Ultrasonic Beacons Are Tracking Your Every Movement

More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their...

On the Google Docs Phishing Attack, Intel AMT, and Drone Security

Mike Mimoso and Chris Brook discuss the news of the week, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM’s malware-laden USB drives, and drone security. Download: ThreatpostNewsWrapMay52017.mp3 Music by Chris Gonsalves...

Business Email Compromise Losses Up 2,370 Percent Since 2015

Business Email Compromise BEC schemes, where executives are scammed via social engineering and phishing compromises that ultimately lead to fraudulent wire transfers, grew at a jaw-dropping rate of 2,370 percent in the last two years. The FBI yesterday published its latest statistics on these...

Carbanak Attackers Devise Clever New Persistence Trick

Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. The technique involves creating a bogus instance of a Microsoft Windows app compatibility feature. On Wednesday, Mandiant, FireEye...

Stealthy Konni RAT Targeting North Korea Since 2014

Two recent espionage campaigns against political and strategic targets in North Korea has been linked to malware that has stayed hidden for the better part of three years. Cisco’s research arm Talos published a report yesterday on the malware it calls Konni. Two attacks in April used phishing...

Glaring Vulnerabilities Make Many Commercial Drones 'Insecure by Design'

Drones, many readily available on ecommerce shops such as Amazon, are plagued by vulnerabilities that could give attackers full root access to the device, read or delete files, or crash the device. The United States Computer Emergency Readiness Team US-CERT published a warning about one model, th...

1 Million Gmail Users Impacted by Google Docs Phishing Attack

Google said that up to 1 million Gmail users were victimized by yesterday’s Google Docs phishing scam that spread quickly for a short period of time. In a statement, Google said that fewer than 0.1 percent of Gmail users were affected; as of last February, Google said it had one billion active...

Blackmoon Banking Trojan Using New Infection Technique

New clues have surfaced on how the Blackmoon banking Trojan is infecting its victims using a new framework to deliver the malware. “We noticed recent campaigns two weeks ago where Blackmoon had shifted its infection strategy and is now utilizing a unique and interesting technique,” said Hardik...

Unpatched WordPress Password Reset Vulnerability Lingers

A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of...

Google Shuts Down Docs Phishing Spree

Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonating Google Docs. The emails, at the outset, targeted journalists primarily and attempted to trick victims into granting the malicious application permission to access the user’s Google...

Sabre Corp. Investigating Breach of Reservation System

Travel services company Sabre Corp., acknowledged this week that it’s in the middle of investigating a data breach in its Hospitality Solutions reservation system that may have spilled personally identifiable information and payment card data belonging to its customers. The Texas-based company...

Researcher: 'Baseless Assumptions' Exist About Intel AMT Vulnerability

Researchers at Embedi who found the critical Active Management Technology AMT flaw in Intel chips said in a blog published today there were “a tremendous amount of baseless assumptions” being made about the vulnerability. According Embedi CTO Dmitry Evdokimov, an information vacuum has predictabl...

Proposed NIST Password Guidelines Soften Length, Complexity Focus

A comment period has closed on NIST’s new password guidelines for federal agencies that challenge the effectiveness of traditional behaviors around authentication such as an insistence on complex passwords and scheduled resets. As more tech companies move away from passwords and toward multistep...

Shamoon Collaborator Greenbug Adopts New Communication Tool

Researchers have identified a possible new collaborator in the continued Shamoon attacks against Saudi organizations. Called Greenbug, this group is believed to be instrumental in helping Shamoon steal user credentials of targets ahead of Shamoon’s destructive attacks. However, researchers know...

IBM: Destroy USBs Infected with Malware Dropper

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices. IBM would not comment on the source of the infection or where in the supply chain the interdiction happened, and instead referred Threatpost to an...

DDoS Attacks Can Cost Businesses Up to $2.5M Per Attack, Report Says

The time to respond and mitigate DDoS attacks can be costly for companies, and some businesses can lose roughly $2.5 million on average per attack, a research report released today said. Neustar, an analytics firm that sees swathes of DDoS attack telemetry daily, boiled down some of the figures i...

Malware Hunter Crawls Internet Looking for RAT C2s

A new crawler released today by Shodan designed to find command and control servers has already unearthed 5,800 controllers for more than 10 remote access Trojan RAT families. The crawler, called Malware Hunter, poses as an infected computer beaconing out to an attacker’s server waiting for...

Google Patches Six Critical Mediaserver Bugs in Android

Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to its problematic Mediaserver component. An additional four critical vulnerabilities related to Qualcomm components in Android handsets including Google’s own Nexus 6P, Pixel XL an...

Fuze Patches Bug That Exposed Recordings of Private Business Meetings

Fuze, an enterprise-grade voice and video collaboration platform, has patched a vulnerability that exposed recordings of private meetings. A fix was made server-side by Fuze, and a patch was pushed to its endpoint client apps within 11 days of being privately notified by researchers at Rapid7...

Intel Patches Nine-Year-Old Critical CPU Vulnerability

Intel patched a critical vulnerability that dates back nine years and impacts business desktop PCs that utilize the company’s Active Management Technology. According to an Intel security bulletin, the flaw could allow an adversary to elevate privileges on a vulnerable system. Intel said there are...

Apple Revokes Certificate Used By OSX/Dok Malware

Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...

Dan Geer: Cybersecurity, Humanity's Future "Conjoined"

Given the intertwinement of technology with communication, politics, economies and overall human progress, it seems to go hand-in-hand that cybersecurity must be elevated in parallel. Dan Geer, considered atop the food chain of security thinkers, said during last week’s Source Boston conference...

Flickr Vulnerability Worth $7K Bounty to Researcher

Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. The issue was patched April 10, eight days after Michael Reizelman privately disclosed it through Yahoo’s HackerOne bounty program. Reizelman sai...

WikiLeaks Reveals CIA Tool 'Scribbles' For Document Tracking

Update WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located ...

On SOURCE Boston, DoublePulsar, and HipChat

Mike Mimoso and Chris Brook recap this year’s SOURCE Boston Conference and discuss the week in news, including the long term implications of the NSA’s DoublePulsar exploit, and the HipChat breach. Download: ThreatpostNewsWrapApril282017.mp3...

Ransomware, Cyberespionage Dominate Verizon DBIR

Ransomware dominated malware-related data breaches investigated by Verizon last year, appearing in 71 percent of cases, according to the annual Verizon Data Breach Investigations Report DBIR released Thursday. Compared to last year’s DBIR report, ransomware attacks are up 50 percent. Still, Veriz...

Lack of Communication Achilles' Heel for Ransomware Fighters

BOSTON—Collaboration is important when it comes to fighting ransomware, but the lack of communication around the issue remains a serious impediment, law enforcement says. “If we don’t know about it and no one keeps track of it, then no one cares,” Frank McLaughlin, a detective with the Boston...

Chrome to Mark More HTTP Pages 'Not Secure'

Google began in January flashing warnings in the Chrome address bar that a page was “Not Secure” if password or payment card data fields were present. “Since the change in Chrome 56, there has been a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card...

The Time Has Arrived to Embrace Hackers

BOSTON—More than ever, hackers are getting a welcoming embrace from law enforcement, governments and business. Bug bounties and vulnerability disclosure programs are becoming the norm across industry, and hackers are no longer universally viewed as a pariah. Simultaneously, however, groups such a...

New COOP Attack Method Highlights Weaknesses In Microsoft's CFG Defenses

Researchers at Endgame have been evaluating an exploitation technique called Counterfeit Object-Oriented Programming COOP to bypass Control Flow Integrity CFI implementations such as that used by Microsoft to harden the defenses of Windows 10. Microsoft added its mitigation, called Control Flow...

Air Force Hopes To Attract Hackers With Bug Bounty Program

On Wednesday, the United States Air Force became the latest division of the U.S. Armed Forces to announce a public-facing bug bounty program. The program, Hack the Air Force, invites vetted white hat security experts to hack key public-facing Air Force websites. The Air Force follows in the...

Lack of Security Talent Afflicts Health Care

BOSTON—Reality has bitten healthcare hard in the last year, with dire vulnerabilities in medical devices bubbling to the surface, malware infections affecting patient care at a number of facilities, and the realization that nowhere is the lack of information security professionals more pressing...

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...

Atlassian Resets HipChat Passwords Following Breach

Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service. The company began warning users Monday via email that as a result an attacker may have secured access to user informatio...

xDedic Market Spilling Over With School Servers, PCs

Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States. In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and legal firms mak...

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Adobe today released an important security hotfix for several versions of its ColdFusion rapid web application development platform. The company said the update addresses an input validation vulnerability CVE-2017-3008 in the software that could be used in reflected cross-site scripting XSS...

Zimperium Publishes Exploits for Patched Android Bugs

Exploits for two patched Android privilege escalation vulnerabilities were published today by security company Zimperium. These are the first publicly released submissions from its N-Days Exploit Acquisition Program, which began in February and had among its stated goals to encourage researchers ...

Hyundai Patches Leaky Blue Link Mobile App

Hyundai Motor America has patched a vulnerability in its Blue Link mobile application that exposed personal and vehicle information to an attacker. Updated versions of the app 3.9.6 were released to Google Play and the Apple App Store on March 8, a little more than one month after Rapid7 learned...

Researchers Struggle to Get A Grip On Fileless Malware

The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. “There has been an unequivocal uptick in the use of...

Original XPan Ransomware Returns, Targets Brazilian SMBs

Brazilian cybercriminals are using the original version of the XPan ransomware, targeting small to medium-sized business based in Brazil with the malware. XPan works by penetrating poorly protected remote desktop protocol RDP connections. Hackers use those connections to manually install the...

NSA's DoublePulsar Kernel Exploit In Use Internet-Wide

If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker MS08-067, which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks...

Locky Ransomware Roars Back to Life Via Necurs Botnet

Cybercriminals behind the Locky ransomware and Necurs botnet are back in business. Last Friday researchers spotted both delivering nearly 35,000 emails in just a few hours, the first major Locky campaign researchers have seen in months, according to Cisco Talos. Researchers warn the latest Locky...

SquirrelMail Remote Code Execution Vulnerability Patched

Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...

SMSVova Spyware Hiding in 'System Update' App Ejected From Google Play Store

An Android app that falsely claimed to be a tool for keeping smartphones up-to-date with the latest version of the OS was found surreptitiously tracking the physical location of it users using spyware called SMSVova. SMSVova hides inside a bogus app called System Update and is sent commands by...

Skype Fixes Credential Phishing Bug "SPYKE"

Microsoft recently fixed a vulnerability in its video chat and messaging app Skype that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application. Zacharis Alexandros, an independent researcher who’s also with the ‎European...

On The Latest ShadowBrokers Dump, Microsoft, Oracle, and the Bosch OBD-II Dongle Hack

Mike Mimoso and Chris Brook discuss the news of the week, including last Friday’s ShadowBrokers dump, how Microsoft learned and patched the vulnerabilities, and the Solaris bugs patched by Oracle. Microsoft ditching passwords, and a new car dongle hack are also discussed. Download:...

Google Pleads for Better Cross-Border Exchange of Digital Evidence

Google said it is receiving a growing number of cross-border requests for user data to be used as evidence in criminal prosecutions. The volume of requests is also exposing weaknesses in the existing process for exchanging data between countries called the Mutual Legal Assistance Treaties MLAT,...

Mirai and Hajime Locked Into IoT Botnet Battle

Security experts say a white hat hacker is responsible for the Hajime IoT botnet, which is on a mission to secure IoT devices vulnerable to the notorious Mirai malware. Divergent goals between Mirai and Hajime, experts say, will spark a perpetual back-and-forth between Mirai black hats and a lone...

Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Stands Pat

Google fixed a handful of issues when it released the latest version of its browser, Chrome 58, on Wednesday, including a vulnerability that could have made it easier for an attacker to carry out a phishing attack with Unicode domains. The vulnerability, based on Punycode – a way to represent...

20 Linksys Router Models Vulnerable To Attack

More than 20 Linksys router models are vulnerable to attacks that allow a third party to reboot, lock out and extract sensitive router data from affected devices. According to IOActive, impacted routers include some of its latest Linksys Smart Wi-Fi Router brands, specifically the EA and WRT...