Marcus Hutchins' Only Certainty is Uncertainty

The particulars of Marcus Hutchins’ indictment last week on charges the WannaCry hero three years ago wrote a banking Trojan have created another divisive information security storyline. While experts in the community rallied over the weekend to raise funds for his bond and wrote letters of suppo...

Lawsuit Alleges Disney Illegally Tracks Children Via Apps

The Walt Disney Company is fighting allegations this week that its apps fail to safeguard children’s personal information. The move follows a class action lawsuit brought against the company and four others who produce the apps. According to the complaint .PDF, Amanda Rushing and her child filed...

Tech Support Scammers Cast a Wider Net

Tech support scams may be old hat, but scammers are constantly reinventing them. The latest involves a wave of phishing emails that have proven to be a powerful tool for hackers to trick and ultimately extract money from victims. The Microsoft Malware Protection Center reported Monday it’s tracki...

Attackers Use Typo-Squatting To Steal npm Credentials

Hackers seeking developer credentials used typo-squatting to spread malicious code via libraries hosted at the online repository npm. In all, 40 npm packages were found malicious and removed from the Node.js package management registry, according to npm. The attack involved a user named HackTask...

ICS-CERT Warns Exploits Available for Siemens Molecular Imaging Vulnerabilities

Siemens is readying patches for a number of vulnerabilities in its molecular imaging products, including some where public exploits are available. Advisories published Thursday by the Industrial Control Systems Cyber Emergency Response Team ICS-CERT indicate that the flaws are remotely exploitabl...

Tor Developer Busts Myths, Announces New Features

The Tor Project gets a bad rap as being a playground for the guilty. That’s why Tor Project co-founder Roger Dingledine took the stage last week at DEF CON to bust popular myths and announce upcoming features related to the anonymity network that averages 2 million users a day. Dingledine’s bigge...

On the MalwareTech Arrest, Stamos' Black Hat Keynote and More

Mike Mimoso and Chris Brook discuss the news of the week, including how Marcus Hutchins, aka MalwareTech was arrested in Las Vegas, Alex Stamos’ Black Hat keynote, and this week’s proposed IoT legislation. Download: ThreatpostNewsWrapAugust42017.mp3 Show notes: Wannacry Hero Arrested, One of Two...

Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug

Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Service...

WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware

Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested Wednesday in Las Vegas and charged with creating and distributing the Kronos banking malware. Hutchins, known online as Malwaretech, is a U.K. citizen and arrived in Las Vegas las...

WannaCry Bitcoin Withdrawn; 'Killswitch' Researcher Detained in Nevada

Someone on Wednesday began withdrawing Bitcoin from three wallets connected to the WannaCry ransomware attacks. According to a Twitter bot that tracks the status of each wallet, seven withdrawals were made yesterday starting at around 11 a.m. Eastern time. The wallets contained a little more than...

Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United...

IBM Patches Reflected XSS in Worklight, MobileFirst

IBM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability CVE-2017-1500 lingered in the products, Worklight and MobileFirs...

Will The Real Security Community Please Stand Up

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Black Hat 2017 was a vocabulary lesson for white-hats, and yes, words matter. Words such as nihilism, empathy and inclusion have to matter, because what you’re doing n...

Legislation Proposed to Secure Connected IoT Devices

A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...

Amazon Halts Sale of Android Blu Phone Amid Spyware Concerns

Android phone maker Blu Products was dealt a blow Monday when Amazon said it would no longer sell its phones, citing security and privacy issues. The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting...

Breach at Third Party Contractor Affects 18,000 Anthem Members

A month after it agreed to settle 2015’s massive data breach, Anthem Inc., the United States’ largest healthcare company, has a new problem on its hands. The Indianapolis-based company began notifying 18,000 members affected by another unrelated data breach last week. Anthem reported the breach o...

Pharmaceutical Giant Still Feeling NotPetya's Sting

NotPetya was massive shift in malware tactics as what was initially believed to be another global ransomware attack on par with WannaCry was instead a wiper in disguise. It claimed thousands of victims worldwide, including some of the highest profile manufacturers, critical infrastructure provide...

Copyfish Browser Extension Hijacked to Spew Spam

A popular free optical character recognition OCR extension for web browsers called Copyfish was hijacked by attackers who used the extension to spew spam. In a statement released Sunday by distributor A9t9 Software, it was only the Google Chrome extension that was hijacked. Other versions of...

ShieldFS Can Detect Ransomware, Recover Files

LAS VEGAS—Researchers from Italy’s Politecnico di Milano unveiled at Black Hat last week an add-on Windows driver and filesystem that detects ransomware and recovers files. ShieldFS was officially unveiled during the hacker conference by researchers Andrea Continella and Federico Maggi, who said...

Voting Machines Hacked with Ease at DEF CON

LAS VEGAS—Hackers at DEF CON last week made quick work of finding vulnerabilities in electronic pollbooks and voting machines, needing just 90 minutes to find exploitable flaws in every piece of voting equipment. More than 30 machines were available for hackers to crack at the conference’s Voting...

Android Banking Trojan Svpeng Adds Keylogger

The authors behind the Android banking malware family Svpeng have added a keylogger to a recent strain, giving attackers yet another way to steal sensitive data. Roman Unuchek, a senior malware analyst with Kaspersky Lab, said Monday he spotted a new variant of the Trojan in mid-July. Unuchek say...

Microsoft Releases Outlook Patches, Fixes Broken Update

During the heat of Black Hat last week, Microsoft pushed out patches for Outlook that address three newly reported vulnerabilities. Last week’s update also included fixes for six of eight vulnerabilities left unpatched after issues were reported with the June Patch Tuesday update. The most seriou...

How Google Shrank The Android Attack Surface

LAS VEGAS—For Nick Kralevich, head of Android platform security at Google, there is no better barometer for success than finding out the market value for vulnerabilities on the OS he works to protect are among the highest paid for mobile. During a Black Hat session on hardening Android, Kralevich...

Shorting-For-Profit Viable Business Model For Security Community

LAS VEGAS–Justine Bone shook up the security research community last year when she decided to do the unconventional. The CEO of MedSec Holdings teamed with hedge fund company Muddy Waters Capital to short the stock of St. Jude Medical in order to profit from research that revealed life-threatenin...

Attack Uses Docker Containers To Hide, Persist and Plant Malware

LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce,...

ShadowBrokers Remain an Enigma

LAS VEGAS—Clarity and the ShadowBrokers are strange bedfellows. We’re closing in on the first anniversary of the mysterious group’s initial dump of NSA hacking tools and we’re still no closer to understanding who they are, where they got their stuff, and what their true motivations are. Instead a...

Google StuGoogle Study Quantifies Ransomware Profitsdy Quantifies Ransomware Revenue

LAS VEGAS—Over the past two years, 35 unique ransomware strains earned cybercriminals $25 million, with Locky and its many variants being the most profitable. The data comes from a study debuted Wednesday at Black Hat by Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering...

APT Group Uses Catfish Technique To Ensnare Victims

LAS VEGAS–Meet Mia Ash, a 20-something London-based photographer, amateur model, social media butterfly with a keen interest in tech-savvy guys with ties to the oil and gas industry. You guessed it. Mia Ash doesn’t exist. Ash, according to Dell SecureWorks Counter Threat Unit, is a virtual person...

Android Spyware Still Collects PII Despite Outcry

UPDATE LAS VEGAS—Shanghai Adups Technology Co. was roundly criticized Wednesday during a Black Hat session for continuing to use spyware called Adups on at least two Android handset makers’ phones. Researchers said the company was still collecting personal identifiable information without user...

Vulnerable Radiation Monitoring Devices Won't Be Patched

LAS VEGAS—Three radiation monitoring device vendors have told researchers they will not be fixing a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device. The flaws were privately disclosed by IOActive researcher Ruben Santamar...

Facebook Security Boss: Empathy, Inclusion Must Come to Security

LAS VEGAS—Twenty years of Black Hat seemed to be the appropriate marker in time for Alex Stamos to remind security professionals of their unique position to affect change, not only in technology and business, but also in geopolitics and human rights. Facebook’s chief security officer delivered th...

Windows SMB Zero Day to Be Disclosed During DEF CON

LAS VEGAS—A 20-year-old Windows SMB vulnerability is expected to be disclosed Saturday during a talk at DEF CON. Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease using only 20 lines of Python code and a Raspberr...

Academia's Role in Security Skills Gap Examined

LAS VEGAS—For a long time, there’s been a chorus from employers about the lacked of skilled security professionals to fill available openings. And while it would not be an illogical leap to think universities are adequately preparing tomorrow’s security admins and CISOs, quite the opposite may be...

Novel Attack Tricks Servers to Cache And Expose Personal Data

LAS VEGAS—Researcher Omer Gil has devised a way to trick a web server into caching pages and exposing personal data. The so-called web caching attack targets sites that use content delivery network CDN services such as Akamai and Cloudflare. These services act as traffic load balancers and revers...

Black Hat USA 2017 Preview

Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas, including some thoughts on what call to action Facebook CSO Alex Stamos may deliver in his keynote address, along with some important topics and sessions that are sure to pop up throughout the week. Download: Black...

Hacker Admits to Mirai Attack Against Deutsche Telekom

A hacker that goes by the name “BestBuy” admitted to a German court on Friday that he was behind an attack last year that knocked close to 1 million customers of German ISP Deutsche Telekom offline. The suspect is a 29-year old British man who is only identified as “Daniel K.” He was arrested Feb...

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

LAS VEGAS—The FruitFly backdoor became a known entity in January, but it’s a good bet that for years it had been in the wild, undetected by analysts and security software. The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recentl...

Trickbot Trojan Malware Morphs, Now Targets U.S. Banks

The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks. IBM X-Force and Flashpoint both recently spotted new Trickbot...

Motivation Mystery Behind WannaCry, ExPetr

If two is a coincidence and three is a trend, maybe we’re not quite there yet in officially calling WannaCry and ExPetr a new movement among APT attacks. But for now, it’s close enough. Researchers are starting to examine the real motivations behind each global outbreak and whether these attacks...

Apple Patches 'BroadPwn' Bug in iOS 10.3.3

Apple released iOS 10.3.3 Wednesday, which serves as a cumulative update that includes patches for multiple vulnerabilities including the high-profile BroadPwn bug that allowed an attacker to seize control of a targeted iOS device. BroadPwn was revealed earlier this month as a flaw in Broadcom...

US, European Law Enforcement Shutter Massive AlphaBay Market

U.S. authorities along with law enforcement agencies in Europe and Asia announced today the takedown of the dark web’s largest illicit market. AlphaBay sold malware and hacking tools along with drugs, fraudulent documents, guns, counterfeit goods and even toxic chemicals, the Justice Department...

Tor Project Opens Bounty Program To All Researchers

The Tor Project announced today the launch of a public bug bounty program to encourage security researchers to privately report issues they find in the group’s software. Unlike its previous invite-only bounty program launched last year, this bounty program will be open to all bounty hunters throu...

Senator Calls For Use Of DMARC To Curb Govt.-Related Phishing Scams

In a letter sent Tuesday to the Department of Homeland Security, Sen. Ron Wyden D-OR called for federal agencies to implement stricter controls on e-mail that would prevent hackers from impersonating email addresses of federal agencies. Wyden called for the use of an email protocol called...

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...

Bad Code Library Triggers Devil's Ivy Vulnerability in Millions of IoT Devices

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by ​researchers at Senrio...

Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched

Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs...

Oracle E-Business Suite Flaw Allows Downloads of Documents

Oracle admins have more than 300 patches to contend with today, but one that should be considered a top priority is a bug in the E-Business Suite of business applications that could allow an attacker to download data without the need for authentication. The vulnerability, CVE-2017-10244, was...

CoinDash Hacked During its ICO

Hackers hijacked CoinDash’s initial coin offering Monday, stealing $7.7 million in cryptocurrency from the nascent trading platform. The attack occurred during a 15-minute period for “whitelist contributors” prior to the public ICO. During that time, the hackers were able to compromise the CoinDa...

Privacy Activists Suffer Legal Setback In National Security Letter Case

Privacy activists suffered a legal blow when a panel of California appeals court judges ruled Monday the Federal Bureau of Investigation could continue its practice of secretly issuing National Security Letter NSL requests for customer data from communications firms. The case involved a challenge...

Botnet Tweeting, Spamming Porn Shut Down

An adult-themed botnet was found by researchers and dismantled by Twitter last month. The Twitter-based botnet consisted of 86,262 bot accounts, and over the past six months blasted out 8.6 million tweets that attempted to lure males to pornographic, dating, hookup and cheating-spouse websites...