Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Necurs botnet activity is spiking as scammers use the network to flood inboxes with promises of companionship, in part of a seasonal wave of Valentine’s Day-themed spam. Victims are encouraged to share revealing photos of themselves, which scammers later use as leverage in extortion shakedowns. T...

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner

More than 4,200 websites, including many run the U.K. and U.S. governments, were infected on Feb. 11 by a Monero cryptocurrency miner delivered through Browsealoud, a hosted accessibility service that can read website content aloud for people with visual impairments. Browsealoud developer Texthel...

Cisco Confirms Critical Firewall Software Bug Is Under Attack

Attackers are trying to exploit a critical vulnerability in Cisco’s Adaptive Security Appliance firewall software, the company has confirmed. Cisco has updated its advisory for the vulnerability, which was first revealed on Jan. 29 and has been logged as CVE-2018-0101, on Feb. 7. “The Cisco Produ...

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models

Lenovo warned customers on Friday that two critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad brand. The vulnerabilities were first revealed in September and originally they were only reported to impact specific Broadcom chipsets used in Apple iPhones, Apple TV and Androi...

Apple Downplays Impact of iBoot Source Code Leak

Apple is responding to reports the leak of its iBoot source code is a serious security blow to iOS devices. In statement released Thursday it confirmed the leak, but emphasized the source code is three years old and would have no impact on iOS device security. “Old source code from three years ag...

Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server

Detailed personal information from thousands of insurance customers in Maryland–as well as login credentials for a massive national insurance claims database–was exposed due to an an open port on a NAS server. The misconfiguration exposed a wealth of information on Maryland Joint Insurance...

Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say

Researchers have identified a new ransomware strain that went undetected by built-in anti-malware protection used by cloud heavyweights Microsoft and Google as recently as January. According to researchers at the cloud service firm Bitglass, both Google Drive and Microsoft Office 365’s SharePoint...

Google Expands Play Marketplace Bug Bounty Program

UPDATE Google is expanding the number of bounties available in its Google Play Security Reward Program, a step that comes amid a flurry of mitigation activities against malicious apps found in its official marketplace. The company introduced the program in October, in a long-awaited move...

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims

UPDATE A vulnerability in the popular HotSpot Shield VPN client, which is promoted as being able to hide users’ identities, could expose their IP addresses and “other juicy info,” according to a security researcher. Paulos Yibelo, a researcher who has collected on a number of bug bounties in the...

Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers

An erroneously configured Amazon S3 Simple Storage Service bucket managed by Paris marketing firm Octoly left contact information and personal details for more than 12,000 social media influencers. Octoly connects popular Instagram, Twitter and YouTube users with companies that provide them...

Cisco Issues New Patches for Critical Firewall Software Vulnerability

Cisco has released new patches for a critical vulnerability in its Adaptive Security Appliance software after further investigation revealed additional attack vectors. The company first announced the vulnerability, CVE-2018-0101, on Jan. 29. It received a Common Vulnerability Scoring System base...

Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs

UPDATE Grammarly has fixed a bug with its Chrome browser extension that exposed its authorization tokens to websites, allowing sites to assume the identity of a user and view their account’s documents. “I’m calling this a high severity bug, because it seems like a pretty severe violation of user...

Covert Data Channel in TLS Dodges Network Perimeter Protection

Researchers have released a proof-of-concept framework for a new covert channel for data exchange using the Transport Layer Security TLS protocol. The method exploits the public key certificate standard X.509 and could allow for post-intrusion C2 communication and data exfiltration to go unnotice...

New Monero Crypto Mining Botnet Leverages Android Debugging Tool

A new botnet that distributes malware for mining Monero cryptocurrency has emerged, infecting Android devices through a port linked with a debugging tool for the OS, according to researchers at Qihoo 360 Netlab. Dubbed ADB.Miner by 360 Netlab, the botnet is gaining entry to Android devices–mostly...

JenX Botnet Has Grand Theft Auto Hook

Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices. Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a D...

New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices

Researchers disclosed two new vulnerabilities in Western Digital My Cloud network storage devices on Thursday that could allow a local attacker to delete files stored on devices or allow them to execute shell commands as root. Researchers at Trustwave disclosed the vulnerabilities, which come on...

Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk

Point-of-sale systems are rich targets for attackers, given their status as a gateway to credit card information, customer and back-office data and other goodies. A recently patched vulnerability in Oracle’s MICROS POS system software can lead to attackers gaining full access to the systems, say...

Adobe Flash Player Zero-Day Spotted in the Wild

The South Korean Computer Emergency Response Team issued a warning Wednesday of a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks are focused on South Koreans and involve malicious Microsoft Word documents. According to the South Korean Computer...

Crypto Miners May Be the ‘New Payload of Choice’ for Attackers

Ransomware has been a favorite and time-tested tool for cybercriminals, but the rise of cryptocurrency has given them a broad new target with key strategic advantages, leading to a sharp uptick in crypto mining botnets, researchers at Cisco Talos say. Attackers “are beginning to recognize that th...

Massive Smominru Cryptocurrency Botnet Rakes In Millions

Criminals behind the cryptocurrency miner Smominru have raked in between $2.8 to $3.6 million since May. The payday is impressive, say researchers at Proofpoint, who report that operators have amassed a formidable botnet of infected servers pumping out 24 Monero daily, or the equivalent of $8,500...

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Google set the record straight on Android security Tuesday, announcing that in 2017 it booted 700,000 apps from Google Play for violating marketplace policies. In a blog post titled “How we fought bad apps and malicious developers in 2017,” Google outlined efforts made over the last 12 months to...

Multiple Critical Flaws Found in Zoho’s ManageEngine

Researchers have found multiple critical flaws in the IT help desk software ManageEngine, made by Zoho Corp. In all, seven vulnerabilities were discovered, each allowing an attacker to ultimately take control of host servers running ManageEngine’s SaaS suite of applications. According to...

Cisco Patches Critical VPN Vulnerability

Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on...

Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks

The United States Secret Service issued a warning on Friday to financial institutions citing “credible information” about “planned” attacks against U.S. cash machines using malware that can quickly drain ATM machines dry of cash. The warning came a day after ATM maker Diebold Nixdorf also warned...

Lenovo Fixes Hardcoded Password Flaw Impacting ThinkPad Fingerprint Scanners

PC maker Lenovo issued a fix for a hardcoded password flaw impacting ThinkPad, ThinkCentre and ThinkStation laptops. The flaw affects nearly a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 operating system. The vulnerability was disclosed by Lenovo on Thursday...

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites

Over 2,000 WordPress sites are infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive. Researchers at Sucuri who made the discovery, said the recent campaign is tied to threat actors behind a December 2017 campaign that infected over...

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices. Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86...

Firefox, Chrome Patch Vulnerabilities, Add Security Features

Both Mozilla and Google have updated their browsers this week and have added important security fixes along with bolstering user privacy and safety. Google tackled 53 security fixes on Wednesday with the debut of Chrome 64 version 64.0.3282.119 for Windows, Mac and Linux. Only three of the...

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug

UPDATE Hundreds of software applications built using the developer framework called Electron may be vulnerable to a remote code execution flaw, according to developers of the framework. Impacted are dozens of popular Windows applications such as Microsoft’s Skype for Windows and Slack. Earlier th...

Satori Author Linked to New Mirai Variant Masuta

Researchers at NewSky Security say the hacker behind a Mirai malware variant called Satori, also known as Mirai Okiru, is the same hacker behind two new Mirai variants called Masuta and PureMasuta. Based on source code for Masuta malware recently found on the dark web, researchers at NewSky...

App Flaws Allow Snoops to Spy On Tinder Users, Researchers Say

Researchers at Checkmarx say they have discovered a pair of vulnerabilities in the Tinder Android and iOS dating applications that could allow an attacker to snoop on user activity and manipulate content, compromising user privacy and putting them at risk. Attackers can view a user’s Tinder...

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Intel is advising OEMs and partners to halt patching for the Spectre and Meltdown vulnerabilities amid numerous reports the updates are causing reboot issues on systems running the Broadwell and Haswell microprocessors. “We recommend that OEMs, cloud service providers, system manufacturers,...

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts. The game...

Hacker Infects Gas Pumps with Code to Cheat Customers

Authorities in Russia have broken up a widespread scheme involving dozens of gas-station employees who used software programs on electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tank. The scam shorted customers between 3-to-7 percent per gallon ...

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law

A controversial U.S. legal framework concerning domestic surveillance is poised to live on for another six years, but opponents say they plan to continue the fight. In a widely expected move, President Donald Trump signed the bill one day after the Senate approved it in a 65-34 vote. At issue is...

OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

OnePlus has confirmed that up to 40,000 customers have been affected by a credit card breach, in the latest embarrassing misstep for the Chinese handset maker. The news comes several days after OnePlus shut down credit card processing following complaints from customers about fraudulent charges...

New Dridex Variant Emerges With An FTP Twist

A variant of the Dridex banking trojan recently popped up in an email campaign, with an unusual twist: The attackers used compromised FTP sites for hosting malicious documents, according to researchers at Forcepoint. It was a notable departure from the norm of using HTTP links and could represent...

Apple Preps ChaiOS iMessage Bug Fix for Next Week

UPDATE The so-called ChaiOS message bug identified this week in Apple iOS devices will receive a fix with the rollout of the update for iOS 11.2.5, expected next week. The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to...

Sprawling Mobile Espionage Campaign Targets Android Devices

A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout. Dubbed Dark Caracal, the advanced persistent threat APT campaign has managed to steal hundreds ...

Google Awards Record $112,500 Bounty for Android Exploit Chain

Prolific bug hunter Guang Gong has earned the highest-ever payout for a vulnerability in the history of Google’s Android Security Rewards program, which began in 2015. He earned a combined $112,500 for the disclosure of an Android exploit chain impacting Google’s Pixel handset that could allow an...

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” sai...

Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware

Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms. According to FireEye researchers who identified the campaigns, attackers are attempti...

Oracle Ships 237 Fixes in Latest Critical Patch Update

Oracle has shipped 237 patches for vulnerabilities impacting hundreds of product versions as part of its latest quarterly critical patch update. Product lines coming in for some of the most fixes include Oracle Financial Services Applications, with 34, Fusion Middleware with 27, MySQL with 25 and...

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers sai...

Mozilla Joins U.S. Attorneys General In Bid to Restore Net Neutrality

Mozilla has joined a coalition of U.S. state attorneys general in battling the Federal Communications Commission’s controversial recent ruling that overturned net neutrality laws. “The internet is a global, public resource,” Mozilla wrote in a blog post. “It relies on the core principle of net...

Google Chrome Once Again Target of Malicious Extensions

Researchers at network security vendor ICEBRG recently discovered four malicious extensions in the official Google Chrome Web Store with a combined user count of more than 500,000, and as with past incidents, the implications are serious for both consumers and enterprises. ICEBRG notified Google...

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Lenovo patched a flaw in its networking operating system dating back to 2004 that allowed attackers to perform an authentication bypass attack via a mechanism called “HP Backdoor.” If exploited, an attacker could gain admin-level access on affected switches, Lenovo said. The vulnerability is rate...

Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute

Researchers have found a loophole in Intel processors that allow an attacker to bypass logins and place backdoors on laptops, allowing adversaries remote access to laptops. Researchers at F-Secure, that first identified the attack strategy, say the loophole can be exploited in less than one minut...

Apps Exposing Children to Porn Ads Booted From Google Play

Sixty app were removed from the Google Play marketplace in December that were infected with malware dubbed AdultSwine that in some cases generated pornographic ads on apps aimed at children. The developers behind the malicious apps also scammed victims with scareware techniques and attempted to...

House Votes to Reauthorize Controversial Spy Provision, Section 702

The U.S. House of Representatives voted on Thursday to renew the National Security Agency’s spy powers to collect internet communications under Section 702 of the Foreign Intelligence Surveillance Amendments Act of 2008. The vote 256-to-164 in favor of the legislation ends a yearlong debate over...