15946 matches found
Convincing Google Impersonation Opens Door to MiTM, Phishing
An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how...
RSAC 2020: Blockchain is 'Garbage In', Voting Needs Paper Ballots
SAN FRANCISCO – Cryptography is at the heart of security, especially here at this week’s RSAC 2020. And during the event’s annual Cryptographer’s Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. Privacy is clearly a top...
Twitter API Abused to Uncover User Identities
Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API...
N.Y. Could Ban Cities from Paying Ransomware Attackers
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...
ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
Much has been made of the fallout that companies face after a data breach. But for public companies, shaken investor confidence adds a whole new dimension to recovery concerns. A recent study from Comparitech shows that share prices for large breached companies will hit a low point approximately ...
Android Malware Plaguing 45K Devices Remains a Mystery
Researchers are on the hunt for the infection vector behind a mysterious mobile malware that has infected over 45,000 Android devices in the past six months. Researchers said they have detected a surge in detections of the malware, dubbed Xhelper, which can hide itself from users, download...
ThreatList: Google's Advertising Network Dominates Global Data Collection
When it comes to data collection, Google’s combined arsenal of advertising tools and services continue to help it dominate at a global level. Close behind are AOL Advertising, Moat and AppNexus. Each are singled out by researchers in new report that brings to mind the privacy-busting quote, “If...
New Presentation Template: Incident Response Reporting for Management
Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...
Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village'
A global anonymous bug submission platform, announced at DEF CON in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or put researchers in legal hot water. DEF CON conference founder Jeff Moss said the goal wa...
Edward Snowden Sued by U.S. Over New Memoir
The U.S. has sued whistleblower Edward Snowden over his new memoir, alleging he published the book in violation of non-disclosure agreements signed with both the CIA and NSA. Edward Snowden, a former employee of the Central Intelligence Agency and contractor for the National Security Agency NSA, ...
Security Vulnerabilities Are Increasingly Putting Kids at Risk
LAS VEGAS – IoT devices are increasingly coming into the hands of children – from connected watches, to Amazon Echo smart speakers – but security experts worry that these are opening up children’s data to future privacy breaches. The latest example of this fear was seen at Black Hat 2019, where...
Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth
A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...
Latest FinSpy Modules Lift Data from Secure Messaging Apps
The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...
Streaming Video Fans Open to TV Hijacking
A suite of critical remote code-execution vulnerabilities in a streaming TV platform could expose entire databases of subscribers’ personal info and financial details – and could open the door to attackers hijacking the service, streaming any content they wish to customer screens. According to...
Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide
When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...
Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
A researcher has attributed a recently publicized attack on Citrix’ internal network to the Iranian-linked group known as IRIDIUM – and said that the data heist involved 6 terabytes of sensitive data. Resecurity posted a blog on Friday indicating that it detected a targeted attack and data breach...
Emoji Attack Can Kill Skype for Business Chat
A denial of service DoS vulnerability in the Skype for Business unified communications platform has been uncovered, which can be triggered by sending large numbers of emojis to the instant messaging client. According to the SEC Consult Vulnerability Lab, which discovered the flaw CVE-2018-8546,...
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...
38 Android Devices Infected with Malware Preinstalled in Supply Chain
Mobile devices manufactured by a diverse set of handset makers were discovered to be loaded with malware pre-installed somewhere along the supply chain. Check Point Software Technologies said that it found 38 Android handsets were infected with adware, information-stealing malware and ransomware,...
Google Discloses Unpatched Microsoft Vulnerability
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
Critical remote code execution vulnerabilities in two different libraries used to send emails via PHP were patched this week. An issue in PHPMailer, thought fixed, was resolved with an update, version 5.2.21, pushed late Wednesday. Developers with another mailing library for PHP, SwiftMailer,...
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 i...
Android Rooting Application Emergency Patch
A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws...
Android Devices Linux Zero Day Kernel Vulnerability
Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated. The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially,...
Flawed TLS Implementations Leak RSA Keys
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called “Factoring RSA Keys With TLS Perfect Forward Secrecy” that demonstrated...
Office, Java Patches Erase Latest APT 28 Zero Days
An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months. Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a...
Threatpost News Wrap, June 23, 2014
Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digitalunderground156.mp3 Music by Chris Gonsalves...
Pinkie Pie Linux Kernel Patch Available
Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation. Debian, which distributes versions of Linux for personal computers and network servers, warned about the vulnerabilities yesterday in a security update. The most...
Energy Watering Hole Attack Used LightsOut Exploit Kit
A recent watering-hole attack targeted firms in the energy sector using a compromised site belonging to a law firm that works with energy companies and led victims to a separate site that used the LightsOut exploit kit to compromise their machines. The attack, which was active during late Februar...
Counter.php Redirecting to Sites Peddling Styx Exploit Kit
The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...
Attack Using Backdoored Apache Binaries to Lead to Blackhole Kit
There is a newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites serving various flavors of malware, including the Blackhole exploit kit. Rather than going the traditional route of simply injecting malicious cod...
Report: Malvertising Campaign Thrives on Dynamic DNS
A malvertising campaign that’s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks. The campaign, now in its fifth month, relies on the Dynamic Domain Name System DDNS to keep it from being caught according to a report...
Fake Facebook Alert Emails Link to Black Hole Sites
Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to ...
Olympic Flavored 419 Scams Exploit London Games Fervor
Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a ‘stay safe online’ page but has also compiled a downloadable list of known scams. The “Stay safe online” page of the London Games’ website...
In Possible Targeted Attack, Amnesty International Web Site Found Serving Malware
Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal. Citing historical data, Royal claims that...
Apple Patches Critical Safari Vulnerabilities
Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks. The high-priority update patches vulnerabilities that allow remote code execution drive-by downloads if a user simply surfs to a maliciously rigge...
Microsoft Confirms SMB2 Flaw, Heightens Severity
Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover. The vulnerability, which was originally released as a...
Xiaomi Phone Bug Allowed Payment Forgery
Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...
Web Filtering & Compliances for Wi-Fi Providers
The demand for public Wi-Fi is increasing constantly due to the increase of smartphone owners and remote workers. Researchers at VPNMentor say that there are approximately 549 million Wi-Fi hotspots worldwide. Another survey by Semantic found that 87 percent of U.S. consumers have used the readil...
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services AWS S3 bucket during a cloud-security audit, and it’s sharing the story to inspire other organizations to double-check their own systems. Researcher Aaron Phillips with VPN...
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for...
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts
A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security...
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...
BladeHawk Attackers Target Kurds with Android Apps
Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESE...
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...
Ruthless Attackers Target Florida Condo Collapse Victims
Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently,...
Western Digital Users Face Another RCE
Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...
Kaseya Attack Fallout: CISA, FBI Offer Guidance
The REvil cybergang is taking credit for Friday’s massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. Federal...
Iran Media Websites Seized by U.S. in Disinformation Campaign
The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian...
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...