15946 matches found
Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline
Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researche...
Travelex Knocked Offline by System-Wide Malware Attack
A “computer virus” has forced foreign currency exchange giant Travelex to shut down its online services and its app – leaving its retail locations to carry out tasks manually and many customers stranded without travel money. Its global banking partners have also been left adrift with no way to bu...
TikTok Banned By U.S. Army Over China Security Concerns
With backlash swelling around TikTok’s relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. TikTok, a social media app used to create and share short form videos, is owned by Beijing-based parent...
Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap
From data breaches and the ransomware epidemic to new regulation and an outcry around data privacy, 2019 has been a wild ride for the infosec community. Threatpost breaks down the top news stories, trends and topics for this year. Listen to the full podcast or download direct. For a lightly-edite...
NSO Group President Defends Controversial Tactics
In a rare public appearance by Shiri Dolev, the president of the secretive NSO Group Technologies, the company leader vented over what she called “false myths” about the firm. Dolev also took indirect aim at secure messaging platforms, offered by the likes of Facebook, explaining surveillance...
Federal Data Privacy Bill Takes Aim at Tech Giants
A new digital privacy bill has been introduced to the the Senate, which would give the Federal Trade Commission FTC more teeth when it comes to providing oversight on tech companies’ use of consumer data. Sen. Maria Cantwell D-Wash., ranking member on the Senate Commerce Committee, led the...
Platinum APT Shines Up New Titanium Backdoor
APT threat group Platinum has a shiny new plaything: A custom trojan backdoor dubbed Titanium. The backdoor’s name, aside from keeping with the silvery metal theme, comes from password to one of the self-executable archives found in the code. According to Kaspersky researchers who analyzed the...
City of Johannesburg, on Second Hit, Refuses to Pay Ransom
The city of Johannesburg, South Africa, is refusing to pay a ransom of four Bitcoins to a hacker group who accessed the city’s network and stole sensitive data, threatening to release it if the ransom wasn’t paid. It’s the second time in several months that the city has been hit with a cyberattac...
China's Sway Over Tech Companies Tested with Apple, Blizzard
At least two American tech companies, Apple and gaming giant Blizzard, have come under fire – from different quarters – for wading into waters surrounding the Hong Kong protests that have been ongoing since June. The situation is shaping up to be a test for the American tech sector’s commitment t...
Masad Spyware Uses Telegram Bots for Command-and-Control
A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control C2 hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal...
Dunkin’ Donuts Gets Hit with Lawsuit Over 2015 Attack
Dunkin’ Donuts is being sued for violating New York state data breach notification laws. The lawsuit alleges that Dunkin’ parent company, Dunkin’ Brands, failed to disclose a breach in 2015 that affected nearly 20,000 customers who were part of the company’s DD Perks loyalty program. New York...
'Narrator' Windows Utility Trojanized to Gain Full System Control
A suspected Chinese advanced persistent threat APT group has been spotted attacking tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows. According to BlackBerry Cylance, the attackers also deploy a version of the...
1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack
A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say. Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM...
Facebook, Microsoft Challenge Industry to Detect, Prevent ‘Deepfakes’
Facebook, Microsoft and a number of universities have joined forces to sponsor a contest promoting research and development to combat deepfakes, or videos altered through artificial intelligence AI to mislead viewers. The two tech giants—along with the Partnership on AI and academics from Cornell...
Adult Content Site Exposed Personal Data of 1M Users
The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database. The website, which focuses on anime-themed, user-uploaded adult content, has over 1 milli...
Streamlining Patch Management: Expert Advice
Patch management has been a song of constant sorrows for system administrator. There have been improvements. But still, 80 percent of enterprise systems feature unpatched CVE vulnerabilities, according CA Veracode’s State of Software Security. The good news is, software patching has gotten better...
Researcher Bypasses Instagram 2FA to Hack Any Account
A researcher earned a $30,000 bug bounty from Facebook after discovering a weakness in the Instagram mobile recovery process that would allow account takeover for any user, via mass brute-force campaigns. Independent researcher Laxman Muthiyah took a look at Instagram’s mobile recovery flow, whic...
Authentication Bypass Bug Hits Top Enterprise VPNs
UPDATE VPN apps built by four vendors — Cisco, F5 Networks, Palo Alto Networks and Pulse Secure — improperly store authentication tokens and session cookies without encryption on a user’s computer, according to an alert from the U.S. government’s Cybersecurity and Infrastructure Security Agency...
SAS 2019: 4 Stuxnet-Related APTs Form Gossip Girl, an 'Apex Threat Actor'
SINGAPORE – The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger and far busier than previously known...
Visitor Kiosk Access Systems Riddled with Bugs
Visitor-management systems protect business against physical threats such as unwanted and unidentified guests. But many of these lobby-based perimeter checkpoints are opening up companies to a bevy of cyber-threats. On Monday, IBM’s penetration testing team, X-Force Red, released a report that...
Microsoft Patches Two Critical Vulnerabilities Under Attack
Microsoft’s Patch Tuesday update today included a massive 95 fixes that tackle vulnerabilities in Windows, Office, Skype, Internet Explorer and its Edge browser. Twenty-seven of Microsoft’s patches fix remote code execution issues, allowing attackers to remotely take control of a victim’s PC...
Latest Tax Scams Include Phishing Lures, Malware
Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...
Move Over Conficker, Web Threats are Top Enterprise Risk
Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is...
Inside the 1,000 Red October Cyberespionage Malware Modules
The Red October espionage malware campaign is providing security researchers with a deep dive into the complexity of targeted attacks, which in this case made use of more than 1,000 malware modules for everything from reconnaissance on targets to exfiltration of data to command and control server...
ZuoRAT Can Take Over Widely Used SOHO Routers
A novel multistage remote access trojan RAT that’s been active since April 2020 is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others. The malware, dubbed ZuoRAT, can access the local LAN, capture packets being transmitted on the device an...
Zoom Patches ‘Zero-Click’ RCE Bug
Zoom patched a medium-severity flaw, advising Windows, macOS, iOS and Android users to update their client software to version 5.10.0. The Google Project Zero security researcher Ivan Fratric noted in a report that an attacker can exploit a victim’s machine over a zoom chat. The bug, tracked as...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...
Scammers Pose as Meal-Kit Services to Steal Customer Data
Attackers are piggybacking off the booming market for meal-kit delivery services since the pandemic, and sending SMS phishing messages doctored up to look like they’re legitimate correspondence from popular brand names — including HelloFresh and Gousto. This is just another example of why the wor...
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Known for discovering a number of high-profile zero days—in Google’s own...
Cyberattackers Target Top Russian Cybercrime Forums
Maza, a place online for fraudsters and extorters to connect to pull off their operations, has been breached by an unknown attacker, in just the latest in a series of attacks targeting elite Russian-language cybercrime forums. Members are worried that their data is being used by researchers and l...
Billions of Passwords Offered for $2 on Dark Web
A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together old...
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball
The Mimecast certificate compromise reported earlier in January is part of the sprawling SolarWinds supply-chain attack, the security firm has confirmed. Mimecast joins other cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys in being targeted in...
Tenda Router Zero-Days Emerge in Spyware Botnet Campaign
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. In addition to denial-of-service DoS attacks, this variant also has remote-access trojan RAT and spyware capabilities. According to 360Netlab, the botnet is unusual in a few ways. For one, on the RAT...
UPDATED: Garmin Suffers Reported Ransomware Attack
Garmin, maker of fitness trackers, smartwatches and GPS-related products, has reportedly suffered a widespread ransomware attack — though the facts around the cause remain unconfirmed for now. The manufacturer tweeted on Thursday that its Garmin Connect service is down; Garmin is a free app for...
Most companies are ignoring your most vulnerable endpoint…and it’s not the laptop
It’s an open secret that mobile devices are your weakest security link. We pretend not to know how vulnerable they are to attack, nor how exposed they leave your business. A 2019 study found that most companies allow mobile devices to access between 1/3 and 3/4 of their most business-critical...
Tokyo Olympics Postponed, But 5G Security Lessons Shine
The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...
Defying Covid-19’s Pall: Pwn2Own Goes Virtual
Covid-19 has brought the world to grinding halt, but for the hacking competition Pwn2Own, that wasn’t the case. The event, planned for CanSecWest this week in Vancouver, went virtual along with the conference itself. Faced with travel restrictions and new social-distancing guidelines, contestants...
TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in...
Greta Thunberg: Emotet's Person of the Year
There’s no doubt that teenage climate-change activist and Time Person of the Year Greta Thunberg inspires people around the world – and it turns out, this includes cybercriminals. More specifically, she’s inspiring as an opportunity: According to the Proofpoint Threat Insight team, a global...
GitLab Doles Out Half a Million Bucks to White Hats
GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...
Feds Crack Down on Money Mules, Warn of BEC Scams
The Justice Department said this week that it is cracking down on money mules, i.e., middlemen who assist in fraud schemes by receiving money from victims and forwarding proceeds to foreign-based perpetrators. So far, feds say they have halted more than 600 domestic money mules – exceeding the 40...
Microsoft OAuth Flaw Opens Azure Accounts to Takeover
A vulnerability in the way Microsoft applications use OAuth for third-party authentication could allow an attacker to take over Azure cloud accounts. OAuth is a protocol that allows app users to share data about their accounts with third-party websites or apps, so that when they sign into the app...
Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers
As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers. The news comes as a new report shows that in tandem, the retail industry is experiencing more breaches than any other industry in 2019 as criminals consistent...
Pitney Bowes Hit with Ransomware Attack
Shipping services company Pitney Bowes was hit with a ransomware attack that disrupted customer access to key services, the company said Monday. The attack comes on the heels of an FBI advisory on Oct. 2 that U.S. companies should be on alert for ransomware attacks, which are increasing in...
A Deepfake Deep Dive into the Murky World of Digital Imitation
About a year ago, top deepfake artist Hao Li came to a disturbing realization: Deepfakes, i.e. the technique of human-image synthesis based on artificial intelligence AI to create fake content, is rapidly evolving. In fact, Li believes that in as soon as six months, deepfake videos will be...
Fin7 Cybergang Retools With New Malicious Code
The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper samp...
AG Barr, Officials to Facebook: Don't Encrypt Messaging
U.S. Attorney General William Barr is among government officials asking Facebook CEO Mark Zuckerberg to halt or at least delay a plan to add end-to-end encryption to its messaging services in an effort to bolster consumer privacy. The move, unveiled Thursday, once again sparked the privacy debate...
Cyber-Risk Business Cases: Using Economic Impact to Justify TIG Investment
It sure is a difficult time to be a network defender. According to one industry report, as many as 85,000 malicious websites are launched daily, along with 8 million spam and phishing attacks; and, there are anywhere from 30-50 million malicious domains out there at any time. Scale seems to be...
Cisco Extends Patch for IPv6 DoS Vulnerability
Cisco has extended its patch for a high-severity IPv6 denial-of-service DoS vulnerability that was first addressed in 2016. The bug CVE-2016-1409 is a vulnerability in the IPv6 packet processing functions of multiple Cisco products, which could allow an unauthenticated, remote attacker to cause a...
ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users
While macOS is often touted as “safer” on the cybersecurity front compared to Windows-based systems, cybercriminals are in fact increasingly targeting Apple’s ecosystem. The number of attacks on macOS users through malicious and potentially unwanted programs has been increasing annually since 201...