15946 matches found
Clop Raid: A Big Win in the War on Ransomware?
Yesterday’s noisy raid of the Clop ransomware gang in Ukraine was a major win according to most experts throughout the cybersecurity community, who said the moment marks a shift in the international war on ransomware. The raid, according to Ukrainian reports translated by eSpire analysts, include...
Biden Races to Shore Up Power Grid Against Hacks
President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks. The White House push to boost electrical grid security comes in the wake of a report th...
Network Detection & Response: The Next Frontier in Fighting the Human Problem
Last year, Gartner published a market guide on network detection and response NDR. Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has adapted to not only play a major role in helping network and security teams identify threats, but it has enabled...
NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic
A spate of malicious emails with attachments delivering the NanoCore remote access trojan RAT is evading anti-malware and email scanners by abusing the .ZIPX file format. That’s according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by givi...
Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords
Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of...
Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’
This month Google begins a public test of a technology it says will eventually replace browser cookies in an effort to boost Chrome browser user privacy. However, critics say the switch is a half-measure and does not protect the web movements of Chrome users adequately. The Google solution–called...
Industrial Cyberattacks Get Rarer but More Complex
Cyberattacks against the oil and gas industry inched up only slightly compared to the second half of 2019. Security experts say they are encouraged by the anemic growth, but at the same time are expressing concern that attacks are now becoming more potent, targeted and complex. According to new...
WolfRAT Android Malware Targets WhatsApp, Facebook Messenger
UPDATE A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims. The malware, dubbed WolfRAT, is under active development, and was recently identified in campaigns targeting Thai users...
Apple App Store Riddled With Money-Sucking Fleeceware Apps
Researchers are warning iPhone users of fleeceware apps after finding more than 30 examples of them on Apple’s App Store. Fleeceware is jargon for apps that trick users into paying excessive fees for basic applications and functionality that is available free elsewhere. Many of these fleeceware...
Travelex Pays $2.3M in Bitcoin to Hackers Who Hijacked Network in January
Travelex has paid out $2.3 million in Bitcoin to hackers to regain access to its global network after a malware attack at the new year knocked the global currency exchange offline and crippled its business during the month of January. The move—reported by the Wall Street Journal—may seem...
Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?
As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx...
Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization WHO with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Researchers at FortiGuard Labs on Marc...
Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
An unpatched bug in the latest version of Apple’s iOS is blocking virtual private network VPN applications from cloaking some private data transmitted between a device and the servers they are requesting data from. While the bug remains unpatched, Apple is suggesting steps users can take to reduc...
Critical Zoho Zero-Day Flaw Disclosed
UPDATE A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Zoho has now released a security update addressing the vulnerability. As of...
Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates
Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...
Critical Adobe Flaws Fixed in Out-of-Band Update
Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices. The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film maki...
Apple iPhone Users Bombarded with Bogus Dating App for Valentine's Day
A malicious email campaign aimed at iPhone owners is making the rounds this week, using a bouquet of different themes to scam victims, just in time for Valentine’s Day – including a fake dating app. The gambit begins far afield from romance however, with an email from “Nerve Renew,” claiming to...
Coronavirus Campaigns Spread Emotet, Malware
As the coronavirus originating in the Wuhan province of China continues to stir widespread fears about a global public health crisis, some see an opportunity in the outbreak. A recent spate of malicious, botnet-driven emails is using the coronavirus as a theme, according to telemetry from IBM...
News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
In this week’s Threatpost news wrap, editors Tara Seals and Lindsey O’Donnell break down the top infosec news, including: Authorities crack down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle. The developers behind a commodity...
Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites
A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors’ payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data – a...
Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam
Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors...
Survey Finds People are Privacy Hypocrites
Even while people remain concerned about their own privacy in the workplace and online, most still admit to violations of their coworkers’ privacy by “creeping” on PC screens and “peeking” at documents found in printer trays, a new survey has found. The survey—commissioned by HP as part of Nation...
California Bans Deepfakes in Elections, Porn
California has passed a law that bans the use of deepfake technology in political speech, and for non-consensual use in adult content. Deepfakes are a manipulation of images and recordings, created by artificial intelligence technology, that make it appear as if an individual is doing or saying...
Ransomware Sees Triple-Digit Spike in Corporate Detections
LAS VEGAS — As cybercriminals continue to chase the most lucrative attack vectors they can find, ransomware attacks are migrating from consumer targets to organizations, businesses, municipalities and beyond. For the first time, consumer detections have fallen below organizational infections, as ...
Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights
LAS VEGAS – At a time when technology is being utilized for human-rights abuses, the security space needs to turn its focus to public interest defense technology, security stalwarts urged during Black Hat USA 2019. Security has long focused on protecting company data and providing cyber-defense f...
Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera
An Airbnb “superhost” in China has been arrested after a guest staying in his house found a hidden camera recording her in the bedroom. The guest, an unnamed woman who was staying in the Airbnb in eastern China last week, said she discovered the camera after spotting a light that looked unusual i...
Google Touts Android Q's New Security Update Process and Better Privacy Controls for Apps
Google said its next-generation mobile operating system, Android Q, revamps the way it delivers direct over-the-air updates and will bolster individual app privacy controls. Google detailed Android Q 10.0 at the Google I/O 2019 developer conference on Tuesday. There it touted almost 50 changes to...
Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps
Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications PHAs on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and...
Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear
Smart-city technology continues to roll out in municipalities worldwide – everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. However, like the rest of the Internet of Things IoT ecosystem, security is always a concern, as...
Drupalgeddon 2.0 Still Haunting 115K+ Sites
More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S. educational...
Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked
Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation. According to the CERT/CC team, most major players including Apple, FreeBSD...
Rare XP Patches Fix Three Remaining Leaked NSA Exploits
The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from April’s ShadowBrokers leak. The worst of the bunch, an attack called ExplodingCan CVE-2017-7269, targets older versions of...
DYN Confirms DDoS Attack Knocking Out Twitter, Spotify Other Major Sites
Update DNS provider Dyn has confirmed two massive distributed denial of service attacks against its servers Friday impacting many of its customers including Twitter, Spotify and GitHub. The attacks came in two waves, one early Friday morning and a second just a few hours later. “This attack is...
Vulnerabilities in Android Apps That Allow Intercept of Messages, Photos Outlined
Researchers from the University of New Haven have taken to Youtube this week to publicize vulnerabilities in a dozen Android apps, including Instagram, Vine and OKCupid. Researchers at the University of New Haven’s Cyber Forensics Research and Education Group UNHcFREG have chosen to disclose the...
August 2013 Microsoft Patch Tuesday Security Updates
Another month, another set of Microsoft Patch Tuesday security updates for Internet Explorer. For what seems to be the umpteenth month in a row, Microsoft will patch its browser, one of three critical updates expected to be shipped on Tuesday among eight bulletins. While IE patches remain a...
Apple Fixes Serious Flaws in iOS 5.1.1
Apple has patched several serious security bugs in iOS with the release of version 5.1.1 of the mobile operating system. The most serious of the security vulnerabilities could be used for remote code execution. The highest severity vulnerability that’s fixed in iOS 5.1.1 is a WebKit flaw that can...
Blowback: Microsoft, OnStar Pump the Brakes on Location Tracking
Redmond, Washington software giant, Microsoft, and Detroit based GM subsidiary, OnStar backtracked on policies widely seen as egregious privacy violations following lawsuits and public outcry. Here’s the news: Windows Phone Update Requires User Consent For Tracking Microsoft released their “Mango...
CanSecWest: Caution, community at play
CanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem. Like a PhNeutral or a BlueHat, one never quite knows what to expect out of a CanSecWest, but we d...
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found...
Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in thei...
Top 3 Attack Trends in API Security – Podcast
In late July 2021, online retailers got hit with a jaw-dropping 2,800 percent increase in attack takeovers. Dead-set on gift card fraud via “scrape for resale” and other types of fraud, the attacks spiraled up to the rate of 700,000 attacks per day. In a separate case – of a loan application frau...
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to...
SAP Patches Severe ‘ICMAD’ Bugs
There’s a trio of critical vulnerabilities, fixed on Tuesday, in SAP business applications that use the ubiquitous Internet Communication Manager ICM: the component that gives SAP products the HTTPS web server they need to connect to the internet or talk to each other. The vulnerabilities,...
Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’
UPDATE Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits, researchers warn. Successful exploitation gives full root access to any unprivileged user. The...
2021’s Most Dangerous Software Weaknesses
Mitre Corp. recently updated its list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration CWE list represents vulnerabilities that have been widely known for years, yet are still being coded...
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service DoS bugs, fixed last week, that affect its network-attached storage NAS devices. The vulnerabilities are tracked as CVE-2021-3711 – a high-severity buffer overflow related to SM2 decryption–...
Attackers Actively Exploiting Realtek SDK Flaws
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits SDK deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector...
Google PPC Ads Used to Deliver Infostealers
Researchers have tracked down the origins of several increasingly prevalent info-stealers – including Redline, Taurus, Tesla and Amadey – that threat actors are delivering via pay-per-click PPC ads in Google’s search results. On Wednesday, breach prevention firm Morphisec posted an advisory in...
Exchange Servers Targeted by ‘Epsilon Red’ Malware
Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware,...
IcedID Banking Trojan Surges: The New Emotet?
The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID a.k.a. BokBot, bears similarities to Emotet in that it’s a modular malware that started life as a banking trojan used to steal financial information...