15946 matches found
Millions of Home Fiber Routers Vulnerable to Complete Takeover
UPDATE Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities including being able to view full...
Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software
Two aged samples of North Korean antivirus software called SiliVaccine crib software code from a competitor and come loaded with malware and a backdoor. The two SiliVaccine samples obtained by researchers at Check Point security offer unique insight into a secretive country and how it likely...
Volkswagen Cars Open To Remote Hacking, Researchers Warn
UPDATE – Over the last few years, automakers like Ford, Jeep, Nissan and Toyota have all suffered car-hacking vulnerabilities in their vehicles. Now, it looks like Volkswagen has been pulled into the mix after researchers discovered that in-vehicle infotainment IVI systems in certain...
Tens of Thousands of Malicious Apps Using Facebook APIs
At least 25,936 malicious apps are currently using one of Facebook’s APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address. Trustlook discovered the malicious apps using a formula, which created ...
USB Sticks Can Trigger BSOD – Even on a Locked Device
A proof of concept for easily generating the blue screen of death BSOD on Windows devices has been released, along with a video demonstrating that the denial-of-service effect can take place even if the device is locked. Using a handcrafted image of a Windows NT file system NTFS loaded onto a USB...
KRACK Vulnerability Puts Medical Devices At Risk
A slew of devices from medical technology company Becton, Dickinson and Company BD are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in...
Updated GravityRAT Malware Adds Advanced AV Detection
Researchers tracking the evolution of the remote access trojan GravityRAT warn that developers behind the malware have made key changes to the RAT’s code in an attempt to decrease antivirus detection. “We’ve seen file exfiltration, remote command execution capability and anti-vm techniques added...
NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More
Four years after the initial iteration was released, the National Institute of Standards and Technology NIST has released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity. The framework was developed to be a voluntary, risk-based framework to improve cybersecurity...
Twitter Sold Data To Cambridge Analytica-Linked Company
Twitter is the latest company to face scrutiny for how it protects user data, after disclosing this week that it sold data access to a Cambridge Analytica-linked researcher. The news comes a month after Facebook came under fire for leaking user data to Cambridge Analytica through a third-party ap...
SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies
Ransomware has lately lost its status as the queen of the cybercrime prom, but a new iteration of the nefarious SamSam extortion code shows that it can still make a bid to be sparkly and attention-getting. The latest version of SamSam has taken the malware road less traveled, ditching widespread...
Uber Tightens Bug Bounty Extortion Policies
Uber is tightening policies around its bug-bounty program after a 2016 data breach exposed deep flaws in its policies around handling extortion. The ride-sharing company has updated its program to include clarity around the boundaries between research versus blackmail. The changes come after a 20...
ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks
Thailand’s Computer Emergency Response Team ThaiCERT has seized a server operated by the North Korea-linked Hidden Cobra APT, which is used to control the global GhostSecret espionage campaign. The campaign is still ongoing. ThaiCERT said in an alert on Wednesday that it is working with McAfee an...
Microsoft Issues More Spectre Updates For Intel CPUs
Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware microcode updates for Intel CPUs that include the Broadwell and Haswell chipsets. The company released two Windows Update packages addressing Spectre...
Rubella Crimeware Kit: Cheap, Easy and Gaining Traction
A crimeware kit dubbed the Rubella Macro Builder is betting on a “dirty deeds done dirt cheap” approach to gain popularity in the criminal underground. The kit does two things: with a point-and-click builder functionality, it generates an initial malware payload for social-engineering spam...
PyRoMine Uses NSA Exploit for Monero Mining and Backdoors
The ShadowBrokers’ release of a trove of National Security Agency exploits last year appears to be the gift that keeps on giving, to the hacker community at least: A fresh malware that uses the EternalRomance tool has hit the scene, with Monero-mining as the stated goal. However, more damaging...
Western Digital My Cloud EX2 NAS Device Leaks Files
UPDATE Western Digital’s My Cloud EX2 storage devices leak files to anyone on a local network by default, no matter the permissions set by users. If configured for remote access via the public internet, the My Cloud EX2 also leaks files via an HTTP request on port 9000, according to researchers a...
Metamorfo Targets Brazilian Users with Banking Trojans
A recent spate of financial malware campaigns targeting Brazilian companies, collectively dubbed Metamorfo, uses “spray and pray” spam tactics to ensnare their victims. Across the various offensives, the bad actors are abusing legitimate, signed binaries to load the malicious code. As the name...
Europol Smacks Down World’s Largest DDoS-for-Hire Market
Criminal fantasy dream-site Webstresser.org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami. A multi-national investigation led by Europol has led to the arrest of the administrators of the...
Researchers Hacked Amazon’s Alexa to Spy On Users, Again
A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said. Checkmarx researchers told Threatpost that they created a proof-of-concept Alexa Skill that abuses...
Bezop Cryptocurrency Server Spills 25K in Private Investor, Promoter Data
A leaky Mongo database exposed personal information, including scanned passports and driver’s licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it...
Podcast: Why Manufacturers Struggle To Secure IoT
IoT device manufacturers face an array of challenges when thinking about securing their devices. Too often, many manufacturers are opting to leave out costly security features for their small, low power connected devices. Another issue manufacturers struggle with is juggling the many components...
Exploit Targets Nvidia Tegra-Based Nintendo Systems
UPDATE – Nvidia sought to downplay a vulnerability discovered in its Tegra X1-based systems in a recently published notice. “A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device’s USB port, bypass the secure boot and execute...
Orangeworm Mounts Espionage Campaign Against Healthcare
A freshly minted attack group dubbed Orangeworm has been uncovered, deploying a custom backdoor in mostly healthcare-related environments. It’s bent on laser-focused, comprehensive corporate espionage, with a noisy attack vector that shows that it’s unlikely to be related to nation-state actors...
Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2
The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out y...
Muhstik Botnet Exploits Highly Critical Drupal Bug
Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month...
Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats
SAN FRANCISCO – Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe. In an interview with Threatpost’s Tom Spring, he also covers the company’s latest installment of its State of the Internet report. Ellis discusses...
Podcast: How Millions of Apps Leak Private Data
SAN FRANCISCO – Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about new research on leaky apps made public this week. Unuchek released his research at the RSA conference this week, revealing that millions of apps leak personal identifiable information –...
HackerOne CEO Talks Bug Bounty Programs at RSA Conference
SAN FRANCISCO – Marten Mickos, HackerOne CEO, catches up with Threatpost at RSA Conference to discuss hot-button issues around modern bounty programs. Topics range from how to design a program to protect consumer privacy and vulnerability disclosure issues. Mickos also reflects on the growing...
IoT Security Concerns Peaking – With No End In Sight
SAN FRANCISCO – With the massive influx of connected devices into our digital lives, it’s no surprise that IoT security was on the forefront of the 2018 RSA Conference this year. But despite numerous talks about IoT vulnerabilities this week, a clear resolution seems nowhere in sight. “A lot of t...
Cloud Credentials: New Attack Surface for Old Problem
SAN FRANCISCO – Credential theft and abuse have long been a nagging problem for local network administrators. The threat surface ranges from pretexting scams to insiders who abuse network privileges in order to grant themselves higher permissions than otherwise assigned. Here at RSA Conference,...
Chris Vickery Discusses Data Leak of 48 Million Users by Private Intelligence Firm
SAN FRANCISCO – Profile data of 48 million users that was scraped from social networks and websites ranging from Facebook, LinkedIn, Zillow and Twitter was leaked by a private intelligence agency. The data was left on an Amazon S3 storage bucket accessible without a password by Localblox, the...
Use of ‘StegWare’ Increases in Stealth Malware Attacks
SAN FRANCISCO – Researchers are warning of an uptick in the malicious use of steganography as a vehicle for delivering malware. Steganography, they say, is increasingly becoming a go-to tool for cybercriminals not just for infection, but also command-and-control, data exfiltration and as an...
iOS Sync Glitch Lets Attackers Control Devices
SAN FRANCISCO – Researchers have identified a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims’ devices. Symantec researchers presented the vulnerability during a session at RSAC this week and said the...
Gold Galleon Hacking Group Plunders Shipping Industry
SAN FRANCISCO – Researchers have identified the hacking group behind several widescale business email compromise BEC attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers,...
Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018
Researcher Billy Rios, founder of WhiteScope, discusses medical device hacking at RSA Conference 2018 with Threatpost’s Tom Spring. Rios also talks about his work where he demonstrated how an attacker could remotely hack an internet-connected car wash and used it to attack and damage vehicles...
Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018
Threatpost’s Tom Spring talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement’s use of iPhone passcode cracker called GreyKey...
Millions of Apps Leak Private User Data Via Leaky Ad SDKs
SAN FRANCISCO – Millions of apps leak personal identifiable information such as name, age, income and possibly even phone numbers and email addresses. At fault are app developers who do not protect ad-targeting data transmitted to third-party advertisers. “The scale of what we first thought was...
RSAC 2018: Tech Giants Form Cybersecurity Tech Accord
SAN FRANCISCO – Microsoft President Brad Smith during a keynote at the 2018 RSA Conference condemned government-backed cyberattacks as endangering innocent civilian’s lives – and said that tech companies need to come together to “open the world’s eyes to the impact that this is having.” At this...
Cryptominer Malware Threats Overtake Ransomware, Report Warns
SAN FRANCISCO – Cryptomining malware is the top threat to watch out for this year, according to a new report – with attacks jumping higher than ransomware instances in the first quarter of 2018. A new report by Comodo Cybersecurity, released Tuesday at RSA Conference 2018, found that cryptominers...
Automated Bots Growing Tool For Hackers
SAN FRANCISCO – The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeyp...
Threatpost RSA Conference 2018 Preview
The RSA Conference 2018 kicks off this week in San Francisco, drawing attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools for the coming year. This year’s conference has more than 650 exhibitors and 550 sessions covering...
Google Play Boots Three Malicious Apps From Marketplace Tied to APTs
Two advanced persistent threat groups managed to sneak apps onto the Google Play marketplace earlier this year. Both were designed to conduct surveillance on targets located in the Middle East region, according to Lookout security researchers. One of the groups, identified as APT-C-23 also known ...
Don’t Trust Android OEM Patching, Claims Researcher
Many Android device manufacturers are not telling the truth when they say they have patched phone vulnerabilities in new updates, researchers found. Karsten Nohl and Jakob Lell, researchers with Security Research Labs, told Threatpost they have tested the firmware on close to 3,000 phones and fou...
Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords
A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password just by having the target preview an email with a Rich Text Format RTF attachment that contained a remotely hosted OLE object. The bug was patched by Microsoft as part of its April Patch Tuesday fixes, over a...
Calls For Regulation Build After Facebook Privacy Fallout
As Facebook CEO Mark Zuckerberg appeared before Congress this week, politicians stressed the need for regulation to secure end users’ data privacy on social media platforms. The series of hearings on Tuesday and Wednesday gave members of Congress an opportunity to question Facebook about multiple...
New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. The Early Bird code injection technique, highlighted in a Wednesday report by Cyberbit,...
AMD Rolls Out Spectre Fixes
AMD said that CPU firmware and Windows 10 patches are now available to safeguard its products against the Spectre security flaw. Mark Papermaster, senior vice president and chief technology officer at AMD, said in a Tuesday post that Spectre fixes are available for AMD customers, who can download...
Microsoft Fixes 66 Bugs in April Patch Tuesday Release
Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical. Notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug CVE-2018-1034, rated important, which has no fix but has not been publicly exploited. Microsoft SharePoin...
Vulnerability in San Francisco’s Public Safety Warning Sirens Fixed
Public emergency alert sirens, designed to both warn the masses of a crisis and direct them to safety, can be compromised by attackers who can take control of the system to broadcast false alarms. That is the conclusion of researchers at radio security firm Bastille, who released details of its...
Ransomware Dominates Verizon DBIR
Ransomware has become the most prevalent malicious software as hackers cash in on locking up expensive business critical systems and demanding a ransom, researchers warn. Verizon’s 2018 Data Breach Investigations Report DBIR, released Tuesday, said that ransomware attacks have doubled over the pa...