15946 matches found
New Presentation Template: Incident Response Reporting for Management
Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...
Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village'
A global anonymous bug submission platform, announced at DEF CON in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or put researchers in legal hot water. DEF CON conference founder Jeff Moss said the goal wa...
Edward Snowden Sued by U.S. Over New Memoir
The U.S. has sued whistleblower Edward Snowden over his new memoir, alleging he published the book in violation of non-disclosure agreements signed with both the CIA and NSA. Edward Snowden, a former employee of the Central Intelligence Agency and contractor for the National Security Agency NSA, ...
Security Vulnerabilities Are Increasingly Putting Kids at Risk
LAS VEGAS – IoT devices are increasingly coming into the hands of children – from connected watches, to Amazon Echo smart speakers – but security experts worry that these are opening up children’s data to future privacy breaches. The latest example of this fear was seen at Black Hat 2019, where...
Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth
A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...
Latest FinSpy Modules Lift Data from Secure Messaging Apps
The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...
Streaming Video Fans Open to TV Hijacking
A suite of critical remote code-execution vulnerabilities in a streaming TV platform could expose entire databases of subscribers’ personal info and financial details – and could open the door to attackers hijacking the service, streaming any content they wish to customer screens. According to...
Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide
When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...
Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
A researcher has attributed a recently publicized attack on Citrix’ internal network to the Iranian-linked group known as IRIDIUM – and said that the data heist involved 6 terabytes of sensitive data. Resecurity posted a blog on Friday indicating that it detected a targeted attack and data breach...
Emoji Attack Can Kill Skype for Business Chat
A denial of service DoS vulnerability in the Skype for Business unified communications platform has been uncovered, which can be triggered by sending large numbers of emojis to the instant messaging client. According to the SEC Consult Vulnerability Lab, which discovered the flaw CVE-2018-8546,...
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...
38 Android Devices Infected with Malware Preinstalled in Supply Chain
Mobile devices manufactured by a diverse set of handset makers were discovered to be loaded with malware pre-installed somewhere along the supply chain. Check Point Software Technologies said that it found 38 Android handsets were infected with adware, information-stealing malware and ransomware,...
Google Discloses Unpatched Microsoft Vulnerability
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
Critical remote code execution vulnerabilities in two different libraries used to send emails via PHP were patched this week. An issue in PHPMailer, thought fixed, was resolved with an update, version 5.2.21, pushed late Wednesday. Developers with another mailing library for PHP, SwiftMailer,...
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 i...
Android Rooting Application Emergency Patch
A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws...
Android Devices Linux Zero Day Kernel Vulnerability
Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated. The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially,...
Flawed TLS Implementations Leak RSA Keys
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called “Factoring RSA Keys With TLS Perfect Forward Secrecy” that demonstrated...
Office, Java Patches Erase Latest APT 28 Zero Days
An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months. Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a...
Angler Exploit Kit, Bedep Malware Inflating Video Views
A new sort of hacktivism emerged last week when experts from Trustwave published new research revealing that attackers are using the Angler exploit kit and the Bedep Trojan in order to drive artificial views to politically controversial videos. The motivation for the scheme, it appears, is to...
Pinkie Pie Linux Kernel Patch Available
Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation. Debian, which distributes versions of Linux for personal computers and network servers, warned about the vulnerabilities yesterday in a security update. The most...
Counter.php Redirecting to Sites Peddling Styx Exploit Kit
The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...
Attack Using Backdoored Apache Binaries to Lead to Blackhole Kit
There is a newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites serving various flavors of malware, including the Blackhole exploit kit. Rather than going the traditional route of simply injecting malicious cod...
Report: Malvertising Campaign Thrives on Dynamic DNS
A malvertising campaign that’s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks. The campaign, now in its fifth month, relies on the Dynamic Domain Name System DDNS to keep it from being caught according to a report...
Fake Facebook Alert Emails Link to Black Hole Sites
Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to ...
Olympic Flavored 419 Scams Exploit London Games Fervor
Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a ‘stay safe online’ page but has also compiled a downloadable list of known scams. The “Stay safe online” page of the London Games’ website...
Fake Automated Craigslist Email Notifications Link to Blackhole Exploit Kit
UPDATE: A big wave of emails purporting to be Craigslist notifications but containing links to websites hosting the Black Hole exploit kit hit the Internet yesterday, a day that already was filled with drama surrounding the LinkedIn password dump. The malicious emails, 150,000 of which were caugh...
In Possible Targeted Attack, Amnesty International Web Site Found Serving Malware
Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal. Citing historical data, Royal claims that...
Apple Patches Critical Safari Vulnerabilities
Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks. The high-priority update patches vulnerabilities that allow remote code execution drive-by downloads if a user simply surfs to a maliciously rigge...
Microsoft Confirms SMB2 Flaw, Heightens Severity
Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover. The vulnerability, which was originally released as a...
Xiaomi Phone Bug Allowed Payment Forgery
Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...
Web Filtering & Compliances for Wi-Fi Providers
The demand for public Wi-Fi is increasing constantly due to the increase of smartphone owners and remote workers. Researchers at VPNMentor say that there are approximately 549 million Wi-Fi hotspots worldwide. Another survey by Semantic found that 87 percent of U.S. consumers have used the readil...
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services AWS S3 bucket during a cloud-security audit, and it’s sharing the story to inspire other organizations to double-check their own systems. Researcher Aaron Phillips with VPN...
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for...
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts
A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security...
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...
BladeHawk Attackers Target Kurds with Android Apps
Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESE...
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...
Ruthless Attackers Target Florida Condo Collapse Victims
Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently,...
Western Digital Users Face Another RCE
Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...
Kaseya Attack Fallout: CISA, FBI Offer Guidance
The REvil cybergang is taking credit for Friday’s massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. Federal...
Iran Media Websites Seized by U.S. in Disinformation Campaign
The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian...
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...
IKEA Fined $1.2M for Elaborate ‘Spying System’
IKEA’s French subsidiary was just hit with a $1.2 million fine after it was found guilty of a creepy systematic snooping scheme targeting customers, employees and even prospective hires. Prosecutors said in all, the company illegally surveilled about 400 people in total, according to the BBC. IKE...
STEM Audio Table Rife with Business-Threatening Bugs
The STEM Audio Table conference-room speaker has a security vulnerability that would allow unauthenticated remote code execution RCE as root – paving the way for eavesdropping on conversations, denial of service, lateral movement throughout enterprise networks and more. And, there are multiple...
Steam Gaming Platform Hosting Malware
UPDATE Look out for SteamHide, an emerging malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. The Steam platform merely serves as a vehicle which hosts the malicious file, according to research fr...
DarkSide Pwned Colonial With Old VPN Password
It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...
REvil Ransomware Ground Down JBS: Sources
The cyberattack that flattened operations at JBS Foods over the weekend was indeed a ransomware strike, the global food distributor has confirmed to the Biden administration, with sources pointing to the REvil Group as the responsible gang. Four people familiar with the matter who weren’t...
Cyber-Insurance Fuels Ransomware Payment Surge
Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic. In the first half of 2020, ransomware attacks accounted for 41...
Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales
Telegram groups are being abused by fraudsters peddling fake COVID-19 vaccination cards to the unvaccinated and anti-vaxxer communities, according to researchers. Brittany Allen, trust and safety architect at Sift, noticed the illicit sales on the encrypted messaging platform as the COVID-19...