15946 matches found
BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges
A Dubai resident with an elaborate lifestyle that he touted on social media – think designer clothes, expensive watches, luxury cars and charter jets – has arrived in the United States to face criminal charges. He is charged with conspiring to engage in money laundering, as part of a business ema...
Encryption Utility Firm Accused of Bundling Malware Functions in Product
An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus...
Trump, Biden Campaign Staffers Targeted By APT Phishing Emails
With the U.S. presidential election months away, advanced persistent threat APT groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. On Thursday, Shane Huntley with Google’s Threat Analysis Group said on Twitter that two separate phishing...
EasyJet Hackers Take Off with Travel Details for 9M Customers
European budget airline EasyJet has been hacked, with attackers making off with personal details for 9 million customers. It was, the airline said, a “highly sophisticated attack” that exposed the email addresses and travel itineraries of the victims, along with payment-card information for 2,208...
Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found. Researchers from Secureworks Counter Threat Unit CTU have observed an...
VPN Concerns with Unplanned Remote Employees
The volume of employees working from home is steadily increasing, especially as local recruiting limits the number of skilled people. This along with the current state of coronavirus means that throughout the world, spikes in work-from-home policies are putting pressure on IT teams to scale virtu...
Building for Billions: Addressing Security Concerns for Platforms at Scale
Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...
Hackers Leak Biopharmaceutical Firm's Data Stolen in Ransomware Attack
The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company’s compromised data on underground forums. ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for...
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider MSSP market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t...
A Practical Guide to Zero-Trust Security
Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and...
Apple Updates Privacy Policies After Siri Audio Recording Backlash
Apple is taking steps to improve the privacy of audio collected by its Siri voice assistant, on the heels of backlash around a program that let contractors listen into Siri conversations. On Wednesday, the phone giant apologized for violating users’ privacy through the program, which was...
For $8.6M, Cisco Settles Suit Over Bug-Riddled Video Surveillance Software
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that alleged it sold video security software with known security vulnerabilities to U.S. federal and state governments. The litigation, originally brought in 2011, was filed under the False Claims Act, claiming that the software...
ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst
About a fifth of all web traffic 20.4 percent comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps and APIs. That’s worse for some verticals, like the banking and finance sector, which was hit the hardest last year. That’s according to the Distil...
Microsoft Launches Azure DevOps Bug Bounty Program
Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...
How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate
The transformation from racks of physical hardware hosting sites and services to cloud computing has provided organizations with better flexibility and reduced costs. Attackers have seen the benefits to this model and are also taking advantage of cloud computing to make more money, evade detectio...
Google Patches Critical Vulnerabilities in Android OS
Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...
Cisco Patches High-Severity Bug in VoIP Phones
A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday. Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in...
Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear
Patches for three critical vulnerabilities impacting broadband gateways made by Advanced Digital Broadcast ADB have been released to the public, nearly two years after the bugs were first found. Issues range from a privilege escalation flaw, an authorization bypass vulnerability and a local...
Google Patches 11 Critical Android Bugs in June Update
Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...
ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models
ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices. Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86...
Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code
Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...
Microsoft Patches Critical Windows DNS Client Vulnerabilities
Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were...
Macs Not Receiving EFI Firmware Security Updates as Expected
Since the Thunderstrike bootkit attacks targeting Apple firmware were disclosed in 2015, Apple has bundled subsequent EFI updates with its regular macOS security and software updates in an attempt to improve protection around its hardware. Researchers at Duo Security, however, have uncovered that...
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
Siemens, Bayer Expected to Patch Medical Devices Hit By WannaCry
It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry ransomware outburst as well. Over the past few days the Department of Homeland...
Google Reveals Windows Kernel Zero Day Under Attack
A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft. Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attac...
Apple Patches Trident Vulnerabilities in OS X, Safari
The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple...
Range of Mousejack Attack More Than Doubles
The Mousejack vulnerability raised awareness of the potential risks introduced by a wireless mouse or keyboard to the enterprise. From a relatively short distance, a hacker could send packets to the device that generate keystrokes on the host computer rather than mouse clicks. In short order,...
Adobe Auto-Update Flash Player Zero Day Patch
Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...
Adobe Patches 18 Vulnerabilities in Flash
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today. The Patch Tuesday updates,...
Google Fixes 159 Flaws in Chrome
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those...
Five Year Old Security Vulnerability Patched in Linux Kernel
A serious and reportedly five-year-old bug in the Linux kernel could give attackers the ability to run malicious code or, at the very least, cause crashes on a variety of affected systems. Some, though not necessarily all, Linux distributions would be vulnerable without installing the patch. What...
JBoss AS Attacks Up Since Exploit Code Disclosed
Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...
July 2013 Microsoft Patch Tuesday Security Updates
A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...
Oracle Releases 40 Critical Java Patches in June Update
Oracle pushed out another 40 Java patches Tuesday night bringing the total number of Java security updates for 2013 to well over 100, exceeding already the number of Java patches released in 2012. Attackers have had a field day this year exploiting previously unreported vulnerabilities in Java, i...
Google Fixes More Than a Dozen Flaws in Chrome 27
Google has released Chrome 27, a new version of its browser that includes a long list of security fixes, many of which are for high-risk vulnerabilities. The company handed out more than $14,000 in rewards to researchers who reported bugs fixed in the latest iteration of Chrome. Google’s security...
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday
Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating...
Experts Downplay MySQL Database Zero-Days
A rash of zero-day exploits and vulnerabilities in the MySQL database were disclosed to the Full Disclosure mailing list over the weekend, but experts are saying they’re much ado about nothing. Of the half-dozen zero-days reported by a researcher known as King Cope, all but one require legitimate...
Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In
Is the Java browser plug-in the IT equivalent of the human appendix? Would you miss it if it were gone? Probably not, experts say, especially now that attackers are beating the Java sandbox with a rash of zero-day exploits. “It’s simply safer to have the Java plug-in disabled in the browser knowi...
Newest Java 7 Update Still Exploitable, Researcher Says
UPDATE–Oracle last week patched the two zero-day vulnerabilities in Java that attackers had been exploiting in targeted attacks, but it didn’t take long for researchers to poke more holes in the software. A new bug that allows a complete Java sandbox escape has been identified already, the latest...
RuggedCom Devices Have Hard-Coded SSL Keys
Siemens subsidiary RuggedCom’s Rugged Operating System ROS contains a vulnerability that could give an attacker the ability to decrypt SSL traffic between RuggedCom networking equipment and end-users, according to an ICS-CERT alert. Justin W. Clarke, a security researcher at Cylance Inc., disclos...
Phishing for Fanboys with Phony iPhone 5 Images
There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing...
New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East
A new piece of malware dubbed Gauss, that experts say is a direct descendant of Flame and also related to Stuxnet and Duqu, has been found on thousands of PCs in the Middle East, mostly in Lebanon. Gauss contains some of the same code as Flame, but is markedly different in a number of respects,...
Microsoft Aims to Make Life Harder, More Expensive For Attackers
MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...
Adobe Plans Critical Security Updates for Reader, Acrobat Next Week
Adobe said on Friday that it will issue critical fixes for its popular Reader and Acrobat products on Tuesday, January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for both the Windows and Macintosh platforms to fix a slew of critical...
APEC Host Committee Spear-Phished by China
An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland. As Threatpost reported yesterday, computers...
Microsoft Releases Huge Patch Tuesday Update For 49 Bugs
Microsoft has released its largest-ever bundle of patches, pushing out 16 updates that fix a total of 49 individual vulnerabilities. The patches include updates for six critical vulnerabilities, most notably a huge fix for some remote code-execution bugs in various versions of Internet Explorer...
Cryptome Outs Identities of Hackers Behind Breach
Less than a week after the Cryptome.org archive was hacked and defaced, the site has posted the names, addresses and phone numbers of two individuals it accuses of being involved in the attack. In an update on Friday, Cryptome founder John Young posted contact information for three individuals he...
Mozilla Patches Firefox DLL Load Hijacking Bug
Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...