15946 matches found
ThreatList: Half of All Attacks Aim at Supply Chain
Increasingly sophisticated attacks that target supply chains, counter-incident response and lateral movement within a network are quickly becoming the new normal in the corporate security threat landscape. That’s according to Carbon Black’s latest quarterly Global Incident Response Threat Report,...
Hackers Take Down Safari, VMware and Oracle at Pwn2Own
Hackers took down Apple Safari, VMware Workstation, and Oracle VirtualBox on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver. Contestants with the team of Fluoroacetate Amat Cama and Richard Zhu were the first to hit p...
Facebook Stored Passwords in Plain Text For Years
Hundreds of millions of Facebook user passwords have been stored in plain text for years, the social media giant acknowledged on Thursday. KrebsOnSecurity, which first reported the news, said that specifically between 200 and 600 million passwords were stored in plain text as early as 2012, and...
EU Recalls Children's Smartwatch That Leaks Location Data
UPDATE The European Commission has issued a recall for a popular smartwatch for children, citing “serious” privacy issues that could allow a bad actor to track or communicate with kids remotely. The issues exist in Safe-KID-One, an IoT watch made by German company Enox Group that allows parents t...
Cody Pierce on the Future of Exploit Development
Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations and continuing to base exploits around legitimate APIs and functions to thwart detection. Download:...
Dennis Fisher and Mike Mimoso Discuss This Week's Microsoft Takedown
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil. Download: digitalunderground157.mp3 Music by Chris Gonsalves...
June 2014 Microsoft Patch Tuesday Security Updates
Prompted by the disclosure of a zero-day vulnerability in Internet Explorer 8 more than six months after it was reported, Microsoft next Tuesday will finally issue a patch. HP’s Zero Day Initiative ZDI released on May 21 some detail on a previously unreported use-after-free bug in IE 8. No public...
Gong Da Exploit Kit Bundling Numerous Java Attacks
Don’t expect any relief from the current assault on Java. A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and Gong Da exploit kits, setting the stage for additional attacks, researchers said. The exploit was...
Navy Hires Contractor to Data-Mine Gaming Consoles
The U.S. Navy recently hired an outside contractor, Obscure Technologies, to develop computer forensics tools capable of analyzing network traffic and stored data on gaming consoles. The contract, valued at $177,237.50, calls on Obscure Technologies to create hardware and software tools that can ...
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers. The attacks by the Russia-linked APT ar...
Charming Kitten Sharpens Its Claws with PowerShell Backdoor
The Iranian advanced persistent threat APT Charming Kitten is sharpening its claws with a new set of tools, including a novel PowerShell backdoor and related stealth tactics, that show the group evolving yet again. The new tools may signal that it’s getting ready to pounce on new victims,...
Yanluowang Ransomware Tied to Thieflock Threat Actor
A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software, found ties between Thieflock and Yanluowan...
BillQuick Billing App Rigged to Inflict Ransomware
Threat actors have been caught exploiting a now-patched zero-day critical vulnerability in a popular timeclock and billing system, to take over vulnerable servers and inflict companies’ networks with ransomware. Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an...
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week. Collaborative research by Microsoft and RiskIQ revealed campaigns by Ryuk threat actors early on that exploited the fla...
Angry Affiliate Leaks Conti Ransomware Gang Playbook
An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work. A security researcher shared a comment from an online forum allegedly posted by someone who did...
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution RCE and authenticated privilege escalation on the client-side. The Dutch Institute for Vulnerability Disclosure DIVD on Monday issued a public advisory warning that the service and clien...
MosaicLoader Malware Delivers Facebook Stealers, RATs
A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that’s being used to infect victims with remote-access trojans RATs, Facebook cookie stealers and other threats. That’s according to Bitdefender...
Scheme Flooding Allows User Tracking Across Browsers
A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers — including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor — posing a threat to cross-browser anonymity. Called “scheme flooding,” the flaw...
F5 Big-IP Vulnerable to Security-Bypass Bug
F5 Networks’ Big-IP Application Delivery Services appliance contains a Key Distribution Center KDC spoofing vulnerability, researchers disclosed – which an attacker could use to get past the security measures that protect sensitive workloads. Join Threatpost for “Fortifying Your Business Against...
Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...
Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software
ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale PoS solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking aim at the Oracle MICROS Restauran...
Joker Trojans Flood the Android Ecosystem
More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. Researchers at Zscaler have found 17 different samples of Joker being regularly uploaded to...
India Blocks High-Profile Chinese Apps on Political, Privacy Concerns
India has blocked 118 more mobile apps in its continued crackdown on the use mobile apps from China, citing concerns that they transmit user data out of the country and threaten its “sovereignty and integrity” as political tensions between the two countries rise. Though not all of the apps banned...
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...
Shadow IT: Why It’s Still a Major Risk in Today’s Environments
Shadow IT is nothing new. Employees have long adopted software applications or cloud services without the knowledge or approval of their organization’s IT department, most often in search of easier ways to get their jobs done. People typically utilize unsanctioned apps not because they’re seeking...
Critical WordPress e-Learning Plugin Bugs Open Door to Cheating
Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more. The...
Public Sector Ransomware Attacks Rage On: Can Your Organization Repel Them?
To pay or not to pay? That is the question many public-sector organizations must grapple with when faced with a complex ransomware attack – even while the COVID-19 pandemic rages on around them. Ransomware attacks to municipal, local, and state government agencies are on the rise. Places as...
Coronavirus Poll Results: Cyberattacks Ramp Up, WFH Prep Uneven
As the COVID-19 pandemic continues to sweep the globe and Americans are told to isolate from others, many organizations are sending employees home to work. While most respondents in a Threatpost poll this week said they feel prepared from a security standpoint for this transition, a fifth of them...
New TrickBot Variant Updates Anti-Analysis Tricks
Researchers uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. TrickBot is a module-based malware that, while first identified as a banki...
RSAC 2020: Lack of Machine Learning Laws Open Doors To Attacks
SAN FRANCISCO – As companies quickly adopt machine learning systems, cybercriminals are close behind scheming to compromise them. That worries legal experts who say a lack of laws swing open the door for bad guys to attack systems. During a panel session at RSA Conference 2020 this week, Cristin...
Active Attacks Target Popular Duplicator WordPress Plugin
Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations. So far, researchers have seen 60,000 attempts to harvest sensitive information from victims. Researchers at Wordfence who discovered the in-the-wil...
Iranian Hackers Target U.S. Gov. Vendor With Malware
Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to...
FTCODE Ransomware Now Steals Chrome, Firefox Credentials
FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019...
Top 10 IoT Disasters of 2019
IoT Disasters 2019 Though more light was shed around insecure Internet of Things IoT devices in 2019 – consequently leading to more calls for regulation– connected devices themselves seemingly stayed just as insecure. From privacy concerns in smart home devices, to botnets evolving to launch...
Echobot IoT Botnet Casts a Wide Net with Raft of Exploit Additions
A variant of the Mirai Internet of Things IoT botnet known as “Echobot” has added 13 more vulnerability exploits to its bag of infiltration tricks, according to researchers. These target a range of devices, including routers, firewalls, IP cameras, server management utilities, a programmable logi...
Reddit Says Influence Campaign is Behind Leaked U.S.-U.K. Trade Documents
Reddit has revealed that key U.S.-U.K. trade documents posted on its site were likely done so as part of a broader political-influence campaign that first appeared on Facebook and tied to Russia-based operatives. The online media aggregator says it has linked documents that were leaked on its sit...
Ransomware Attack Hits Data Center Provider CyrusOne: Report
U.S. data center provider CyrusOne has been hit by a ransomware attack, which has impacted six of its managed services customers, a report has found. CyrusOne, which is based in Texas and is one of the biggest data center providers in the U.S., serves more than 185 of Fortune 1000 customers...
Americans Concerned and Confused Over Privacy, Survey Reveals
Call it a case of Facebook privacy breach fatigue. When asked, Americans say companies do a worse job than the government when it comes to protecting data collected on their behalf. They also complain potential risks they face because of data collection by companies outweigh the benefits. The...
Google Enlists Help to Fight Bad Android Apps
After years of unsuccessfully battling malware and bad apps in the Google Play store and on more than 2.5 billion Android devices, Google is finally doing something about it. The tech giant this week unveiled an alliance with three companies with specific expertise in endpoint security to help...
Sextortionists Get Past Defenses with Cryptocurrency Shift
A sextortion campaign is making the rounds that attempts to evade detection by demanding payment in cryptocurrencies other than Bitcoin. Sextortion operators typically send emails out claiming to have harvested webcam footage or browser histories related to adult content from the recipient’s...
Google Squashes High-Severity Blink Browser Engine Flaw
Google is urging users of its Chrome browser to update after a high-severity vulnerability – which could enable remote attackers to execute code and carry out other malicious attacks – was uncovered. The vulnerability CVE-2019-5869, a use-after-free flaw, specifically exists in Blink, an...
Black Hat 2019: Security's Powerful Cultural Transformation
LAS VEGAS — “Start with yes.'” That’s the advice to security teams from Dino Dai Zovi, mobile security lead at Square, giving the keynote on Wednesday at the 23rd annual Black Hat conference in Las Vegas. Taking as a first principle the idea that security teams now have the ear of company boards...
Researchers Weigh in on Trump's Cyber Workforce Executive Order
Security researchers are reacting to a cybersecurity workforce executive order from the White House that came down Thursday, aimed at improving the level of cyber-expertise at federal agencies. While outlining no specific steps or actions, the order creates a directive to create “a superior...
Cisco Warns of Critical Nexus 9000 Data Center Flaw
A critical vulnerability in Cisco’s software-defined networking SDN software could allow an unauthenticated, remote attacker to connect to a vulnerable data-center switch and take it over, with the privileges of the root user. The bug CVE-2019-1804, which has a CVSS severity rating of 9.8 out of...
SAS 2019: Exodus Spyware Found Targeting Apple iOS Users
SINGAPORE— The Exodus spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem. The surveillance package can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier this...
Google Patches Critical Bluetooth RCE Bug
Eleven critical Android bugs were patched as part of Google’s March Security Update. Three of them were tied to Android’s media framework and core system, while the others were related to faulty Qualcomm chip components. Out of those critical bugs, Google patched three critical remote...
Trivial Post-Intrusion Attack Exploits Windows RID
An novel post-intrusion attack technique allows hackers to hijack a Windows system component called RID, allowing the adversaries to assign administrative privileges to “guest” and other low-level accounts. The technique is simple and does not require a lot of sophistication, security researcher...
Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability CVE-2017-9805 that could let an attacker take control of an affected system, late last week. The Apache Software Foundation patched the RCE...
OpenSSL Fixes Critical Bug Introduced by Latest Update
OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library. The new flaw affects only OpenSSL 1.1.0a, which was made available last Thursday; users are urged to update to 1.1.0b...
Microsoft Bans Superfish SSL Interception Adware
Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a...