15946 matches found
U.S. Accuses DPRK Hackers of Stealing Millions
The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat APT known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to...
Military, Nuclear Entities Under Target By Novel Android Malware
Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat APT group to target military, nuclear and election entities in Pakistan and Kashmir. The two malware families, which researchers call “Hornbill” and “SunBird,” have sophisticated...
Threatpost Poll: Weigh in on Ransomware Security
It’s no secret that ransomware attacks continue to rise – with the number of attacks jumping by 350 percent since 2018. Healthcare systems have been hit particularly hard over the past year by ransomware actors, with a recent report saying that healthcare organizations have seen a 45 percent...
Nuclear Weapons Agency Hacked in Widening Cyberattack
The Energy Department and its National Nuclear Security Administration NNSA, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico...
Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr
Shadow IT is hardly a hidden threat to security professionals. Gartner was warning, way back in 2016, that 1 in 3 successful attacks experienced by enterprises would come from the use of unsanctioned apps by 2020. Code42’s Data Exposure Report just about proves Gartner’s prediction, showing that...
PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers
Researchers are warning on an active ransomware campaign that’s targeting MySQL database servers. The ransomware, called PLEASEREADME, has thus far breached at least 85,000 servers worldwide – and has posted at least 250,000 stolen databases on a website for sale. MySQL is an open-source relation...
Code42 Incydr Series: Honing in on high-risk users with Code42 Incydr
The crux of the insider threat challenge is that everyone can be a risk. That’s why most security teams are focusing on gaining broader and deeper visibility into all file activity — especially the surge in remote, off-network activity. But this doesn’t mean that security teams should discount...
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data
Sophisticated cybercriminals have been trying to steal COVID-19 vaccine research – and researchers say there’s more of that to come going into 2021. Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of...
How the Pandemic is Reshaping the Bug Bounty Landscape
The pandemic has overhauled the bug-bounty landscape, both for companies looking to adopt such programs and the bounty hunters themselves. Casey Ellis, founder and CTO of Bugcrowd, said that COVID-19’s far-reaching implications — including increasing the acceptance of remote work, pushing more...
TikTok Launches Bug Bounty Program Amid Security SNAFUs
TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. The bug-bounty program launch signals a new direction for the Chinese-owned video-sharing app, which has been much maligned for its...
Feds Sound Alarm Over Emotet Attacks on State, Local Govs
A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency CISA to issue a warning that state and local governments need to fortify their systems against the trojan. “This increase has rendered Emotet one of the most prevalent ongoing...
Emotet Emails Strike Thousands of DNC Volunteers
On Thursday, hundreds of U.S. organizations were targeted by an Emotet spear-phishing campaign, which sent thousands of emails purporting to be from the Democratic National Committee and recruiting potential Democratic volunteers. Emotet has historically utilized a variety of lure themes leveragi...
Android Spyware Variant Snoops on WhatsApp, Telegram Messages
Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns...
Security Takeaways from the Great Work-from-Home Experiment
As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600...
IcedID Trojan Rebooted with New Evasive Tactics
Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features — including a password-protected attachment...
Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers
Voting machine-maker Election Systems & Software ES&S has formally announced a vulnerability disclosure policy, Wednesday, during a Black Hat USA 2020 session. The move, which comes with the U.S. presidential elections looming in November, shows that voting-machine vendors are beginning to take t...
Office 365 Users Targeted By 'Coronavirus Employee Training' Phish
Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to...
Intel Adds Anti-Malware Protection in Tiger Lake CPUs
Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology CET, which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order...
New Kaiji Botnet Targets IoT, Linux Devices
A new botnet has been infecting internet of things IoT devices and Linux-based servers, to then leverage them in distributed denial-of-service DDoS attacks. The malware, dubbed Kaiji, has been written from scratch, which researchers say is “rare in the IoT botnet landscape” today. Kaiji, which wa...
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
Much has been publicized about the shortage of personal protective equipment PPE and other supplies for healthcare facilities in the United States during the COVID-19 pandemic. Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as...
Post-Data Breach, British Airways Slapped With Record $230M Fine
UPDATE A record $230 million fine has been proposed against British Airways after a 2018 data breach impacted 500,000 of the airline’s customers. If approved, the fee would be the biggest General Data Protection Regulation GDPR fine to be issued to a company so far. On Monday, the Information...
Microsoft’s Latest Patch Hoses Some Antivirus Software
Microsoft’s April 9 security update is bogging down systems running antivirus software packages made by McAfee, Avast, ArcaBit, Avira and Sophos. According to Microsoft, the company’s April Patch Tuesday security update is causing some systems to have slow startup times, sluggish performance or...
Fake Instagram Apps on Google Play Harvest User Logins
Three apps on Google Play claiming to help Instagram users amass followers have been found stealing usernames and passwords for the social photo service. The fake apps were uncovered by Malwarebytes, and are still available, according to Nathan Collier, a security researcher with the firm. “As th...
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
A vulnerability in Microsoft’s Active Directory Federation Services ADFS has been uncovered that would allow malicious actors to bypass multi-factor authentication MFA safeguards. Many organizations rely on ADFS to manage identities and resources across their entire enterprise, and ADFS functions...
Black Hat 2018: Cortana Flaw Allowed Takeover of Locked Windows 10 Device
LAS VEGAS – Researchers sounded the security alarm here at Black Hat over issues tied to voice control – specifically with the Windows Cortana service. On Wednesday they outlined a flaw patched in June by Microsoft dubbed “Open Sesame” that allowed an adversary to bypass a Windows 10 lock screen...
Bugs in Samsung IoT Hub Leave Smart Home Open To Attack
Researchers found 20 vulnerabilities in Samsung’s SmartThings Hub, allowing attackers to control smart locks, remotely monitor the home via connected cameras and perform other alarming functions. Cisco Talos researchers, who published a technical breakdown of the vulnerabilities on Thursday, said...
Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform
Cisco Systems patched three bugs on Wednesday that are rated critical, tied to its Digital Network Architecture DNA Center platform. Cisco also warned of four additional vulnerabilities – each rated high. All of the vulnerabilities have available patches for mitigation. All three of the critical...
Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords
A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password just by having the target preview an email with a Rich Text Format RTF attachment that contained a remotely hosted OLE object. The bug was patched by Microsoft as part of its April Patch Tuesday fixes, over a...
19-Year-Old TLS Vulnerability Weakens Website Crypto
A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is foun...
iOS 11 Update includes Patches for Eight Vulnerabilities
iOS 11 is out today and along with a new look and feel on the iPad especially comes a handful of patches for the Apple mobile OS. Apple addressed eight CVEs in today’s iOS update, and 15 overall as it also updated Safari and the Xcode development framework. Two Webkit bugs, CVE-2017-7106 and...
Adobe Fixes Eight Vulnerabilities in Flash, RoboHelp, ColdFusion
Adobe fixed eight vulnerabilities across three products, including two critical memory corruption bugs and a critical XML parsing flaw, with its regularly scheduled update on Tuesday. RoboHelp for Windows, ColdFusion, and as usual, Flash Player, all received updates as part of the company’s Patch...
Critical Moodle Vulnerability Could Lead to Server Compromise
A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the...
Inside the RIG Exploit Kit
Today’s most prolific exploit kit is RIG, which has filled a void left by the departure of Angler, Neutrino and Nuclear. That has made it public enemy No. 1 when it comes exploit kits. Now Cisco Talos researchers are hoping to shed new light into the ongoing development of the potent EK in hopes ...
Microsoft Patches Zero Day Used in AdGholas Malvertising Campaigns
An attack group behind a long-running malvertising campaign made effective use of a previously unreported low-level vulnerability in Microsoft’s Internet Explorer and Edge browsers to rake in money via banking Trojans and ad fraud. Microsoft patched the zero-day this week among dozens of other...
Google Patches Two High-Severity Flaws in Chrome
Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski $7,500 and Rob Wu $6,500. The previous Chrome update o...
Stagefright Variant 'Metaphor' Puts Millions Of Samsung, LG and HTC Phones At Risk
Millions of Android users are at risk of a new Metaphor exploit that can take over Samsung, LG and HTC phones in under 20 seconds. The hack gives attackers access to the targeted phones including the ability to inject malware and take control over key smartphone functions. Discovered by...
Broken 2013 Java Patch Leads to Sandbox Bypass
Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish...
December 2015 Microsoft Patch Tuesday Security Bulletins
Forgive your local Windows admin if they’re a little shy on holiday cheer in the coming days. Blame instead Microsoft for foisting upon them on Tuesday 71 security patches, including two for vulnerabilities in Office and the Windows kernel currently under attack. Microsoft also issued a separate...
Apple Patches Vulnerabilities in OS X, iOS, Including Pangu Jailbreak
It was only three weeks ago that Apple patched its core line of products and pushed its latest version of OS X, El Capitan. Yet another wave of patches arrived Thursday however to address scores of vulnerabilities in OS X, iOS, Safari, iTunes, and even the company’s smart watch operating system,...
Stagefright Patch Incomplete Leaving Android Devices Still Exposed
Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack. “We’ve already sent the fix to our...
Rig Exploit Kit 3.0 Claims 1 Million Malvertising Victims
LAS VEGAS – A rampant malvertising campaign fueled by a new version of the Rig Exploit Kit has claimed at least 950,000 victims worldwide and is doing so with an unprecedented success rate. Researchers at Trustwave said in advance of this week’s Black Hat conference that they have been watching...
Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows
Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows. The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an...
Adobe Patches Hacking Team Zero Days in Flash
Adobe has put the two outstanding Hacking Team Flash Player zero-day vulnerabilities in check. Today, Adobe released an updated Flash Player that patches CVE-2015-5122 and CVE-2015-5123, two use-after-free bugs uncovered and exploited by the controversial Italian surveillance software vendor. The...
Google Fixes Handful of Bugs in Chrome
Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on fo...
DDoS Exploit Targets Open Source Rejetto HFS
Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server Rejetto HFS. Someone was trying to exploit a...
Adobe Begins Patching Third Flash Player Zero Day
Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player. Version 16.0.0.305 will be distributed to users who have enabled auto-update. Adobe said it expects to have a manual update available tomorrow. “We are working with...
Second NSA Crypto Tool Found in RSA BSafe
A team of academics released a study on the maligned Dual EC DRBG algorithm used in RSA Security’s BSafe and other cryptographic libraries that includes new evidence that the National Security Agency used a second cryptographic tool alongside Dual EC DRBG in Bsafe to facilitate spying. Allegation...
OpenSSL Man-in-the-middle flaw fixed in Ruby
The maintainers of Ruby have fixed a serious flaw in its SSL client that could have allowed an attacker to conduct man-in-the-middle attacks by spoofing an SSL server. The vulnerability lies in the OpenSSL toolkit that’s built in to Ruby and is present in several versions of the software from 1.8...
Details Available for Chrome, Java Pwn2Own Flaws
Details have been disclosed about vulnerabilities exploited in Chrome and Java during the Pwn2Own contest. Google made patches available for the Chrome flaw within 24 hours, while Oracle patched Java fully last week. Details were not disclosed by the researchers, who netted tens of thousands for...
Flaws in Emergency Alert System Hardware Allow Remote Login, Zombie Alert Insertion
There are a set of easily exploited vulnerabilities in the appliances used in the emergency alert system EAS that could be used by attackers to log in to these boxes remotely and send fake emergency alerts like the one that interrupted a TV broadcast in Montana on Monday. The vulnerabilities...