15946 matches found
WhatsApp Spyware Attack: Uncovering NSO Group Activity
On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After...
U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks
The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 WannaCry ransomware attacks and the 2014 cyberattack on Sony Pictures Entertainment. The three that were sanctioned are the infamous Lazarus Group, as well...
Choice Hotels Breach Showcases Need for Shared Responsibility Model
Hospitality giant Choice Hotels fell victim to hackers this week, thanks to a MongoDB database that was left open to the internet containing 700,000 customer records. The situation highlights supply-chain data-security risk, given that the data was being held by a third-party vendor — and brings ...
Cryptolocking WordPress Plugin Locks Up Blog Posts
A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers. According to analysis from Sucuri, the plugin obtains a...
ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps
Tax Day in the U.S. is looming on Monday, and as people rush to do their last-minute filing, scammers are out in full force, targeting consumers and businesses alike. According to RiskIQ numbers, the internet is awash in crafty schemes and dangerous threat campaigns that exploit the convenience o...
Facebook Exposed Dataset Debacle: Who's Really To Blame?
UPDATE The discovery of millions of Facebook records leaked from publicly-exposed AWS storage buckets has left researchers wondering where the responsibility lies. The two separate datasets, disclosed Wednesday by researchers at Upguard, were held by two app developers, Cultura Colectiva and At t...
RSA Conference 2019: Microsoft, Google, Twitter on Federal Privacy Regs
SAN FRANCISCO – With the advent of General Data Protection Regulation in Europe and state measures like the California Consumer Privacy Act CCPA of 2018 talk about a comprehensive U.S. privacy law has grown louder. However, some privacy advocates fear that any such federal legislation will be a...
Adobe Patches Critical Bugs In Flash Player, Creative Cloud
Adobe has fixed several critical vulnerabilities – including a critical code execution bug in Adobe Flash Player – as part of its regularly scheduled May Security Bulletin, on Tuesday. In all, Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe...
VUPEN Launches New Zero-Day Acquisition Firm Zerodium
UPDATE–In the weeks since the Hacking Team breach, the spotlight has shone squarely on the small and often shadowy companies that are in the business of buying and selling exploits and vulnerabilities. One such company, Netragard, this week decided to get out of that business after its dealings...
NTP Symmetric Key Authentication Security Vulnerabilities Patched
NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed. The Department of Homeland Security and CERT at the Software...
PHP 5.6.5 Released With Several Security Fixes
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to...
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable
While the group of vulnerabilities that the OpenSSL Project patched last week hasn’t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an...
PointDNS Recovers from Massive DDoS Attack
PointDNS says most of its DNS servers are online again after a massive DDoS attack late last week took down the service provider. A post on the company’s Twitter account on Friday said the provider was adding nameservers and working with network providers to restore service to its customers. Many...
Fake AT&T Emails Using Blackhole Exploit Kit to Install Malware
For the last few weeks there have been a series of quite authentic-looking phishing emails making the rounds, purporting to come from AT&T and informing the recipient that their bill is ready to view. The emails look nearly identical to a real bill and researchers say that users who fall for the...
New Java Malware Exploits Both Windows And Mac Users
Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company’s Security Response blog. The entry, penned by researcher Takashi Katsuki, describes a strain of Java Applet malware that either drops a Python-based malwar...
Six High-Risk Flaws Fixed in Google Chrome
Google has fixed nine new vulnerabilities in its Chrome browser, including six high-risk flaws. The most serious of the bugs include three separate use-after-free vulnerabilities in various parts of the browser. As part of its researcher reward program, Google paid out $5,500 in bounties for...
New Local Linux Kernel Root Exploit Published
An interesting exploit for the Linux kernel that enables an attacker to escalate his privileges on a local machine has popped up on the Full Disclosure mailing list. The exploit chains together three separate bugs to get root on a vulnerable machine. The exploit was posted Tuesday by Dan Rosenber...
Serious Mac OS X Java vulnerability disclosed
There is an easily exploitable vulnerability in the Java implementation in Apple’s Mac OS X which could allow an attacker to run arbitrary code on a remote machine. The flaw, which is similar to a vulnerability that has been public for five months and affect other vendors’ products, affects even...
IoT Botnets Fuel DDoS Attacks – Are You Prepared?
While data breaches and ransomware are still considered among the more significant concern for businesses, the threats sometimes come from a direction we weren’t expecting. Cybercriminals use botnets for various malicious purposes, most significantly for DDoS attacks against targets. The most...
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18...
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology...
Dark Souls 3 Servers Shut Down Due to Critical RCE Bug
There’s a dangerous remote-code execution RCE bug in the Dark Souls video game that could let attackers brick the PCs of online players. The flaw could allow attackers to do pretty much anything: As Kaspersky researchers explained on Monday, the bug “allows an attacker to execute almost any progr...
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust
Russia is positioned for a hot-war attack on Ukraine that the Biden administration warned could come “at any point” — but the country is already suffering an attack of a different kind. A sweeping malware campaign remains ongoing, which experts agree is intended to permanently disrupt organizatio...
How to Choose the Right DDoS Protection Solution
Pankaj Gupta, Senior Director at Citrix Distributed denial of service DDoS attacks have become increasingly sophisticated, bigger, and economically motivated. Even after 25 years, they still pose a huge security risk for every business. This is in large part because DDoS attacks are relatively ea...
Cisco SD-WAN Security Bug Allows Root Code Execution
Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead to arbitrary code execution. Cisco’s SD-WAN portfolio allows businesses of all sizes to connect disparate office locations via the cloud using various...
No Patch for High-Severity Bug in Legacy IBM System X Servers
Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. However, the company is offering workaround mitigation. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to comma...
ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender
A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. That’s according to SentinelLabs, which said that to lower the rates of detection, the infection...
Kerberos Authentication Spoofing: Don’t Bypass the Spec
Authentication is the front gate to security systems, so if you bypass it, you can pretty much do whatever you want. You can log in as an admin and change configurations, access protected resources and gain control of appliances to steal sensitive data from them. For these reasons, the...
How to Reduce Exchange Server Downtime in Case of a Disaster?
Exchange Server downtime may occur at any point in time due to several reasons, such as malware attack, server crash, database corruption, and hardware or software-related issues/incompatibility. However, downtime can impact productivity and lead to data loss that can have severe implications on...
Black Hat: Bugs Allow Takeover of Capsule Hotel Rooms
LAS VEGAS – A series of vulnerabilities in internet of things IoT devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms’ amenities – and punish a loud neighbor. An inadvertent bug hunt began when Kya Supa, security consultant at LEXFO, was traveling...
Android Apps in Google Play Harvest Facebook Credentials
A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. According to Dr. Web’s malware analysts, the applications were fully functional, so that victims remained in the dark...
Babuk Ransomware Builder Mysteriously Appears in VirusTotal
The Babuk ransomware gang’s source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. It’s unclear however just how that happened. According to a Wednesday posting from Malwarebytes, the operators of the ransomware – perhaps best-known for hitting t...
Hackers Steal FIFA 21 Source Code, Tools in EA Breach
Hackers have breached computer game maker Electronic Arts EA and stolen source code and related tools for the company’s extensive game library, the company has confirmed. EA said it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code and...
Malicious Docker Cryptomining Images Rack Up 20M Downloads
At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis. The malicious images spread across 10 different Docker Hub accounts have raked in around $200,000 from cryptomining, according to Aviv Sasso...
Hobby Lobby Exposes Customer Data in Cloud Misconfiguration
Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report. An independent security researcher who goes by the handle “Boogeyman” uncovered the issue and reported it to Motherboard in an online chat, according ...
Critical Security Bugs Fixed in Virtual Learning Software
Netop, the company behind a popular software tool designed to let teachers remotely access student computers, has fixed four security bugs in its platform. Researchers said that the critical vulnerabilities in the company’s Netop Vision Pro system could allow attackers to hijack school networks,...
Trojanized Xcode Project Slips MacOS Malware to Apple Developers
Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS...
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the...
23M Gamer Records Exposed in VIPGames Leak
VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left expose...
ADT Tech Hacks Home-Security Cameras to Spy on Women
Former ADT employee Telesforo Aviles took note when there were attractive women at a home he serviced in the Dallas area. Then he would add his personal email address to their accounts so he could have around-the-clock access to their most private moments, according to the U.S. Attorneys’ Office...
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
Nvidia, which makes gaming-friendly graphics processing units GPUs, on Thursday fixed a slew of high-severity flaws affecting its graphics driver. The vulnerabilities allow bad actors to cripple systems with denial of service attacks, escalate privileges, tamper with data or sniff out sensitive...
'Free' Cyberpunk 2077 Downloads Lead to Data Harvesting
The hotly anticipated videogame title Cyberpunk 2077 comes out on Dec. 10, inspiring breathless countdowns from gaming publications and enthusiasts across the globe. As with all things zeitgeisty, cybercriminals are looking to cash in on the excitement, with scams that offer “free copies” while...
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
The Threatpost editors break down the top security stories of the week ended Oct. 16, including: Patch Tuesday insanity, with Microsoft and Adobe releasing fixes for severe vulnerabilities – including a critical, potentially wormable remote code execution bug known as the “Ping of Death” Barnes a...
Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts
UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...
Triple-Threat Cryptocurrency RAT Mines, Steals and Harvests
A previously undocumented malware family called KryptoCibule is mounting a three-pronged cryptocurrency-related attack, while also deploying remote-access trojan RAT functionality to establish backdoors to its victims. According to researchers at ESET, the malware has been seen targeting victims...
Researchers Warn of Active Malware Campaign Using HTML Smuggling
An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign...
Hackers Dump 20GB of Intel's Confidential Data Online
More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year. The announcement of the “first 20gb release in a series of large Intel leaks” was made by user and IT consultant...
Apple Security Research Device Program Draws Mixed Reactions
Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. The program offers security researchers specially configured iPhones with shell access, and special...
Enterprise Data Security: It’s Time to Flip the Established Approach
There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean” when it comes to their...