15946 matches found
'Free' Cyberpunk 2077 Downloads Lead to Data Harvesting
The hotly anticipated videogame title Cyberpunk 2077 comes out on Dec. 10, inspiring breathless countdowns from gaming publications and enthusiasts across the globe. As with all things zeitgeisty, cybercriminals are looking to cash in on the excitement, with scams that offer “free copies” while...
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
The Threatpost editors break down the top security stories of the week ended Oct. 16, including: Patch Tuesday insanity, with Microsoft and Adobe releasing fixes for severe vulnerabilities – including a critical, potentially wormable remote code execution bug known as the “Ping of Death” Barnes a...
Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts
UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...
Triple-Threat Cryptocurrency RAT Mines, Steals and Harvests
A previously undocumented malware family called KryptoCibule is mounting a three-pronged cryptocurrency-related attack, while also deploying remote-access trojan RAT functionality to establish backdoors to its victims. According to researchers at ESET, the malware has been seen targeting victims...
Researchers Warn of Active Malware Campaign Using HTML Smuggling
An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign...
Hackers Dump 20GB of Intel's Confidential Data Online
More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year. The announcement of the “first 20gb release in a series of large Intel leaks” was made by user and IT consultant...
Apple Security Research Device Program Draws Mixed Reactions
Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. The program offers security researchers specially configured iPhones with shell access, and special...
Enterprise Data Security: It’s Time to Flip the Established Approach
There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean” when it comes to their...
New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire
Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...
Former DIA Analyst Sentenced to Prison Over Data Leak
A former analyst for the U.S. Defense Intelligence Agency DIA has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. The sentencing comes after the 32-year-old analyst, Henry Kyle Frese, pleaded guilty in February to...
News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate
Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however...
NetWalker Ransomware Gang Hunts for Top-Notch Affiliates
The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service RaaS model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally,...
RATicate Group Hits Industrial Firms With Revolving Payloads
Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla. At least six separate campaigns have been tied to RATicate, with the first wave...
Innovative Spy Trojan Targets European Diplomatic Targets
A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan RAT. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa...
TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover
The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan RAT laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at...
'Unbreakable' Smart Lock Draws FTC Ire for Deceptive Security Claims
The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as “unbreakable,” with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock...
Covid-19 Privacy Poll: Phone Tracking, Public Health and Surveillance
As the coronavirus pandemic accelerates, authorities worldwide are plotting ways to flatten the curve of infection rates using potentially privacy-busting measures such as phone tracking, facial recognition and other tech. In this Threatpost poll, we want your take on whether sacrificing personal...
Forrester: Keeping Smart Cities Safe From Hacks
SAN FRANCISCO – Municipalities today are dealing with an unanticipated number of cyberthreats, Merritt Maxim, an analyst at Forrester, said last week at the RSA Conference 2020. Local and state governments are increasingly being targeted by ransomware attacks, phishing emails and business email...
ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical
Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware...
Most Americans Fail Cybersecurity Quiz
When it comes to two-factor authentication and secure web browsing, most Americans don’t know their HTTPS from their 2FA to save their digital bacon: A Pew Research Center study found most Americans don’t have a firm grasp of cybersecurity issues core to protecting their data. Click to enlarge. I...
FIN6 Switches Up PoS Tactics to Target E-Commerce
The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale PoS data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services IRIS, FIN6 a.k.a. ITG08...
Rules-Based Policy Approaches Need to Go
Enterprises are making tremendous investments in their digital transformations, and no wonder: Increasingly, those who can more rapidly part from old, manual and antiquated ways of managing technology and shift to new ways of thinking will come out on top. That’s especially true when it comes to...
Kubernetes Flaw is a "Huge Deal," Lays Open Cloud Deployments
A critical privilege-escalation vulnerability CVE-2018-1002105 has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production application...
Podcast: A Utility Ransomware Attack, Post-Hurricane
A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority ONWASA said in a Monday release that a “sophisticated ransomware attack… has left the utili...
Adobe Patches Critical Flash Player Bug With Active Exploit
Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users. The critical vulnerability with an existing exploit CVE-2018-5002 is a stack-based buffer overflow bug tha...
Samba Patches Two Critical Vulnerabilities in Server Software
Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the...
Apple Patches KRACK Vulnerability in iOS 11.1
Apple has patched iOS, macOS and other products to protect against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol. KRACK, short for key re-installation attack, allows an attacker within range of a victim’s Wi-Fi network to read encrypted traffic with varying degree...
Critical Code Execution Flaw Patched in PeopleSoft Core Engine
Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...
Exploit Kit Activity Quiets, But is Far From Silent
Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target. Here are the exploit kits and explo...
Outlook Web Access Two-Factor Authentication Bypass Exists
Enterprises running Exchange Server have been operating under a false sense of security with regard to two-factor authentication implementations on Outlook Web Access OWA adding an extra layer of protection. A design weakness has been exposed that can allow an attacker to easily bypass 2FA and...
St. Jude Faces New Claim Heart Devices are Hackable
St. Jude Medical is facing fresh allegations its heart implant devices are vulnerable to cyberattacks. The claims were introduced by the defense as part of St. Jude’s defamation lawsuit against short seller Muddy Waters and security firm MedSec. In a legal filing submitted Monday, experts hired b...
Fix Coming for Flash Vulnerability Under Attack
Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation...
Adobe Emergency Update Patches Flash Zero Day
As promised earlier this week, Adobe today released an updated version of Flash Player that includes a patch for a zero-day vulnerability. Adobe said it is aware of the existence of a public exploit for CVE-2016-4117, but said the flaw has not been publicly attacked. The vulnerability affects Fla...
FireEye Details Microsoft Zero Day Attack on 100 Companies
More than 100 North American companies were attacked by crooks exploiting a Windows zero day vulnerability. The attacks began in early March and involved the zero day vulnerability CVE-2016-0167 reported and partially fixed in April’s Patch Tuesday security bulletins by Microsoft. The zero day wa...
February 2016 Android Nexus Security Bulletin
Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network. The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The...
December 2015 Android Over-the-Air Nexus Security Update
Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel. In all, 19 vulnerabilities were patched ...
Samy Kamkar's ProxyGambit Picks Up for Defunct ProxyHam
Without fail in the weeks leading up to Black Hat and DEF CON, there are inevitably talks that are either pulled by organizers, cancelled by presenters, or strong suggestions are made that the talks don’t happen. This year’s first casualty, Ben Caudill’s scheduled DEF CON demonstration of ProxyHa...
Hanjuan Exploit Kit, Malvertising Dangers in Flash Zero Days
The recent trio of Flash zero days has not only caused a lot of scrambling at Adobe—which yesterday released a patch for the last in that line of vulnerabilities—but also shined light on a fairly unknown exploit kit, exposed the evolving danger associated with malvertising, and made clear the pai...
Mozilla Patches Seven Flaws in Firefox 30
Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution. Firefox 30 is a relatively minor release of the popular browser, with the most notable change being the addition of a sidebar button that allows users to quickly...
Vulnerability in Viber Allows Snooping of Images, Videos
UPDATE – Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information. The problem is that information transferred by Viber is...
Google Patches Four Pwn2Own Bugs in Chrome 33
Now that the dust has settled after the Pwn2Own contest, the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of...
Three New APTs Spotted Piling On IE Zero Day
Attackers are continuing to pile on a critical Internet Explorer zero day that remains unpatched two weeks after it was reported. During the last two weeks, it appears that at least three separate targeted attack campaigns have been using the same bug previously used by Operation Deputy Dog, a...
Safe Targeted Espionage Campaign Borrows from Cybercriminals
More and more, we’re hearing about a crossing of the streams, if you will, between cybercrime and state-sponsored attackers. Elements of malware, code persistence and distribution techniques are bleeding over between one realm of hacking into the other as each side tries to fill gaps in their...
Hacked Media Sites Serving Fake AV Malware
Websites belonging to a number of Washington, D.C.-area media outlets have been compromised in a series of opportunistic attacks with criminals using a watering-hole tactic to spread scareware, or phony antivirus software. Popular D.C. radio station WTOP, sister station Federal News Radio, and th...
Yahoo Mail Breach Linked to Old WordPress Vulnerability
Researchers at Australia-based BitDefender say they’ve found how some Yahoo Mail accounts are being hijacked, and it leads back to “buggy” blog software Yahoo’s developers used. For about a month Yahoo Mail account holders have been falling for a scam in which they click on a short link that...
The Tale of One Thousand and One DSL Modems
This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on...
Use of Java Zero-Day Flaws Tied to Nitro Attack Crew
Researchers say that one of the attack groups using the two new Java zero-day vulnerabilities is the same group that was behind an earlier targeted attack campaign from 2011. That group was traced back to China and was essentially running a spear-phishing campaign, but now the crew, known as Nitr...
PHP Group Set to Release Another Patch for CVE-2012-1823 Flaw
The PHP Group on Tuesday is planning to release another new version of the scripting language that’s designed to address, again, the remotely exploitable flaw that came to light last week. That bug, which requires no authentication, was supposed to have been fixed in new releases pushed out on Ma...
Adobe to Release Flash Patch June 10
Adobe said on Monday that it will have a patch available for the newly discovered critical vulnerability in Flash ready by June 10 for most platforms. The patches for Adobe Reader and Acrobat, which also are affected by the flaw, won’t be released until June 29. The new flaw was discovered late...