15946 matches found
Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info
Enterprises using Apple’s Device Enrollment Program DEP for mobile device management MDM enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks, according to researchers. MDM is a common enterprise technology offered by multipl...
Apple Patches Actively Exploited WebKit Zero Day
Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of...
How the NAME:WRECK Bugs Impact Consumers, Businesses
Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Softwar...
U.N. Hack Stemmed From Microsoft SharePoint Flaw
Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data. The breach was swept under the rug by...
Razy Malware Attacks Browser Extensions to Steal Cryptocurrency
UPDATE A Windows malware dubbed “Razy” has been uncovered that sports a toolbox of cryptocurrency theft and fraud tools. Razy works by weaponizing browser extensions in order to perpetrate a range of online scams on unwitting victims. According to researchers at Kaspersky Lab, the trojan targets...
Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...
Gafgyt Botnet Lifts DDoS Tricks from Mirai
Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...
WikiLeaks Reveals CIA Tool 'Scribbles' For Document Tracking
Update WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located ...
Critical Flaws in VNC Threaten Industrial Environments
The open-source Virtual Network Computing VNC project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution RCE. According to researchers at Kaspersky...
Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw
The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage NAS appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reporte...
Mandiant Front Lines: How to Tackle Exchange Exploits
Recently, the public learned of multiple vulnerabilities “ProxyLogon” that impacted Microsoft’s on-premises Exchange Server, a software application used worldwide to manage communications between employees. Since then, many in the security industry have come to realize that attackers knew of thes...
Google Releases Spectre PoC Exploit For Chrome
Google has released proof-of-concept PoC exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack,...
5G Networks Spark Concerns For Enterprise Risks
THE HAGUE, Netherlands – The rise of 5G networks – and subsequent security risks – was the centerpiece issue discussed during the GSMA’s Mobile360 conference on 5G security this past week. While researchers warn that 5G security issues could literally be a matter of life or death for certain...
Actively Exploited Windows Kernel Bug Allows Takeover
Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the...
Golang Worm Widens Scope to Windows, Adds Payload Capacity
A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...
Critical Cisco Flaws Now Have PoC Exploit
Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager DCNM tool for managing network platforms and switches. The three critical vulnerabilities in question CVE-2019-15975, CVE-2019-15976, CVE-2019-15977 impact DCNM, a platform for...
REvil's Big Apple Ransomware Gambit Looks to Pay Off
The REvil ransomware gang is known for audacious attacks on the world’s biggest organizations, and its demands for astronomical ransoms to match. But the gang’s latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service...
Feds Hit with Successful Cyberattack, Data Stolen
A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency CISA issued an alert on Thursday, not naming the agency but providing technical details of...
Critical Microsoft Remote Desktop Flaw Fixed in Security Update
Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Overall, Microsoft issued fixes for 59 vulnerabilities – including nin...
Attackers Actively Target Windows Installer Zero-Day
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer...
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy CSP on websites, in order to steal data and execute rogue code. The bug CVE-2020-6519 is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of...
Samsung Rolls Out Fix For Galaxy S10 Fingerprint Sensor Glitch
Samsung has reportedly started rolling out a software patch for the Galaxy S10 and Note10, addressing glitches in both phone models that allow the bypass of their built-in fingerprint authentication sensors. The fix comes after Samsung admitted last week that anyone can bypass the Galaxy S10...
APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
State-sponsored advanced persistent threat APT groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials. The National Security Agency NSA issued a...
High-Severity Cisco Webex Flaws Fixed
Cisco Systems has patched two high-severity vulnerabilities in its popular Webex video conferencing platform, which if exploited could allow an attacker to execute code on affected systems. Two multimedia players tied to the Webex platform are impacted. First is the Cisco Webex Network Recording...
Zimbra Server Bugs Could Lead to Email Plundering
Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a “drastic” situation, given Zimbra’s...
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical. For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web...
Updated Joker Malware Floods into Android Apps
The Joker mobile trojan is back on Google Play, with an uptick in malicious Android applications that hide the billing-fraud malware, researchers said. It’s also using new approaches to skirt past Google’s app-vetting process. Joker has been around since 2017, disguising itself within common,...
Severe Cisco DoS Flaw Can Cripple Nexus Switches
Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...
North Korean Spear-Phishing Attack Targets U.S. Firms
Researchers have uncovered an ongoing, sophisticated malware campaign aiming at U.S.-based targets with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions. The campaign, which researchers from Prevailion call “Autumn Aperture” and link...
PoC Exploits Do More Good Than Harm: Threatpost Poll
When it comes to the release of proof-of-concept PoC exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll. Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a...
Dockster Mac Malware Targets Dalai Lama Website Through Flashback Vulnerability
Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year. F-Secure...
Equifax to Pay $700 Million in 2017 Data Breach Settlement
Equifax will pay as much as $700 million to settle federal and state investigations on the heels of its infamous 2017 breach, which exposed the data of almost 150 million customers. The consumer credit reporting agency on Monday said it will dish out $300 million to cover free credit monitoring...
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. The bugs, tracked as CVE-2020-2509 and CVE-2021-36195, impact QNAP’s model TS-231 network attached storage NAS hardware, allowing an attacker to manipulate stored data a...
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers. The flaws exist in the web-based management interface of...
Lazarus Group Surfaces with Advanced Malware Framework
The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers. A new version of a known network-address translation NAT slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if tho...
Fighting Fire with Fire: API Automation Risks
Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...
Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire
WhatsApp is asking users to accept a new privacy policy that will share all of their data with Facebook beginning Feb. 8, a move that has users sounding an alarm once again about the privacy of their information in the hands of the social media giant. The Facebook-owned messaging service already...
Hey Alexa, Who Am I Messaging?
The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known. Now researchers have discovered that the devices also may be able to “hear” and record what people are typing on nearby smartphones, even...
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn. The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting target...
Third-Party APIs: How to Prevent Enumeration Attacks
When organizations use APIs – the next frontier in cybercrime – to engage with third parties, it’s crucial they understand the associated security exposure they’re introducing. To do so, they must think like a hacker to evaluate whether or not they are introducing a problem or a solution for thei...
Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution RCE attacks – without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw CVE-2020-0022, which was patched earlier...
‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoSes
A distributed denial-of-service DDoS extortion group has blazed back on the cybercrime scene, this time under the name of “Fancy Lazarus.” It’s been launching a series of new attacks that may or may not have any teeth, researchers said. The new name is a tongue-in-cheek combination of the...
Rocke Group’s Malware Now Has Worm Capabilities
Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks. The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with “worm” capabilities and rootkit...
Salt Bugs Allow Full RCE as Root on Cloud Servers
The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...
Fake News and Influence: Information Warfare in the Digital Age
It’s 2019 and we live in a world where understanding what is real and what is fake can be challenging. For the security community, we increasingly deal with information warfare adversaries that rely on that fact; and, operating at internet scale, are capable of causing plenty of havoc...
LabKey Vulnerabilities Threaten Medical Research Data
A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting XSS attacks. The flaws are serious as they allow an attacker to retrieve user credentials once a...
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
A zero-day remote code-execution RCE bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said – prompting an emergency patch to roll out over the weekend. The security vulnerability bug CVE-2022-24086 is a critical affair, allowing pre-authentication R...
Hoaxcalls Botnet Exploits Symantec Secure Web Gateways
Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...