15946 matches found
Credential-Stuffing Attack Targets Regional Internet Registry
Regional internet registry RIPE NCC is warning of a credential-stuffing attack against its single sign-on service, RIPE NCC Access, and is encouraging users to implement two-factor authentication 2FA. Click to Register Located in Amsterdam, the Réseaux IP Européens Network Coordination Centre RIP...
mHealth Apps Expose Millions to Cyberattacks
Some 23 million mobile health mHealth application users are exposed to application programming interface API attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another a...
Ransomware in 2020: A Banner Year for Extortion
Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel...
Microsoft Exchange Attack Exposes New xHunt Backdoors
Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait . The activity is tied back to the known xHunt threat group, which was first discovered in 2018 and has previously launched an...
Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs
A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. According to an analysis from BlackBerry released at Black Hat 2020 on...
Lazarus Group Brings APT Tactics to Ransomware
Targeted ransomware attacks are on the rise, usually perpetrated by financially motivated threat gangs, which often work in concert together. However, researchers said that a recent strain of ransomware, called VHD, can be linked to an unusual source: The Lazarus Group APT. According to researche...
A 'New Age' of Sophisticated Business Email Compromise is Coming
A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call “a new age” of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal...
Emerging Ransomware Targets Photos, Videos on Android Devices
A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Called CryCryptor, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada. It’s propagating via two different bogus websites that...
LinkedIn 'Job Offers' Targeted Aerospace, Military Firms With Malware
Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn’s messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware. The spear-phishing...
Octopus Scanner Sinks Tentacles into GitHub Repositories
The Octopus Scanner malware, which targets the Apache NetBeans Java integrated development environment IDE, has been nesting in at least 26 GitHub source-code repositories, according to researchers – waiting to take over developer machines. A team from GitHub Security Labs, acting on a tip from a...
‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials
“Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. Researchers with Google’s Threat Analysis Group TAG warned that they’ve spotted a...
Lazarus Group Hides macOS Spyware in 2FA Application
The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan RAT to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new...
Enterprise Security Woes Explode with Home Networks in the Mix
The work-from-home WFH paradigm that has become the new normal in the age of coronavirus comes with exacerbated network security risk – as evidenced by growing a number of botnets and automated attacks that are taking advantage of known vulnerabilities in both consumer and corporate IT gear. The...
Nintendo Confirms Breach of 160,000 Accounts
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were loggin...
WHO, CDC and Bill and Melinda Gates Foundation Victims of Credential Dump, Report
Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations. Hackers have been using information belonging to groups such as World...
As Zoom Booms, Incidents of ‘ZoomBombing’ Become a Growing Nuisance
Officials at Zoom have released tips for users of their video-conferencing platform to help avoid getting “Zoom-bombed” by trolls and even more serious threat actors during online meetings. The developers of the online video-conferencing service cautioned users to avoid sharing Zoom meeting links...
Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat APT group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call “Vicious Panda.” Researchers identified two suspicious Rich Text Format files RTF — a text file format used b...
Researchers Warn of Novel PXJ Ransomware Strain
Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first...
Google Bans 600 Android Apps for Obnoxious Ads
Google has removed nearly 600 Android apps from the Play Store for serving up obnoxious, invasive ads that aren’t easily “x’d” out of. The internet giant said the enforcement action was a strike against mobile ad fraud. Google said Thursday that the apps violated its disruptive ads policy – and a...
U.S. Gov Agency Targeted With Malware-Laced Emails
A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,”...
16Shop Phishing Gang Goes After PayPal Users
A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...
Drake Lyrics Used as Calling Card in Malware Attack
A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...
Cash App Twitter Giveaway a Haven for Stealing Money
Scammers looking to piggyback on the CashAppFriday trending topic on Twitter are stealing between $10 to $1,000 from each victim that falls for their efforts. According to researchers at Tenable, the scams include phishing with some links garnering up to 500 clicks each, a hoax called...
Phorpiex Botnet Shifts Gears From Ransomware to Sextortion
A recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims. The botnet,...
Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database
UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...
IRS Impersonation Attacks Spread Malware Nationwide
The Internal Revenue Service IRS is warning taxpayers about a snowballing email attack that uses messages pretending to be legitimate IRS communications. The end game for the effort is malware being installed on unsuspecting users’ machines; imposters may gain control of the taxpayer’s computer o...
Adwind Spyware-as-a-Service Attacks Utility Grid Operators
A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure. Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign, researchers said. It offers a full cadre of info-gathering...
Google and ARM Tackle Android Bugs with Memory-Tagging
Aiming at improving the security of the Android ecosystem, Google has partnered up with mobile silicon-maker ARM to implement a hardware-based bug detection tool specifically for memory-safety vulnerabilities. Dubbed the memory-tagging extension MTE, the feature helps mitigate these kinds of bugs...
Google Titan Security Key Recalled After Bluetooth Pairing Bug
Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device. Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security...
High-Severity PrinterLogic Flaws Enable Remote Code Execution
A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent. PrinterLogic’s Print Management software allows businesses to deploy and use remote printers...
Coinhive to Mine Its Last Monero in March
Coinhive, the company behind an eponymous browser-based cryptocurrency miner, is closing its doors. As of March 8, the 18-month-old company will discontinue its service, because, it announced, the model “isn’t economically viable anymore.” Coinhive bills itself as a legitimate service for website...
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research report that highlights how a local adversary can crack open and steal passwords stored by the utilities. The uproar began Tuesday when lead researcher, Adrian Bednarek with Independent Security Evaluators ISE,...
GitHub Increases Rewards, Scope For Bug Bounty Program
GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...
Dailymotion Fights Ongoing Credential-Stuffing Attack
Dailymotion, the video-sharing platform, said Friday that it had fallen victim to a “large-scale” and ongoing credential-stuffing assault by attackers looking to harvest user data. The French YouTube competitor said in an alert that it has “successfully contained the attacks following the...
Popular Web-Hosting Platform Bluehost Riddled with Flaws
UPDATE A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform. These would allow cybercriminals to easily carry out complete account takeover, according to the analysis. Bluehost has acknowledged the issue, and told Threatpost, “We ar...
NFL Players and Agents Targeted in Database Extortion Attempt
A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...
Apple Patches 'BroadPwn' Bug in iOS 10.3.3
Apple released iOS 10.3.3 Wednesday, which serves as a cumulative update that includes patches for multiple vulnerabilities including the high-profile BroadPwn bug that allowed an attacker to seize control of a targeted iOS device. BroadPwn was revealed earlier this month as a flaw in Broadcom...
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. Th...
Old Linux Kernel Code Execution Bug Patched
A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip...
Badlock Windows, Samba Man-in-the-Middle Vulnerability
Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message blo...
New OpenSSL MITM Flaw Affects All Clients, Some Server Versions
There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software. The new vulnerability...
Microsoft to Patch IE 10 Zero Day March 2014 Patch Tuesday
Microsoft will patch a lingering zero-day vulnerability in Internet Explorer next Tuesday, one of five bulletins it will release as part of its March 2014 Patch Tuesday security updates. The IE 10 zero-day was disclosed close to a month ago when researchers at FireEye reported on Operation SnowMa...
Six Security Flaws Fixed in BIND 9.9.2
A new version of the BIND DNS server software is available, fixing six security vulnerabilities and a long list of other bugs. BIND 9.9.2-P1 is mainly a security update and most of the issues it fixes are crashes and not remote code execution flaws. BIND is the overwhelming leader in market share...
Adobe Warns of Critical Zero-Day Flaw in Reader and Acrobat
Adobe is warning users about a critical vulnerability in its Reader and Acrobat applications that could lead to remote code execution. There are reports that attackers already are using the Reader bug in targeted attacks, and Adobe said it plans to have a patch ready by next week. Adobe security...
Microsoft Defends Secure Boot in Windows 8
Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and...
Cisco Confirms Network Breach Via Hacked Employee Google Account
Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. “During the...
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time the team of security researchers has been keeping tabs. In a year-in-review report on the number instances a zero-day bug has been exploited in the wild, researchers noted the number a twofold...
Russia Lays Groundwork for Cyberattacks on U.S. Infrastructure
The Russian government is exploring “options for potential cyberattacks” on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. Officials said that its latest intelligence shows cyber-related...
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however. On Nov. 5, 2021, the...