15946 matches found
The SolarWinds Perfect Storm: Default Password, Access Sales and More
SECOND UPDATE A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password “SolarWinds123” that gave attackers an open door into its...
Cayman Islands Bank Records Exposed in Open Azure Blob
A Cayman Island investment firm has removed years of backups, which up until recently were easily available online thanks to a misconfigured Microsoft Azure blob. The blob’s single URL led to vast stores of files including personal banking information, passport data and even online banking PINs —...
IoT Cybersecurity Improvement Act Passed, Heads to President's Desk
Security experts are applauding the recent stamp of approval by the U.S. Senate on a groundbreaking internet-of-things IoT security regulatory effort. The IoT Cybersecurity Improvement Act, which was led in bipartisan sponsorship by Reps. Will Hurd R-Texas and Robin Kelly D-Ill., would require th...
Ticketmaster Scores Hefty Fine Over 2018 Data Breach
Ticketmaster’s UK division has been slapped with a $1.65 million fine by the Information Commissioner’s Office ICO in the UK, over its 2018 data breach that impacted 9.4 million customers. The fine £1.25million has been levied after the ICO found that the company “failed to put appropriate securi...
APT Groups Finding Success with Mix of Old and New Tools
Advanced persistent threat APT groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. That’s according to Kaspersky’s most recent APT trends report for Q3 2020, which found that...
Google’s Waze Can Allow Hackers to Identify and Track Users
A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track...
RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
Researchers with White Ops have uncovered a scam to deliver millions of out-of-context OOC ads through a group of more than 240 Android applications on the official Google Play store, which the team said were collectively delivering more than 15 million impressions per day at their peak. The apps...
Hackers Continue Cyberattacks Against Vatican, Catholic Orgs
A state-sponsored threat group linked to China has been engaged in a five-month long cyberattack against the Vatican and other Catholic Church-related organizations. Attacks have come in the form of spear phishing emails laced with the PlugX remote access tool RAT as the payload. Researchers with...
TikTok Fixes Flaws That Opened Android App to Compromise
Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was...
BEC Wire Transfers Average $80K Per Attack
The average wire-transfer loss from business email compromise BEC attacks is significantly on the rise: In the second quarter of 2020 the average was $80,183, up from $54,000 in the first quarter. That’s according to the recently released Anti-Phishing Working Group APWG’s Phishing Activity Trend...
Jack Daniels, Ritz London Face Cyberattacks
A pair of cyberattacks on high-profile targets – the owner of the Jack Daniels distillery and the iconic Ritz London hotel – have resulted in the exposure of sensitive information. The maker behind Jack Daniels and other alcoholic beverages, Brown-Forman Corp., has suffered a recent cyberattack b...
Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts
Canadian authorities said almost 15,000 online accounts for various government services have been targeted in three recent waves of credential-stuffing attacks. These accounts could give attackers access to Canadians’ tax-related and benefits information, coronavirus relief fund money and more...
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
After Google Home users started receiving mysterious alerts when their fire alarms went off or their plates smashed in their homes, Google acknowledged that it accidentally rolled out a feature causing the smart devices to record sounds without the voice prompt. Reports of the privacy faux pas...
Twitter: Epic Account Hack Caused by Mobile Spearphishing Scam
A mobile spearphishing attack targeting “a small number of employees” is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam. The company posted an update late Thursday on the situation, which has been unfolding since July 1...
Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware
In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal. Hebeisen...
Secret Service Creates Cyber Fraud Task Forces
The U.S. Secret Service has created the Cyber Fraud Task Forces CFTFs, aimed at preventing, detecting and mitigating complex cyber-enabled financial crime – including making arrests and convictions. The CFTF is the result of a formal merging of two of the Secret Service’s existing units into a...
Email Sender Identity is Key to Solving the Phishing Crisis
Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...
Report: ‘BlueLeaks’ Exposes Sensitive Data From Police Departments
Thousands of sensitive police department files – including police and FBI reports – were published on Friday by DDoSecrets Distributed Denial of Secrets, a self-proclaimed “transparency collective” that publishes covert data. The almost 270 gigabytes of data, dubbed “BlueLeaks,” is reportedly fro...
Theft of CIA's 'Vault 7' Secrets Tied to 'Woefully Lax" Security
A just-released report on the 2016 Central Intelligence Agency CIA data breach, which led to the Vault 7 document dump on WikiLeaks, blames “woefully lax” security by the nation’s top spy agency. The conclusions were part of an internal 2017 Department of Justice DoJ report on the CIA breach. On...
Protecting Unmanaged & IoT Devices: Why Traditional Security Tools Fail
We are currently experiencing the single largest explosion of network-enabled devices that we’ve ever witnessed. Many of these devices are running on the same networks as critical business solutions and may even be connecting directly to critical assets or delivering a critical capability...
Android 'ActionSpy' Malware Targets Turkic Minority Group
Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites. Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The...
Phishing Attack Hits German Coronavirus Task Force
Researchers are warning of an ongoing phishing attack that’s targeting the credentials of more than 100 high-profile executives at a German multinational corporation that’s tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task forc...
New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5
A hacker team has released a new method to jailbreak iPhones that they claim uses a zero-day exploit that allows them to jailbreak iPhones running iOS 11 through Apple’s most recent version of its mobile operating system – iOS 13.5. Calling it a “big milestone for jailbreaking,” one of its...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
Authorities Eye Using Mobile Phone Tracking COVID-19's Spread
Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people’s personal data during the time of a global...
A COVID-19 Cybersecurity Poll: Securing a Remote Workforce
As the coronavirus pandemic continues to sweep the globe, and cities and states impose social-distancing measures, businesses are sending their users home to work. And this massive, unprecedented shift to distance working brings with it a whole new set of cybersecurity challenges. For instance, a...
Phishing Attack Skirts Detection With YouTube
Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect t...
Zynga Faces Lawsuit Over Massive Words with Friends Breach
Mobile game developer Zynga could face a class-action lawsuit stemming from a massive data breach last September, which impacted 218 million users of the Words with Friends mobile app. The news comes as other big names face security incidents: T-Mobile and Carnival Cruise Lines have admitted this...
Download Guide: Advanced Threat Protection Beyond the AV
At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutio...
Ring Mandates 2FA After Rash of Hacks
Connected doorbell-maker Ring is now requiring two-factor authentication 2FA for all users when they sign into their accounts. The new requirement comes after Ring faced a backlash in December following a rash of disturbing hacks and security issues tied to the smart doorbell. While Amazon-owned...
Metamorfo Returns with Keylogger Trick to Target Financial Firms
Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various...
Podcast: The Roadblocks and Opportunities For Women in Cybersecurity
In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfill...
Podcast: What We've Learned from the Year of the Breach
This podcast is sponsored by Arctic Wolf. Large-scale data breaches hitting organizations like Capital One and Georgia Tech in 2019 show that companies continue to be targeted in malicious cyberattacks that expose customers’ personal data and valuable records. Threatpost host Cody Hackett sat dow...
Signal Tests Upgraded Cryptography for Groups Function
Signal, the encrypted messaging platform, is planning to launch an upgraded secure group messaging and communities function. Signal’s groups are private, meaning that the service itself doesn’t keep a record of a user’s group memberships, group titles, group avatars or group attributes. But the w...
CISO and Security Vendor Relationships are Good for a Laugh in New Comic Videos
It’s not easy being a CISO. One could say “intense” might be the perfect descriptor for the CISO work environment. Tasked with the unenviable job of keeping the organization safe, carrying the burden of failed protection and taking hits for successful breaches, CISOs can never rest. They are...
France's 'Secure' Telegram Replacement Hacked in an Hour
The French Government last week launched a custom messaging application called Tchap, touting it as being “more secure than Telegram.” One small snag however: The platform has already – quelle dommage! – been hacked. French security researcher Robert Baptiste, a.k.a. Elliot Alderson, downloaded t...
Microsoft Issues Multiple Critical Patches for Edge Browser
Microsoft patched a bevy of critical bugs impacting its Edge browser that could allow an attacker to hijack a targeted PC simply by steering a victim to a rigged website harboring specially crafted exploit code. In all, Microsoft tackled four critical Edge vulnerabilities, part of the company’s...
Adobe December 2018 Security Update Fixes Reader, Acrobat
Adobe has patched 87 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update, including a slew of critical flaws that would allow arbitrary code-execution. The scheduled update comes less than a week after Adobe released several out-of-band fixes for Flash Player, including a...
Recently-Patched Adobe ColdFusion Flaw Exploited By APT
An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who...
In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack
A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority ONWASA said in a Monday release that a “sophisticated ransomwa...
Google Warns of DoS and RCE Bugs in Dnsmasq
Seven flaws in what is known as Dnsmasq can be exploited by attackers who can use the bugs to carry out remote code execution, information exposure or a denial of service attacks against affected devices. Google researchers identified the flaws in a research paper published Monday, the same day a...
Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method
A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings. The discovery net the researchers $100,000 last week from Facebook, which awards money as part of its annual Internet Defense Prize partnership with USENIX Association. Th...
Emergency Update Patches Zero Day in Microsoft Malware Protection Engine
Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...
Unpatched WordPress Password Reset Vulnerability Lingers
A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of...
Google Play Hit With Rash of Auto-Rooting Malware
Researchers have identified a recent wave of malware targeting the Google Play app marketplace that entices users to download utilities and games that when installed surreptitiously root devices. The exploit, which mobile security firm Lookout calls autorooting malware, gives attackers complete...
OpenSSH Implementations with X11Forwarding Enabled Should Heed Recent Security Update
Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command...
Google Updates Chrome, Fixes Three High Severity Issues
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the...
Five-Year 'Dust Storm' APT Campaign Seen Targeting Japanese Critical Infrastructure
A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm .PDF by researchers at Cylance, the campaign has managed to stay persistent over the years, and...
Latest EMET Bypass Targets WoW64 Windows Subsystem
Backwards compatibility, a necessary evil for Microsoft in its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in thi...
Microsoft Brings Perfect Forward Secrecy to Windows
Microsoft yesterday added four cryptographic cipher suites to its default priority ordering list in Windows, a move that brings Perfect Forward Secrecy to the operating system. Update 3042058 is available for now only on the Microsoft Download Center, affording users the opportunity to test the...