15946 matches found
Unpatched Apple macOS Hole Exposes Safari Browsing History
A design flaw in Apple’s macOS could allow a malicious application to steal victims’ Safari web browsing history. The security hole exists in every version of the Mac’s Mojave operating system, including macOS Mojave 10.14.3 Supplemental Update recently released on Feb. 7. That’s according to Mac...
XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
Researchers have discovered a new sophisticated malware family in the wild, which wrecks havoc on Windows and Linux systems with a combination of data destructive ransomware and malicious cryptomining. The malware, dubbed by Palo Alto Networks’ Unit 42 researchers who discovered it as Xbash, has...
High-Severity Flaws in Cisco Secure Internet Gateway Service Patched
Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine. The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure internet gateway that...
Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen
The global shipping industry is vulnerable to a range of hacks, including one that can send multi-million dollar vessels on a collision course for disaster, according researchers. Worse, the flaws are trivial to execute and easy to mitigate against, according to a report by Pen Test Partners. “Sh...
Apple Releases Spectre Patches for Safari, macOS and iOS
Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple’s Safari browser and WebKit, the web browser engine used by Safari,...
Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities
Microsoft today released patches for 19 critical vulnerabilities, one of which was publicly known prior to the update. In all, 54 vulnerabilities were patched in Windows, Edge, Internet Explorer, Office and Exchange as part of Microsoft’s monthly Patch Tuesday release; 32 flaws were rated importa...
Code Reuse a Peril for Secure Software Development
The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...
Public Exploits Available for ImageMagick Vulnerabilities
Within hours of the disclosure of serious vulnerabilities in ImageMagick, public exploits were available increasing the risk to thousands of websites that make use of the open source image-processing software. Attackers can append malicious code to an image file that ImageMagick will process...
DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack
Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...
Researchers Outline New Italian RAT uWarrior
Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document. Researchers with Palo Alto Networks’ research division, Unit 42, described the malware and how it appears to have emanated from an “unknown actor of Italian origin,” in a...
Duqu Resurfaces With New Round of Victims, Including Kaspersky Lab
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims,...
April 2015 Microsoft Patch Tuesday Security Bulletins
Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it’s inevitably publicly exploited. The bulletin, MS15-034, is one of four critical bulletins issued today by Microsoft. Experts warn that exploitin...
Fixes for IE, Flash Player in October Patch Tuesday Release
Microsoft and Adobe issued their monthly patch Tuesday releases today, and Microsoft posted eight bulletins, three of which are considered critical including the now-monthly cumulative Internet Explorer update, addressing 24 vulnerabilities in various products. Adobe has fixes for three...
August 2014 Microsoft Patch Tuesday Security Bulletins
Microsoft today released its monthly Patch Tuesday Security Bulletins, and the top priority is another cumulative update for Internet Explorer; this one patches 26 vulnerabilities, including one that’s been publicly reported, Microsoft said, and is likely being exploited. All of them are rated...
More on Office 2003 Zero Day Vulnerability Patch
This week’s patch and security advisory for a vulnerability in Microsoft Office is the perfect example of why enterprise administrators need to take Microsoft’s criticality ratings as a suggestion and not gospel. Microsoft pushed security update MS13-051 through on Tuesday with a rating of...
More than 300,000 at Risk After Major Breach at Florida College
A security breach initially believed contained to about 50 employee records now appears to involve almost 300,000 students, faculty and employees at a Florida college. Officials at Northwest Florida State College in Niceville today confirmed a massive data breach and hundreds of thousands of stol...
Fake Automated Craigslist Email Notifications Link to Blackhole Exploit Kit
UPDATE: A big wave of emails purporting to be Craigslist notifications but containing links to websites hosting the Black Hole exploit kit hit the Internet yesterday, a day that already was filled with drama surrounding the LinkedIn password dump. The malicious emails, 150,000 of which were caugh...
Leaders from China, U.S. Meet, Agree to Rally Against Cyber Threats
In an attempt to clear the cybersecurity air, the United States and the People’s Republic of China agreed Monday to work in tandem to prevent future cyber threats. Meeting at the Pentagon, Defense Secretary Leon Panetta and General Liang Guanglie, China’s Minister of National Defense, insisted th...
New Apache Reverse Proxy Issue Uncovered
A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...
SpyEye and Zeus Malware: Married Or Living Separately?
Everyone knows that the first year of marriage can be a tough one -around three percent of them end in the first 12 months. Looks like the same can be true of malware marriages, with the union of the Zeus and SpyEye Trojan now in question. Just one year after news broke that the Zeus and SpyEye...
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patc...
Google Fixes Six High-Risk Bugs in New Chrome Release
Google has released a new version of its Chrome browser, fixing six high-risk security bugs in the process and paying out $8,500 in bug bounties along the way. The latest version of Chrome, version 10.0.648.204, also includes a number of other new features for some of the supported platforms. The...
The Oracle Quarterly Patch Update
January 18th marks the 6th anniversary of the Oracle Critical Patch Update CPU in its current form as a quarterly patch. For those who remember, before the CPU, Oracle released patches as Security Alerts, the last being Security Alert 68 at the end of August 2004. In the past 6 years, CPUs have...
Main PHP-Nuke Site Compromised
The main site for the PHP-Nuke content management system software has been compromised and is serving malicious iFrame exploits to visitors. Researchers at Websense found that the phpnuke.org site is currently serving several different exploits. The attack uses the common iFrame-redirection...
Microsoft Acknowledges IE7 Flaw
Microsoft has acknowledged a new unpatched vulnerability in Internet Explorer 6 and 7, and said that the company is investigating methods for fixing the flaw. The company said that although there is public exploit code available for the vulnerability, it has not seen any evidence of ongoing attac...
Critical Flaws in Popular ICS Platform Can Trigger RCE
Critical flaws in a popular platform used by industrial control systems ICS that allow for unauthorized device access, remote code execution RCE or denial of service DoS could threaten the security of critical infrastructure. OAS—offered by a company of the same name–makes it easy to transfer dat...
ProxyShell Attacks Pummel Unpatched Exchange Servers
Over the weekend, the Cybersecurity & Infrastructure Security Agency CISA issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Securi...
Tracking Malware and Ransomware Domains in 2021
In 2021, the threat of ransomware has loomed large. In many ways, it’s exactly what cybersecurity experts expected and predicted after the major cyber attacks of 2020—including hospital ransomware attacks on a healthcare industry hard-hit by both ransomware and Covid-19. But in other ways, this...
Lazarus Targets Job-Seeking Engineers with Malicious Documents
The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...
DarkSide Pwned Colonial With Old VPN Password
It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...
FBI Claws Back Millions of DarkSide’s Ransom Profits
United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice DOJ and FBI announced in a joint press conference on Monday. “Today we turned the tables on DarkSide,” FBI Deputy Director...
Podcast: The State of Ransomware
Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas...
Peloton’s Leaky API Spilled Riders’ Private Data
Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help. This is...
Phishing Attacks Spawn Three New Malware Strains
Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team. On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains...
Tax Phish Swims Past Google Workspace Email Security
A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...
Firewall Vendor Patches Critical Auth Bypass Flaw
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua...
Malicious Mozilla Firefox Extension Allows Gmail Takeover
A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known...
Clubhouse Conversations Recorded, Researchers Warn
At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that ov...
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims. That’s the final verdict this week by the tech giant now that it’s completed a...
LogoKit Simplifies Office 365, SharePoint 'Login' Phishing Pages
A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims’ company logos onto the phishing login page. This gives attackers the tools needed to easily mimic company login pages, a task that can sometimes be complex. Cybercriminals hav...
CES 2021 Gadgets: Worst in Privacy and Security Awards
This year’s Consumer Electronics Show was hampered by the pandemic, but that didn’t stop an expert panel from convening to award this year’s dubious CES 2021 Worst in Show honors in the context of gadget privacy and security. Overall trends from the week included ever-connected devices constantly...
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
A spike in recent phishing and business email compromise BEC attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple w...
Ransomware Attackers Buy Network Access in Cyberattack Shortcut
For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks...
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...
Mozi Botnet Accounts for Majority of IoT Traffic
The Mozi botnet, a peer-2-peer P2P malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things IoT devices, according to researchers. IBM X-Force noticed Mozi’s spike with...
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Facial recognition technology is still misidentifying people at an alarming rate – even as it’s being used by police departments to make arrests. In fact, Paul Bischoff, consumer privacy expert with Comparitech, found that Amazon’s face recognition platform incorrectly misidentified more than 100...
Facebook's FTC-Mandated Privacy Committee Now in Effect
Facebook on Thursday said it has started to report its privacy practices to a newly formed, independent Privacy Committee. The creation of the independent committee was part of the company’s settlement a year ago with the Federal Trade Commission FTC over data privacy violations, which came in...
Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years
A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial...
Sophisticated Info-Stealer Targets Air-Gapped Devices via USB
The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. Cycldek a.k.a. Goblin Panda, APT 27 and Conimes has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been...
DoubleGun Group Builds Massive Botnet Using Cloud Services
An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...