15946 matches found
Another Java 6 Vulnerability Found in the Wild
Unless you have an Oracle product that requires Java 6 or are paying for support for that version of the platform, you’d seen the last publicly available updates as of February. That doesn’t mean attackers have pushed back from targeting Java 6, and that certainly doesn’t mean that organizations...
Microsoft Patches IE Zero Day Used In Watering Hole Attack
Microsoft wasted no time today delivering a patch for the Internet Explorer 8 vulnerability being exploited in watering hole attacks carried out against the U.S. Department of Labor website and nine others worldwide. Today’s Patch Tuesday security updates also include a fix for IE vulnerabilities...
Attackers Target Older Java Bugs
It’s no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemi...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
Adobe Patches Four ColdFusion Flaws Exploited in Wild
Adobe delivered a security hotfix for its ColdFusion application server today, repairing a host of vulnerabilities being exploited in the wild. The company had recommended a series of mitigations in a Jan. 7 advisory as a stopgap until today’s hotfix was released. Two of the vulnerabilities affec...
Rocra Espionage Malware Campaign Uncovered After Five Years of Activity
For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by...
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...
Large-Scale Water Holing Attack Campaigns Hitting Key Targets
A new APT-style espionage campaign launched this summer targeting organizations tied to financial services, government agencies and the defense industry used a technique dubbed water holing to entice victims and silently redirect them to sites hosting zero-day exploits. Researchers at RSA Securit...
New PDF Attack Targets Aviation Defense Industry
FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon...
The Rise of Cross-Platform Malware
For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware th...
What Have We Learned: Flame Malware
When the news about the Flame malware first broke several weeks ago, people from all parts of the security community, political world and elsewhere quickly began trying to figure out what the significance of the tool was and whether it represented anything new. That was difficult at the time, giv...
Report: Strategic Web Compromises Behind Recent Hack of Amnesty, Others
A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. In a report on Tuesday, the Foundation said that its members had witnessed a...
Adobe Issues Emergency Fix For Flash Player Vulnerabilities
Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of Flash Player. Adobe on Monday issued two emergency fixes for...
New Adobe Flash Bug Being Exploited
On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms...
End of Support for XP SP2 is End of an Era
Microsoft’s announcement this week that it is preparing to end support for machines running Windows XP SP2 not only represents a challenge for the thousands of businesses still running SP2, but also is the end of an era for both Microsoft and its customers. By the time Microsoft drops support for...
'High Risk' Flaw Fixed in Google Chrome
Google has pushed out a new version of its Chrome browser to fix a high-severity security hole that could lead to malicious code execution attacks. The vulnerability could be exploited to run arbitrary code within the Google Chrome sandbox, the company said in an advisory. The raw details: The v8...
Adam Shostack on Privacy and the PETS '09 Workshop
Dennis Fisher talks with Microsoft’s Adam Shostack about the Privacy Enhancing Technologies Symposium, the definition of privacy in today’s world and the role of technology in helping to enhance and protect that privacy. Show notes: Adam’s blog post on “Understanding Privacy” by Dan Solove...
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service RaaS are...
Emerging H0lyGh0st Ransomware Tied to North Korea
Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year. The group has successfully compromised small-to-mid-sized...
Box 2FA Bypass Opens User Accounts to Attack
UPDATE A security hole in Box, the cloud-based file-sharing service, paved the way for busting its multifactor authentication MFA, researchers said – and it’s the second such MFA bypass they have discovered in the service so far. Clearly, the stakes are high – gaining access to a Box account coul...
Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email – one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. At least, the threat actor is sending the phishing attack from...
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
A high-severity security bug affecting several Netgear small office/home office SOHO routers could allow remote code execution RCE via a man-in-the-middle MiTM attack. The bug CVE-2021-40847 exists in a third-party component that Netgear includes in its firmware, called Circle – it handles the...
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files
After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site. BleepingComputer posted an image shown...
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks
The potential danger from a raft of memory-allocation bugs discovered by Microsoft in April has now spread to older versions of multiple BlackBerry QNX products. The Cybersecurity Infrastructure and Security Agency CISA and BlackBerry warned in separate alerts Tuesday that threat actors can take...
Fuzz Off: How to Shake Up Code to Get It Right – Podcast
LAS VEGAS – In 2014, two teams of security researchers independently started fuzz testing OpenSSL. Within days, the advanced black-box software technique led to an exploitable vulnerability in OpenSSL: namely, the Heartbleed vulnerability. What is fuzzing? That’s what the FuzzCon event is all...
Ransomware Giant REvil Disappears
All of REvil’s Dark Web sites slipped offline as of early Tuesday morning, and it’s not clear whether it’s due to the ransomware gang getting busted or whether the threat actors did it on purpose. The REvil ransomware operation, a.k.a. Sodinokibi, uses both clear web and Dark Web sites to negotia...
Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors
Several organizations in the oil, gas and food sectors have received threatening emails from cybercriminals posing as DarkSide – the ransomware gang behind the Colonial Pipeline hack. According to researchers at Trend Micro, threat actors are taking advantage of the notoriety around the pipeline...
Supreme Court Limits Scope of Controversial Hacking Law
The United States Supreme Court has ruled that a police officer who received money for obtaining data from a law-enforcement database for an associate did not violate a controversial federal hacking law, marking a victory for the ethical hacking community by limiting the law’s scope. In a landmar...
Securing Privileged Access Within Healthcare Orgs
Healthcare organizations have always been high-value targets for cybercriminals, as their networks store large volumes of personally identifiable information PII including Social Security numbers, dates of birth, addresses and very sensitive personal health data. Since the beginning of the COVID-...
What a Year It’s Been: RSA 2021 Embraces ‘Resilience’
Clearly, the months since the world shut down in March of 2020 fomented a radical shift in how people work and live, and it’s brought a range of crises and challenges to bear across the spectrum of our lives. These profound changes and experiences were also felt in cybersecurity, bringing...
100,000 Google Sites Used to Install SolarMarker RAT
Hackers are using search-engine optimization SEO tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan RAT, used to gain a foothold on a network and later infect systems with ransomware, credential-stealers,...
Facebook Disrupts Spy Effort Aimed at Uyghurs
Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity. The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australi...
Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World
The payment processing system has steadily evolved over time. Greatly amplified by the COVID-19 pandemic, the use of electronic payment systems in this economy has soared nearly overnight. With online shopping at an all-time high as consumer behaviors shift toward more convenience and flexibility...
WestRock Ransomware Attack Hinders Packaging Production
WestRock – the second-largest packaging company in the U.S. – continues to restore its systems, two weeks after it discovered it was the victim of a ransomware attack. WestRock, which has more than 320 manufacturing facilities globally, creates packaging supplies for a bevy of high-profile client...
Einstein Healthcare Network Announces August Breach
Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient and primary care centers, announced a breach of its employee email system, which exposed patient personal and medical information. The company waited more than five months to make the compromise public...
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
The new year started off with a bang, with the SolarWinds hack revealed in late December acting as a jarring reminder to companies and U.S. government departments alike that cybercriminals continue to successfully exploit security lapses in technology. But beyond the SolarWinds supply-chain...
It’s Not the Trump Sex Tape, It’s a RAT
As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to materialize — Trump sex tape as a lure for malware delivery. A campaign has been uncovered that labels a malware downloader with the filename...
Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business
Ticketmaster must pay a hefty $10 million fine after several employees utilized unlawfully obtained passwords to hack a rival company’s computer systems – in attempts to “choke off” its business. The American ticket sales and distribution giant, which is owned by Live Nation, in 2013 hired an...
Cryptologists Crack Zodiac Killer's 340 Cipher
A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...
Electronic Medical Records Cracked Open by Unpatched OpenClinic Bugs
Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records. The most concerning of them would allow a remote, unauthenticated attacker to read patients’ personal health information PHI from the application. OpenClinic is an open-source health...
Federated Learning: A Therapeutic for what Ails Digital Health
For researchers and physicians the mountains of data hospitals and healthcare systems hold could be a goldmine for artificial intelligence and machine learning, but data privacy concerns and regulations have kept scientists from being able to harness that information to improve outcomes. Now...
Trump Site Alleging AZ Election Fraud Exposes Voter Data
A security flaw on a website set up to gather evidence of in-person voter fraud in Arizona would have opened the door for SQL injection and other attacks. The bug, found on a site set up by Trump campaign called dontpressthegreenbutton.com, was discovered by cybersecurity pro Todd Rossin, almost ...
34M Records from 17 Companies Up for Sale in Cybercrime Forum
A whopping 34 million user records have materialized on an underground sales forum, which cybercriminals claim are gleaned from 17 different corporate data breaches. According to reports, the data appeared late last week, and the theft appears to be the work of a single person or group. The...
Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns
Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed...
Microsoft Teams Phishing Attack Targets Office 365 Users
Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote...
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common Apple Safari, Opera...
Garmin Pays Up to Evil Corp After Ransomware Attack — Reports
Garmin, the GPS and aviation tech specialist, reportedly negotiated with Evil Corp for an decryption key to unlock its files in the wake of a WastedLocker ransomware attack. The attack, which started on July 23, knocked out Garmin’s fitness-tracker services, customer-support outlets and commercia...
Microsoft Revamps Windows Insider Preview Bug Bounty Program
Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft...
DMARC Adoption Spikes, Higher Ed Remains Behind
Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years — a 2.5 times greater total than in 2018. That’s according to Valimail’s Email Fraud Landscape 2020 report, which also found...
Leaked Details of 142 Million MGM Hotel Guests Found for Sale Online
Researchers have found 142 million personal details from former guests at the MGM Resorts hotels for sale on the dark web, evidence that a data leak from the hotel chain last summer may be far bigger in scope than previously thought. An advertisement on a hacker forum has put 142,479,937 details...