Retadup, by causing the threat to destroy itself. The worm has been distributing the malicious XMRig cryptocurrency miner to computers running the Windows operating system, mostly in Latin...
Zebrocy: A Russian APT Specializing in Victim Profiling, Access
Zebrocy, the Russian speaking threat group that shares similarities and overlaps with both the Sofacy and BlackEnergy APTs, is once again roaming the wide plain of government, foreign-affairs and military targets. Researchers have spotted the group using a new first-stage malware dropper in recen...
New Mirai Samples Grow the Number of Processor Targets
New samples of the Mirai malware have been identified, targeting an array of embedded processors and architectures within connected devices. Researchers said that they discovered new Mirai samples in February 2019, capable of infecting IoT devices running Altera Nios II, OpenRISC, Tensilica Xtens...
Google's April Android Security Bulletin Warns of 3 Critical Bugs
Google has fixed three critical remote code execution bugs in its Android operating system, which could allow a remote attacker to hijack a vulnerable system simply by sending a malicious file. The flaws are part of Google’s April Android Security Bulletin, which includes patches for three critic...
Threatlist: IMAP-Based Attacks Compromising Accounts at 'Unprecedented Scale'
Attackers mounting password-spraying campaigns are turning to the legacy Internet Message Access Protocol IMAP to avoid multi-factor authentication obstacles – thus more easily compromising cloud-based accounts. That’s according to researchers with Proofpoint, who found that in the past half year...
Energy, Nuclear Targeted with Template Injection Attacks
Days after news broke last week that advanced, persistent threat actors penetrated nuclear facilities, researchers are explaining techniques used by adversaries to gain toeholds in similar targets in energy. Cisco Talos reported Friday that email-based attacks, leveraging template injection...
Stakeholders Argue Against Restrictive Wassennaar Proposal
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise...
February 2014 Microsoft Patch Tuesday Security Bulletins
The expected continued respite from deploying Internet Explorer patches was apparently a mirage as Microsoft changed course from last Thursday’s advance notification and added two more bulletins to the February 2014 Patch Tuesday security updates, including the first IE rollup of 2014. IE had...
Attackers Exploit Java, Compromise Reporters Without Borders Site
The Java saga continued when unknown, and apparently well concealed goons exploited recent Java and Internet Explorer zero-days to compromise the website of the French-based, free-press advocacy group, Reporters Without Borders. The attack, which attempted to take advantage of the time-gulf that...
Microsoft Reveals Blue Hat Prize Finalists
Microsoft has announced the three finalists for its $200,000 Blue Hat Prize contest and all three of the researchers in the running for the win submitted technologies designed to defeat ROP return-oriented programming exploits. Each of the entrants takes a different tack with his ROP defense and ...
MS Windows Token Kidnapping Problems Resurface
Microsoft’s problems with Token Kidnapping .pdf on the Windows platform aren’t going away anytime soon. More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference...
Coming on MS Patch Tuesday: 10 bulletins, 6 critical
Microsoft plans to ship 10 security bulletins next Tuesday June 9, 2009 with fixes for a wide range of code execution vulnerabilities affecting Windows, Microsoft Office and Internet Explorer. Six of the ten bulletins will be rated “critical,” Microsoft’s highest severity rating. See the advance...
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days. The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows...
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine VM, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives – in games...
Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming
The official Facebook page of a destroyer-class Navy warship, the USS Kidd, has gone rogue: Someone has taken over the page in order to…stream Age of Empires play. Age of Empires is a real-time online multiplayer strategy game in which the objective is to advance one’s civilization. Players “buil...
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft was quick to respond with a fix to an attack dubbed “PetitPotam” that could force remote Windows systems to reveal password hashes that could then be easily cracked. To thwart an attack, Microsoft recommends system administrators stop using the now deprecated Windows NT LAN Manager NTLM...
NPM Package Steals Chrome Passwords
A credentials-stealing code bomb that uses legitimate password-recovery tools in Google’s Chrome web browser was found lurking in the npm open-source code repository, waiting to be planted within the sprawling galaxy of apps that pull code from that source. Researchers caught the malware filching...
Unpatched, Critical RCE Bug Allows Utility Takeovers
A critical remote code-execution RCE vulnerability in Schneider Electric programmable logic controllers PLCs has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments. If...
DeathStalker APT Spices Things Up with PowerPepper Malware
The DeathStalker advanced persistent threat APT group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal sectors, according to...
Zoom Takes on Zoom-Bombers Following FTC Settlement
Zoom has once again upped its security controls to prevent “Zoom-bombing” and other cyberattacks on meetings. The news comes less than a week after Zoom settled with the Federal Trade Commission over false encryption claims. Two of the new features allow moderators to act as “club bouncers,” givi...
Bug Bounty FAQ: Top Questions, Expert Answers
Seldom does Threatpost have the privilege to tap the collective brain trust of one cybersecurity corner of the threat landscape. But last month, Threatpost brought together leading voices in the bug bounty community to participate in a webinar Five Essentials for Running a Successful Bug Bounty...
Researchers Warn of Flaw Affecting Millions of IoT Devices
Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things IoT devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity or even overdose a...
WhatsApp Axes COVID-19 Mass Message Forwarding
In an effort to stem what it says is misinformation being spread on its platform, WhatsApp is limiting the number of recipients to which its users can forward certain messages about the COVID-19 pandemic. Now, users of the Facebook-owned messaging app can only forward messages with double arrows ...
Walgreens Mobile App Leaks Prescription Data
Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers’ full names and information on prescriptions for medications they are taking. The security issue stemmed from an “error” in the personal secure messaging feature ...