15946 matches found
$4,000 COVID-19 'Relief Checks' Cloak Dridex Malware
Cybercriminals have wasted no time in hopping on the American Rescue Plan – the COVID-19 relief legislation just signed into law – as a lure for email-based scams. According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans’ interest in the forthcoming...
Nim-Based Malware Loader Spreads Via Spear-Phishing Emails
The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that...
Newest Intel Side-Channel Attack Sniffs Out Sensitive Data
Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...
Ryuk Ransomware: Now with Worming Self-Propagation
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems ANSSI. The agency...
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Click to Register A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing. Researchers discovered the flaw, CVE-2020-25605, in a video-calling SDK from a Santa...
Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover
Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...
Good Heavens! 10M Impacted in Pray.com Data Exposure
The Christian faith app Pray.com has leaked private data for up to 10 million people, according to researchers. The app offers “daily prayer and Bible stories to inspire, educate and help you sleep” on a subscription basis. Subscriptions run anywhere from $50 to $120. It offers a host of audio...
MontysThree APT Takes Unusual Aim at Industrial Targets
SAS@Home 2020 – A series of highly targeted attacks by an APT group called MontysThree against industrial targets has been uncovered, with evidence that the campaign dates back to 2018. That’s according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade...
California Elementary Kids Kicked Off Online Learning by Ransomware
As students head back to the classroom, the spate of ransomware attacks against schools is continuing. The latest is a strike against a California school district that closed down remote learning for 6,000 elementary school students, according to city officials. The cyberattack, against the Newha...
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers. The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year. Fo...
FTC Slams Children’s App Developer for COPPA Violations
Children’s app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission FTC of illegally collecting children’s data without parental consent. HyperBeard‘s website says it’s the largest mobile game developer and publisher in Mexico, with various games suc...
Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode
Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose,...
Long Tail Analysis: A New Hope in the Cybercrime Battle
Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic...
Crooks Tap Google Firebase in Fresh Phishing Tactic
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...
News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries
Threatpost editors discuss the top news stories of the week ended May 15, including: Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list...
A Dozen Nation-Backed APTs Tap COVID-19 to Cover Spy Attacks
Cybercriminals have seized on the novel coronavirus as a theme in their attacks, and it turns out that the most sophisticated players on that scene are no exception. According to Google’s Threat Analysis Group TAG, more than a dozen nation-state-backed APTs are using the COVID-19 pandemic as a...
Responding to the New Normal: How to Prevent Added Risk in Your Business
Our world has shifted dramatically over the last few weeks. Many people have moved from shock to acceptance as the novel coronavirus COVID-19 has taken hold across the world, across our nation, in our states, in our communities, and even in our organizations. Companies are particularly vulnerable...
News Wrap: Valentine's Day Scams and Emotet's Wi-Fi Hack
Threatpost editors Tara Seals and Lindsey O’Donnell-Welch break down the top stories for this week, ended Feb. 14, including: Recent phishing scams – including ones with a romance hook – continue to trick victims, showing that phishing tactics still work in stealing millions from individuals,...
Researchers: Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App
Security researchers have found key flaws in a mobile voting app that some states plan to use in the 2020 election that can allow hackers to launch both client- and server-side attacks that can easily manipulate or even delete someone’s vote, as well as prevent a reliable audit from taking place...
Two Critical Android Bugs Get Patched in February Update
Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday,...
ThreatList: A Third of Biometric Systems Targeted by Malware in Q3
Biometric security – which uses fingerprints, voice or facial recognition or retina identification to authenticate users to services – has crossed the chasm into the mainstream, thanks to the prevalence of features like fingerprint readers on laptops and FaceID for iPhones. However, researchers s...
Authorities Break Up Imminent Monitor Spyware Organization
The developers behind a commodity remote-access tool RAT that allows full control of a victim’s computer has been taken down by Australian and global authorities. The Imminent Monitor RAT IM-RAT first appeared in 2012, the work of a developer going by the handle of “Shockwave,” according to...
Data Breach Fines: Are They Working to Boost Consumer Safety?
Breach statistics are downright discouraging: Over the past five years the number of businesses breached has skyrocketed. The human consequences are also bad, with billions of private email addresses, bankcard numbers and other deeply personal data points exposed online and now in the hands of...
Facebook Sues NSO Group Over Alleged WhatsApp Hack
Facebook has filed a lawsuit against Israeli company NSO Group, creator of the Pegasus spyware, alleging that it was behind the massive WhatsApp hack earlier this year. In May 2019, a zero-day vulnerability was found in WhatsApp’s messaging platform, exploited by attackers who were able to inject...
Magecart 5 Linked to Carbanak Gang
Researchers have linked Magecart Group 5, the credit-card skimming cybercriminals behind the Ticketmaster breach, to Dridex phishing campaigns and the infamous Carbanak group. Magecart – which is an umbrella group encompassing several different affiliates all using the same modus operandi – injec...
Library-Themed University Phishing Attack Expands to Massive Scale
Indicating a campaign of massive scale, at least 20 new phishing domains targeting more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United Kingdom and the United States have cropped up, bent on lifting credentials from students heading back to school. The domains are...
Google Targets Data-Abusing Apps with Bug Bounty Launch
Google is looking to squash vulnerabilities on its Google Play app marketplace with a new bug-bounty program aimed at identifying data-abuse issues in Android apps and Chrome extensions. The company on Thursday announced the Developer Data Protection Reward Program, which, depending on the impact...
Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking
A zero-day vulnerability in the Zoom client for Mac allows a malicious website to hijack a user’s web camera without their permission. Up to 4 million workers that use the Zoom for Mac web-and videoconferencing service are at risk from a flaw in the collaboration client CVE-2019–13450, according ...
Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang
LONDON, U.K. – At Infosecurity Europe, Threatpost caught up with Agari researchers to discuss their threat research unveiled at the show about a newly-unveiled business email compromise BEC cybergang. The cybercriminal group, which researchers called Scattered Canary, has been evolving for over 1...
Amid Bug Bounty Hype, Sometimes Security is Left in the Dust
In January, the European Union kicked-off over a dozen new bug bounty programs targeting a bevy of popular open-source programs used by its members. The effort was supposed to be met with cheers. But instead, the launch sparked an unexpected backlash from the security community. The EU’s program...
Dell Security Support Tool Harbors High-Severity Flaws
Two high-severity flaws in Dell’s client support tool, SupportAssist Client, could enable remote code-execution RCE and cross-site request forgery CSRF attacks. SupportAssist helps users remove viruses or detect security issues on their PCs, and comes preinstalled on most new Dell devices. “Dell...
Ubiquitous Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images
A bug in a 30-year-old standard used for the exchange and storage of medical images has been uncovered; it allows an adversary to embed fully-functioning executable code into the image files captured by medical devices such as CT and MRI machines. This results in hybrid files that allow malware...
Federal Focus on Cyber Plays Out in President's Budget, IoT Legislation
The federal government is stepping up its game this week on the cybersecurity front, with both proposed budget line items that would requisition nearly $11 billion for cyber, and the introduction of the Internet of Things IoT Cybersecurity Improvement Act of 2019, which would require that devices...
Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data
Researchers have found a slew of vulnerabilities in a pair of smart headphones designed to fit under ski helmets. The flaws could allow a bad actor to view victims’ personal information, track them and even listen to their private conversations via the headphones’ walkie-talkie function, which us...
Managing Enterprise Security After the Data Supernova
As the amount of data continues to grow and expand outside of the enterprise, security leaders need to develop a plan to quickly secure it. The big promise of cloud computing was that it would simplify security. Organizations would no longer have to worry about securing their infrastructure becau...
ICS Security Plagued with Basic, Avoidable Mistakes
At least 33 percent of the security issues found in industrial control systems ICS are rated as being of high or critical risk. FireEye iSIGHT Intelligence compiled data from dozens of ICS security health assessment engagements performed by its Mandiant division, and found that these issues inclu...
Intel CPUs Undermined By Fresh Speculative Execution Flaws
UPDATE Three new speculative execution design flaws in Intel CPUs were disclosed today, this time impacting Intel’s Software Guard Extensions SGX technology, its OS and system management mode SMM and hypervisor software. The three vulnerabilities would allow attacks on Intel Core and Xeon...
New Dridex Variant Emerges With An FTP Twist
A variant of the Dridex banking trojan recently popped up in an email campaign, with an unusual twist: The attackers used compromised FTP sites for hosting malicious documents, according to researchers at Forcepoint. It was a notable departure from the norm of using HTTP links and could represent...
Microsoft Patches Critical Windows Search Vulnerability
Microsoft patched more than two dozen remote code execution vulnerabilities today, many of them rated critical. One was a RCE bug that allowed an attacker to take complete control of a server or workstation via Windows Search. The fixes were part of Microsoft’s August Patch Tuesday update that...
Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass
Hundreds of thousands–potentially more than one million–Netgear routers are susceptible to a pair of vulnerabilities that can lead to password disclosure. Researchers said that while anyone who has physical access to a router can exploit the vulnerabilities locally, the real threat is that the fl...
PHPMailer Bug Leaves Millions of Websites Open to Attack
UPDATE A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. The flaw was disclosed by researcher Dawid Golunski of Legal Hackers, who said t...
Google Releases Supplemental Patch for Dirty Cow Vulnerability
Google’s November Android Security Bulletin, released Monday, patched 15 critical vulnerabilities and addressed 85 CVEs overall. But conspicuously absent is a fix for the Linux race condition vulnerability known as Dirty Cow Copy-on-Write that also impacts Android. While Google didn’t issue an...
Attackers Exploiting Windows OLE Vulnerability
Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there...
Researcher Takes Wraps off Undisclosed Bash Vulnerabilities
The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff. Researcher Michal Zalewski, a longtime bug-hunter, has...
Charney on Trustworthy Computing: 'I Was the Architect of These Changes'
Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about th...
Oracle Gives Heartbleed Update, Patches 14 Products
As the dominoes continue to fall around Heartbleed, Oracle is doing its best to keep users apprised of its ongoing efforts to patch software that may be vulnerable to the OpenSSL vulnerability. In a document updated early this morning Oracle gave its customers five separate updates regarding:...
NetTraveler Now Using Java Exploits, Watering Hole Attacks
When NetTravler was unveiled in June, Costin Raiu of Kaspersky Lab warned that the espionage campaign was an “ugly gorilla with a thousand faces” and that we hadn’t seen them all yet. A little more than two months later, another profile of the malware targeting activists, diplomats, government...
Bots, Zeus, Web Exploits: the Most Potent Threats of 2012
Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure...
Microsoft Publishes Workaround for Oracle Outside In Vulnerability
Microsoft gave its users steps earlier this week to sidestep a vulnerability in one of Oracle’s Outside In libraries. The company published some mitigations for the bug, but said it isn’t aware of any active attacks against it yet. The Oracle technology is licensed by software developers like...
FEMA: State, Local Officials Not Prepared to Respond to Cyberattack
A report by the Federal Emergency Management Agency FEMA finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report NPR was commissioned by the Obama Administration. It found that, although the...