15946 matches found
Iran-Linked 'Newbie' Hackers Spread Dharma Ransomware Via RDP Ports
A group of ‘script kiddies’ tied to Iran are targeting companies worldwide with internet-facing Remote Desktop Protocol RDP ports and weak credentials in order to infect them with Dharma ransomware. The Dharma malware also known as Crysis has been distributed as a ransomware-as-a-service RaaS mod...
Microsoft Exchange Server Flaw Exploited in APT Attacks
Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability in question CVE-2020-0688 exists in the control panel of...
ThreatList: Ransomware Trojans Picking Up Steam in 2019
With the number of unique cyberincidents continuing to grow, ransomware-based attacks in particular are on the rise in 2019, researchers said. Ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019, said Positive...
4 Android Bugs Being Exploited in the Wild
Google updated its May 3 Android security bulletin on Wednesday to say that there are “indications” that four of the 50 vulnerabilities “may be under limited, targeted exploitation.” That was mostly confirmed by Maddie Stone, a member of Google’s Project Zero exploit research group, who clarified...
Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare
Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. They claim, the hack gave them widespread access to surveillance footage within companies such as Tesla and Cloudflare, as well as hospitals, companies,...
Jailbreak Tool Works on iPhones Up to iOS 14.3
Hackers behind previous iPhone jailbreak tools have released a jailbreak update based on a recently discovered and patched iPhone vulnerability. According to iPhone jailbreakers at UnC0ver, the tool allows users to take full control over unpatched iPhones. The jailbreak—which UnC0ver said works o...
Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution. Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe...
UC San Diego Health Breach Tied to Phishing Attack
Authorities at the University of California San Diego Health reported a phishing attack led to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2,...
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service DDoS attacks on gaming targets and others, using internet of things IoT nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said. According to t...
Louisiana Gov Declares Emergency After Rampant Cyberattacks Plague Schools
After a rash of public schools were hit with ransomware, Louisiana’s governor has declared a statewide state of emergency. School districts in the northern part of the state – including Monroe City, Morehouse Parish and Sabine Parish – have been affected. Monroe City, on its website, noted that i...
Critical VMware Carbon Black Bug Allows Auth Bypass
VMware has fixed an uber-severe bug in its Carbon Black App Control AppC management server: A server whose job is to lock down critical systems and servers so they don’t get changed willy-nilly. AppC also ensures that organizations stay in continuous compliance with regulatory mandates. This is a...
Critical Flaws in WordPress Quiz Plugin Allow Site Takeover
A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is...
Microsoft Outlook for Android Open to XSS Attacks
Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting XSS attacks. The software giant said that CVE-2019-1105, rated “important,” is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses...
High-Severity Bug in Cisco Industrial Enterprise Tool Allows RCE
A high-severity bug has been found that allows remote attackers to hijack Cisco’s enterprise-class Industrial Network Director. The vulnerability was made public Wednesday along with a patch; there are no workarounds for the bug and a software patch is required, Cisco said. Cisco’s Industrial...
Details Tied to Safari Browser-based 'ScamClub' Campaign Revealed
Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers. The Safari bug, patched on Dec. 2 by Apple,...
ThreatList: Top 5 Most Dangerous Attachment Types
Researchers with F-Secure have tracked the top spam-related attachments and campaigns used so far in 2019. The verdict, ZIPs, PDF, and MS office files such as DOC and XLSM file attachments were more commonly used in huge spam campaigns than any other type attachment. In addition, researchers...
Facebook May Face $5 Billion FTC Fine for Data Misuse
UPDATE Facebook may be facing fines as high as $5 billion after a year-long Federal Trade Commission FTC investigation into its data-security practices. Though it wasn’t mentioned in its earnings call on Wednesday, the social-media giant in a release for its Q1 2019 earnings said that it was...
Wormable Windows Bug Opens Door to DoS, RCE
Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...
Google October Android Security Update Fixes Critical RCE Flaws
UPDATE Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code. The remote code execution RCE flaws are part of Google’s October 2019 Android Security Bulletin,...
Microsoft Warns of Email Attacks Executing Code Using an Old Bug
Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882...
Ragnarok Ransomware Hits Boggi Milano Menswear
Luxury Italian men’s clothing line Boggi Milano has confirmed what Ragnarok was already bragging about on the Dark Web: The brand was hit with a ransomware attack, according to multiple sources. Ragnarok and Boggi Milano representatives who spoke to Bloomberg agree on the facts; the ransomware...
Qualcomm Chip Bug Opens Android Fans to Eavesdropping
A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. That’s according to...
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability CVE-2020-3452 in question, which ranks 7.5 out of 10 on the CVSS scale, were released last...
PGP Ecosystem Targeted in ‘Poisoning’ Attacks
A long-feared attack vector used against Pretty Good Privacy, the framework used to authenticate and keep email messages private, is being exploited for the first time. The attack, which takes aim at keyserver verification directories, makes it impossible for Pretty Good Privacy PGP to work...
Users Urged to Update WordPress Plugin After Flaw Disclosed
UPDATE A vulnerability in a popular WordPress plugin called the WooCommerce Checkout Manager extension is potentially putting more than 60,000 websites at risk, researchers say. The WooCommerce Checkout Manager plugin allows WooCommerce users to customize and manage the fields on their checkout...
DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack
LAS VEGAS – Tens of millions of fax-ready HP OfficeJet inkjet printers are vulnerable to a simple hack that gives an attacker full control over a targeted printer. Once compromised, the all-in-one OfficeJet could act as a springboard for deeper network penetration by an attacker. Here at DEF CON,...
Black Hat: Remote DOS, Backdoor, Easter Egg Among Newly Discovered Siemens Holes
Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easte...
Atlassian Bugs Could Have Led to 1-Click Takeover
Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...
Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure
Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC short for Next Unit of Computing, a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight...
Microsoft Zero-Days, Wormable Bugs Spark Concern
Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update – ten of them rated critical including three wormable code-execution bugs that require no user interaction to exploit. There are also two important-rated zero-days that allow privilege...
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in...
Claire's Customers Targeted with Magecart Payment-Card Skimmer
A Magecart credit-card skimmer was used to attack online customers of the retailer Claire’s for a month and a half, according to researchers. Claire’s – a purveyor of jewelry and accessories – closed its 3,000 physical retail locations worldwide on March 20, in the wake of the COVID-19 pandemic. ...
U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System DNS security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned that multiple government domains have been targeted by DNS...
Securing Data With a Frenzied Remote Workforce–Podcast
The baby upchucks. The dog loudly informs you that she’s detected a budding squirrel armageddon. Your department’s Zoom meeting starts in four minutes. The Bank of Fezziwig texts: If you haven’t enabled online banking, click here. What. Do. You. DO?!? It doesn’t matter that you’ve been working...
BlackByte Tackles the SF 49ers & US Critical Infrastructure
The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...
‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...
Building a Fortress: 3 Key Strategies for IT Security
Last year and early spring has been undoubtedly tough for cybersecurity. We’ve seen one of – if not the – worst cyberattacks on U.S. companies and government agencies in the last decade; and the ProxyLogon Microsoft Exchange vulnerabilities continue to be dangerous. Knowing just how vulnerable ma...
Attackers Exploit Critical Adobe Bug, Target Windows
Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. The vulnerability CVE-2021-21017 has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in...
April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit
Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It’s a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important...
Malware in Ad-Based Images Targets Mac Users
A massive adware campaign has so far impacted up to a million Mac users, using a tricky steganography technique to hide malware in image files. Researchers at Confiant and Malwarebytes said the attacks have been running since Jan. 11, using ads on the web and steganography to spread; steganograph...
Spam Downpour Drips New IcedID Banking Trojan Variant
Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. Written in English and carrying .ZIP files full of the malware – or links to such ZIP files – the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from...
'Google' Sites Are the Latest Ploy by Card-Skimming Thieves
Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. According to analysts at Sucuri, cybercriminals are using typosquatting the practice of changing one letter in a trusted site name to use as a malicious URL to...
Unpatched Android App with 1B Downloads Allows RCE
An Android app that’s been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk MiTD attacks on people’s devices, researchers discovered. The flaws exist in an app...
Equifax Confirms March Struts Vulnerability Behind Breach
Equifax said the culprit behind this summer’s massive breach of 143 million Americans was indeed CVE-2017-5638, an Apache Struts vulnerability patched back in March. The bug was widely assumed by experts to be the “U.S. website application vulnerability” implicated by the company last Thursday,...
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into an endless loop of losing their characters’ lives, rendering it essentially unplayable. Malwarebytes Labs researcher Christopher Boyd said...
TA2541: APT Has Been Shooting RATs at Aviation for Years
Researchers have identified an advanced persistent threat APT group responsible for a series of cyberespionage and spyware attacks against the aviation, aerospace, transportation and defense industries since at least 2017 that feature high-volume email campaigns using industry-specific lures. The...
Podcast: Why Securing Active Directory Is a Nightmare
This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory AD such a nightmare? When security...
Fake Netflix App on Google Play Spreads Malware Via WhatsApp
Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called “FlixOnline,” which advertised via WhatsApp messages...
IBM Spectrum Protect Plus Security Open to RCE
IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems. IBM Spectrum Protect Plus is a data-protection...
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server,...