15946 matches found
Sextortionist Campaign Targets iOS, Android Users with New Spyware
New spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams. The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services – particularly in Chinese-speakin...
Spotify Changes Passwords After Another Data Breach
Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest...
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Flaws in Google’s Chrome desktop and Android-based browsers were patched Monday in an effort to prevent known exploits from being used by attackers. Two separate security bulletins issued by Google warned that it is aware of reports that exploits for both exist in the wild. Google’s Project Zero...
OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a...
WFH Alert: Critical Bug Found in Old D-Link Router Models
D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. The routers, first introduced in 2013, reached end-of-life support in Feb. 2016. In Au...
Podcast: Shifting Cloud Security Left With Infrastructure-as-Code
Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to Google Cloud. Infrastructure-as-Code IaC security capabilities can help companies shift their cloud security “left” to improve developer productivity, avoid...
Zoom Beefs Up End-to-End Encryption to Thwart 'Zoombombers'
Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture. “Logged-in users will...
Google’s War on Android App Permissions, 60 Percent Successful
Overzealous Android apps that needlessly ask for permissions to handset resources such as contact lists and location data are not only obnoxious, but also potential privacy threats. To address this hot-button issue with Android users Google implemented a strict permission policy designed to curb...
Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data
Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email...
Burning Man Tickets for $225? Yep, Too Good to Be True
Burning Man aficionados anxious to get their tickets squared away for the 2020 “experience” should beware: Fake concert organizers are offering passes in what researchers say is a very convincing and sophisticated scam effort. Burning Man, which bills itself as a “vibrant participatory metropolis...
Ransomware Attack Hinders Toll Group Operations
Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating...
200K WordPress Sites Vulnerable to Plugin Flaw
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...
Intel Fixes High-Severity Flaw in Performance Analysis Tool
Intel is warning of a high-severity vulnerability in its performance analysis tool called Intel VTune Profiler. If exploited the flaw allows an adversary to perform a privilege escalation attack, giving them elevated and unauthorized system access to a targeted system. The VTune Profiler, formerl...
FIN8 Targets Card Data at Fuel Pumps
The notorious FIN8 cybercrime group has a new target when it comes to skimming payment-card details from consumers: Point-of-sale PoS systems used at fuel pumps at gas stations. Visa warned this week in a public alert posted online that its Payment Fraud Disruption PFD department has seen at leas...
Iran Targets Mideast Oil with ZeroCleare Wiper Malware
A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services IRIS, ZeroCleare so-named because of the program database pathname of its binary file was...
Supply Chain Account Takeover: How Criminals Exploit Third-Party Access
Empower Your Suppliers Against Attack The average business shares data with a complex network of third parties, depending on their operational needs. In a survey of security and risk professionals, Forrester learned that the average business has 4,700 third-party partners with some access to...
TrickBot Evolves to Go After SSH Keys
The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications. OpenSSH is a connectivity tool for remote login with the SSH protocol; it encrypts all traffic to eliminate eavesdropping. OpenVPN meanwhile is used for secure private...
Fake Voicemail/Office 365 Attack Targets Enterprise Execs
A phishing campaign is making the rounds that uses fake voicemail messages to lure victims into revealing their Office 365 email credentials. The targets are “high-profile companies,” according to researchers, mainly in the tourism, entertainment and real-estate industries. A wide range of...
Cybercrooks Target U.S. Veterans with Fake Hiring Website
Researchers are warning that a fake website – purporting to help U.S. military veterans search for jobs — actually links to installers that download malware onto victims’ systems. The website spoofs a legitimate website for U.S. military veterans offered by the U.S. Chamber of Commerce...
New! RFP Template for Selecting EDR/EPP and APT Security
Once upon a time, only big organizations worried about Advanced Persistent Threats. But it soon became obvious that every organization could find itself under fire, regardless of size or industry, and whether as direct targets or collateral damage. Most security decision makers in these...
News Wrap: Dentist Offices Hit By Ransomware, Venmo Faces Privacy Firestorm
In this week’s news wrap podcast, editor Lindsey O’Donnell and Tara Seals break down the top news of the week – from ransomware attacks to companies responding to outcry over privacy issues. Top stories include: Ring announced it is working with more than 400 US police departments to streamline...
Coordinated Ransomware Attack Hits 23 Texas Government Agencies
UPDATE Up to 22 Texas entities – the majority of which are local governments – were hit by a ransomware attack on Friday that Texas officials say is part of a targeted attack launched by a single threat actor. Details remain scant about the specific agencies hit by the ransomware attacks, which...
Democrats and Doctors Behind Latest Wave of Leaked Data
Data leakage via misconfigured Amazon storage buckets struck twice in the past few weeks. In July, almost 14,000 documents detailing patient social security numbers and medical data – such as mental illness or cancer – was exposed in a misconfigured storage bucket owned by healthcare vendor Medic...
Facial Recognition is Here: But Are We Ready?
When MacKenzie Fegan was boarding her morning flight to Mexico City last Wednesday, she noticed something odd at her gate at the JFK International Airport. Instead of a JetBlue employee scanning her boarding pass or taking a look at her passport, she – and other passengers at the gate – was...
Lazarus Group Widens Tactics in Cryptocurrency Attacks
North Korea-linked APT Lazarus Group has been spotted targeting the cryptocurrency business again, adding Apple users to the mix by using PowerShell scripts to control macOS malware, and honing its Windows strategy. The campaign has been active since at least November 2018, according to an analys...
New Spectre-Level Flaw Targets Return Stack Buffer
Researchers have discovered yet another speculative execution side-channel flaw enabling attackers to access sensitive data at the CPU level. The new Spectre-class exploit, dubbed SpectreRSB, was detailed by researchers from the University of California at Riverside in a research paper on Friday...
Experts Weigh In On Spectre Patch Challenges
The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...
Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group
Microsoft has released technical details on a zero-day vulnerability being exploited by a little-known APT group known as Zirconium. According to the company the vulnerability CVE-2017-0005 affects mostly older versions of Windows and can allow an adversary to execute remote code if a user either...
Sandworm APT Team Found Using Windows Zero Day Vulnerability
UPDATE–A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe. The vulnerability, which will be patched today by Microsoft, is...
Archie Exploit Kit Spotted Leveraging Adobe, Silverlight Vulnerabilities
A relatively new exploit kit that borrows modules copied from the Metasploit Framework and exploits any older versions of Adobe Flash, Reader and, Silverlight the user may be using has begun to make the rounds. Jaime Blasco, the director of AlienVault Labs dug deeper into kit, known as Archie, on...
Supermicro IPMI BMCs plaintext passwords exposed
Much has been written about the insecurity of the IPMI protocol present inside embedded baseboard management controllers BMCs. Serious vulnerabilities can be exploited to gain remote control over big servers running BMCs, in particular in hosting environments where the controllers help admins wit...
April 2014 Oracle Critical Patch Update
Software maker and database management company Oracle yesterday released its quarterly Critical Patch Update. The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible. Product...
Exploits for Two-Year-Old PHP Security Vulnerability Found
Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...
The Java Zero-Day Procession Continues
After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform. With a little help from Hermes Bojaxhi and his team at Cyber Engineering Services, researchers from the security...
Nasty New Java Zero Day Found; Exploit Kits Already Have It
UPDATE – Security experts are urging users to disable Java immediately after the discovery of another zero-day exploit that has been incorporated into the Blackhole, Redkit, Cool and Nuclear Pack exploit kits. According to a French researcher who uses the handle Kafeine, the exploits target the...
Microsoft Patches Critical Remote Flaws in Word, IE and Windows
A rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws in its December security update. The Word vulnerability earned a critical rating because the Outlook email client uses Word to display documents in the Outlook...
Adam Shostack on Methods of Compromise, the New School and Learning
Dennis Fisher talks with Adam Shostack of Microsoft about the taxonomy he helped develop for classifying how PCs are compromised, what he would and wouldn’t change in The New School of Information Security and who he’s learned the most from. Podcast audio courtesy of sykboy65 Subscribe to the...
MS Discovers Over 1,800 Office 2010 Bugs
Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs. Office developers found the bugs by running millions of “fuzzing” tests, said Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group. Read the full...
Five Critical Bulletins Coming on MS Patch Tuesday
Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system. In all, the software maker will release five bulletins with patches for a range of flaws that could expose users to remote code execution attacks. T...
Zoom Settlement: An $85M Business Case for Security Investment
Ransomware isn’t the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More...
BEC Losses Top $1.8B as Tactics Evolve
Business email compromise BEC attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cybercriminals either impersonating someone inside an organizatio...
DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians
The Department of Justice DoJ has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals–including campaign workers and the Microsoft security team—in an attempt to trick victims into providing...
NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens
The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video call...
Azure Functions Weakness Allows Privilege Escalation
A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing...
Singtel Suffers Zero-Day Cyberattack, Damage Unknown
Singtel, Tier 1 telecom carrier throughout Asia and owner of Australian telco Optus, has been impacted by a software security hole in a third-party file transfer appliance targeted by attackers. Singtel is one of multiple organizations affected by the bug, including an Australian medical research...
Critical Cisco SD-WAN Bugs Allow RCE Attacks
Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks SD-WAN solutions for business users. Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be...
Zoom Impersonation Attacks Aim to Steal Credentials
A new Zoom-themed phishing attack is circulating through email, text and social media messages, aiming to steal credentials for the videoconferencing service. The Better Business Bureau BBB warned last week that the attack uses Zoom’s logo, and in a message tells recipients that their Zoom accoun...
Cisco Fixes High-Severity Webex, Security Camera Flaws
Cisco has issued patches for high-severity vulnerabilities plaguing its popular Webex video-conferencing system, its video surveillance IP cameras and its Identity Services Engine network administration product. Overall, Cisco on Wednesday issued the three high-severity flaws along with 11...
Understanding the Payload-Less Email Attacks Evading Your Security Team
The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly...
Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials
A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization. The “widespread, ongoing phishing campaign” is using emails that claim to b...