15946 matches found
Equifax Confirms March Struts Vulnerability Behind Breach
Equifax said the culprit behind this summer’s massive breach of 143 million Americans was indeed CVE-2017-5638, an Apache Struts vulnerability patched back in March. The bug was widely assumed by experts to be the “U.S. website application vulnerability” implicated by the company last Thursday,...
Premium SMS Malware 'ExpensiveWall' Infects Millions of Android Devices
Google has ejected 50 apps from its Google Play store that were harboring mobile malware dubbed ExpensiveWall. The malware, which was downloaded between 1 million to 4.2 million times, sends fraudulent premium SMS messages for fake fee-based services without the knowledge or permission of users,...
Thousands of Elasticsearch Servers Hijacked to Host PoS Malware
Thousands of insecure Elasticsearch servers are hosting point-of-sale malware, according to an analysis by Kromtech Security Center. In total, researchers found 15,000 insecure Elasticsearch servers with 27 percent 4,000 hosting the PoS malware strains Alina and JackPoS. “The absence of...
Zerodium Offering $1M for Tor Browser Zero Days
The exploit acquisition vendor Zerodium is doubling down again. Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser. The company said it will pay up to ...
Microsoft Patches .NET Zero Day Vulnerability in September Update
An actively exploited zero-day vulnerability tied to Microsoft’s .NET framework is one of 25 critical and 54 important vulnerabilities fixed by Microsoft in its September Patch Tuesday security bulletin. According to Microsoft, the .NET framework vulnerability CVE-2017-8759 allows attackers to...
Adobe Fixes Eight Vulnerabilities in Flash, RoboHelp, ColdFusion
Adobe fixed eight vulnerabilities across three products, including two critical memory corruption bugs and a critical XML parsing flaw, with its regularly scheduled update on Tuesday. RoboHelp for Windows, ColdFusion, and as usual, Flash Player, all received updates as part of the company’s Patch...
FreeXL Fixes Two RCE Vulnerabilities
Researchers warned Monday of two remote code execution vulnerabilities in an open source C library that could let an attacker execute code with local user privileges. The library, FreeXL, was updated last week to fix the issues. It allows users to extract valid data from within an Excel .xls...
Wireless 'BlueBorne' Attacks Target Billions of Bluetooth Devices
Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol. Worse, according to researchers at IoT security firm Armis that fou...
Apache Foundation Refutes Involvement in Equifax Breach
A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims over the weekend. René Gielen, vice president of the Apache Struts Project Management Committee PMC at the Apache Software Foundation, wrote Saturday th...
Popular D-Link Router Riddled with Vulnerabilities
A wireless router made by D-Link has nearly one dozen critical vulnerabilities, according to a report released by independent researcher Pierre Kim. The bugs found are in D-Link’s model DIR 850L wireless AC1200 dual-band gigabit cloud routers and could allow a hacker to ultimately hijack the...
Android Users Vulnerable to 'High-Severity' Overlay Attacks
Security researchers warned of a high-severity Android flaw on Thursday that stems from what they call a “toast attack” overlay vulnerability. Researchers say criminals could use the Android’s toast notification, a feature that provides simple feedback about an operation in a small pop up, in an...
Many Questions, Few Answers For Equifax Breach Victims
Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday. The company disclosed yesterday it was the victim of a...
Equifax Says Breach Affects 143 Million Americans
Equifax, one of the three largest consumer credit reporting agencies in the United States, disclosed Thursday afternoon it’s looking into a data breach that may have affected upwards to 143 million Americans. The company said in a statement on its site that cybercriminals managed to exploit an...
New Dridex Phishing Campaign Delivers Fake Accounting Invoices
A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero. The global campaign is the latest in what security experts at Trustwave said is a wave of phishing attacks against Xero and other financial and accounting...
Microsoft Won't Fix Security Bypass Vulnerability in Edge
Microsoft is opting to stand pat and not fix a content security bypass vulnerability in its Edge browser, something researchers warn could potentially lead to the disclosure of confidential information. Nicolai Grødum, a researcher with Cisco Talos, disclosed details around the vulnerability –...
Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim
Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...
Tor Project Brings Security Slider Feature to Android App Orfox
Tor Project developers recently bolstered Orfox, a Tor Browser for Android devices, to help privacy-conscious mobile browsers better customize their security. Tor Project developers partnered with the Guardian Project to release the first iteration of the app last December. It’s essentially an...
IDN Homograph Attack Spreading Betabot Backdoor
An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor and ultimately infecting compromised machines with cryptocurrency-mining and data-stealing malware. Attacks using internationalized domain name homographs rely on users...
Multiple Vulnerabilities Found in NVIDIA, Qualcomm and Huawei's Bootloaders
Six exploitable flaws in chipsets used by Huawei, Qualcomm, MediaTek and NVIDIA were found in popular Android handsets, according to a report by University of California at Santa Barbara computer scientists. Each of the flaws exist in phones sold by Huawei, Sony and Google, and are tied to each o...
13 Critical Remote Code Execution Bugs Fixed in September Android Update
Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September release of its Android Security Bulletin on Tuesday. The most concerning vulnerabilities, as usual, concern Media Framework, Android’s lightweight media player. The framework includes the...
WireX Variant Capable of UDP Flood Attacks
The WireX botnet presented defenders with many superlatives: the largest mobile botnet ever; hundreds of mobile apps spreading application-layer DDoS malware; unprecedented cooperation between technology companies—even competitors—to halt some of its activities. And now a companion piece to WireX...
Patch Released for Critical Apache Struts Bug
The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008. All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache...
Four Million Time Warner Cable Records Left on Misconfigured AWS S3
In what’s almost felt like an epidemic over the last few weeks, yet another slew of sensitive information—600 gigabytes of files—was recently left exposed on two cloud repositories, accessible to anyone. The repositories, owned by BroadSoft, a global communication software and service provider,...
Military Contractor's Vendor Leaks Resumes in Misconfigured AWS S3
Thousands of resumes and job applications containing the personal information of U.S. veterans, many with top secret clearances, and law enforcement officers were left exposed in an Amazon Web Services S3 bucket, continuing a trend where poorly configured cloud-storage services are putting people...
'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware
A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...
On the Onliner Spambot, WireX, and Sarahah
Mike Mimoso and Chris Brook discuss the news of the week, including the Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more. Download: ThreatpostNewsWrapSeptember12017.mp3 Music by Chris Gonsalves Show notes: Google Reminding Admins HTT...
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
US Government Site Was Hosting Ransomware
As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s...
Session Hijacking Bug Exposed GitLab Users Private Tokens
GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have exposed its users to session hijacking attacks. Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to...
Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks
Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since AT&T seems ...
FDA Recalls 465K Pacemakers Tied to MedSec Research
The United States Federal Drug Administration is recalling 465,000 pacemakers that attackers can gain unauthorized access to issue commands, change settings and maliciously disrupt. Affected are four models manufactured by Abbott Laboratories. According to the FDA, the recalls of affected...
Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin
An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in the Product Vendors plugin, which allows an existing ecommerce site to support multiple vendors,...
Intel Confirms Its Much-Loathed ME Feature Has A Kill Switch
Researchers at Positive Technologies forced Intel’s hand at revealing that a previously undocumented kill switch exists for its oft-criticized Intel Management Engine, a remote management component of Intel CPUs. Initially, Positive Technologies set out to disable the feature that some security...
Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies
A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and Sou...
New Locky Variant 'IKARUSdilapidated' Strikes Again
A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s truste...
Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks
Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability CVE-2017-12734 that could let an attacker...
Spambot Contains 'Mind-Boggling' Amount of Email, SMTP Credentials
Researchers have managed to penetrate a spam bot and uncover a massive list of 711 million records that includes email addresses, email and password combinations some in cleartext, and SMTP credentials and configuration files. Troy Hunt who runs the Have I Been Pwned service called it a...
Google Reminding Admins HTTP Pages Will Be Marked 'Not Secure' in October
Google began sending out notices to site owners this month, reminding those who haven’t yet migrated from HTTP to HTTPS that in October their sites will be marked “NOT SECURE.” The warnings are directed to owners of HTTP pages that contain forms, specifically sites that include text input fields...
Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic
Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices. Smart devices such as sleep monitors, electric switches, security cameras and many others require an internet connection to function properly. They...
Revamped Nukebot Malware Changes Targets, Adds Functions
A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...
Telnet Credential Leak Reinforces Bleak State of IoT Security
Shortly after the Mirai attacks, Johannes Ullrich of the SANS Internet Storm Center ISC decided to try a little experiment. He put a security camera DVR online—a poorly secured one with default credentials—and observed how long it would take to become infected, and how often. He wasn’t...
DJI Launches Drone Bug Bounty Program
The lack of security in commercial drones has been well documented, but one Chinese manufacturer is working to fix that by incentivizing researchers who can poke holes in the software its drones run on. One of the largest unmanned aerial vehicle manufacturers, Dà-Jiāng Innovations Science and...
Fraudulent Donations Lead to Disbanding of Hutchins Legal Defense Fund
A legal defense fund established to ease Marcus Hutchins’ attorney costs has been disbanded after a sizable number of fraudulent donations were discovered. Hutchins, known as Malware Tech, is facing six counts for his alleged involvement in creating and distributing the Kronos banking malware. Th...
CEOs Resign from Trump's Cybersecurity Commission
Eight members of the National Infrastructure Advisory Council resigned last week, citing inadequate attention by the Trump Administration to address growing cybersecurity threats facing the United States. President Donald Trump’s Administration has “given insufficient attention to the the growing...
Mobile WireX DDoS Botnet 'Neutralized' by Collaboration of Competitors
A collaboration between leading content delivery networks and technology companies—some of them competitors—is in the midst of shutting down the largest botnet of mobile devices ever recorded. The WireX botnet was detected on Aug. 17 after businesses in a number industries, most notably...
Anonymous Messaging App Sarahah to Halt Collection of User Data With Next Update
Sarahah, the anonymous messaging app that shot to the top of app stores earlier this summer, says it plans to remove a feature that uploads users’ contacts, including phone numbers and email addresses to the company’s servers, in the next update. The app’s creator, Zain al-Abidin Tawfiq, caught...
Race is On To Notify Owners After Public List of IoT Device Credentials Published
Researchers are in a full-out sprint to notify the owners of a substantial list of connected devices and associated telnet credentials that has been available on Pastebin since June but gone viral since Thursday when it was posted on Twitter. The list has more than 20,000 views as of Saturday...
Defray Ransomware Seen Targeting Education, Healthcare Industry
Researchers observed a new, albeit small and selective ransomware campaign earlier this month targeting both education and healthcare verticals. The ransomware, dubbed Defray, comes hidden in rigged Microsoft Word document attachments, sent via email. Researchers with Proofpoint, who spotted two...
On the S3 Leaks, Zerodium's Messaging App Bounties, ROPEMAKER, and More
Mike Mimoso and Chris Brook discuss the news of the week, including the recent AWS S3 leaks, Zerodium’s bounty on secure messaging app zero days, Ropemaker, and cobot vulnerabilities. Download: ThreatpostNewsWrapAugust252017.mp3 Music by Chris Gonsalves Show notes: Industrial Cobots Might Be The...
Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket
As Bitcoin’s price continues to soar beyond $4,000 USD per, cybercriminals are responding in kind by using techniques long reserved for adware, click-fraud and spying to now drop cryptocurrency miners onto compromised computers. The latest incident comes from a rash of drive-by downloads that are...