15946 matches found
Stuxnet LNK Exploits Still Widely Circulated
One of the alleged mandates around the development of the Stuxnet worm was that malware’s numerous components—which included a handful of zero days—should never escape the Natanz uranium enrichment facility in Iran. Eight years later, evidence continues to mount as to how that mandate was...
Drupal Closes Access Bypass Vulnerability in Core Engine
A critical vulnerability in the Drupal Core engine was addressed in an update released Wednesday. Drupal engineers are calling it an access bypass vulnerability and said a Drupal-based website is vulnerable only under certain conditions, including whether a site has the RESTful Web Services modul...
Microsoft Touts New Phone-Based Login Mechanism
It likely won’t mark the death knell of passwords but Microsoft announced this week its giving users a new way to sign into their accounts without having to enter a lengthy combination of numbers, letters and characters. The feature, which relies on users having access to their mobile phones, is...
Patched Flaw in Bosch Diagnostic Dongle Allowed Researchers to Shut Off Engine
Two vulnerabilities were identified in Bosch’s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle. One of the issues was patched via server-side fix, Bosch said in an April 13 statement, while the other in the dongle itself will be handl...
Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities
Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...
IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels
In what’s becoming a familiar refrain to guests, InterContinental Hotels Group, said late last week that payment card systems at more than 1,000 of its hotels had been breached. It’s the second breach that IHG, a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its...
Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps
Facebook’s Delegated Account Recovery, a protocol that allows applications to delegate account recovery permission to third-party applications, entered its beta phase today with the release of SDKs and additional support for new platforms. The feature has been running on a trial basis since late...
Low-Cost Ransomware Service Discovered
A new ransomware as a service RaaS called Karmen has been discovered by security researchers at Recorded Future. This service allows anyone, including novices, to set up an account and customize their own ransomware campaign. The Karmen RaaS costs $175 and lets buyers set ransom prices, determine...
Wave of Java-Based RATs Target Tax Filers
Spammers are spreading Java-based remote access Trojans, known as jRATs, targeting tax filers with attachments named “IRS Updates.jar” and “ImportantPDF.jar” that, if executed, give attackers access to compromised endpoints. Zscaler, which is tracking the jRATs, believes some of the campaigns cou...
ShadowBrokers' Windows Zero-Days Already Patched
Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most...
VMWare Fixes Critical RCE in vCenter Server
VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios. The vulnerability affected two versions of vCenter, 6.5 and 6.0. Users are encouraged to update to the most recent versions, 6.5c, and...
ShadowBrokers Expose NSA Access to SWIFT Service Bureaus
The NSA used exploits to target two SWIFT Service Bureaus in order to access banking data from a number of financial institutions in the Middle East. The access was likely used to monitor funding for terrorist operations, experts said today as analysis continues of the latest ShadowBrokers dump o...
Google Making Life Difficult for Ransomware to Thrive on Android
SINT MAARTEN—Google has never been shy about sharing security enhancements and victories in Android. The mobile operating system is tweaked at every iteration to fend off threats posed by potentially harmful apps and attacks against devices. At the recent Kaspersky Lab Security Analyst Summit,...
On Baseband Vulnerabilities, SIEMs, Samsung Tizen and More
Mike Mimoso, Tom Spring, and Chris Brook recap two conferences from last week: Infiltrate Con in Miami and Kaspersky Lab’s Security Analyst Summit in St. Maarten. A baseband vulnerability, SIEMs, vulnerabilities in Samsung’s Tizen operating system, and an IoT honeypot are discussed. Download:...
Stories From Two Years in an IoT Honeypot
SINT MAARTEN—Curious just how susceptible some of the more vulnerable IoT devices are, a researcher set up a series of honeypots at his friends’ houses to record traffic, exploit attempts and other statistics. Dan Demeter, a junior security researcher with Kaspersky Lab’s Global Research and...
Exploit Kit Activity Quiets, But is Far From Silent
Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target. Here are the exploit kits and explo...
FDA Demands St. Jude Take Action on Medical Device Security
The U.S. Food and Drug Administration on Wednesday sent Abbott Laboratories a warning letter citing that it had inadequately addressed the security of the maligned Merlin@home Transmitter. The letter promises regulatory action against the healthcare company should vulnerabilities in the device...
'High Risk' Zero-Day Leaves 200,000 Magento Merchants Vulnerable
A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and originally reported the vulnerability to Magento ...
Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks
Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack. According to Andrew Reed and Michael Kranch, researchers with the U.S. Military Academy at West Point, it wouldn’t take much work for an attacker to capture traffic...
Phone Hack Uses Sensors To Steal PINs
University researchers have created a method to steal a smartphone user’s PIN by leveraging sensor data generated by the targeted phone. Researchers say the method has a 74 percent success rate when it comes to accurately determining four-digit PIN data inputted by a phone’s owner. Researchers fr...
Office Zero Day Delivering FINSPY Spyware to Victims in Russia
Since at least January, unidentified state-sponsored attackers have been targeting victims in Russia with FINSPY spyware delivered in exploits for an Office and WordPad zero-day vulnerability patched on Tuesday by Microsoft. Separately, the same zero-day has been leveraged in financially motivate...
SAP Updates Two-Year-Old Patch for TREX Vulnerability
SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products, including the old NetWeaver application integration platform and the SAP HANA database. The flaw was originally found in 2015 and patched in SAP HANA...
Microsoft Patches Three Vulnerabilities Under Attack
Microsoft today patched a zero-day Word vulnerability that has been publicly attacked along with deploying fixes for Internet Explorer, Microsoft Edge and Windows 10. In all, nine Microsoft products received updates totaling 45 unique CVEs. Three of the vulnerabilities among Tuesday’s updates,...
Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop
Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today. The company warned in a series of security bulletins posted shortly before noo...
Microsoft Patches Word Zero-Day Spreading Dridex Malware
Microsoft on Tuesday released a patch for a zero-day vulnerability that was discovered late last week and used to spread the Dridex banking Trojan. Attacks were spreading via a massive spam campaign where emails contain Microsoft Word documents with malicious attachments that exploited a...
Spammer's Arrest Puts End to Kelihos Botnet
The alleged Russian botmaster behind the Kelihos botnet was arrested while on vacation in Spain, putting an end to a seven-year cybercrime operation that foisted hundreds of millions of spam messages on consumers, as well as a dangerous array of banking malware and ransomware. Pyotr Levashov, als...
Tools Used by Lamberts APT Found in Vault 7 Dumps
Links have emerged connecting targeted attacks going back a decade against high-profile government, industrial and financial targets around the world to hacking tools and documents leaked in the Vault 7 dump. Researchers at Kaspersky Lab today published a technical report on the activities of a...
Breaking Signal: A Six-Month Journey
UPDATE MIAMI–Markus Vervier and Jean-Philippe Aumasson have spent the past six months poking security holes in the end-to-end encryption protocol Signal, all on their free time. And they have been successful in privately disclosing what they consider more than a half-dozen flaws to Signal, most o...
ShadowBrokers Dump More Equation Group Hacks, Auction File Password
The mysterious ShadowBrokers, long thought to have given up their cause, released on Saturday additional hacking tools allegedly belonging to the Equation Group, along with the password guarding the original set of exploits the group planned to auction off. The password was at the tail end of a...
Travel Routers, NAS Devices Among Easily Hacked IoT Devices
SINT MAARTEN—A researcher only needed 20 minutes last week to explain just how hopelessly broken some of the more popular Internet of Things devices on the market these days are. Jan Hoersch, an IT security consultant at Securai GmbH, a small pen-testing firm based in Munich, described...
Riverbed Patches Vulnerabilities in Application Monitoring Portal
Riverbed Technology has patched four serious vulnerabilities in its SteelCentral portal, a centralized application performance monitoring platform. The flaws could allow an attacker to access critical application data and move through the network to other Riverbed agents feeding data into the...
Researcher Warns SIEMs Are Weak Link In Network Security Chain
MIAMI—Security information and event management SIEM solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets. The warning comes from security expert John Grigg, lead cyber strategist with Meta Studios. In a talk at the Infiltrate Conference...
Baseband Zero Day Exposes Millions of Mobile Phones to Attack
MIAMI—A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules and IoT components was revealed Thursday at the Infiltrate Conference by researcher Ralf-Phillip Weinmann, managing director at security firm Comsecuris. In one attack scenario, the vulnerabili...
Creating a More Altruistic Bug Bounty Program
SINT MAARTEN—David Jacoby and Frans Rosén want security researchers to become more altruistic about how they approach bug bounty programs. While programs such as those facilitated by HackerOne and BugCrowd have become ubiquitous over the last several years, the researchers said in a talk at...
Apache Struts 2 Exploits Installing Cerber Ransomware
Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware. The SANS Internet Storm Center on Thursday said it has seen numerous attempts during the past month to exploit the vulnerability in this way. The fl...
Samsung Tizen Security 'Feels like 2005'
SINT MAARTEN—Samsung’s Tizen operating system, a strategic stronghold for the company as it attempts to grow its line of homegrown mobile devices, isn’t such a vanguard when it comes to security. An independent researcher has discovered dozens of vulnerabilities in the OS that puts devices such a...
Chrome Security Team Tackles 'Friendly Fire' To Keep Browser Safe
MIAMI— What is life like in the security trenches inside Google’s Chrome browser security team? From the perspective of Justin Schuh, lead engineer of Chrome Security, it’s balancing act where he has to juggle OEM pressures, questionable certificate authorities and quashing third-party software...
Malware Scanning Services Containers for Sensitive Business Information
SINT MAARTEN—Malware scanning services could be the next listening outpost for criminals and nation-state attackers as more of these services such as VirusTotal are becoming containers for personal, business and even classified information because of some organizations’ policy decision to upload...
Security Analyst Summit 2017 Day Two Recap
SINT MAARTEN—Mike Mimoso and Chris Brook recap the second day of Kaspersky Lab’s Security Analyst Summit, including how a Brazilian bank was compromised, a talk by Swisscom’s Markus Neis, and David Jacoby and Frans Rosen’s Hacking for Humanity talk. Download:...
Android Variant of Notorious Pegasus Spyware Found
Researchers say a variant of the notorious surveillance software called Pegasus has been found targeting Android users, allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones. The malware, called Chrysaor, was discovered through a joint effo...
Details Around Romanian Phishing Kit Creator, Campaign Revealed
Researchers explained how they traced a cybercriminal’s tracks through a series of proxies, compromised web servers, and poorly secured routers. The suspect hasn’t been apprehended yet, but could be behind a larger campaign, they said. Peter Kruse and Jan Kaastrup, researchers with Denmark’s CSIS...
Lessons From Top-to-Bottom Compromise of Brazilian Bank
SINT MAARTEN—For three months starting last October, hackers pulled off a stunning compromise of a Brazilian bank’s operations top-to-bottom. The attack was comprehensive with each of the bank’s 36 domains, corporate email and DNS under the attacker’s control. Once Kaspersky Lab researchers Fabio...
Trump Signs Repeal of ISP Privacy Rules
President Trump signed congressional legislation late Monday that repeals the Federal Communications Commission’s rules that would have prevented broadband ISPs from tracking and selling its customers’ online information. Despite opposition from civil liberties groups, democrats who voted against...
New RAT Targets Koreans And Is Skilled At Evading Detection
Researchers have identified a stealthy new remote access tool dubbed ROKRAT that leverages a bevy of anti-detection measures. The RAT targets the Korean language Microsoft Word alternative Hangul Word Processor HWP. ROKRAT was detected several weeks ago by Cisco Talos, who said the malware is par...
Security Analyst Summit 2017 Day One Recap
SINT MAARTEN—Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, Thomas Rid, Daniel Moore, Juan Andres Guerrero-Saade, and Costin Raiu’s Moonlight Maze talk, ATM hacking, and the Lazarus APT. Download:...
Lazarus APT Spinoff Linked to Banking Hacks
SINT MAARTEN—The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 201...
Fileless Banking Malware Attackers Break In, Cash Out, Disappear
SINT MAARTEN—Cybercriminals who used fileless, memory-based malware to carry out attacks on nearly 150 enterprises worldwide earlier this year were onto something. The attackers already had remote access to the bank’s networks through the malware, described in February, but once they were inside,...
Lines Around Cyber Threat Intelligence Sharing Blurring
SINT MAARTEN—The rift between between threat intelligence services, private companies, and the government is getting muddier around information sharing. Catherine Lotrionte, the Associate Director of the Institute for Law, Science and Global Security at Georgetown University, described the some o...
Memory Corruption Mitigations Driving Up Exploit Development Costs
SINT MAARTEN—Memory corruption mitigations that have been integrated into major desktop and mobile operating systems are driving up the cost of client-side exploit development and making viable vulnerabilities scarcer than they were a decade ago. Mark Dowd, whose career has been intimately linked...
Fake SEO Plugin Used In WordPress Malware Attacks
Malware masquerading itself as an SEO plugin called WP-Base-SEO has infected close to 4,000 WordPress sites in the past two weeks, according to security experts. The intent of the hackers behind the malware is to hide in plain sight, appearing as legitimate SEO plugin, at the same time creating a...