15946 matches found
Code Reuse a Peril for Secure Software Development
The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...
DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack
Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...
Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...
April 2015 Microsoft Patch Tuesday Security Bulletins
Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it’s inevitably publicly exploited. The bulletin, MS15-034, is one of four critical bulletins issued today by Microsoft. Experts warn that exploitin...
Fixes for IE, Flash Player in October Patch Tuesday Release
Microsoft and Adobe issued their monthly patch Tuesday releases today, and Microsoft posted eight bulletins, three of which are considered critical including the now-monthly cumulative Internet Explorer update, addressing 24 vulnerabilities in various products. Adobe has fixes for three...
August 2014 Microsoft Patch Tuesday Security Bulletins
Microsoft today released its monthly Patch Tuesday Security Bulletins, and the top priority is another cumulative update for Internet Explorer; this one patches 26 vulnerabilities, including one that’s been publicly reported, Microsoft said, and is likely being exploited. All of them are rated...
More than 300,000 at Risk After Major Breach at Florida College
A security breach initially believed contained to about 50 employee records now appears to involve almost 300,000 students, faculty and employees at a Florida college. Officials at Northwest Florida State College in Niceville today confirmed a massive data breach and hundreds of thousands of stol...
Leaders from China, U.S. Meet, Agree to Rally Against Cyber Threats
In an attempt to clear the cybersecurity air, the United States and the People’s Republic of China agreed Monday to work in tandem to prevent future cyber threats. Meeting at the Pentagon, Defense Secretary Leon Panetta and General Liang Guanglie, China’s Minister of National Defense, insisted th...
New Apache Reverse Proxy Issue Uncovered
A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...
SpyEye and Zeus Malware: Married Or Living Separately?
Everyone knows that the first year of marriage can be a tough one -around three percent of them end in the first 12 months. Looks like the same can be true of malware marriages, with the union of the Zeus and SpyEye Trojan now in question. Just one year after news broke that the Zeus and SpyEye...
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patc...
Google Fixes Six High-Risk Bugs in New Chrome Release
Google has released a new version of its Chrome browser, fixing six high-risk security bugs in the process and paying out $8,500 in bug bounties along the way. The latest version of Chrome, version 10.0.648.204, also includes a number of other new features for some of the supported platforms. The...
The Oracle Quarterly Patch Update
January 18th marks the 6th anniversary of the Oracle Critical Patch Update CPU in its current form as a quarterly patch. For those who remember, before the CPU, Oracle released patches as Security Alerts, the last being Security Alert 68 at the end of August 2004. In the past 6 years, CPUs have...
Microsoft Acknowledges IE7 Flaw
Microsoft has acknowledged a new unpatched vulnerability in Internet Explorer 6 and 7, and said that the company is investigating methods for fixing the flaw. The company said that although there is public exploit code available for the vulnerability, it has not seen any evidence of ongoing attac...
Critical Flaws in Popular ICS Platform Can Trigger RCE
Critical flaws in a popular platform used by industrial control systems ICS that allow for unauthorized device access, remote code execution RCE or denial of service DoS could threaten the security of critical infrastructure. OAS—offered by a company of the same name–makes it easy to transfer dat...
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems. The F5 BIG-IP is a combination of software and hardware that is designed around access control, application availability and...
BQE Web Suite Billing App Rigged to Inflict Ransomware
Threat actors have been caught exploiting a now-patched zero-day critical vulnerability in a popular timeclock and billing system, to take over vulnerable servers and inflict companies’ networks with ransomware. Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an...
ProxyShell Attacks Pummel Unpatched Exchange Servers
Over the weekend, the Cybersecurity & Infrastructure Security Agency CISA issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Securi...
Tracking Malware and Ransomware Domains in 2021
In 2021, the threat of ransomware has loomed large. In many ways, it’s exactly what cybersecurity experts expected and predicted after the major cyber attacks of 2020—including hospital ransomware attacks on a healthcare industry hard-hit by both ransomware and Covid-19. But in other ways, this...
Lazarus Targets Job-Seeking Engineers with Malicious Documents
The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...
FBI Claws Back Millions of DarkSide’s Ransom Profits
United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice DOJ and FBI announced in a joint press conference on Monday. “Today we turned the tables on DarkSide,” FBI Deputy Director...
Podcast: The State of Ransomware
Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas...
Peloton’s Leaky API Spilled Riders’ Private Data
Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help. This is...
Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team. On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains...
Tax Phish Swims Past Google Workspace Email Security
A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...
Firewall Vendor Patches Critical Auth Bypass Flaw
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua...
Malicious Mozilla Firefox Extension Allows Gmail Takeover
A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known...
Clubhouse Conversations Recorded, Researchers Warn
At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that ov...
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims. That’s the final verdict this week by the tech giant now that it’s completed a...
LogoKit Simplifies Office 365, SharePoint 'Login' Phishing Pages
A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims’ company logos onto the phishing login page. This gives attackers the tools needed to easily mimic company login pages, a task that can sometimes be complex. Cybercriminals hav...
CES 2021 Gadgets: Worst in Privacy and Security Awards
This year’s Consumer Electronics Show was hampered by the pandemic, but that didn’t stop an expert panel from convening to award this year’s dubious CES 2021 Worst in Show honors in the context of gadget privacy and security. Overall trends from the week included ever-connected devices constantly...
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
A spike in recent phishing and business email compromise BEC attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple w...
Ransomware Attackers Buy Network Access in Cyberattack Shortcut
For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks...
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...
Mozi Botnet Accounts for Majority of IoT Traffic
The Mozi botnet, a peer-2-peer P2P malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things IoT devices, according to researchers. IBM X-Force noticed Mozi’s spike with...
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Facial recognition technology is still misidentifying people at an alarming rate – even as it’s being used by police departments to make arrests. In fact, Paul Bischoff, consumer privacy expert with Comparitech, found that Amazon’s face recognition platform incorrectly misidentified more than 100...
Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years
A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial...
Sophisticated Info-Stealer Targets Air-Gapped Devices via USB
The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. Cycldek a.k.a. Goblin Panda, APT 27 and Conimes has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been...
DoubleGun Group Builds Massive Botnet Using Cloud Services
An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...
Skype Phishing Attack Targets Remote Workers' Passwords
Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can...
Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis
With governments closing down workplaces all over the world, telecommuting presents not just online administrative and capacity challenges for organizations, but also security challenges. As highlighted in a recent article by Andy Greenberg from Wired, when more and more employees are asked to VP...
News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own
For the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activities – malware, phishing and other scams – tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus’ spread Privacy...
Cybergang Favors G Suite and Physical Checks For BEC Attacks
Researchers have uncovered a new business email compromise BEC threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Google’s cloud-based productivity suite, G Suite, and for its use of...
Phishing Campaign Targets 250 Android Apps with Anubis Malware
A new phishing campaign is attempting to deliver sophisticated malware that can completely hijack an Android mobile device to steal user credentials, install a keylogger and even hold a device’s data for ransom. The attacks are designed for mobile inboxes and leverage the Anubis malware, a...
Dutch Politician Could Get Three Years in Prison for Hacking iCloud Accounts
Prosecutors in the Netherlands are asking for three years in prison for a Dutch politician who hacked into women’s personal iCloud accounts and stole nude photos and other personal digital material belonging to them, then leaked some of it online. The public prosecutor of the North Holland Public...
Download: The Comprehensive Compliance Guide
A large part of the CISO/CIO responsibility is ensuring compliance standards are met. As one of the main drivers of security product purchase and implementation, regulation comes in many different shapes and sizes. Some standards provide clear consequences for failure to meet them. Others provide...
Facebook Privacy Breach: 100 Developers Improperly Accessed Data
UPDATE Facebook said that 100 third-party app developers have improperly accessed the names and profile pictures of members in various Facebook groups – data that was restricted in 2018 by the platform after its Cambridge Analytica privacy snafu. Facebook said that the developers – including 11 i...
Senate Passes Bill Aimed At Combating Ransomware Attacks
The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed...
Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk
Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...
GoBotKR Targets Pirate Torrents to Build a DDoS Botnet
A botnet dubbed GoBotKR is targeting fans of Korean TV, compromising computers via pirated copies of South Korean movies, games and TV shows available via Korean and Chinese torrent sites. Ultimately, the cybercriminals are building a network that can then be used to perform DDoS attacks of vario...