15946 matches found
Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug
A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service DDoS campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. That’s according to researchers at Radware, who also sa...
Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process
Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities developed by third parties – that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon...
Internet Explorer 8 includes a bevy of security features
By Robert Westervelt, SearchSecurity.com Microsoft has officially released Internet Explorer 8 today microsoft.com with a number of new security features to improve privacy and protect against phishing and cross-site-scripting attacks. From the article: Microsoft is trying to mitigate some of the...
Coursera Flunks API Test in Researchers’ Security Exam
Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...
ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018
In 2018, Nigeria-based cybercrime jumped 54 percent over the previous year, as groups of scammers expanded their operations adding new tactics and reaching a wider breadth of targets. The increase, outlined in a report released Thursday by Palo Alto Network’s Unit 42, shows that Nigerian scammers...
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability CVE-2020-16044 is separate from a bug reported in Google’s browser engine Chromium, which is...
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Threat Analysis Group...
Ransomware: A Persistent Scourge Requiring Corporate Action Now
A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and...
WooCommerce Falls to Fresh Card-Skimmer Malware
Credit-card-stealing criminals have set their sights on the WordPress plugin known as WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware. Sucuri researcher Ben Martin recently investigated a skimmer attack lodged against a WooCommerce site and found that it differs...
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways SEGs. In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’...
TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies
XENOTIME, the APT group behind the TRISIS industrial control system ICS event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations in the U.S. and elsewhere – perhaps a precurso...
Apple Defends Parental Control App Removal Amid Backlash
Apple is defending its decision to take down several highly popular parental control apps amidst a firestorm of backlash, saying it did so for “privacy and security” reasons. Apple came under scrutiny this weekend after a New York Times article alleged that the phone giant had unfairly removed or...
Mojang Resets Users' Passwords, Microsoft Insists Not a Hack
Microsoft confirmed this week that one of its recent acquisitions, the gaming firm Mojang, has not been hacked. Nearly 2,000 credentials belonging to users of the Mojang game Minecraft – email addresses and passwords in plain-text – surfaced on Pastebin earlier this week and speculation began to...
Microsoft Beefs Up Wi-Fi Protection
Microsoft has begun pushing out its May 2019 Windows 10 update, which will flag Wi-Fi networks that are using the outdated and insecure Wired Equivalent Privacy WEP and Temporal Key Integrity Protocol TKIP authentication mechanisms. WEP was introduced in 1997 as part of the original 802.11 Wi-Fi...
Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection
A 5G wireless gateway tailored for industrial internet of things IoT, retail point-of-sale and enterprise redundancy applications is riddled with vulnerabilities, include two critical bugs that allow remote code-execution RCE and arbitrary command-injection. The Sierra Wireless AirLink ES450 LTE...
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Cybercriminals can exploit Microsoft Remote Desktop Protocol RDP as a powerful tool to amplify distributed denial-of-service DDoS attacks, new research has found. Attackers can abuse RDP to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1, principal engineer Rolan...
Cisco Warns of Critical Flaws in Data Center Network Manager
Cisco Systems has released emergency patches for two critical vulnerabilities in its Data Center Network Manager, which could allow attackers to take control of impacted systems. The Data Center Network Manager DCNM is Cisco’s network management platform for switches running on its network...
RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!
WhatsApp and BlueJeans are just two of the world’s most popular communication apps that are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It’s ubiquitous...
MassMiner Takes a Kitchen-Sink Approach to Cryptomining
Though it falls squarely into the trend of cryptominers setting their sights on the Monero virtual currency, the MassMiner malware family is adding its own special somethin’-somethin’ to the mix. It targets Windows servers with a variety of recent and well-known exploits – all within a single...
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Over the weekend, hackers stole millions of dollars worth of non-fungible tokens NFTs belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. NFTs are digital tokens on the blockchain that represent ownership over virtu...
Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits
Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge Chromium-based and EdgeHTML, SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML...
Virus Bulletin 2019: Geost Android Botnet Goes After Millions of Euros
LONDON — A powerful Android botnet dubbed Geost has been spotted targeting Russian citizens, with the end goal of distributing a banking trojan to victims. The botnet has infected more than 800,000 Android devices, controlling several million Euros held in five banks, according to researchers fro...
U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign
The well-known LokiBot malware has popped up in several malicious spam campaigns over the past year, covertly siphoning information from victims’ compromised endpoints. Researchers this week are warning of the most recent sighting of the malware, which was recently spotted in spam messages...
'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks
UPDATE A cadre of 11 vulnerabilities, six of them critical remote code-execution RCE bugs, have been uncovered that affect millions of critical infrastructure systems, such as SCADA gear at utilities, elevator and industrial controllers, patient monitors and MRI machines, programmable logic...
News Wrap: Amazon Privacy and Telegram DDoS Attack
Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...
Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows
UPDATE Two Microsoft vulnerabilities, CVE-2019-1040 and CVE-2019-1019, would allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication WIA such as Exchange or ADFS. According to researchers at Preemp...
Apple Fixes Zero‑Day Security Bugs Under Active Attack
Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution RCE and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. Three ...
The WannaCry Security Legacy and What’s to Come
May 12 will mark the second anniversary of the WannaCry ransomware cryptoworm attack. It was a troubling time: During the four-day long ordeal, the cryptoworm infected more than 300,000 endpoints among 200,000 separate victims throughout 150 countries. It propagated rapidly through the EternalBlu...
Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws
Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader tha...
CISA: LokiBot Stealer Storms Into a Resurgence
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...
Magecart Attack Impacts More Than 10K Online Shoppers
One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information...
Apple Safari Flaws Enable One-Click Webcam Access
A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one maliciou...
Pandora Ransomware Hits Giant Automotive Supplier Denso
A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident. The...
Microsoft Crushes 116 Bugs, Three Actively Exploited
Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as modera...
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
Google’s Threat Analysis Group TAG has provided a rare look inside the operations of a cybercriminal dubbed “Exotic Lily,” that appears to serve as an initial-access broker for both Conti and Diavol ransomware gangs. Researchers’ analysis exposes the business-like approach the group takes to...
Attackers Blowing Up Discord, Slack with Malware
Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans RATs and other malware. The pandemic-induced shift to remote work drove business processes...
Panda Threat Group Mines for Monero With Updated Payload, Targets
The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloa...
Data Breach Disclosed by Online Invitation Firm Evite
Online invitation and stationary company Evite has notified customers of a data breach that stemmed from an “inactive data storage file” associated with user accounts. The company over the weekend said that during April 2019, it became aware of a “security incident involving potential unauthorize...
Understanding TRITON and the Missing Final Stage of the Attack
In December 2017 it was reported that a Middle Eastern oil and gas petrochemical facility had undergone a safety system shutdown as the result of a malware attack. The malware, named TRITON also TRISIS or HatMan exceeded other industrial cyberattacks because it directly interacted with and...
Hackers Mount Zero-Day Attacks on Sophos Firewalls
Attackers have been targeting the Sophos XG Firewall both physical and virtual versions using a zero-day exploit, according to the security firm – with the ultimate goal of dropping the Asnarok malware on vulnerable appliances. Sophos said in a posting updated on Monday that the bug in question i...
Google Boosts Encryption For Low-End Android Devices
Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption. The new encryption offering, Adiantum, aims to solve a big issue that has plagued...
Chrome Zero-Day Exploit Posted on Twitter
A researcher has dropped working exploit code for a zero-day remote code execution RCE vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Security researcher Rajvardhan Agarwal...
RogueRobin Malware Uses Google Drive as C2 Channel
A custom malware used by the APT known as DarkHydrus uses a mix of novel techniques, including using Google Drive as an alternate command-and-control C2 channel. According to Palo Alto’s Unit 42 intelligence division, the targeted attack involved spear-phishing emails written in Arabic sent to...
Daxin Espionage Backdoor Ups the Ante on Chinese Malware
The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat APT weapon in action in November, noting that it’s “the most advanced piece of malwar...
Facebook Messenger Bug Allows Spying on Android Users
Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing. Natalie Silvanovich, a security researcher at Google Project Zero, discovered the vulnerability,...
ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019
This year is on track to be the worst year on record for data breach activity, according to a recent analysis. Within the first six months of this year, there have been 3,813 incidents publicly reported, according to Risk Based Security’s 2019 MidYear QuickView Data Breach Report. That’s up 54...
Microsoft Patches Four Publicly-Known Vulnerabilities
Microsoft patched four Windows operating system bugs – all of which are already publicly known or have proof of concept exploits – as part of its June Patch Tuesday security bulletin. Each of the vulnerabilities are rated important and there are no reports of public exploitation for the flaws. Th...
Docker Hub Hack Affects 190K Accounts, with Concerning Consequences
UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...
Rare Steganography Hack Can Compromise Fully Patched Websites
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry
Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have...