15946 matches found
Uber Deployed 'Surfcam Spyware' in Australia to Crush the Competition – Report
A rogue employee at rideshare behemoth Uber created and deployed a piece of information-gathering software in order to help his company get a leg up on the local competition in Australia, according to a report. The so-called “secret spyware program” was dubbed Surfcam, and was developed by the...
RSA Conference 2019: Picking Apart the Foreshadow Attack
SAN FRANCISCO – Starting off with a bang with Spectre and Meltdown, 2018 was the year of speculative execution vulnerabilities in CPUs, which wreaked havoc in the IT industry. One of these attacks, dubbed Foreshadow, could allow unauthorized disclosure of information. Foreshadow impacts the Intel...
Microsoft Issues 'Important' Security Fix for Azure AD Connect
Microsoft is warning customers of a bug in its Azure Active Directory Connect product that could allow an adversary to escalate privileges and reset passwords and gain unauthorized access to user accounts. The advisory 4033453 was issued Tuesday via Microsoft’s TechNet website for the vulnerabili...
Microsoft Patches Two Critical Vulnerabilities Under Attack
Microsoft’s Patch Tuesday update today included a massive 95 fixes that tackle vulnerabilities in Windows, Office, Skype, Internet Explorer and its Edge browser. Twenty-seven of Microsoft’s patches fix remote code execution issues, allowing attackers to remotely take control of a victim’s PC...
Latest Tax Scams Include Phishing Lures, Malware
Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...
FreeBSD Patches TCP Processing DoS Vulnerability
FreeBSD has patched a denial-of-service vulnerability that could affect a host of third-party packages built atop the UNIX-like operating system. The vulnerability—found in the way FreeBSD processes TCP packets—was discovered by a member of Juniper Networks’ incident response team. FreeBSD’s...
Amazon Web Services Combing Third Parties for Credentials
Amazon Web Services is actively searching a number of sources, including code repositories and application stores, looking for exposed credentials that could put users’ accounts and services at risk. A week ago, a security consultant in Australia said that as many as 10,000 secret Amazon Web...
ZuoRAT Can Take Over Widely Used SOHO Routers
A novel multistage remote access trojan RAT that’s been active since April 2020 is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others. The malware, dubbed ZuoRAT, can access the local LAN, capture packets being transmitted on the device an...
Microsoft Yanks Buggy Windows Server Updates
Microsoft has yanked the Windows Server updates it issued on Patch Tuesday after admins found that the updates had critical bugs that break three things: They trigger spontaneous boot loops on Windows servers that act as domain controllers, break Hyper-V and render ReFS volume systems unavailable...
FTC to Go After Companies that Ignore Log4j
The Federal Trade Commission FTC will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable ste...
Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels. In a Wednesday post, Ashley Shen, with Google’s Threat Analysis Group TAG, said that TAG attributes the assaults to a group of attackers recruit...
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
U.S. military and government website subdomains have a sticky problem: They’re “quite vulnerable” to blackhat SEO tactics that result in persistent redirects to spammy Viagra ads and porn videos. An example is one that showed up on a dot.mil subdomain on the Minnesota National Guard site you can...
Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers
Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack. Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor previously called...
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data
On the heels of a previously-reported cyberattack on the European Medicines Agency EMA, cybercriminals have spilled compromised data related to COVID-19 vaccinations onto the internet. The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in...
Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers
A ransomware gang that just emerged this month dubbed Egregor claims to have hacked the source code to the upcoming gaming release, Watch Dogs: Legion. And in separate gaming news, a popular fantasy title called Albion — a massive multiplayer online role-playing game MMORPG — has been hacked...
Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables
Google’s latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes – including a critical bug – and a feature that checks if users have any compromised passwords. As of Tuesday, Chrome 86 is being promoted to the stable channel for Windows, Mac and Linux and will ro...
Tenda Router Zero-Days Emerge in Spyware Botnet Campaign
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. In addition to denial-of-service DoS attacks, this variant also has remote-access trojan RAT and spyware capabilities. According to 360Netlab, the botnet is unusual in a few ways. For one, on the RAT...
Adobe Patches Critical RCE Flaw in Character Animator App
Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw CVE-2020-9586 is found in versions 3.2 and earlier...
Spear-Phishing Attack Lures Victims With 'HIV Results'
Recently discovered spear-phishing emails are using a unique “scare-factor” lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. Researchers are warning of a recent campaign involving emails claiming to come from Vanderbilt University Medical...
Small Tax-Preparation Firms at Higher Risk this Tax Season, Report
This tax season crooks are targeting users with a new crop of scams that include leveraging remote desktop software and compromising small tax-prep company websites. “If you have the word ‘tax’ in your domain name; you’re a target this year,” warns Sherrod DeGrippo, senior director of threat...
Microsoft Leaves 250M Customer Service Records Open to the Web
UPDATE Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams...
Oski Data-Stealing Malware Emerges to Target North America, China
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more. Oski, likely a Finnish or Nordic variant of the word Oska, meaning “Viking warrior or god” in Samoan,...
GitLab Doles Out Half a Million Bucks to White Hats
GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...
Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio...
Joker Spyware Found in 24 Google Play Apps
A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...
Critical Bugs Open Food-Safety Systems to Remote Attacks
Two critical vulnerabilities in a food-quality management software package would allow adversaries to completely compromise the system. The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides a central...
Half of Android Handsets Susceptible to Clever SMS Phishing Attack
Over half of all Android handsets are susceptible to a clever over-the-air SMS phishing attack that could allow an adversary to route all internet traffic through a rogue proxy, as well as hijack features such as a handset’s homepage, mail server and directory servers for synchronizing contacts a...
CEO 'Deep Fake' Swindles Company Out of $243K
In the first known case of successful financial scamming via audio deep fakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account. A deep fake is a plausible video...
Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers
UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm...
Innovation on the Dark Web: How Bad Actors Are Keeping Pace
By now, the vast majority of consumers have heard of the dark web. Even if they aren’t exactly sure how it works, they know that it’s the deep corner of the internet where “bad things happen.” Ever since the highly publicized seizure of large dark markets like AlphaBay and Hansa, It’s become comm...
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign
A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with t...
Snapchat Privacy Blunder Piques Concerns About Insider Threats
Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. According to a Thursday Motherboard report...
Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter
With businesses continuing their digital migrations to cloud services and applications, IT is finding itself wrestling with how to keep companies’ data safe. The challenge? The cloud has created a next-generation, virtual perimeter. Businesses are using infrastructure-as-a-service IaaS, cloud...
Malspam Campaigns Distribute HawkEye Keylogger, Post Ownership Change
The HawkEye malware kit and information-stealer has been spotted in a newfound slew of campaigns after a recent ownership change. While the keylogger has been in continuous development since 2013, in December a thread on a hacking site noted an ownership change, after which posts on hacking forum...
Verizon Router Command Injection Flaw Impacts Millions
UPDATE Three vulnerabilities have been discovered in the Verizon Fios Quantum Gateway which, when exploited together, could give an attacker complete control of a victim’s network. The device is used by millions of Verizon home customers and functions as a home’s wireless router and digital...
Magento Patches Critical SQL Injection and RCE Vulnerabilities
Magento patched 37 vulnerabilities on Thursday, including a host of critical flaws in the e-commerce platform that could have let attackers perform a range of malicious activities, such as take over a site and create new admin accounts. The most serious of the bugs is a remote code-execution RCE...
Microsoft Confirms Serious 'PrivExchange' Vulnerability
Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges. Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed...
Mac "CookieMiner" Malware Aims to Gobble Crypto Funds
A newly-discovered malware is targeting Mac users’ web cookies and credentials in hopes of withdrawing funds on their cryptocurrency exchange accounts. The malware, discovered this month and aptly named “CookieMiner,” collects cryptocurrency-related cookies – in addition to compromised credential...
libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers
The libssh open-source project has issued an update to address an authentication bypass vulnerability in the server code — to say that it’s trivial to exploit is an understatement. The flaw CVE-2018-10933 exists in libssh versions 0.6 and above being used in server mode – and it allows anyone to...
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy
Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...
Tools Used by Lamberts APT Found in Vault 7 Dumps
Links have emerged connecting targeted attacks going back a decade against high-profile government, industrial and financial targets around the world to hacking tools and documents leaked in the Vault 7 dump. Researchers at Kaspersky Lab today published a technical report on the activities of a...
Attacks Heating Up Against Apache Struts 2 Vulnerability
Public attacks and scans looking for exposed Apache webservers have ramped up dramatically since Monday when a vulnerability in the Struts 2 web application framework was patched and proof-of-concept exploit code was introduced into Metasploit. The vulnerability, CVE-2017-5638, was already under...
Flash Exploit Found in Seven Exploit Kits
A nasty Adobe Flash zero-day vulnerability that was remediated in an emergency update in October 2015 was thereafter co-opted by seven exploit kits, according to an analysis published today by researchers at Recorded Future. The Adobe vulnerability, CVE-2015-7645, was also used by the Russian APT...
November 2014 Microsoft Patch Tuesday Security Bulletins
A busy Microsoft Patch Tuesday arrived today with an extra sense of urgency and a complication. Among 14 bulletins, four of which are rated critical by Microsoft, is a patch for the OLE zero-day vulnerability being used in a number of targeted attacks. The zero-day is being spread via email...
Microsoft Reads User Email without Warrant
Late last week it emerged that Microsoft had searched through the contents of a French blogger’s Hotmail account in order to track down the source of a leak of proprietary information from the Redmond, Wash., tech giant. The Electronic Frontier Foundation and transparency advocates have expressed...
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...
SonicWall Warns Firewall Hardware Bugs Under Attack
Security vendor SonicWall is warning customers to patch its enterprise firewall hardware to thwart an “imminent ransomware campaign using stolen credentials” that’s exploiting security holes in current models and those running legacy firmware. Targeted are the company’s Secure Mobile Access SMA 1...
Five Critical Android Bugs Patched, Part of Feb. Security Bulletin
Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Two of the flaws were remote code execution vulnerabilities found within the Android media framework and system. Three additional critical Qualcomm bugs were reported by Google and patched...
Election Security: Beyond Mail-In Voting
As a highly publicized event, every four years the U.S presidential election comes with inevitable security risks — and interest from high-level hackers and sophisticated cybercriminals looking to sway its results. The upcoming election ups the stakes — it has captured the attention of everyone...
Cisco Critical Flaw Patched in WAN Software Solution
Cisco patched a critical flaw in its wide area network WAN software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services vWAAS, which is software that Cisco describes as ...