Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Cisco Systems patched three bugs on Wednesday that are rated critical, tied to its Digital Network Architecture DNA Center platform. Cisco also warned of four additional vulnerabilities – each rated high. All of the vulnerabilities have available patches for mitigation. All three of the critical...

One Year After WannaCry: A Fundamentally Changed Threat Landscape

It’s been one year this week since the ransomware known as WannaCry infected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt. The speed and scale of the attack – helped along by leaked National Security Agency hacking tool...

Podcast: The Evolution of Deception Technology

Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind and opportunities of...

Critical Linux Flaw Opens the Door to Full Root Access

Red Hat has patched a vulnerability affecting the DHCP client packages that shipped with Red Hat Enterprise Linux 6 and 7. A successful exploit could give an attacker root access and full control over enterprise endpoints. According to an alert issued Wednesday from US-CERT, the critical-rated...

New Cryptominer Distributes XMRig in Aggressive Attacks

Hackers behind cryptominer attacks are growing more aggressive and ruthless. Case and point, a cryptominer malware sample dubbed WinstarNssmMiner has been tracked in 500,000 attacks in the past three days, earning the crooks $28,000, according to researchers. What makes the cryptominer so vicious...

RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

Exploit kit activity has been declining since the latter half of 2016, but the RIG EK seems to buck the trend. It’s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealt...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Somewhere between $18 million to $20 million has gone missing during unauthorized interbank money transfers in Mexico’s central banking system. Authorities are investigating the shadow transactions, but answers are thus far scarce. The affected banks and government officials are determining wheth...

Attackers Use UPnP to Sidestep DDoS Defenses

Universal Plug and Play networking protocols have never been a friend of security researchers. On Monday, Imperva gave the InfoSec community another reason to dislike UPnP. In a proof-of-concept Distributed Denial of Service DDoS attack, Imperva researchers have devised a way to exploit the UPnP...

Adobe Doles Out Second Round of Higher Priority Patches

A week after issuing updates on Patch Tuesday, Adobe has posted patches for a second slew of 24 critical vulnerabilities, which have a higher risk of being exploited. This week’s crop of vulnerabilities, of which there were 47 overall, impact versions of Adobe’s Acrobat DC Acrobat Reader DC, and...

EFAIL Opens Up Encrypted Email to Prying Eyes

A set of vulnerabilities in the encryption technologies used to secure sensitive emails threatens to expose corporate communications as well as the messages of at-risk users such as journalists, political dissidents and whistleblowers operating in hostile environments. However, there is some deba...

Chili’s Doesn’t Leave Data Breach on the Back Burner

Southwestern/Texas-themed restaurant chain Chili’s has become the latest victim of a data breach involving the heist of point-of-sale information from payment cards — and the alacrity with which it has admitted the incident is notable. Hackers had unauthorized access to payment-card data between...

GDPR Phishing Scam Targets Apple Accounts, Financial Data

A phishing campaign targeting Apple users is attempting to trick victims into updating their profiles under the guise it’s a part of proactive security hardening prepping for the introduction of General Data Protection Regulation GDPR policies set to go into effect on May 25. The phishing...

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a peek-and-poke command bug that leaves memory locations open...

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Google Project Zero updated its research alleging that Microsoft’s Edge browser security measure introduced last year, called Arbitrary Code Guard ACG, is faulty. Ivan Fratric, Project Zero researcher, published the 31-page white paper on Thursday alleging that Microsoft’s much vaunted ACG...

Vega Stealer Malware Takes Aim at Chrome, Firefox

A malware dubbed Vega Stealer has been uncovered, looking to make off with saved credentials and credit-card information in the Chrome and Firefox browsers. While it’s a simple payload for now, researchers said it has the ability to evolve into something more concerning in the future. Proofpoint,...

Panda Banking Trojan Diversifies into Cryptocurrency, Porn, Other Targets

The Panda banking trojan, a spin-off from the infamous Zeus malware, is widening its net to attack more than just financial services targets, as seen in three ongoing campaigns discovered in May. The Windows-focused Panda is far from the cuddly thing its name would suggest. It has a full arsenal ...

GandCrab Ransomware Found Hiding on Legitimate Websites

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...

PoS Malware ‘TreasureHunter’ Source Code Leaked

Source code for the point-of-sale malware called TreasureHunter has been leaked, according to researchers who said the release offers them unique insights into the malware, but also gives them pause as they brace for expected variants. Not just was TreasureHunter’s source code leaked, but so was...

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

A new malware campaign rapidly spreading via Facebook is infecting victims’ systems to steal their social media credentials and download cryptomining code. The malware, dubbed Nigelthorn by the Radware researchers who first discovered it, is being propagated via socially engineered links on...

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation. According to the CERT/CC team, most major players including Apple, FreeBSD...

Nigerian BEC Scammers Growing Smarter, More Dangerous

Nigerian business email compromise scams are growing more dangerous and sophisticated as cybercriminals add new tools and techniques to their arsenal such as remote access trojans RATs and advanced information stealers, researchers found. Palo Alto Networks’ Unit 42 said in a report released...

Secrets of the Wiper: Inside the World's Most Destructive Malware

Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies. However, the threat actors behind thi...

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

Vulnerabilities found in the Logitech Harmony Hub can give adversaries root access to the device – allowing attackers to control other smart home devices linked to it, such as smart locks and connected surveillance cameras. Researchers at FireEye’s Mandiant Red team identified four vulnerabilitie...

Severe Keyboard Flaws in LG Smartphones Allow Remote Code Execution

LG has patched two severe vulnerabilities that reside in the default keyboard on all mainstream LG smartphones, including its flagship handsets; the flaws could be used to remotely execute code with elevated privileges. LG’s update also includes a fix for a critical Android issue, from Google. Th...

Georgia Governor Vetoes Controversial Hack-Back Bill

Recognizing the concerns of tech giants and security researchers alike, Georgia Gov. Nathan Deal has vetoed a controversial “hack-back” bill that would have allowed companies in the state to perform offensive cyber-actions in the face of an attack. “Certain components of the legislation have led ...

May Patch Tuesday Fixes Two Bugs Under Active Attack

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack. The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website. “A user need only visit a...

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet. The more critical of the two with a 9.4 CVSSv3 Temp Score is a...

Adobe Patches Critical Bugs In Flash Player, Creative Cloud

Adobe has fixed several critical vulnerabilities – including a critical code execution bug in Adobe Flash Player – as part of its regularly scheduled May Security Bulletin, on Tuesday. In all, Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe...

“Equi-Facts”: Equifax Clarifies the Numbers for Its Massive Breach

As companies continue to install the vulnerable version of Apache Struts behind the breach, Equifax has filed a clarification statement. The number of impacted U.S. consumers from the infamous 2017 Equifax data breach now totals about 147.9 million, and the breach has touched almost every adult i...

FBI: Cyber-Fraud Losses Rise to Reach $1.4B

About 301,580 consumers reported cyber-fraud and malware attacks to the FBI’s Internet Crime Complaint Center IC3 last year – with reported losses exceeding a whopping $1.4 billion. The year’s haul of reports brings the overall total of complaints since the IC3 began recording such things to 4...

Romanian Hackers Extradited to U.S. over $18M Vishing Scam

A pair of Romanian hackers have been extradited to the U.S. after allegedly bilking unwitting victims out of more than $18 million in an elaborate voice- and SMS-phishing i.e., vishing/smishing scheme. Teodor Laurentiu Costea and Robert Codrut Dumitrescu were named in the 31-count federal grand...

Variant of SynAck Malware Adopts Doppelgänging Technique

Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach. Both SynAck ransomware and Process Doppelgänging...

Asylo Open-Source Framework Tackles TEEs for Cloud

Asylo, an open-source framework and software development kit SDK for creating applications that run in trusted execution environments TEEs, has launched to tackle the complexity involved in running a confidential computing platform for workloads in the cloud and virtual environments. TEEs provide...

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

UPDATE – Hundreds of websites running on the Drupal content management system – including those of the San Diego Zoo and the National Labor Relations Board – have been targeted by a malicious cryptomining campaign taking advantage of unpatched and recently revealed vulnerabilities. The attacks,...

Lenovo Patches Arbitrary Code Execution Flaw

Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. The company’s internal testing team...

Report: Intel Facing New Spectre-Like Security Flaws

Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CP...

Pr0nbot is Back – and Evading Twitter Censors

A rapidly swelling botnet of Twitter accounts advertising “adult dating”-themed scam websites has at least 80,000 nodes to date – and only half of them have been caught and restricted by Twitter. The botnet is likely a resurgence of a previous porn-bot, which sported the SFW moniker “Pr0nbot” and...

Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers

About 350,000 implantable defilibrators are up for a firmware update, to address potentially life-threatening vulnerabilities. Abbott formerly St. Jude Medical has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator ICD or cardiac resynchronization...

Twitter Urges Users to Change Passwords Due to Glitch

Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling to change their passwords. The social media company said that it found and has fixed the glitch, and its investigation shows no indication of a...

MassMiner Takes a Kitchen-Sink Approach to Cryptomining

Though it falls squarely into the trend of cryptominers setting their sights on the Monero virtual currency, the MassMiner malware family is adding its own special somethin’-somethin’ to the mix. It targets Windows servers with a variety of recent and well-known exploits – all within a single...

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction

Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this we...

A Look Inside: Bug Bounties and Pen Testing

As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill, partner at Bishop Fox, what she sees as the pros and cons of either approach. Threatpost’s Lindsey O’Donnell also asks Terrill what kind of compani...

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Yet another bad actor has taken advantage of Drupal sites still vulnerable to “Drupalgeddon 2.0,” this time to mine cryptocurrency. The bad script, dubbed the “Kitty” cryptomining malware, takes advantage of the known critical remote-code execution vulnerability in Drupal CVE-2018-7600 to target...

Critical Cisco WebEx Bug Allows Remote Code Execution

A critical vulnerability in the recording function of Cisco Systems’ WebEx conferencing platform has been uncovered, allowing for remote code execution. Attackers can use the flaw by convincing users to open a file purporting to be a recording of a past WebEx event. The bug CVE-2018-0264 exists i...

Free Speech Advocates Blast Amazon Over Threats Against Signal

On Tuesday, Moxie Marlinspike, founder of the secure messaging app Signal, posted a letter sent to him from Amazon threatening to suspend the company’s AWS account for using a technique called domain-fronting on its network. The technique is used to protect messages sent via the Signal’s messagin...

Boutique Shops Offering Rewards Points Pop Up on the Dark Web

Cybercriminal interest in stolen data is not solely limited to financial or personally identifiable information. The exploitation of rewards-points programs, especially those associated with travel, is also on the radar screen for the bad guys. To cater to this interest, a series of boutique stor...

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to “hack back” with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group...

Facebook Introduces “Clear History” Option Amid Data Scandal

Facebook unveiled new updates to its social-media platform this week aimed at securing private data – including a new privacy control called “Clear History.” CEO Mark Zuckerberg outlined the new data privacy measure in a post. Clear History essentially brings the capabilities that users are...

Schneider Electric Patches Critical RCE Vulnerability

Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations. Tenable Research, who discovered the vulnerability CVE-2018-8840 and created a...