15946 matches found
How Mobile Ad Fraud has Evolved in the Year of the Pandemic
The past 18 months have arguably been the most turbulent on record for the mobile industry. The majority of the world spent significant portions of 2020 under some kind of lockdown, with pressure mounting on mobile operators to keep us connected to the outside world, and with each other. This...
Biden’s Cybersecurity EO: The Wrong Issues
It’s no secret that foreign adversaries are making a concerted effort to target U.S. government agencies and companies. As technology advances and foreign superpowers gain influence, the game is shifting beneath our feet here in the U.S. Motivated in part by the extent and consequences of the...
Five Critical Password Security Rules Your Employees Are Ignoring
Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits — a...
Feds Shut Down Fake COVID-19 Vaccine Phishing Website
Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. Instead, the site was stealing information from people with the purpose of using it for future cybercriminal activity. The U.S...
QR Codes Offer Easy Cyberattack Avenues as Usage Spikes
The use of mobile quick-response QR codes in daily life, for both work and personal use, continues to rise – and yet, most people aren’t aware that these handy mobile shortcuts can open them up to savvy cyberattacks. That’s according to Ivanti, which carried out a survey of 4,157 consumers across...
Facebook: Stolen Data Scraped from Platform in 2019
The leak of personal data from more than 533 million Facebook users was scraped from their profiles by malicious actors because of a security flaw in the company’s platform prior to September 2019, the social media giant said Tuesday. Threat actors posted that data to a public hacker forum over t...
LinkedIn Spear-Phishing Campaign Targets Job Hunters
A threat group called Golden Chickens is delivering the fileless backdoor moreeggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. The phishing emails try to trick a victim into clicking on a malicious .ZIP file by...
Child Tweets Gibberish from U.S. Nuke Account
A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday. The tweets were met wit...
Health Website Leaks 8 Million COVID-19 Test Results
Yet another human-related error — this time a flaw in a health department website in the state of Bengal, India — has exposed the confidential results of COVID-19 tests as well as personally identifying information PII for an entire geographic region’s population. Test results related to more tha...
Let’s Encrypt to Replace 200M Certificates a Day
Let’s Encrypt just announced an infrastructure makeover which means the open certificate authority CA is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in “some of the worst scenarios.” The upgrade comes a year after Let’s Encryp...
Cyberpunk 2077 Publisher Hit with Hack, Ransomware
UPDATE CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves of company data being dumped online – including game source code. The Warsaw-based company tweeted out a notice o...
Spotify Suffers Second Credential-Stuffing Cyberattack
Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users. Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same...
Microsoft 365 Becomes Haven for BEC Innovation
Two fresh business email compromise BEC tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In one case, scammers are targeting victims by redirecting legitimate out-of-office OOO replies fro...
Cyberattacks on Healthcare Spike 45% Since November
As COVID-19 ravages international healthcare systems, cybercriminals have decided to leverage the increasingly dire circumstances to squeeze a few bucks out of the human suffering. According to new findings from Check Point Software, healthcare organizations have seen a 45-percent increase in...
Misconfigured Docker Servers Under Attack By Xanthe Malware
Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems. Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a...
New Grelos Skimmer Variants Siphon Credit Card Data
Just as seasonal online shopping kicks into high gear, new variants of the point-of-sale Grelos skimmer malware have been identified. Variants are targeting the payment-card data of online retail shoppers on dozens of compromised websites, researchers warn. The Grelos skimmer malware has been...
Firestarter Android Malware Abuses Google Firebase Cloud Messaging
An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection. The malware, dubbed “Firestarter,” is used by an APT threat group called “DoNot.” DoNot uses Firebase Cloud Messaging FCM, which is a cross-platform cloud soluti...
North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
The North Korean advanced persistent threat APT group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency CISA. Kimsuky a.k.a. Hidden Cobra has been...
Experts Weigh in on E-Commerce Security Amid Snowballing Threats
The raging pandemic has forced many retailers to re-imagine their businesses, shifting from in-person to contactless interactions through online sales. This new socially distanced reality is colliding with the crush of an upcoming holiday shopping season, creating an unprecedented opportunity for...
Unsecured Microsoft Bing Server Leaked Search Queries, Location Data
An unsecured database has exposed sensitive data for users of Microsoft’s Bing search engine mobile application – including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data wa...
Charming Kitten Returns with WhatsApp, LinkedIn Effort
The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. The targets are Israeli scholars from Haifa and Tel Aviv universities, and U.S. government...
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...
Podcast: Security Lessons Learned In Times of Uncertainty
Derek Manky With the coronavirus pandemic breaking out, and corporate workforces going remote, “uncertainty is a key word” for 2020, Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, said. The uncertain times led to an outpouring of cybercriminal...
Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot
Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full fledged botnet that’s...
Trojans, Backdoors and Droppers: The Most-Analyzed Malware
Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters 72 percent of the...
Helping Remote Workers Overcome Remote Attacks
Cybercriminals are experts at making the most of whatever they’re given. The current pandemic is no different, and they have been quick to profit from their victims’ fears. Adaptability has always been the hallmark of malicious actors, and the proliferation of “remote-everything” attacks is a pri...
Podcast: Why Identity Access Management is the New Perimeter
With the proliferation of cloud in enterprise environments, the concept of “identity” today is very different than how it used to be. Threatpost host Cody Hackett talks to Brian Johnson, CEO and co-founder of DivvyCloud by Rapid7, about how identity access management IAM is rapidly changing – and...
Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App
The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens – eschewing the API model proposed by Apple and Google in April. The app is called “Healthy Together” and it was created by a startup calle...
COVID-19 CISO Checklist for Securing a Remote Workforce
The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise...
Cloud Misconfig Mistakes Show Need For DevSecOps
Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...
This Stalkerware Delivers Extra-Creepy Features
Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute control of targeted devices, going so far as allowing them to capture the...
RSAC 2020: Ransomware a 'National Crisis,' CISA Says, Ramps ICS Focus
Industrial control systems ICS and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency CISA this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher...
Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats
Research unveiled this week at CPX 360, a security event hosted by Check Point, disclosed vulnerabilities discovered in Zoom’s enterprise video conferencing platform. Zoom issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible...
CES Surveillance Hype Worries Privacy Advocates
Cutting-edge surveillance tech took center stage at the Consumer Electronics Show in Las Vegas, Nevada this past week. But just as many tech enthusiast praised the technology as something to marvel, privacy advocates voiced concern. Many security experts are sounding the alarm that the annual tec...
Epilepsy Foundation Bombarded with Seizure-Triggering Twitter Posts
The Epilepsy Foundation on Monday filed a criminal complaint against a number of undisclosed Twitter users after they bombarded its Twitter feed in November with a barrage of posts of flashing or strobing lights — exposing its thousands of followers to potential seizure-triggering images. The...
Facebook Alleges Company Infiltrated Thousands for Ad Fraud
Facebook has sued a Chinese company that it alleges used malware to compromise hundreds of thousands of user accounts – and then used them to run “deceptive ads” promoting counterfeit goods. The company in question is Hong Kong-based ILikeAd Media International Company Ltd., which was incorporate...
Federal Court: Suspicionless Search of Traveler Devices by Border Agents Is Unconstitutional
In a win for the privacy of international travelers, a federal court in Boston has ruled that searchers of traveler electronic devices by border agents without suspicion is unconstitutional. The ruling from the U.S. District Court, District of Massachusetts came in a 2017 case, Alasaad v. Nielsen...
Apple Suspends Siri Program After Privacy Backlash
Apple is suspending a program that lets contractors listen in on Siri voice recordings after facing a rain of backlash regarding the privacy implications of the program. The suspension comes after a report in The Guardian last week outlining how contractors regularly listen to intimate voice...
DanaBot Adds Ransomware to its Arsenal
A new sample of the DanaBot trojan spotted in a recent campaign reveals that operators behind the malware have now included a ransomware component into its code, along with new string encryption and communications protocols. The update, wrote Check Point researchers on Thursday, represents a...
D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream
D-Link has only partially patched critical flaws affecting its consumer WiFi camera, which allow hackers to intercept and view recorded video. They also allow attackers to manipulate the device’s firmware, according to security researchers. The camera in question is D-Link’s DCS-2132L cloud camer...
Ad Server Patched to Stop Possible Malware Distribution
UPDATE The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites. Revive Adserver, formerly known as OpenX Source, is a free, open-source a...
Preparing the Internet for the Next Mega DDoS Attack
When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...
SAS 2019: Fake News Peddlers Adopt Clever New Trick to Fool Facebook, Twitter
Fake news peddlers have devised a cunning new way to stump Facebook, Twitter and others cracking down on lies and half-truths spreading on social media. Instead of linking to fake news, bad actors are now linking to posts promoting older news articles that may no longer be accurate – but won’t be...
BEC Scam Gang London Blue Evolves Tactics, Targets
Prolific business email compromise group London Blue has been spotted in a recent campaign that demonstrates the group’s evolved tactics and improved targeting via an updated database. London Blue has been around since 2011 – but researchers spotted the business email compromise BEC group again i...
Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack
Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...
Google Fined $57M in Largest GDPR Slap Yet
France’s National Data Protection Commission CNIL has fined Google $57 million €50 million for violations of the General Data Protection Regulation GDPR – the largest fine yet issued under the EU’s new data privacy law. In investigating group complaints from privacy advocacy groups None Of Your...
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
Microsoft patched a zero-day vulnerability that enabled attackers to escalate privileges on targeted systems, which include Windows 7, Server 2008 and Server 2008 R2 systems. The vulnerability, rated important, was part of Microsoft’s Patch Tuesday November security bulletin, which included 62...
Threatpost News Wrap Podcast For Oct. 12
Threatpost editors Lindsey O’Donnell and Tara Seals discuss the top news of the week ended Oct. 12. The week started with a bang with a report that Google did not disclose a potential data breach in Google+, likely contributing to the tech giant’s decision to shut down the social networking...
Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks
On this week’s Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks. Rabinovich talks about why the massive amount of computing power and lack of security and monitoring tools make...
Targeted Spy Campaign Hits Russian Service Centers
A series of espionage attacks have been uncovered, targeted at service centers in Russia that provide maintenance and support for a variety of electronic goods. The payload is a commercial version of the Imminent Monitor tool, which is freely available for purchase as legitimate software. Its...