Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Cisco has provided updates today for WebEx browser extensions for Chrome and Firefox after Google Project Zero researcher Tavis Ormandy and Divergent Security’s Cris Neckar privately disclosed a vulnerability that could be abused to remotely run code on a computer running the browser extension...

FreeRADIUS Update Patches Bugs Static Analysis Tools Missed

FreeRADIUS, the popular open source RADIUS server, today published updates that include fixes for a number of security issues uncovered by a custom fuzzer built by Dutch researcher Guido Vranken. Vranken used a custom version of libFuzzer to find a handful of serious bugs in OpenVPN that were...

Free Certs Come With a Cost

Let’s Encrypt is the largest certificate authority by volume doling out more than 100,000 free domain certificates a day. The non-profit fulfills a noble mission of securing website communications that is applauded across the internet; it has raised the bar on SSL and TLS security, issuing 100...

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.” Duncan, a handler at the SANS Institute Internet Storm Center, sai...

Siemens Patches Authentication Bypass Flaw in SiPass Server

A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product...

Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE

Cisco has patched nine serious remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. The vulnerabilities had been publicly disclosed. Cisco notified users of the availability of patches after releasing its initial advisory on the matter on June 29,...

On the Verizon breach, Oracle, and EternalBlue

Mike Mimoso and Chris Brook discuss the news of the week, including the Verizon breach, the Oracle session hijacking attack, a Telegram-based hacking tool, and a new, free EternalBlue scanner. Show notes: Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking Telegram-Controlled Hackin...

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the...

Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines

Many digital trees have died for the cause of informing Windows admins about the SMBv1 vulnerability that spawned the WannaCry and ExPetr/NotPetya malware attacks. Yet a relatively small sample of data collected from a freely available tool shows that thousands have not gotten the message, or hav...

Attackers Using Automated Scans to Takeover WordPress Installs

Attackers have been setting their sights on freshly installed WordPress deployments, taking advantage of users who fail to follow through when it comes to configuring their server’s settings. Researchers at the WordPress security plugin WordFence said Tuesday they observed a significant spike in...

Google Changes How it Analyzes Misbehaving Mobile Apps

Mobile apps in the Google Play store are categorized by their purpose, i.e., productivity or games. But there is a science to how apps are arranged, in particular around security and privacy features, and especially in holding back those apps whose behaviors pose a risk to mobile users. Google on...

Third Party Exposes 14 Million Verizon Customer Records

As many as 14 million U.S.-based Verizon customers have had their data exposed by a partner of the telecommunications giant, which misconfigured a repository storing the personal information it had access to. UpGuard director of cyber risk research Chris Vickery, who has made a living of finding...

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot

Botnets distributing FlokiBot point-of-sale malware have awoken from months of slumber and are back in business spewing a new malware dubbed LockPoS. Researchers say the malware is still flying under the radar of many antivirus and intrusion detection systems because it’s so new. Currently, LockP...

Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution

Uber has addressed a vulnerability that allowed attackers to steal session tokens and hijack accounts. Researcher Arne Swinnen disclosed details Monday after confirming late last week that the issue had been resolved; he earned $5,000 in bounties from Uber. Swinnen said that if exploited at a lar...

SAP Patches High-Risk Flaws in SAP POS, Host Agent

SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws that could allow an attacker to gain access to SAP POS, the company’s client/server point-of-sale PoS solution. The issues in SAP POS, a series of missing authorization checks, could let...

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking

Oracle’s next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company’s Oracle Access Manager OAM solution won’t be among the bugs patched. Version 10g of the software, Oracle’s solution for web access management and user administration,...

Telegram-Controlled Hacking Tool Targets SQL Injection at Scale

A black market hacking tool has the potential to rapidly conduct website scans for SQL injection vulnerabilities at a large scale, all managed from a smartphone through the Telegram messenger. The Katyusha Scanner is a relative newcomer available to black hats that surfaced in early April. It’s a...

Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities

Microsoft today released patches for 19 critical vulnerabilities, one of which was publicly known prior to the update. In all, 54 vulnerabilities were patched in Windows, Edge, Internet Explorer, Office and Exchange as part of Microsoft’s monthly Patch Tuesday release; 32 flaws were rated importa...

Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks

NTLM has a long history of serious vulnerabilities and of causing anxiety for Windows and UNIX server admins. Their collective angst is unlikely to lessen today with the disclosure of a pair of new vulnerabilities in the protocol suite. Microsoft today patched one of the issues among its Patch...

Adobe Fixes Six Vulnerabilities in Flash, Connect

Adobe fixed six vulnerabilities in two products, one of the company’s smallest security bulletins in recent memory, as part of its regularly scheduled round of updates on Tuesday. Included are fixes for the company’s Flash Player software platform, including a critical vulnerability CVE-2017-3099...

Micro Market Vendor Warns of Bankcard And Biometric Data Breach

Avanti Markets, which specializes in self-serve food kiosks typically located in company breakrooms, said an undisclosed number of its 1.5 million customers may have had their personal and bankcard data compromised along with stored biometric data. The company, based in Tukwila, WA, said on July ...

Telcos Singled Out for Prioritizing Government Requests for Data Over Privacy

Telecommunications giants don’t seem to have any interest in shaking their legacy of complicity with government requests for user data. The Electronic Frontier Foundation’s latest Who Has Your Back report singles out AT&T, Verizon, T-Mobile and Comcast as its lowest performers, saying that the...

Energy, Nuclear Targeted with Template Injection Attacks

Days after news broke last week that advanced, persistent threat actors penetrated nuclear facilities, researchers are explaining techniques used by adversaries to gain toeholds in similar targets in energy. Cisco Talos reported Friday that email-based attacks, leveraging template injection...

Google to Fully Distrust WoSign/StartCom SSL Certs in Chrome 61

Websites that are still using digital certificates issued by Chinese Certificate Authority WoSign may want to accelerate their plans to replace those certs. Google last week said it will fully distrust remaining certificates issued by the CA starting with Chrome 61. Devon O’Brien of the Chrome...

International Investigatory Group Also Target of Government Spyware

The same spyware that was used against Mexican journalists, lawyers, and even a child was also used against a group of international investigators. A collective known as the Interdisciplinary Group of Independent Experts GIEI, was hit by the spyware while in Mexico in 2016. The group was appointe...

Hard Rock, Loews Hotels Among Sabre Corp Hospitality Breach Victims

For the second time in the past year the Hard Rock Hotels and Casinos franchise is encouraging guests to keep tabs on their bank account statements for suspicious activity. The hotel, resort, and casino chain on Thursday said it was alerted on June 6 that its systems were impacted by a security...

Leaky WWE Database Exposes Personal Data of 3M Fans

Pro wrestling giant World Wrestling Entertainment notified fans on Thursday that a database containing personal information of three million fans was left on an insecure server. According to the WWE, personal information included names, both home and email addresses, earnings, ethnicity, children...

Decryption Key to Original Petya Ransomware Released

The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya/ExPetr outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted...

Let's Encrypt to Offer Wildcard Certificates in 2018

Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018. Wildcard certificates are public key certificates that can be used with multiple subdomains of a domain. The certificates are traditionally viewed as less expensive and more convenient by...

CopyCat Malware Infected 14M Android Devices, Rooted 8M, in 2016

A family of Android malware was so successful that at its peak, over the course of two months last year, it infected 14 million devices and rooted more than half of them, roughly eight million devices. Researchers said early Tuesday the strain of malware, dubbed CopyCat, helped its authors earn...

Google Patches Critical 'Broadpwn' Bug in July Security Update

Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. The so-called Broadpwn bug is tied to a vulnerability in Broadcom’s BCM43xx family of Wi...

Threat Actors Target Chinese Language News Sites

A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware...

Libgcrypt Attack Allowed Recovery of RSA-1024 Keys

The cryptographic library Libgcrypt is vulnerable to a local side-channel attack; something researchers warn could allow full key recovery for RSA-1024. The vulnerability CVE-2017-7526 is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows...

Researchers Find BlackEnergy APT Links in ExPetr Code

Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr...

Classic Ether Wallet Compromised via Social Engineering

Classic Ether Wallet, an open source wallet for the public, blockchain-based cryptocurrency platform Ethereum Classic ETC was compromised late last week. Developers of the decentralized platform said an attacker managed to hijack the domain for the wallet via social engineering late Thursday...

Siemens Patches Critical Intel AMT Flaw in Industrial Products

Siemens patched two critical vulnerabilities that affected its industrial products this week. One, tied to a recently disclosed flaw in Active Management Technology – a function of certain Intel processors – could have allowed an attacker to gain system privileges. Another vulnerability could hav...

Majority of Sites Fail Mozilla's Comprehensive Security Review

A majority of the top 1 million websites earn an “F” letter grade when it comes to adopting defensive security technology that protect visitors from XSS vulnerabilities, man-in-the-middle attacks, and cookie hijacking. The failing grades come from a comprehensive analysis published this week by t...

On This Week's NotPetya, ExPetr Outbreak

Mike Mimoso and Chris Brook discuss this week’s ExPetr global ransomware outbreak, how it was distributed, the wiper aspect, and similarities to 2016’s Petya ransomware. Download: ThreatpostNewsWrapJune302017.mp3 Music by Chris Gonsalves Show notes: ExPetr Called a Wiper Attack, Not Ransomware Ne...

This Retail Website Considers Password Security Optional

Most gaping security holes are terrible mistakes. But for one major Hong Kong-based online retailer called Strawberrynet, its security shortcomings are a feature. Like many ecommerce sites, registered users have an option for express checkout. What makes beauty-products website Strawberrynet uniq...

Petya Is Not Ransomware, It's a 'Wiper'

The outbreak of the ExPetr malware isn’t a ransomware attack, but more precisely, it’s a wiper attack that sabotaged PCs globally, overwriting their Master Boot Record forever. That’s the analysis of security experts from Kaspersky Lab and Comae Technologies who shared their latest research on th...

Ubuntu Fixes Linux Systemd Bug

Developers with Canonical pushed out a handful of patches for the Linux-based operating system Ubuntu this week, including one that resolves a bug that could have let an attacker cause a denial of service or execute arbitrary code with a TCP payload. Chris Coulson, a software and electronics...

'Little Hope' to Recover Data Lost to Petya Ransomware

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. Fewer than 50 ExPetr/Petya ransomware victims have paid approximately $10,200 in Bitcoin so far in the hopes of unlocking...

Microsoft Issues 'Important' Security Fix for Azure AD Connect

Microsoft is warning customers of a bug in its Azure Active Directory Connect product that could allow an adversary to escalate privileges and reset passwords and gain unauthorized access to user accounts. The advisory 4033453 was issued Tuesday via Microsoft’s TechNet website for the vulnerabili...

New Petya Distribution Vectors Bubbling to Surface

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. While Microsoft and others continue to shore up links between yesterday’s global ransomware outbreak and the update...

Average Bug Bounty Payments Growing

HackerOne said Monday its average dollar payouts to participants are up, and cross site scripting vulnerabilities cause the biggest headaches for companies. The bug bounty platform provider culled data from the past four years, analyzing 50,000 reported bugs and more than $17 million in payouts t...

Complex Petya-Like Ransomware Outbreak Worse than WannaCry

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. The attackers behind today’s global ransomware outbreak are spreading the malware using a modified version of the leaked...

Google Hit With $2.7 Billion Antitrust Fine

Search giant Google this week was hit with a hefty $2.7 billion fine seven years in the making. Antitrust officials with the European Commission handed out the fine, which translates to €2.4 billion. Regulators with the EC claim the company abused its dominance as a search engine to push its...

Second Global Ransomware Outbreak Under Way

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. A global WannaCry-like ransomware outbreak–which began in Russia and Ukraine and spread across Europe–is being reported...

Major Hole Plugged in Secure File Transfer Tool

Biscom, a secure document delivery provider, recently patched a serious vulnerability in its secure file transfer product that could have allowed an authenticated hacker access to data shared between other users. Privately alerted in April by Rapid7 a Biscom customer, the company released an...

Another RCE Vulnerability Patched in Microsoft Malware Protection Engine

Google Project Zero continues to scrape away at the ubiquitous Microsoft Malware Protection Engine at the core of many security products embedded in Windows, and it continues to discover new critical vulnerabilities. The latest, another remote code execution flaw, was patched on Friday after it w...