15946 matches found
Zoom Impersonation Attacks Aim to Steal Credentials
A new Zoom-themed phishing attack is circulating through email, text and social media messages, aiming to steal credentials for the videoconferencing service. The Better Business Bureau BBB warned last week that the attack uses Zoom’s logo, and in a message tells recipients that their Zoom accoun...
Cisco Fixes High-Severity Webex, Security Camera Flaws
Cisco has issued patches for high-severity vulnerabilities plaguing its popular Webex video-conferencing system, its video surveillance IP cameras and its Identity Services Engine network administration product. Overall, Cisco on Wednesday issued the three high-severity flaws along with 11...
8 U.S. City Websites Targeted in Magecart Attacks
Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches. Unlike other skimmers, which...
Understanding the Payload-Less Email Attacks Evading Your Security Team
The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly...
Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials
A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization. The “widespread, ongoing phishing campaign” is using emails that claim to b...
Sodinokibi Ransomware Group Sponsors Hacking Contest
White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same...
Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication
NEW ORLEANS – Sophisticated nation-state groups are increasingly using mobile devices as an infection vector. Oded Vanunu, head of products vulnerability research at Check Point research, told Threatpost during CPX 360 this week that because mobile devices come equipped with varying technologies,...
Mandatory IoT Security in the Offing with U.K. Proposal
The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...
Satan Ransomware Reborn to Torment Businesses
A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting China, for now...
California's Tough New Privacy Law and Its Biggest Challenges
The California Consumer Privacy Act is being touted as one of the strongest privacy regulations in the U.S. enacted so far. However, though the CCPA was adopted on January 1, 2020, the act still has several loose ends and privacy loopholes that need to be fleshed out. At a high level ,the CCPA...
ThreatList: 90% SMBs Believe Nation-State Actors Are Targeting Them
While APT activity is generally considered to be aimed at large enterprises housing valuable intellectual property, military-industrial entities, dissidents and civil society, and organizations of strategic importance to governments, the vast majority of small- and medium-sized businesses SMBs ar...
Managing the Human Security Factor in the Age of Ransomware
Security analysts have determined that cybercrime cost the global economy $1.5 trillion in 2018. Ransomware, in particular, is estimated to grow by as much as 350 percent over the next year. And while the ransom for a generic ransomware attack has now risen to nearly $13,000, with recent targeted...
Zebrocy Retools for New Political Attacks
The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...
Adobe Fixes Critical Flash Player Code Execution Flaws
Adobe has issued patches for critical vulnerabilities in Flash Player which, if exploited, could lead to arbitrary code execution. Overall, as part of its September Security Bulletin, Adobe patched three vulnerabilities, including two critical-severity flaws in Flash Player and one “important”...
ThreatList: Half of All Social Media Logins Are Fraud
More than half of logins 53 percent on social-media sites are fraudulent; and 25 percent of all new account applications on social media are fake, according to a recent analysis. Those numbers far outstrip the overall rate of 10 percent of interactions being fraudulent. The Arkose Labs Q3 Fraud a...
Google Launches Open-Source Browser Extension for Ad Transparency
Google is launching an experimental, open-source browser extension aimed at increasing transparency around online advertising by displaying information about the ads that are shown to users. The browser extension is an integral part of a new Google initiative announced Thursday to develop a set o...
Intel Patches High-Severity Flaws in Media SDK, Mini PC
Intel has released security updates addressing two high-severity vulnerabilities in its Intel Media Software Development Kit SDK and Intel NUC mini PC. Overall, the chip giant on Tuesday patched four flaws across its products; the most severe of these vulnerabilities exist in Intel’s Media Softwa...
Citrix Falls Prey to Password-Spraying Attack
Citrix is warning that its internal network has been hit by international cybercriminals. The digital workspace and enterprise networks vendor said in a website notice that the FBI contacted it on Wednesday, saying that there was evidence of a successful cyberattack on its network. While details...
Google Pulls Data-Chugging App From iOS Devices
Google has found itself in hot water for a research app that may have violated Apple’s policies by collecting user data in exchange for gift cards. The tech giant said it has now disabled Screenwise Meter“audience measurement” app – which voluntarily collects data from users’ phones, browsers and...
Stealthy Malware Disguises Itself as a WordPress License Key
UPDATE A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme. According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.”...
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
UPDATE Microsoft has patched an elevation-of-privilege vulnerability it said is actively being exploited by hackers. The fix was part of Microsoft’s scheduled September Patch Tuesday release, which also included fixes for two other bugs found being used in the wild, including the zero-day found i...
Five Critical Android Bugs Get Patched in October Update
Five critical vulnerabilities were reported by Google Monday as part of its October Android Security Bulletin. In all, 14 patches were issued for corresponding vulnerabilities, ranging from critical to high. The relative low bug count for the month of October is due to the fact this month Google...
Windows SMB Zero Day to Be Disclosed During DEF CON
LAS VEGAS—A 20-year-old Windows SMB vulnerability is expected to be disclosed Saturday during a talk at DEF CON. Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease using only 20 lines of Python code and a Raspberr...
A Decade of Microsoft Patch Tuesday Security Updates
On Oct. 9, 2003, Microsoft announced its new security patching process that would end up being a catalyst for significant change in the information security community. Ten years ago, the program was announced with a press release that promised “Improved patch management processes, policies and...
New Toolkit Able to Track and Trace Duqu Worm
The Hungarian research facility that helped discover Duqu, the much-blogged about Trojan, has now released an open-source toolkit that can be used to help detect traces and instances of the worm. The Laboratory of Cryptography and System Security CrySys at the Budapest University of Technology an...
Cyber Criminal Underground: The Comics Edition
The criminal underworld is an insular community shrouded in secrecy. That’s helped lend an air of mystique to cyber crime. See also: Bruce Willis in “Die Hard 4: Live Free or Die Hard.”. But it turns out that, like so much else, real life cyber crime is… well… pretty dull. How dull? Comic artist...
Microsoft Issues Fix-It Workaround for IE Zero-Day
Microsoft has released a one-click “fix-it” workaround to help Internet Explorer users block malware attacks against an unpatched browser vulnerability. The Fix-It workaround, available here, effectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer. Th...
Microsoft's Threat Management Gateway is a mixed bag
Microsoft’s initial move into the security products market, the ISA Server, has evolved well beyond its firewall roots. Now known as the Threat Management Gateway, the product is being positioned as a comprehensive Web security gateway. But as Eric Ogren writes in his review of the Threat...
Watering Hole Attacks Push ScanBox Keylogger
A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...
Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’
A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group A.I.G., the cybergang...
Massive Zero-Day Hole Found in Palo Alto Security Appliances
Researchers have developed a working exploit to gain remote code execution RCE via a massive vulnerability in a security appliance from Palo Alto Networks PAN, potentially leaving 10,000 vulnerable firewalls with their goods exposed to the internet. The critical zero day, tracked as CVE 2021-3064...
Stolen Credentials Led to Data Theft at United Nations
A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which alrea...
Black Hat: Charming Kitten Leaves More Paw Prints
LAS VEGAS – The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. The latest: a custom Android backdoor dubbed “LittleLooter” – used exclusively by the threat actor, as far as...
Flubot Spyware Spreading Through Android Devices
Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the U.K.’s National Cyber Security Centre. And the U.S. could be the next target. Victims are asked to download a fake app from ...
REvil Group Claims Slew of Ransomware Attacks
The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an...
Fileless Malware Tops Critical Endpoint Threats for 1H 2020
In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored o...
Cryptobugs Found in Numerous Google Play Store Apps
Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it. Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of...
U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling
The U.S. government is concerned about foreign interference in the 2020 election, so much so that it will offer a reward of up to $10 million for anyone providing information that could lead to tracking down potential cybercriminals aiming to sabotage the November vote. The U.S. Department of...
TikTok Violated Children’s Privacy Law, FTC Complaint Says
The popular video sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission FTC alleging the platform failed to adequately protect children’s privacy. The complaint alleged that TikTok violat...
Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Cybercriminals are hijacking routers and changing Domain Name System DNS settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware. This latest attack...
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
Cybercriminals continue to firehose financial services companies with new and innovative cyberattacks. Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly rather than user-facing login...
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
Cybercriminals continue to firehose financial services companies with new and innovative cyberattacks. Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly rather than user-facing login...
Critical Netgear Bug Impacts Flagship Nighthawk Router
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk R7800 hardware running firmware versions prior to 1.0.2.68. The warnings, posted Tuesday, also include two high-severity bugs impacting...
Huawei Controversy Highlights 5G Security Implications
The controversy over Huawei’s involvement in the 5G telecom gear market ratcheted up a notch this week. U.S. officials said they have evidence that the Chinese equipment giant has had access to backdoors inside mobile carrier networks for more than 10 years. Officials are trying to make the case...
Estée Lauder Exposes 440M Records, with Email Addresses, Network Info
A non-password protected cloud database containing hundreds of millions of customer records and internal logs for cosmetic giant Estée Lauder has been found exposed online, according to researchers. In all, 440,336,852 individual data pieces were exposed, according to researcher Jeremiah Fowler a...
Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners
UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...
Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?
The practice of disclosing proof-of-concept PoC exploits has long caused a debate in the security community. As the name suggests, these outline steps used to exploit a vulnerability in a system to show how it can be done — and are used to test networks and pinpoint vulnerable aspects of a system...
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
Google’s Project Zero bug-hunting team is making a big change to its vulnerability disclosure policies. Full details on any vulnerability will be made public 90 days after discovery, regardless of when the bug is fixed. That means that whether it’s patched on Day 20 or Day 120, bug details will g...
Stealthy MacOS Malware Tied to Lazarus APT
Researchers have identified new MacOS malware that can execute remote code in memory that they believe is the work of the powerful North Korean APT group Lazarus, they said Thursday. Security researcher Dinesh Devadoss on Twitter posted a hash for a MacOS trojan he discovered that hides behind a...
HackerOne Breach Leads to $20,000 Bounty Reward
HackerOne has paid out $20,000 after a high-severity vulnerability was discovered in the bug-bounty platform. The flaw allowed an outside bounty hunter to access customers’ reports and other sensitive information. Disclosed this week in a HackerOne report, the security incident stemmed from a...