15946 matches found
Apache OpenOffice Update Patches Four Vulnerabilities
The Apache Software Foundation fixed four vulnerabilities Friday tied to its popular Apache OpenOffice suite of free productivity applications. The patches are for the suite’s word processing and graphics apps. Each of the vulnerabilities are rated medium in severity. Three of the four bugs patch...
Google Patches ‘High Severity’ Browser Bug
UPDATE Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released. “The stable channel has been updated to...
Rockwell Automation Patches Wireless Access Point against Krack
Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure. Most major vendors have similarly patched their products, some prior to th...
Slack Plugs ‘Severe’ SAML User Authentication Hole
Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used the Security Assertion Markup Language SAML standard for user authentication. The flawed implementation of SAML by Slack impacted mostly enterprise customers wh...
EternalRomance Exploit Found in Bad Rabbit Ransomware
One day after clear ties were established between the Bad Rabbit ransomware attacks and this summer’s NotPetya outbreak, researchers at Cisco today strengthened that bond disclosing that the leaked NSA exploit EternalRomance was used to spread the malware on compromised networks. This contradicts...
Ursnif Banking Trojan Spreading In Japan
Attackers behind the pervasive banking Trojan Ursnif have made Japan one of their top targets, delivering the malware via spam campaigns that began last month. For years, Ursnif or Gozi has targeted Japan along with North America, Europe and Australia. But according to a recent IBM X-Force analys...
Two Critical Vulnerabilities Found In Inmarsat’s SATCOM Systems
UPDATE Researchers are warning of two critical vulnerabilities in global satellite telecommunications company Inmarsat’s SATCOM systems. The vulnerabilities impact thousands of customers running the newest version of its AmosConnect platform, typically found on maritime sea vessels, according to...
Hackers Prepping IOTroop Botnet with Exploits
Hackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the internet for vulnerable IoT devices and dump defaul...
Bad Rabbit Linked to ExPetr/Not Petya Attacks
A link has been confirmed between the Bad Rabbit ransomware outbreak detected yesterday in major organizations in Russia and Ukraine and this summer’s ExPetr/Not Petya attacks. Researchers at Kaspersky Lab said there are “clear ties” between the two attacks though one major piece of the puzzle is...
Malvertising Campaign Redirects Browsers To Terror Exploit Kit
Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the...
BadRabbit Ransomware Attacks Hitting Russia, Ukraine
A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport. The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya...
Whois Maintainer Accidentally Makes Password Hashes Available For Download
The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center APNIC, the...
DUHK Attack Exposes Gaps in FIPS Certification
Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack Don’t Use Hardcoded Keys, isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementatio...
Latest Sofacy Campaign Targeting Security Researchers
Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also kno...
DHS Alert on Dragonfly APT Contains IOCs, Rules Likely to Trigger False Positives
A joint Technical Alert, TA17–293A, released over the weekend by the FBI and Department of Homeland Security describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems. The alert, made available Saturday morning, dissects...
New Magniber Ransomware Targets South Korea, Asia Pacific
Researchers identified a new ransomware family called Magniber that uniquely targets only users in South Korea and the Asia-Pacific regions. The ransomware is primarily being distributed by the Magnitude exploit kit, a primary distribution vehicle in the past for Cerber ransomware. Because of...
‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher
A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai. The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percen...
Necurs-Based DDE Attacks Now Spreading Locky Ransomware
Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch. The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad...
On ROCA, KRACK, BoundHook, Google Advanced Protection
Threatpost editors Mike Mimoso and Tom Spring recap this week’s infosec news starting with the ROCA vulnerabilities affecting factorization of RSA private keys, the KRACK WPA2 Wi-Fi vulnerabilities, the BoundHook attacks, and Google’s introduction of Advanced Protection for Gmail. Download: Music...
Cisco Warns 69 Products Impacted by KRACK
Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks KRACK. On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers...
Google Play Bounty Promises $1,000 Rewards for Flaws in Popular Apps
Google has taken a long-awaited step and instituted a public bug bounty focused on finding vulnerabilities in popular mobile apps housed on its Google Play marketplace At the outset, bug-hunters will work directly with developers of popular apps through the HackerOne platform and are in line for...
Hackers Take Aim at SSH Keys in New Wave of Attacks
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SS...
Google’s ‘Advanced Protection’ Tools Trade Ease-of-Use for Security
Government officials and journalists who use Google services were the first to be invited to use advanced Gmail account security services announced Tuesday. Experts say it’s no security panacea, but tools provided under the Google banner called Advanced Protection empower any private Google users...
FBI Asks Businesses to Share Details About DDoS Attacks
The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents, echoing a similar plea made last year in the throes of a relentless wave of ransomware attacks. The bureau said victims should contact local field offices regardless of...
BoundHook Attack Exploits Intel Skylake MPX Feature
A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other...
Critical Code Execution Flaw Patched in PeopleSoft Core Engine
Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...
Oracle Patches 250 Bugs in Quarterly Critical Patch Update
Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of...
Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones
Security experts are urging Lenovo customers to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. On Oct. 5, Lenovo quietly rolled out four patches impacting all of its Android...
Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a...
Adobe Patches Flash Zero Day Exploited by Black Oasis APT
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group. The group known as Black Oasis was, as recently as this month, using exploits for the flaw to drop FinSpy as a payload. Sold by the controversial...
KRACK Attack Devastates Wi-Fi Security, WPA 2 Protocol
A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty. Not only can attackers peek at supposedly encrypted traffic to steal credentials and payment...
Cyberespionage Group Steps Up Campaigns Against Japanese Firms
Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi. In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of De...
Hyatt Hit By Credit Card Breach, Again
Hyatt Corp., hotel guests are being warned of a credit card breach, the second since December 2015. On Thursday, the hotelier identified 41 of its hotels spread across 13 countries where it confirmed unauthorized access to payment card information. China is the hardest hit by the breach with 18...
Google Busy Removing More Malicious Chrome Extensions from Web Store
Google scrambled this week to remove a malicious Chrome extension from its store and users’ machines after a popular Twitter account disclosed the issue publicly. The incident ramped up again one day later when the developers were able to get two other shady plugins past Google’s defenses before...
Chris Brook Says Farewell to Threatpost
Mike Mimoso talks to Chris Brook who is leaving Threatpost after eight years. Chris recalls the early days of the site and his role in helping get it off the ground. He also talks about how security has evolved right alongside Threatpost. Music by Chris Gonsalves...
Legacy Office Feature Used In Novel Document Attacks
Recent document-based attacks have leveraged malicious macros that if enabled install malware. But, researchers at SensePost have developed a proof-of-concept attack that does not require macros and instead uses an old Microsoft Office feature called Dynamic Data Exchange to execute code on...
Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns
Cybercriminals behind the Locky ransomware have revamped the malware’s code three times in 30-day period and blasted out massive spam campaigns. According to researchers at Trustwave, the latest variant of Locky ransomware is called Ykcol that’s Locky spelled backwards and was part of a Sept. 19...
Equifax Takes Down Compromised Page Redirecting to Adware Download
Update: Equifax said Thursday afternoon that it was not compromised and instead confirmed it was a third-party partner’s code running on the Equifax site that was serving adware. Below is Equifax’s statement: “Despite early media reports, Equifax can confirm that its systems were not compromised...
Down the Rabbit Hole with a BLU Phone Infection
When network administrator James Lockmuller bought 11 dirt-cheap Android phones via Amazon he thought he had a perfect solution for communicating with his warehouse team stretched across a 73,000 square-foot campus. He installed only Skype on the devices and planned to use the $50 BLU Studio X8 H...
Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software
A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...
iOS Password Prompts are Ripe for Abuse
Apple’s policy to repeatedly ask users for their iTunes password needlessly exposes iOS device owners to possible phishing attacks, according a mobile app developer Felix Krause. Krause’s beef with Apple is that too often and seemingly at random times, popups deliver a dialogue box for users to...
RubyGems Patches Remote Code Execution Vulnerability
RubyGems, a package of software tools that installs, upgrades and configures Ruby libraries and programs, on Monday announced it had patched a critical vulnerability. Attackers could leverage the flaw—an unsafe object deserialization vulnerability—to escalate privileges and remotely execute code...
Microsoft Patches Office Bug Actively Being Exploited
Security experts are urging network administrators to patch a Microsoft Office vulnerability that has been exploited in the wild. The vulnerability CVE-2017-11826 could allow remote code execution if a user opens a specially crafted Office file. It was one of 62 vulnerabilities patched by Microso...
Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket
A potentially devastating Amazon S3 bucket exposure left internal Accenture private keys, secret API data and other information publicly available to anyone who could then leverage it to attack the global consulting firm and its clients. The exposure was privately reported to Accenture on Sept. 1...
Microsoft Patches Critical Windows DNS Client Vulnerabilities
Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were...
Porn Site Becomes Hub for KovCoreG Group Malvertising Campaigns
Pornhub, a top-20 ranked U.S. website according to Alexa, was serving up large-scale malvertising attacks exposing millions of visitors to click-fraud. Behind the attacks is the KovCoreG Group, best known for distributing Kovter click-fraud malware. The campaigns, spotted by researchers at...
FormBook Malware Targets U.S. Defense Contractors, Aerospace and Manufacturing Sectors
Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea. According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U....
NFL Players and Agents Targeted in Database Extortion Attempt
A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...
Security Industry Failing to Establish Trust
MADRID—In other industries, failure is embraced as a learning opportunity. In security, not so much. Instead, it’s too often an opportunity to victim-shame, a chance to mock a corporate giant such as Equifax which recently lost 145 million customer records and had a CISO—albeit with a lengthy IT...
Emergency Apple Patch Fixes High Sierra Password Hint Leak
Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said...