Google Elevates Security in Android O

Google last week during its I/O event described security tweaks that are part of its upcoming Android O operating system, which is expected to be released later this year. New features are Project Treble and a new permission standard around the feature called Instant App. Also to be introduced wi...

Yahoo Retires ImageMagick After Bugs Leak Server Memory

Yahoo has exorcised itself of the troublesome ImageMagick image processing software after it learned of vulnerabilities in an outdated version of the open source tool it was running could be exploited to steal secrets from Yahoo servers. Researcher Chris Evans, formerly of Google, privately...

Apple Receives First National Security Letter

Apple revealed this week that it received a National Security Letter during the last six months of 2016. The news, which came as part of the company’s latest biannual transparency report, marks the first NSL Apple has reported receiving. The iPhone manufacturer released the report via a portal on...

Trump's Top Cybersecurity Boss Talks Priorities

BOSTON–Citing Mirai and WannaCry as recent examples, Rob Joyce, special assistant to the president and cyber security coordinator for the White House, said the global landscape of cyber threats can’t be ignored and the U.S. needs to sharpen its defenses when it comes to fending off attacks. “If y...

Verizon Patches XSS Issues in its Messaging Client

Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...

EternalRocks Worm Spreads Seven NSA SMB Exploits

Someone has stitched together seven of the Windows SMB exploits leaked by the ShadowBrokers, creating a worm that has been spreading through networks since at least the first week of May. Researcher Miroslav Stampar, a member of the Croatian government’s CERT, captured a sample of the worm last...

Jaya Baloo on WannaCry and Defending Against Advanced Attacks

Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must contend with advanced attacks. Baloo will be speaking at the upcoming Borderless Cyber USA conference in...

Terror Exploit Kit Evolves Into Larger Threat

The relatively new Terror exploit kit is bucking the downward trend in the EK market, and is steadily evolving into more of a threat. Researchers at Cisco Talos said Terror has abandoned an early strategy that included “carpet-bombing” a target’s browser to one that now uses exploits that precise...

Available Tools Making Dent in WannaCry Encryption

Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on some Windows systems. This takes on extra urgency because today marks one week from the initial outbreak, and files encrypted during that first wave are on the clock and close to being...

VMware Patches Multiple Security Issues in Workstation

VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability. The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009. Jann Horn, a securi...

On WannaCry, the KillSwitches, and the Possible Lazarus Group Connection

Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with Lazarus Group, and what the future holds for the ShadowBrokers. Download: ThreatpostNewsWrapMay192017.mp3 Music by Chris Gonsalves...

PATCH Act Calls for VEP Review Board

The U.S. government took the first steps toward codifying the Vulnerabilities Equities Process into law yesterday through the introduction of the Protecting Our Ability to Counter Hacking PATCH Act of 2017. The VEP is the internal process by which the government decides which software...

Android Gets Security Makeover With Google Play Protect

Mobile operating system Android received a big security makeover Wednesday with the introduction of Google Play Protect. At Google I/O, Google’s annual developer conference, the company teased a major update to its security platform that consists of a mix of new features, a rebranding of existing...

WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program

WordPress is urging webmasters to update to the latest version of its content management system to mitigate several issues, including a pair of cross-site scripting XSS bugs and a cross-site request forgery CSRF bug that’s existed for 10 months. The latest iteration of the software, version 4.7.5...

Senate's Use of Signal A Good First Step, Experts Say

On Tuesday the United States Senate made it official and approved the use of encrypted messaging app Signal by staffers. Encryption advocates applauded the measure, but say more needs to be done to protect “civic” infrastructure critical to democracy. “The move to secure communications...

Siemens, Bayer Expected to Patch Medical Devices Hit By WannaCry

It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry ransomware outburst as well. Over the past few days the Department of Homeland...

APT3 Linked to Chinese Ministry of State Security

Researchers claim that APT3, widely believed to be a China-based threat actor, is directly connected to the Chinese Ministry of State Security MSS. The allegations come from Recorded Future which released a report Wednesday that claims it has found conclusive ties that link APT3 with MSS, China’s...

Next Payload Could be Much Worse Than WannaCry

No one should be letting their guard down now that the WannaCry ransomware attacks have been relatively contained. Experts intimately involved with analyzing the malware and worldwide attacks urge quite the opposite, warning today that there’s nothing stopping attackers from using the available N...

DocuSign Phishing Campaign Includes Hancitor Downloader

Electronic document exchange vendor DocuSign warned on Monday of a wave of phishing emails targeting its customers with links to malicious Word documents. The campaign, it said, was tied to an earlier breach of its computer networks where hackers were able to gain “temporary access” and exfiltrat...

Apple Patches Pwn2Own Vulnerabilities in Safari, macOS, iOS

Apple fixed 66 vulnerabilities across seven product lines, including Safari, iTunes, macOS, and iOS, on Monday. Many of the fixes – especially in macOS and Safari – resolve vulnerabilities uncovered at Pwn2Own, the hacking contest held at CanSecWest each year. Contestants collectively earned...

WannaCry Shares Code with Lazarus APT Samples

As the first inkling of attribution emerged in the WannaCry ransomware outbreak, researchers found another attack using the same leaked NSA attack tools to spread the Adylkuzz cryptocurrency miner. Kafeine, a well-known exploit researcher who works for Proofpoint, said Monday that this attack cou...

Chrome Browser Hack Opens Door to Credential Theft

A vulnerability in Google’s Chrome browser allows hackers to automatically download a malicious file onto a victim’s PC that could be used to steal credentials and launch SMB relay attacks. Bosko Stankovic, information security engineer at DefenseCode, found the flaw in the default configuration ...

ShadowBrokers Planning Monthly Exploit, Data Dump Service

Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club. In what’s become a signature periodic rant from the unknowns behind the leak of...

WikiLeaks Reveals Two CIA Malware Frameworks

WikiLeaks released details on what it claims are two frameworks for malware samples dubbed AfterMindnight and Assassin, both allegedly developed by the U.S. Central Intelligence Agency. The revelations come amid worldwide efforts to squelch variants of the WannaCry ransomware, an offensive hackin...

OpenVPN Audits Yield Mixed Bag

Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes after it was announced in December the SSL VP...

WannaCry Variants Pick Up Where Original Left Off

The inevitable wave of WannaCry ransomware variants began in earnest over the weekend after bit of sleuthing from a U.K. researcher slowed down the initial global outbreak. At least five new takes on the first attack, all still leveraging the NSA’s EternalBlue exploit and DoublePulsar rootkit, ar...

Matthew Hickey on WannaCry Ransomware Outbreak

Matthew Hickey, founder of HackerHouse and @hackerfantastic on Twitter, talks to Mike Mimoso about Friday’s WannaCry ransomware outbreak, what the upcoming week bodes for businesses and the dangers of governments weaponizing attacks without sharing vulnerability information. Download:...

Microsoft Releases XP Patch for WannaCry Ransomware

Microsoft has taken the extraordinary step of providing an emergency update for unsupported Windows XP and Windows 8 machines in the wake of Friday’s WannaCry ransomware outbreak. Unknown attackers were using the EternalBlue exploit leaked by the ShadowBrokers in April to spread WannaCry, a varia...

New Jaff Ransomware Part Of Active Necurs Spam Blitz

A new malware family called Jaff has been identified by researchers who say they are currently tracking multiple massive spam campaigns distributing the malware via the Necurs botnet. “It came out of nowhere with a huge bang,” Cisco Talos researchers said Friday In the last 24 hours, the firm has...

Leaked NSA Exploit Spreading Ransomware Worldwide

A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump. Researchers at Kaspersky Lab said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, the codename for an exploit made public by the...

On the Microsoft Malware Protection RCE, Handbrake, and Trump's EO

Mike Mimoso and Chris Brook discuss the news of the week, including Tavis Ormandy and Natalie Silvanovich’s Microsoft Malware Protection Engine bug, Handbrake OS X malware, the HP keylogger, Trump’s Cybersecurity EO, and more. Download: ThreatpostNewsWrapMay122017.mp3 Music by Chris Gonsalves...

Anti Public Combo List Analysis Reveals Password Habits Improving

An independent analysis of the so-called Anti Public Combo List, a dump of 562 million breached usernames and passwords, reveals a privacy silver lining. Hard to imagine, but according to an analysis of the data by Duo Labs researchers, consumers are slowly adopting safer password habits. The Ant...

Trump Signs Cybersecurity Executive Order

President Trump today signed a long-delayed cybersecurity executive order that prioritizes the protection of federal networks and critical industries, and instructs agency heads to implement the NIST Framework for Improving Critical Infrastructure Cybersecurity. The order was to be signed in late...

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Legal Hackers‘ Dawid Golunski found the vulnerabilities–a host header injection and an...

Microsoft's New Security Update Guides Get Mixed Reviews

Microsoft is receiving mixed reviews for its shift to delivering security update information via its newly launched Security Update Guides. The change was official in April, with Microsoft explaining it would allow system administrators to effectively pair specific patches with vulnerabilities, a...

Keylogger Found in Audio Drivers on Some HP Machines

An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday. The culprit appears to be version 1.0.0.31 of MicTray64.exe, a program that comes installed with the Conexant audio drive...

ASUS Patches RT Router Vulnerabilities

A recent ASUS firmware update addressed a number of vulnerabilities in 30 models of its popular RT routers. The flaws were privately disclosed by researchers at Baltimore consultancy Nightwatch Cybersecurity, and were patched starting in March, with 10 updates added Wednesday. Users should ensure...

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...

Android Permissions Flaw Will Linger Until O Release

Google said Tuesday that a permissions flaw that puts Android users at a heightened risk for malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O. The vulnerability impacts an undisclosed number of apps hosted on Google Play, researchers at...

Microsoft Makes it Official, Cuts off SHA-1 Support in IE, Edge

Lost in yesterday’s shuffle of emergency updates and regularly scheduled monthly patches was Microsoft’s announcement that it was officially cutting off SHA-1 support in Internet Explorer 11 and Edge. Going forward, both browsers will block webpages signed with a SHA-1 TLS or SSL certificate from...

Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump

Cisco released an update this week that addresses a vulnerability in software running in more than 300 of its switches. The flaw was disclosed among the WikiLeaks Vault 7 dump of alleged CIA offensive hacking tools, and proof-of-concept exploit code exists that targets the vulnerability. Cisco sa...

Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday

Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday release. Researchers with FireEye who uncovered the three vulnerabilities said the bugs were actively being exploited by threat actors Turla and APT28. Two of the zero day vulnerabilities...

Google's OSS-Fuzz Finds 1,000 Open Source Bugs

The numbers are in, and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months the effort has unearthed more than 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz,...

Adobe Patches Seven Critical Vulnerabilities in Flash, AEM

Adobe fixed eight vulnerabilities, seven critical, in Flash Player and its Adobe Experience Manager AEM Forms product as part of a regularly scheduled update Tuesday morning. All seven of the Flash Player bugs can lead to code execution and should be considered critical, according to a security...

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...

Hikvision Patches Backdoor in IP Cameras

Hikvision, a Chinese manufacturer of video surveillance equipment, recently patched a backdoor in a slew of its cameras that could have made it possible for a remote attacker to gain full admin access to affected devices. The backdoor stems from two bugs: an improper authentication bug and a...

HandBrake for Mac Compromised with Proton Spyware

The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...

Wormable Windows Zero Day Reported to Microsoft

Google Project Zero researcher Tavis Ormandy has a long legacy of finding unknown, critical software vulnerabilities to his credit. So when he calls a new bug the worst in recent memory, it’s likely not hyperbole. On Saturday, Ormandy tweeted that he and colleague Natalie Silvanovich has found a...

Researchers Disclose Intel AMT Flaw Research

On Friday, just as Intel released additional information regarding a critical flaw found earlier this week in a subset of its business-class PCs, the researchers behind the initial vulnerability discovery, Embedi, also published their research on the flaw. Intel warned Monday of a firmware...

Supply Chain Update Software Unknowingly Used in Attacks

Microsoft said a recent attack it calls Operation WilySupply utilized the update mechanism of an unnamed software editing tool to infect targets in the finance and payment industries with in-memory malware. The unnamed editing tool was used to send unsigned malicious updates to users in targeted...