15946 matches found
Charney plugs Microsoft end-to-end trust at RSA Conference
Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service
Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have found. The new malware service, dubbed the Eternity Project by the...
Attackers Use Event Logs to Hide Malware
Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...
Lapsus$ Hackers Target T-Mobile
T-Mobile confirmed that the extortion group Lapsus$ gains access to their system “several weeks ago”. The telecom giant responded to a report by a journalist Brian Krebs, who accessed the internal chats from the private Telegram channel of the core Lapsus$ gang members. The company added that it...
Box 2FA Bypass Opens User Accounts to Attack
UPDATE A security hole in Box, the cloud-based file-sharing service, paved the way for busting its multifactor authentication MFA, researchers said – and it’s the second such MFA bypass they have discovered in the service so far. Clearly, the stakes are high – gaining access to a Box account coul...
GoDaddy Breach Widens to Include Reseller Subsidiaries
The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s larges...
Native Tribal Casinos Taking Millions in Ransomware Losses
Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the past few months. A notification issued by the Federal Bureau of Investigation FBI cybercrime unit, according to a new report from Bleeping Computer, said that ransomware attacks on tribal casinos...
AdLoad Malware 2021 Samples Evade Apple XProtect
A swelling wave of AdLoad malware infections in macOS devices is cresting its way past Apple’s on-device malware scanner, researchers said. The campaign is using around 150 unique samples, some of which are signed by Apple’s notarization service. AdLoad is a well-known Apple threat that’s been...
Ransomware Volumes Hit Record Highs as 2021 Wears On
Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a...
BIOPASS RAT Uses Live Streaming Steal Victims’ Data
Online gambling companies in China are being targeted by a new remote access trojan RAT which, in addition to its predictable features — like file assessment and exfiltration — takes the novel approach of using live streaming to spy on the screens of its victims. The malware was identified by a...
Kids’ Apps on Google Play Rife with Privacy Violations
About 20 percent of the Top 500 kids’ mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children’s Online Privacy Protection Act COPPA. These have been downloaded by a collective 492 million users, researchers said. That’s according to an analysis...
GitHub Prepares to Move Beyond Passwords
GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...
Experian API Leaks Most Americans’ Credit Scores
A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Experian, for its part, refuted concerns from the security community...
A Post-Data Privacy World and Data-Rights Management
The reality is that today, almost everyone is being tracked and monitored 24/7 with cameras recording our expressions, interactions and speech to determine what we might be thinking, where we are going and who we are meeting. While privacy differs from nation to nation and culture to culture, one...
Pair of Apex Legends Players Banned for DDoS Server Attacks
Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service DDoS attacks on an Xbox server. The players, who had achieved the rank of “Apex Predators” in the console version of the game haven’t been named, but the whole thing wen...
Ninja Forms WordPress Plugin Opens Websites to Hacks
Click to Register Ninja Forms, a WordPress plugin used by more than 1 million sites, contains four critical security vulnerabilities that together make it possible for a remote attacker to take over a WordPress site and create various kinds of problems. Ninja Forms offers WordPress site designers...
Investment Scammers Prey on Dating App Users, Interpol Warns
Cybercriminals are taking advantage of a surge in dating app users with a sophisticated fraud scheme, which convinces victims to join in on an investment opportunity – and ultimately drains their wallets. The social isolation of the COVID-19 pandemic is driving many to online interactions – notab...
Researcher Builds Parler Archive Amid Amazon Suspension
A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google. Archived content includes public posts from the social-media site. These posts reportedly included Parler...
Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
UPDATE Microsoft has become the latest victim of the ever-widening SolarWinds-driven cyberattack that has impacted rafts of federal agencies and tech targets. Its president, Brad Smith, warned late Thursday to expect many more victims to come to light as investigations continue. Adversaries were...
RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report
Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. The compromised data appeared on a new dark web site created to publish leaked information, according to a published report. The move appears to be a revenge for the...
2020 Reader Survey: Share Your Feedback to Help Us Improve
Dear Threatpost Reader, Thank you for taking the time to participate in our anonymous Reader Survey. With your help, we intend to continue bringing you timely and relevant news and information to keep you in touch with the cybersecurity industry. This survey will only take a few minutes of your...
Crippling Cyberattacks, Disinformation Top Concerns for Election Day
What keeps researchers up at night leading up to Nov. 3 isn’t election-day winners and losers. Most cite possible attacks on local infrastructure, crippling ransomware incidents and disinformation campaigns. There are also many concerned voters this year. Election-related cybersecurity attacks ha...
Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees
Microsoft said that an Iranian threat actor has successfully compromised attendees of two global conferences – including ambassadors and senior policy experts – in an effort to steal their email credentials. The two conferences targeted include the Munich Security Conference, slated for Feb. 19 t...
Facebook, News and XSS Underpin Complex Browser Locker Attack
A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting XSS vulnerability on a popular news site, researchers said. Browser lockers are a type of...
Stubborn WooCommerce Plugin Bugs Gets Third Patch
E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. Two fixes for the flaws, first available on Aug. 22 and second on Sept. 2, failed to patch the...
Data Breaches Expose Vets, COVID-19 Patients
A pair of healthcare-related data breaches at high-profile government agencies has impacted tens of thousands of people. First, a cyberattack at the U.S. Department of Veterans Affairs VA has impacted about 46,000 veterans, exposing their financial information. And another incident, at the U.K.’s...
QR Codes Serve Up a Menu of Security Concerns
Quick Response QR codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar...
Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers
The COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things IoT devices seeing sharp increases in the U.S. for the first half of the year. According to SonicWall’s 2020 Cyber Threat Report ransomware attacks are up, particularly in th...
Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments
A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial,...
Phishing Campaign Targeting Office 365, Exploits Brand Names
Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the...
Podcast: Would You Use A Contact-Tracing Coronavirus App?
As a world afflicted by the coronavirus pandemic begins to re-open restaurants, retail stores and more, public-health officials remain concerned about the spread of the virus. Technology for contact-tracing apps, intended to help citizens trace whether they were exposed to someone who has tested...
NSO Group Impersonates Facebook Security Team to Spread Spyware — Report
According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Grou...
REvil Ransomware Attack Hits A-List Celeb Law Firm
A popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna, has been hit by a ransomware attack. Hackers are now threatening to release the 756 gigabytes of data allegedly stolen – including non-disclosure agreements, client contracts and personal...
WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead to cross-site request forgery CSRF and...
Sophisticated Android Spyware Attack Spreads via Google Play
A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat APT actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that’s distributed via dozens of ap...
Unique P2P Architecture Gives DDG Botnet 'Unstoppable' Status
The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Most notably, its operators have adopted a proprietary peer-to-peer P2P mechanism that has turned the DDG into a highly...
Tekya Malware Threatens Millions of Android Users via Google Play
Researchers have discovered a new family of auto-clicker malware that commits mobile ad fraud, lurking in 56 apps on the Google Play store. Collectively, they have been downloaded nearly a million times worldwide. A team from Check Point Software recently discovered the malware, dubbed Tekya, whi...
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus’ spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and...
SMS Phishing Campaign Targets Mobile Bank App Users in North America
A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June an...
FBI Taps Apple to Unlock Pensacola Shooter's iPhone
The Federal Bureau of Investigation is once again asking Apple to help unlock the iPhone of a potential terrorist. The FBI is looking to crack two iPhones that they believe were owned by Mohammed Saeed Alshamrani, the Saudi-born suspect in the shooting attack that killed three people in December ...
Amazon's Blink Smart Security Cameras Open to Hijack
Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things IoT cameras not to be confused with the Blink open-source browser engine, consist of a wireless...
Magecart Group Switches Up Tactics with MiTM, Phishing
A fresh splinter group under the Magecart umbrella has been discovered ramping up activity starting in August-September of 2019. It’s using a unique codebase and different tactics to carry out its attacks, according to researchers. Magecart is an umbrella term encompassing several different threa...
GE Aviation Passwords, Source Code Exposed in Open Jenkins Server
A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure. GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine...
Wipro Attackers Have Operated Under the Radar for Years
New details are emerging in the April attack on systems consulting behemoth Wipro, which saw its network hacked and used for mounting attacks on a dozen of its customers. In a fresh analysis of the indicators of compromise IOCs, Flashpoint analysts said that the cyberattackers have actually been...
Evil TeamViewer Attacks Under the Guise of the U.S. State Department
UPDATE A targeted, email-borne attack against embassy officials and government finance authorities globally is making use of a malicious attachment disguised as a top-secret U.S. document. It weaponizes TeamViewer, the popular remote-access and desktop-sharing software, to gain full control of th...
MAGA 'Safe Space' App Developer Threatens Security Researcher
UPDATE A newly released 63red Safe mobile app that aims to help wary Trump supporters find “safe” and conservative-friendly places to wear Make America Great Again MAGA gear turns out to have a host of security issues, according to one researcher. Meanwhile, Scott Wallace, the Oklahoma-based mobi...
Researchers Allege 'Systemic' Privacy, Security Flaws in Popular IoT Devices
Researchers are highlighting the insecure nature of Internet of Things devices in a report released Tuesday alleging a bevy of popular consumer connected devices sold at major retailers such as Walmart and Best Buy are riddled with security holes and privacy issues. In analyzing 12 different IoT...
ThreatList: Credential Theft Spikes by Triple Digits in U.S.
Credential theft was substantially up in the United States during the third quarter – even as declines were charted in Europe and Asia. What credentials go for on the Dark Web. Periodic analysis from Blueliv shows a whopping 141 percent increase in compromised credentials from North American...
GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig
UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...
Sen. Wyden Urges Government Ban on Adobe Flash
Citing security concerns, Sen. Ron Wyden is urging the government to create a plan to transition away from Adobe Flash before the vendor stops supporting it in 2020. To that end, the Oregon Democrat delivered a formal request to the National Security Agency and the National Institute of Standards...