15946 matches found
Gig Workers Being Paid $500 for Payroll Passwords
Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up...
Telegram Platform Abused in 'ToxicEye' Malware Campaigns
Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...
Microsoft Office 365 Attacks Sparked from Google Firebase
A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about...
Data from August Breach of Amazon Partner Juspay Dumped Online
Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found. Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach...
Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes
A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will “blindside” the world: “fakeable” voices. More bad actors using artificial...
Can Governments Defeat Nation-State Attacks on Critical Infrastructures?
For physical conflicts, we expect our government to protect us from nation-state adversaries. It turns out, though, that industrial enterprises are much better positioned to defeat most nation-state attacks on power plants, pipelines, and other critical infrastructures than governments are. For...
Supreme Court Phish Targets Office 365 Credentials
A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme...
Quantum Security Goes Live with Samsung Galaxy
Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation RNG chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum...
Ransomware Attack Takes Down Toll Group Systems, Again
Australian transportation and logistics giant Toll Group has been hit by a ransomware attack – for the second time in three months. The company said a relatively new form of ransomware known as Nefilim had targeted its systems. Toll Group, a subsidiary of Japan Post Holdings, is a freight and...
Zoom Bombing Attack Hits U.S. Government Meeting
A U.S. House Oversight Committee meeting was the most recent victim of a Zoom bombing attack, after the meeting was disrupted at least three different times by uninvited attendees. The incident was disclosed in a recent internal letter from Jim Jordan R-Ohio to Carolyn Maloney R-NY, chairwoman fo...
Domain Name Security: Important Measures You Need to Know
Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a doma...
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’
UPDATE Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. Since its discovery, an update has fixed what researchers said was a...
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...
RSAC 2020: Blockchain is 'Garbage In', Voting Needs Paper Ballots
SAN FRANCISCO – Cryptography is at the heart of security, especially here at this week’s RSAC 2020. And during the event’s annual Cryptographer’s Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. Privacy is clearly a top...
FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter
Just ahead of its Champion’s League Round of 16 appearance next week, FC Barcelona’s official Twitter account was hacked in an apparent credential-stuffing attack. The strike resulted in account takeover and bogus tweets being sent out. The hacking collective known as OurMine, which made headline...
Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain,...
N.Y. Could Ban Cities from Paying Ransomware Attackers
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...
Why Cloud, Collaboration Breed Insider Threats
When it comes to facing insider threats, many enterprises seem to be suffering from a type of organizational cognitive dissonance – as in, they hold two, seemingly contradictory beliefs when it comes to the cloud and the collaboration tools that they use. Specifically, business leaders and...
Smart Krampus-3PC Malware Targets iPhone Users Online
A malicious web redirect campaign affecting iPhone users has impacted more than 100 publisher websites, including online newspapers and international weekly news magazines. According to The Media Trust’s Digital Security & Operations DSO team, iPhone users visiting any of the impacted websites we...
Eye Clinic Breach Reveals Data of 20,000 Patients
A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal. The breach at the Utah Valley Eye Center in Provo, Utah, that exposed patient emails once again highligh...
Insurance Pays Out a Sliver of Norsk Hydro's Cyberattack Damages
On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to...
Cynet’s free vulnerability assessment offering helps organizations significantly increase their security
Long before a cyberattack is underway, organizations need to be focused on improving their security. Part of this is to always be monitoring their environment, on the lookout for weaknesses and ready to take action if they are found. This is the best way to ensure the organization remains immune ...
Back-to-School Scams Target Students with Library-Themed Emails
College students settling back into school might want to think twice before clicking on an email prompting them to renew their school library account. Researchers warn that students at hundreds of universities worldwide are being targeted with fake emails this week, which tout attachments or link...
Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data
NASA’s Jet Propulsion Laboratory JPL may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT...
Infosecurity Europe: Easing the Clash Between IT and Industrial Worlds
LONDON, UK – Information technology and operational technology are like two sides of the same coin. Their objectives are the same, but too often they don’t see eye-to-eye when it comes to priorities, according to cybersecurity experts. Information technology IT teams are tasked with securing and...
Tor Security Add-On Abruptly Killed by Mozilla Bug
Thanks to Mozilla letting an intermediate signing certificate expire, the Tor community was thrown into disarray over the weekend when the NoScript security add-on was suddenly killed for both Firefox and the Tor browser. A fix is available for Firefox, but the Tor issue continues. NoScript is a...
Microsoft Outlook Breach Widens in Scope, Impacting MSN And Hotmail – Report
UPDATE A recently-disclosed Microsoft email-platform breach is reportedly much worse than previously thought, now impacting a large number of Outlook accounts as well as MSN and Hotmail email accounts. On Friday, a slew of Outlook users reported receiving notifications from Microsoft. The...
SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort
SINGAPORE — Around 240 high-profile victims in 39 countries worldwide have become victims of an APT cyber-espionage attack, led by an organization dubbed the Gaza Cybergang that comprises several groups of varying sophistication. The victims, who were all targeted last year, include political,...
Threatpost Poll: Over Half of Firms Asked Struggle with Mobile Security
A Threatpost survey of readers found over half of respondents don’t feel sufficiently prepared to prevent or handle a security incident stemming from mobile devices in their firm. The informal survey results should serve as harbinger for security professionals in light of the fact that 80 percent...
Social Media Privacy Dominates Apple iOS 12, macOS Launches
Social media privacy is top of mind for Apple on the heels of the Facebook-Cambridge Analytica controversy. On Monday, Apple released the latest versions of its desktop and mobile operating systems at the Worldwide Developers Conference WWDC, which addresses a bevy of security and privacy concern...
Microsoft Fixes 66 Bugs in April Patch Tuesday Release
Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical. Notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug CVE-2018-1034, rated important, which has no fix but has not been publicly exploited. Microsoft SharePoin...
Cisco Issues New Patches for Critical Firewall Software Vulnerability
Cisco has released new patches for a critical vulnerability in its Adaptive Security Appliance software after further investigation revealed additional attack vectors. The company first announced the vulnerability, CVE-2018-0101, on Jan. 29. It received a Common Vulnerability Scoring System base...
Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability
Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an...
APT Group 'Patchwork' Cuts-and-Pastes a Potent Attack
An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted...
Google Patches More Trouble in Mediaserver
Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...
OpenSSH Private Crypto Key Leak Patch
OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in...
October 2015 Microsoft Patch Tuesday Security Bulletins
Microsoft’s monthly release of security bulletins today is a relatively light load of patches to be tested and deployed. The real news, however, could be in a separate advisory in which it continues to deprecate the outdated RC4 encryption algorithm. Following its initial advisory in May that...
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
While the Angler Exploit Kit may have already established itself as one of the more sophisticated kits on the underground market, it appears it’s still finding ways to evolve. Angler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previous...
VMware Fixes Java Information Disclosure Vulnerability
Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle’s Java runtime environment JRE. The update essentially installs the latest version of JRE into VMware systems where the old version of JRE was affecte...
Threatpost News Wrap, June 23, 2014
Dennis Fisher and Mike Mimoso discuss the latest security news, including the possible fork of TrueCrypt, Microsoft’s new information sharing platform, the FBI’s cybercrime task force and the US team’s crushing tie with Portugal. Download: digitalunderground156.mp3 Music by Chris Gonsalves...
Malicious Java App is Cross-Platform Botnet
Java-related security issues have remained relatively quiet during the past few months, especially after a rocky start to 2013 seemingly had one Java flaw after another in the news. Things might be starting to ramp up again with the discovery of a cross-platform Java-based botnet. Researchers at...
Microsoft to Patch Zero Day in January 2014 Security Updates
Microsoft announced Thursday that it plans to release four bulletins next week as part of the year’s first batch of Patch Tuesday security updates, none of which are rated critical. Despite the relatively light load, the patches do address a zero-day vulnerability in Windows XP and Windows Server...
Oil, Energy Watering Hole Attacks Linked to DOL attack
A string of watering hole attacks targeting oil and energy companies dating back to May could be linked to similar attacks against the U.S. Department of Labor website. Researchers at Cisco discovered the compromised domains of 10 oil and energy companies worldwide, including hydroelectric plants...
NBC Website Hacked, Leading Visitors to Citadel Banking Malware
Another day, another media company hacked. This time it’s NBC which has fallen to victim hackers on the heels of compromises of the New York Times and Wall Street Journal websites. Various experts have confirmed that NBC’s website is compromised and leading visitors to the dangerous Citadel banki...
Hack-a-mole: Disgruntled Programmer Accused of Sabotaging Arcade Game Classic
Marvin Walter Wimberly, Jr., a sixty one year-old programmer and game board designer has been charged by authorities in Florida with committing computer crimes with the intent to defraud after his employer, game maker Bob’s Space Racers BSR uncovered an elaborate scheme in which popular arcade...
Facebook Announces Hacker's Cup
Social networking Web site Facebook has announced that they will begin accepting registrations for the 2011 Hacker Cup, the first annual programming and puzzle solving contest open to software engineers, programmers, puzzle solvers and assorted hackers from around the world.Facebook said this wee...
Attacks Continuing Against IE Flaw as Microsoft Preps Patch
Microsoft officials said on Sunday that they are continuing to investigate the attacks that are exploiting the unpatched flaw in Internet Explorer, but that the attacks right now are limited to specifically targeted activity against enterprise networks. The company said that it doesn’t look like...
Adobe Zaps Dangerous Flash Player Bugs
Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks. The Flash Player 10.0.42.34 update is available for all platforms Windows, Linux and Mac OS X. Here are the raw details:...