15946 matches found
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex...
Phish Swims Past Email Security with Milanote Pages
The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways SEGs, researchers said. Milanote is a tool for organizing and collaborating on...
Cyber Polygon 2021
On June 9, 2021, the III annual international online training event Cyber Polygon took place. It connects various global organisations to train their competencies, exchange best practices and bring tangible results to the world community. 200 organizations from 48 countries tested their skills in...
Akamai’s DDoS Mitigation Service Triggers Outages
UPDATE Major financial institutions, airlines and the Hong Kong stock exchange were knocked offline by a backfiring distributed denial-of-service DDoS mitigation service Thursday. The hour-long outage, which was triggered at approximately 1 a.m. EST Thursday, is tied to Akamai Technology’s...
Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up
Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed...
Building SIEM for Today’s Threat Landscape
It’s easy to see how the changing security landscape has shaped the evolution of the security information and event management SIEM practice area — and how it continues to. But architecting an effective SIEM approach requires a well-thought-out strategy. A combination of security information...
iOS Kids Game Morphs into Underground Crypto Casino
A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money. Join experts from Digital Shadows Austin Merritt, Malwarebytes Adam Kujawa and Sift Kevin Lee to find out how cybercrime...
Nvidia Squashes High-Severity Jetson DoS Flaw
Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affect...
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud
After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and application monitoring will top the list of CISO budget and cybersecurity priorities. According to experts, these are just a few of the themes to dominate the ye...
Dating Site Bumble Leaves Swipes Unsecured for 100M Users
After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium...
Mac, Linux Users Now Targeted by FinSpy Variants
The FinSpy commercial spyware is back in recently observed campaigns against organizations and activists in Egypt. While the spyware previously targeted Windows, iOS and Android users, researchers have discovered these campaigns using new variants that target macOS and Linux users. FinSpy is a...
NSA, FBI Warn of Linux Malware Used in Espionage Attacks
UPDATE The U.S. government is warning of new malware, dubbed Drovorub, that targets Linux systems. It also claims the malware was developed for a Russian military unit in order to carry out cyber-espionage operations. The malware, Drovorub, comes with a multitude of espionage capabilities,...
Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting XSS vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials. The attacks were...
Microsoft Adds DNS-Over-HTTPS Support for Windows 10 Insiders
Microsoft has announced the first testable version of DNS-Over-HTTPS DoH support, available for its Windows 10 operating system. Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628. This is accessible for members of...
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...
Poorly Secured Docker Image Comes Under Rapid Attack
In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
Cisco Warns of High-Severity SD-WAN Flaws
Cisco Systems has fixed three high-severity vulnerabilities in its software-defined networking for wide-area network SD-WAN solutions for business users. If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. To exploit the vulnerabilities...
Bruce Schneier Proposes 'Hacking Society' for a Better Tomorrow
SAN FRANCISCO – Cybersecurity experts have long stayed in their problem-solving lane when it comes to finding vulnerabilities, patching bugs and keeping networks safe. But maybe it is time they applied their defensive skillsets and adversarial understanding of cyberthreats to help solve some of...
Facebook Security Debacles: 2019 Year in Review
Facebook Security: 2019 Year in Review Facebook spent the past year both trying to deal with the consequences of the Cambridge Analytica scandal that rocked its public relations in 2018, as well as other issues afflicting the social media platform – from data security challenges to political...
PoS Malware Exposes Customer Data of Catch Restaurants
Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale PoS systems — but not before it exposed credit-card information from unknowing diners. Catch Hospitality Group, which owns the three NYC hotspots, said in a data-breach notice this...
Fake 'Windows Update' Installs Cyborg Ransomware
A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...
Gamers Hit with Nvidia GPU Driver, GeForce Flaws
Nvidia has issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws can be exploited to launch an array of malicious attacks – from denial-of-service efforts DoS to escalation of privileges. The majority of th...
Podcast: Departing Employees Could Mean Departing Data
With so many malicious adversaries trying to penetrate companies’ networks, companies are forgetting to watch out for a dangerous threat from within their own ranks – insider threats. Threatpost talks to Tim Bandos, vice president of cybersecurity at Digital Guardian, about the top types of insid...
Intimate Details on Healthcare Workers Exposed as Cloud Security Lags
Yet another non-password protected cloud database has come to light, this time exposing a raft of highly personal information on healthcare workers and traveling nurses – including drug tests and arrest records. The incident showcases the unfortunate reality that cloud data security remains a...
Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs
More than a hundred vulnerabilities have been found in small office/home office SOHO routers and network-attached storage devices NAS from vendors that include Asus, Zyxel, Lenovo, Netgear and other top names, which open them up to remote attackers. That’s according to Independent Security...
WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign
A malvertising campaign redirecting website visitors and surfacing popups is plaguing the WordPress ecosystem, according to researchers, using known vulnerabilities in WordPress plugins as the attack vector. The campaign has been ongoing all summer, with cybercrooks bent on redirecting website...
Researchers Bypass Apple FaceID Using Biometrics 'Achilles Heel'
LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID. But there is a catch. Doing so requires the victim to be out cold. Researchers on...
Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections
An odd botnet has been spotted targeting Fiberhome routers, in a quest to add 200 of them per day to its botnet web. That’s a low number in the world of botnets, according to 360 Netlab researchers, which observed a previously unknown malware strain called Gwmndy after the attackers’ domain name...
Black Hat USA 2019 Preview
Las Vegas – Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. The Threatpost team, which will be on the frontlines of next week’s shows, discuss wh...
MacOS Zero Day Allows Trusted Apps to Run Malicious Code
A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the...
Retefe Banking Trojan Resurfaces, Says Goodbye to Tor
The Retefe banking trojan resurfaced in April after going dormant for months, with a makeover that includes a move away from Tor to secure its communications as well as the abuse of a legitimate shareware application. Retefe has always stood out from other banking trojans, with a consistent...
Romanian Duo Convicted of Malware Scheme Infecting 400,000 Computers
A Romanian duo has been convicted for infecting hundreds of thousands of computers with malware that scooped up credentials and financial information, and scamming victims out of millions of dollars. The two, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted by a federal jury in Ohio on...
The Anatomy of Threat Hunting: What You Need to Know and Why
No big surprise here: cybercrime will keep causing a major slowdown in the years to come as the business world proceed with digitalization. Despite implementing all traditional measures to stay protected, organizations keep falling prey to impersonation, phishing, and malware. Scary enough? What’...
OceanLotus APT Uses Steganography to Shroud Payloads
The advanced persistent threat APT group OceanLotus has switched up its tactics to use steganography to cloak encrypted payloads within .png image files. Researchers said that they discovered the OceanLotus APT group – a Vietnam-linked cyber-espionage group also known as APT32 – using the tactic ...
Facebook Alleges Two Ukrainians Scraped Data From 63K Profiles
Facebook has sued two Ukrainian men that it says used quiz apps and malicious browser extensions to scoop up private data from 63,000 platform users, and then use that data for advertising purposes. A lawsuit filed Friday by Facebook alleged that the two men, Gleb Sluchevsky and Andrey Gorbachov,...
Modern Cybercrime: It Takes a Village
LAS VEGAS – Contrary to the pop-culture image of the hoodie-clad lone hacker with mad keyboard “skillz” siphoning off funds and making people’s lives miserable with a few lines of brilliant code, increasingly cybercrime “takes a village”. The true face of cybercrime today is a more democratic one...
6 Signs of Successful Threat Hunting
When a threat hunting program is established by an organization, their goal is to proactively hunt threats, with a focus on newer, more sophisticated attacks for which reliable signatures or indicators are not yet available. However, without an effective threat hunting program, the attacker is...
Serious Dirty Cow Linux Vulnerability Under Attack
A nine-year-old Linux vulnerability that affects most of the major distributions has been recently used in public attacks. The flaw, nicknamed Dirty Cow because it lives in the copy-on-write COW feature in Linux, is worrisome because it can give a local attacker root privileges. While the Linux...
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES 3DES and Blowfish. Researchers are set to present new attacks against 64-bit ciphers tha...
Pornhub Hack Earns Researchers $22,000
A PHP vulnerability that exposed adult website PornHub’s user data to hackers and allowed for code execution on servers hosting the site, earned a trio of German researchers $22,000 as part of a bug bounty program. PHP patched the vulnerability in June. The flaw is tied to a use-after-free memory...
Old Android Flaw Elevates Privileges, Steals SMS, Call Logs
A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The...
Pidgin 2.10.10 Patches SSL MiTM, DoS Vulnerabilities
A handful of security vulnerabilities were patched in the most recent release of the Pidgin open source instant messaging client, Pidgin 2.10.10, including a SSL/TLS certificate validation issue that could be exploited in man-in-the-middle attacks. Reported by Jacob Appelbaum of the Tor Project,...
New Research Refines Security Vulnerability Metrics
Adequate security metrics have seemingly been an unattainable goal, especially when it comes to software security. Too often, organizations simply rely on vulnerability counts for flaws disclosed in an operating system or popular application as a measure of its security. But too often, variables...
Epic Operation Kicks Off Multistage Turla APT Campaign
The Turla APT campaign has baffled researchers for months as to how its victims are compromised. Peaking during the first two months of the year, Turla has targeted municipal governments, embassies, militaries and other high-value targets worldwide, with particular concentrations in the Middle Ea...
Microsoft Says No to Paying Bug Bounties
Microsoft has no plans to follow in the footsteps of Mozilla and Google and pay researchers cash rewards for the bugs that they find in Microsoft’s products. In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors i...
Feds: APTs Have Tools That Can Take Over Critical Infrastructure
Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage NAS devices. The vulnerability can trigger an infinite loop that creates a denial-of-service DoS...
400 Banks’ Customers Targeted with Anubis Trojan
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...
Rickroll Grad Prank Exposes Exterity IPTV Bug
UPDATE When Township High School District 214 in Illinois got rickrolled all at once across its six different schools just before graduation, it was more than a meticulously executed senior prank. Cybersecurity star-in-the-making and recent high-school graduate Minh Duong found, and was able to...