15946 matches found
Elusive ToddyCat APT Targets Microsoft Exchange Servers
An advanced persistent threat APT group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. The campaigns, according to researchers, began in December 2020, and have been largely...
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...
USB-based Wormable Malware Targets Windows Installer
Credit: Red Canary Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at...
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
An unpatched Domain Name System DNS bug in a popular standard C library can allow attackers to mount DNS poisoning attacks against millions of IoT devices and routers to potentially take control of them, researchers have found. Researchers at Nozomi Networks Labs discovered the flaw affecting the...
Nation-state Hackers Target Journalists with Goldbackdoor Malware
Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believ...
Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look
There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it. About 17,000 Java packages in the Maven Central repository, the most significant collection of Java packages...
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers’...
12 New Flaws Used in Ransomware Attacks in Q3
A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That’s a 4.5 percent increase over Q2, according to researchers. Five of the newbies can be used to achieve remote code execution RCE, while two can be us...
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
The embargo period is over for a proof-of-concept PoC tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. BrakTooth is a collection of flaws affecting commercial...
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
A new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines VM so it targets only actual victims and not security researchers. The Malwarebytes team discovered the new campaign, which...
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
War-driving – the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit – can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv...
Keep Attackers Out of VPNs: NSA, CISA Offer Guidance
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline which got pwned by the REvil ransomware crooks with an old VPN password or the 87,000 at least Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. Vulnerabilities in VPN servers are like...
EU: Russia Behind ‘Ghostwriter’ Campaign Against Germany
In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called “Ghostwriter.” Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and...
What’s Next for T-Mobile and Its Customers? – Podcast
What’s the opposite of a resilient operation? It’s when your wireless carrier gets breached for the sixth time in a few years, you try to change your PIN online, and the site tells you “No can do.” As of Wednesday, T-Mobile had confirmed its sixth breach over the last three years. The purported...
Apple: Image-Detection Backdoor ‘Narrow’ in Scope
Apple provided additional design and security details this week about the planned rollout of a feature aimed at detecting child sexual abuse material CSAM images stored in iCloud Photos. Privacy groups like the Electronic Frontier Foundation warned that the process of flagging CSAM images...
Why Your Business Needs a Long-Term Remote Security Strategy
When COVID-19 first emerged, companies across all sectors of the economy were forced to rapidly transition to remote work. The goal was simple: Ensuring business continuity in the face of an unprecedented challenge — a challenge that most assumed would come and go in short order. As vaccines...
Linux-Focused Cryptojacking Gang Tracked to Romania
A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...
Apple’s ‘Find My’ Network Exploited via Bluetooth
Apple’s “Find My device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, a security researcher has demonstrated. Security researcher Fabian Bräunlein with Positive Security developed a...
IcedID Circulates Via Web Forms, Google URLs
Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a...
Home-Office Photos: A Ripe Cyberattack Vector
That photo that appears when someone disables his or her Zoom video, or those photos of a remote worker’s home office shared on Instagram may seem innocuous and playful. However, they could become ammunition for threat actors to launch targeted scams and put personal and critical data at risk, a...
Valentine’s Day Malware Attack Mimics Flower Store
With Valentine’s Day approaching this weekend, several people have received “recent order” email confirmations for flowers or lingerie. These emails are actually part of a spear-phishing attack, which ultimately leads recipients to a malicious document that executes the BazaLoader malware. The...
Industrial Gear at Risk from Fuji Code-Execution Bugs
Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...
Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data
Cybercriminals are vying for Remote Desktop Protocol RDP access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing. During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the...
Zoom Snooping: How Body Language Can Spill Your Password
You’ve heard of Zoom Bombing, but have you heard of Zoom Snooping? Researchers contend they can extract keystroke data from participants in a video call simply by tracking shoulder movements. A recently published study warns malicious actors might use the technique to decipher personal passwords...
Toymaker Mattel Hit by Ransomware Attack
Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission SEC disclosure filed in late October. Mattel reported the...
Wisc. GOP's $2.3M MAGA Hat Debacle Showcases Fraud Concerns
The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise BEC attack. It’s just the latest in a litany of attacks related to the upcoming election, and it...
Google Boots 21 Bogus Gaming Apps from Play Marketplace
Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Twenty-one gaming ads discovered on Google packed with adware from the HiddenAds family we...
Rapper Scams $1.2M in COVID-19 Relief, Gloats with 'EDD' Video
Rapper Fontrell Antonio Baines, who goes by the stage name “Nuke Bizzle,” made his first appearance in U.S. District Court in downtown Los Angeles on Friday after being charged with fraudulently applying for more than $1.2 million in jobless benefits under the Coronavirus Aid, Relief and Economic...
NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk
NFL and NBA athletes whose social-media accounts were taken over have been thrown the ball of justice. Multiple professional and semi-pro athletes were victimized by two men who infiltrated their personal accounts, according to testimony in federal court on Wednesday. Trevontae Washington of...
Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems
Face masks not only have shown in research to slow the spread of COVID-19, they also deter facial-recognition technology from correctly identifying people, according to a new study. New research from the National Institute of Standards and Technology NIST found that even the best of 89 commercial...
DJI Drone App Riddled With Privacy Issues, Researchers Allege
Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. The...
Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings
Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its platform, Verizon Media, PayPal and Uber are in the...
New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire
Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...
News Wrap: Malicious Chrome Extensions Removed, CIA 'Woefully Lax' Security Policies Bashed
For the week ended June 19, Threatpost editors Lindsey O’Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week’s top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being us...
Coronavirus-Themed Cyberattacks Drop — Microsoft
A report from the Microsoft Threat Protection Intelligence Team found that Covid-19-themed cyberattacks peaked in early March and are now trending significantly down. The report also noted that those attacks have been a drop in the bucket compared to overall threats observed over the last four...
Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
The APT known as TA410 has added a modular remote-access trojan RAT to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard,...
The RSAC 2020 Trend Report
Each year, thousands of cybersecurity professionals submit proposals to be a speaker at RSA Conference. And each year, we mine these proposals for trends and commonalities. In The RSAC 2020 Trend Report, we examine the data from this year’s submissions to provide an interesting peek into what wil...
TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs
The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks. Researchers with Dell’s Secureworks research team warned that they have observed the...
Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities
In an exhaustive study of critical Linux vulnerabilities, a team of academic and government-backed researchers claim to have proven that almost all flaws could be mitigated to less than critical severity – and that 40 percent could be completely eliminated – with an OS design based on a verified...
Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw
A new Bleichenbacher oracle cryptographic attack has been set loose on the world, using a 20-year-old protocol flaw to compromise the Internet Key Exchange IKE protocol used to secure IP communications. Specifically, the attack targets IKE’s handshake implementation used for IPsec-based VPN...
Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws
Adobe has released 11 total fixes for an array of products during today’s Patch Tuesday release, including two critical patches for Acrobat and Reader. This month’s release comes on the heels of Adobe fixing a whopping 112 vulnerabilities in its July Patch Tuesday release last month, including...
Simple Security Flaws Could Steer Ships Off Course
A proof-of-concept attack could cause ships to dangerously veer off course, and it all stems from simple security issues, including the failure to change default passwords or segment networks. Researcher Ken Munro, with Pen Test Partners, on Monday showed how the attack could work and how it’s...
Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2
The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out y...
Apple Announces Emergency Patch to Fix High Sierra Login Bug
Apple said on Wednesday that it will rush an emergency patch to users that fixes an embarrassing login bug in its High Sierra operating system. The patch is expected to be pushed out by Apple sometime Wednesday, according to a company spokesperson. The serious High Sierra login bug surfaced...
Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks
Researchers have identified seven vulnerabilities in the LibXL C library, used to read Excel files. Each of the vulnerabilities are rated 8.8 in severity on the Common Vulnerability Scoring System scale. Attackers could exploit each of the vulnerabilities and perform remote code execution attacks...
Popular ‘Circle with Disney’ Parental Control System Riddled With 23 Vulnerabilities
The makers of the popular parental control system called Circle with Disney patched 23 vulnerabilities over the weekend. The bugs ran the gamut from memory corruption and denial of service, to SSL validation vulnerabilities and impact all devices managed on a network. Circle with Disney is a $90...
Code Execution Vulnerability Found in Libpurple IM Library
A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. A researcher who goes ...
Emergency iOS Update Patches Zero Days Used by Government Spyware
Apple rushed an emergency iOS update today after the discovery of three zero-day vulnerabilities used by governments to spy on the activities of human rights activists and journalists. The zero days, called Trident, allow an attacker to take complete control of an iPhone or iPad with just one...
Researcher Pockets $30,000 in Chrome Bounties
Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the...
Emergency Adobe Flash Player Security Update
Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS. “Successful exploitation could cause a crash an...