15946 matches found
ThreatList: Remote Workers Threaten 1 in 3 Organizations
While IT leaders see the benefits of remote working and understand that millennial-friendly telecommuting is unlikely to go anywhere anytime soon, many still fear that the potential of employees to access corporate resources via public Wi-fi and the use of personal devices opens their organizatio...
RSAC 2019: The Dark Side of Machine Learning
SAN FRANCISCO – The same machine-learning algorithms that made self-driving cars and voice assistants possible can be hacked to turn a cat into guacamole or Bach symphonies into audio-based attacks against a smartphone. These are examples of “adversarial attacks” against machine learning systems...
Card-Skimming Scripts Hide Behind Google Analytics, Angular
A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice. According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS...
High-Severity SHAREit App Flaws Open Files for the Taking
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism – and ultimately download content and arbitrary files from the victim’s device, along with a raft of data such as Facebook tokens and cookies. SHAREit is ...
2019 Already Marred By Slew of Data Breach Incidents
It has been a busy year for data breaches already, and January isn’t even officially over. This past week has been no exception. In past seven days, in addition to the Airbus news that we previously reported, Discover Financial, IT management giant Rubrik, the City of St. John in New Brunswick,...
Flaw Found In Dirty COW Patch
A flaw in the original patch for the notorious Dirty COW vulnerability could allow an adversary to run local code on affected systems and exploit a race condition to perform a privilege escalation attack. The flaw in the Dirty COW patch CVE-2016-5195, released in October 2016, was identified by...
VMWare Fixes Critical RCE in vCenter Server
VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios. The vulnerability affected two versions of vCenter, 6.5 and 6.0. Users are encouraged to update to the most recent versions, 6.5c, and...
65 Sites Compromised in ZeroAccess Trojan Attacks
As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites. While the sites aren’t topically related, they’re all hosting advertisements injected with malicious code hosted on...
Cool Exploit Kit Includes Old Internet Explorer Exploit
You cannot accuse the keepers of the Cool Exploit Kit of not recognizing market trends. Given a rash of recent watering hole attacks and zero-day exploits built around Microsoft’s Internet Explorer browser, it’s no surprise that a 15-month-old IE exploit has been included in the crimeware package...
New Web-Based MiniDuke Components Discovered
Researchers at Kaspersky Lab and CrySys Lab have discovered files buried inside a MiniDuke command and control server that indicate the presence of a Web-based facet of the campaign that initially targeted government agencies, primarily in Europe. Users are likely lured to the malicious webpages...
ADP-Themed Phishing Emails Lead to Blackhole Sites
Scammers are spamming out malicious emails purporting to come from payroll processing company ADP, according Dancho Danchev of Webroot. The emails arrive under the subject line “ADP Immediate Notifications” and contain links to compromised websites hosting the latest iteration of the Blackhole...
Trojan Mimics Chrome Installer to Steal Banking Information
Malware impersonating a Google Chrome Installer is actually stealing data while stripping software used to protect online banking transactions. The Trojan at present appears to target users in Brazil and Peru. Trend Micro researchers report in a blog post that they have discovered a malicious fil...
Human Fraud: Detecting Them Before They Detect You
This is Part II of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part I, please click here. In my last blog, we focused on the initial phases of the account-takeover ATO kill chain – recon, weaponization and delivery – and how attackers...
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things IoT devices – one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and...
Lexmark Printers Open to Arbitrary Code-Execution Zero Day
Lexmark printers – those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government – have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which c...
‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles
An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Ethical hackers WizCase found the...
Call of Duty Cheats Expose Gamers to Malware
Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan RAT malware . The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free,...
A New Paradigm in Data Security: Insider Risk Management
The pandemic was a force accelerator for digital transformation in the enterprise. It’s not just the dramatic remote work shift — it’s a profound shift toward prioritizing speed and flexibility as the drivers of a company’s competitive advantage. But as faster, more agile ways of working...
Cisco Warns of Critical Auth-Bypass Security Flaw
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator ACI MSO — this is Cisco’s management...
Security Issues in PoS Terminals Open Consumers to Fraud
Researchers are detailing widespread security issues in point-of-sale PoS terminals – specifically, three terminal device families manufactured by vendors Verifone and Ingenico. Click to register. The issues, which have been disclosed to the vendors and since patched, open several popular PoS...
Microsoft Teams Users Under Attack in 'FakeUpdates' Malware Campaign
Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware. Microsoft is warning its customers about the so-called “FakeUpdates” campaigns in a non-public security advisory, according to a report in Bleeping...
Wormable Apple iCloud Bug Allows Automatic Photo Theft
A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications. Of note, a critical, wormable iCloud account...
E.U. Authorities Crack Encryption of Massive Criminal and Murder Network
European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes. An international law-enforcement team from the France and the...
Work From Home Opens New Remote Insider Threats
Employees working from home face a new world of workplace challenges. With childcare facilities mostly closed, many are juggling crying babies or barking dogs, all while tending to job responsibilities. Under those conditions mistakes happen, like sending an email – with critical internal company...
Adobe Patches 18 Critical Flaws in Out-Of-Band Update
Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited. In its security bulletin Adobe...
Feds Reveal Hidden Cobra's Trove of Espionage Tools
The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The disclosure was the result of a broad government effort to combat the advanced persistent threat group, who have...
GE Employees Lit Up with Sensitive Doc Breach
A phisher’s treasure chest of personally identifiable information PII for General Electric employees has been exposed – thanks to the compromise of one of the company’s partners, Canon Business Process Services. In a data-breach notice filed with the State of California, General Electric GE noted...
Dropbox Passes $1M Milestone for Bug-Bounty Payouts
Dropbox, the cloud-based file-sharing service, has reported that it has paid out more than $1 million to bug-bounty hunters since starting its program in 2014. The milestone comes after the service tripled its bounties in 2017, and after running two live hacking events with the HackerOne platform...
AT&T, Verizon Subscribers Exposed as Mobile Bills Turn Up on the Open Web
Hundreds of thousands of mobile phone bills for AT&T, Verizon and T-Mobile subscribers have been laid open to anyone with an internet connection, thanks to the oversight of a contractor working with Sprint. According to a media investigation, the contractor misconfigured a cloud storage bucket on...
Ex-Twitter Employees Spied on Saudi Dissidents: DoJ
The Department of Justice DoJ has charged two former Twitter employees of working with the government of Saudi Arabia to snoop on political dissidents’ accounts. The 27-page complaint alleges that two former Twitter employees, Ali Alzabarah, 35, and Ahmad Abouammo, 41, accessed Twitter account da...
Cryptolocking WordPress Plugin Locks Up Blog Posts
A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers. According to analysis from Sucuri, the plugin obtains a...
RSA Conference 2019: Ultrasound Hacked in Two Clicks
SAN FRANCISCO – Researchers have highlighted the endemic insecurity of the hospital environment by executing a proof-of-concept attack on an ultrasound machine. In doing so, they were able to gain access to the machine’s entire database of patient ultrasound images. Check Point Research worked wi...
Threatpost News Wrap Podcast For Feb. 1
Data privacy dominated the week of news ending Feb. 1. News headlines included both Facebook and Google finding themselves in hot water over distributing data-sucking apps on iOS devices. A severe flaw was also found in kid-tracking IoT smartwatches that could expose sensitive information for...
Neutrino EK Spotted Leveraging Patched IE Zero Day
Attackers behind the Neutrino Exploit Kit didn’t take long to co-op a recently patched Internet Explorer zero-day into its arsenal. Researchers claim the kit has been pushing CVE-2016-0189, a vulnerability that was reportedly used in targeted attacks on South Korean organizations earlier this yea...
Android Ransomware Attacks Using Towelroot, Hacking Team Exploits
A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and...
Microsoft Adopts CVRF Format for Security Bulletins
Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there’s a effort underway, called the...
Media, Human Rights Sites Suffer With Rise In DDoS Attacks
The recent wave of online actions by supporters and opponents of information leaking site Wikileaks has focused attention on the phenomenon of distributed denial of service DDoS attacks. But a study published by Harvard University’s Berkman Center for Internet and Society this week concludes that...
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software. Researcher Felix Krause, who outlined how Meta tracks users in a blog posted...
Intel Memory Bug Poses Risk for Hundreds of Products
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System CVSS score of 7. The vulnerability...
Critical Linux Kernel Bug Allows Remote Takeover
A critical heap-overflow security vulnerability in the Transparent Inter Process Communication TIPC module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise. TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to...
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three vulnerabilities in the IP video-surveillance systems created by Axis Communications could allow arbitrary code execution, among other attacks. That’s according to Nozomi Networks Labs, whose researchers examined the company’s Axis Companion Recorder, a compact network video recorder NVR tha...
Email Bug Allows Message Snooping, Credential Theft
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...
Fresh Loader Targets Aviation Victims with Spy RATs
A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan RAT malware bent on cyber-espionage. Researchers from Microsoft said this week on Twitter that spear-phishing emails are the main attack vector. Individuals in the aerospace and...
CISA Warns of Security Flaws in GE Power Management Devices
The U.S. Cybersecurity & Infrastructure Security Agency CISA is warning of critical-severity security flaws in GE’s Universal Relay UR family of power management devices. GE’s UR devices are the “basis of simplified power management for the protection of critical assets,” according to the company...
Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer. Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service. In total, it has infected mo...
Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
Four nation-state-backed advanced persistent threats APTs hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said. The attack, carried out in July and August, compromised 36 personal phones belonging...
QNAP High-Severity Flaws Plague NAS Systems
QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage NAS devices. If exploited, the most severe of the flaws could allow attackers to remotely take over NAS devices. NAS devices are systems that consist of one or more hard drives that are constantly...
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, has been finding CVEs since the 1990s, around when MITRE was first being established. Since then, he’s found 305 CVEs – as well as various security findings, such an IoT bricking malware called Silex, and cybercriminals targeting poor...
Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials. Windows 7 reached end-of-life EOL on Jan. 14, with Microsoft urging enterprises to upgrade to its...
ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls
Researchers have discovered an attack on the Voice over LTE VoLTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York...