Russian-Speaking Turla Joins APT Elite

SINT MAARTEN—In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during thi...

Verizon Rebuts Critics of Data-Collecting App

Verizon broke its silence today on what many believed would be a controversial rollout of an app made by Evie Labs called AppFlash, that had been identified by privacy advocates as spyware. The wireless carrier and broadband ISP defended itself Friday saying its critics were flat-out wrong. Veriz...

On SAS 2017, the Microsoft IIS Zero Day, and Mirai

Mike Mimoso and Chris Brook preview this year’s Security Analyst Summit and discuss the news of the week, including a Microsoft IIS zero day, a new Mirai variant, and the broadband privacy ruling. Download: ThreatpostNewsWrapMarch312017.mp3 Music by Chris Gonsalves...

Aviation-Related Phishing Campaigns Seeking Credentials

A wave of email-based phishing campaigns is targeting airline consumers with messages that contain malware that infects systems or links to spoofed airline websites that are personalized to trick victims into handing over personal or business credentials. “Over the past several weeks, we have see...

New Mirai Variant Roars into Action With 54 Hour DDoS Attacks

A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. Th...

Github Repository Owners Targeted by Data-Stealing Malware

Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots. Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were...

NukeBot Banking Trojan Source Code Leaked Online by Author

The author behind NukeBot, a modular banking Trojan, released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. Gosya, NukeBot’s creator, posted a GitHub link to the malware, calling it a “zeus-like banking trojan,” on several...

Industry Braces for Repeal of ISP Privacy Rules

The U.S. House of Representatives voted Tuesday to overturn rules scheduled to go into effect later this year that would have banned internet service providers such as Comcast, Time Warner Cable and Verizon from tracking user online activities and reselling the data without consumers first...

Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched

Microsoft is unlikely to patch a zero-day vulnerability in an older version of its Internet Information Services IIS webserver that’s been publicly attacked since last July and August. Two researchers from the South China University of Technology in Guangzhou posted a proof-of-concept exploit for...

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

Update Siemens industrial VPN and firewall appliances used in severe environments remain unpatched after an advisory from ICS-CERT on Tuesday disclosed that a number of serious vulnerabilities exist in the gear. Siemens has made a number of recommendations for workarounds, but it’s unknown whethe...

VMware Patches Pwn2Own VM Escape Vulnerabilities

VMware on Tuesday patched a series of vulnerabilities uncovered earlier this month at Pwn2Own. The flaws enabled an attacker to execute code on a workstation and carry out a virtual machine escape to attack a host server. Monty Ijzerman, manager of the company’s Security Response Center, confirme...

'Anonymous' FTP Servers Leaving Healthcare Data Exposed

Hackers craving personal health care information are targeting exposed FTP servers. The FBI issued a warning last week that focused on an increase in criminal activity targeting FTP servers used by medical and dental organizations that are configured to allow anonymous access without...

Harley Geiger on Cybersecurity Policy

Harley Geiger, director of public policy at Rapid7, talks to Threatpost editor Mike Mimoso at RSA Conference 2017 about how policy goes hand in hand with technology when it comes to cybersecurity, the government’s focus on IoT and critical infrastructure, and the role independent security researc...

Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group

Microsoft has released technical details on a zero-day vulnerability being exploited by a little-known APT group known as Zirconium. According to the company the vulnerability CVE-2017-0005 affects mostly older versions of Windows and can allow an adversary to execute remote code if a user either...

Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple...

New Clues Surface on Shamoon 2's Destructive Behavior

Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate...

APT29 Used Domain Fronting, Tor to Execute Backdoor

APT29, a/k/a Cozy Bear, has been utilizing a technique called domain fronting in order to secure backdoor access to targets for nearly two years running, experts said Monday. The nation state attackers have reportedly been pairing the anonymity software Tor with a Tor plugin that specializes in...

Fileless UAC Bypass Uses Windows Backup and Restore Utility

One nugget buried in a recent Vault 7 dump was a bypass of User Account Controls in Windows 7 that allows applications to execute code without triggering the familiar prompt to the user that something may be afoot. Microsoft has not, in the past, considered UAC bypasses a security boundary that...

Experts Doubt Hacker's Claim Of Millions Of Breached Apple Credentials

Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials. A more plausible explanation, they say, is that crooks used credential stuffing attacks to amass a limited number of...

Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules

Privacy advocates are vowing to fight a potential rollback of the Federal Communications Commission’s broadband privacy rules after the Senate voted Thursday 50-48 to pass a joint resolution dismantling protections. “With today’s vote, Senate Republicans have just made it easier for American’s...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

On Wikileaks Apple Hacking Tool Dump, LastPass, Android Security and More

Mike Mimoso and Chris Brook discuss the news of the week, including the latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, a new Android security report, and the “Encryption Workarounds” paper. Download: ThreatpostNewsWrapMarch242017.mp3 Music by Chris Consalves...

Adware Apps Booted from Google Play

More than a dozen apps were booted from the Google Play store Wednesday after researchers discovered each were rip-offs of legitimate apps and designed to aggressively push ads on Android devices. Researchers from Zscaler spotted the rogue apps and said the crooks behind the software tried to tri...

WikiLeaks Dark Matter Release Shows CIA Interdiction of iPhone Supply Chain

From the early days of the iPhone, the CIA has had an interest in compromising the flagship Apple mobile device, according to the latest WikiLeaks release of CIA documents. Today’s Vault 7 Dark Matter release shows an unsurprising interest from the intelligence agency in tracking iPhone users, as...

Cisco Patches Critical IOx Vulnerability

Cisco Systems patched a critical vulnerability Wednesday that could allow an unauthenticated, remote attacker to execute remote code on affected hardware and gain root privileges. The bug is in Cisco’s Data-in-Motion DMo process, part of the company’s IOx application environment that marries its...

Malware That Targets Both Microsoft, Apple Operating Systems Found

Researchers came across a malicious Word document last week that doesn’t discriminate between OS platforms. The malicious Word document is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened. Like many other strains of malware these days, the sample,...

Half of Android Devices Unpatched Last Year

Google said more than half of Android devices haven’t received a security update in the past year, and the percentage of potentially harmful apps running on devices installed from all sources rose in 2016. The numbers come from the Android Security 2016 Year In Review PDF released Wednesday. Whil...

Paper Spells Out Tech, Legal Options for Encryption Workarounds

FBI Director James Comey’s dogged attachment to the argument that strong encryption hinders criminal investigations by law enforcement is heading into its third year with little signs of abatement. That insistence comes despite three years of arguments to the contrary from security experts, who...

Google, Jigsaw Partner on Free Tools to Secure Elections

Alphabet subsidiary Jigsaw announced on Tuesday that it and Google would offer a free suite of security tools aimed at securing political elections. The announcement was fresh off a tense House Intelligence Committee meeting on Monday during which FBI Director James Comey confirmed that the burea...

Blank Slate Campaign Pushes Cerber Ransomware

Criminals are breathing new life into Cerber ransomware with a stubborn spam campaign called Blank Slate that is successfully abusing hosting providers to spread the malware. Researchers at the SANS Internet Storm Center said the campaign has shifted from spreading Sage 2.0 and Locky ransomware, ...

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

SAP’s patch update for this month included a fix for a critical remote code execution vulnerability in the SAP GUI client that provides remote access to a central SAP server in a corporate network. Researchers at ERPScan, a Dutch company specializing in business application security, disclosed so...

LastPass Fixes Three Password Theft Vulnerabilities

Engineers at LastPass fixed three different vulnerabilities in the password manager over the last 24 hours, all discovered by Google Project Zero researcher Tavis Ormandy, which could have allowed for the theft of passwords. One of the issues, a remote code execution vulnerability that could have...

Critical Moodle Vulnerability Could Lead to Server Compromise

A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the...

Code Execution Vulnerability Found in Libpurple IM Library

A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. A researcher who goes ...

Locky, Cerber Ransomware Skilled at Avoiding Detection

The latest versions of Cerber and Locky ransomware have been, since mid-January, finding great success in bypassing existing security detection systems through the use of a common infrastructure that allows the malicious code to bury itself inside NSIS installers, and use several layers of...

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...

Local Windows Admins Can Hijack Sessions Without Credentials

A researcher has exposed how attackers with local admin privileges could use native command-line Windows tools to hijack other users’ sessions without credentials. Researcher Alexander Korznikov on Friday published a report in which he describes how he could, locally and remotely via Remote Deskt...

Mozilla Patches Pwn2Own Zero Day in Firefox

Mozilla was quick to patch a zero day vulnerability identified in the Firefox browser at the Pwn2Own hacking competition last week. The company remedied the issue just shy of 24 hours of being made aware of the flaw, pushing out the updated version 52.0.1 of the browser late Friday. Asa Dotzler,...

Cisco Warns of Critical Vulnerability Revealed in WikiLeaks 'Vault 7' Data Dump

Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7...

Jon Oberheide on Perimeter Security

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google’s BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords. Download: JonOberheideonPerimeterSecurity.mp3 Music by Chr...

VM Escape Earns Hackers $105K at Pwn2Own

Hackers managed to take down Microsoft Edge and escape a virtual machine to boot on the third day of Pwn2Own early Friday. Members from Qihoo’s 360 Security Team carried out the VM exploit, earning the group $105,000, by far the highest amount awarded to a group at the hacking challenge this week...

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Update Ubiquiti Networks, a maker of networking gear for service providers, has been since November dealing with a critical command-injection vulnerability in the administration interface of more than 40 of its products. Researchers at SEC Consult went public with the issue this week after...

On Pwn2Own, Patch Tuesday, and SAP Bugs

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug. Download: ThreatpostNewsWrapMarch172017.mp3 Music by Chris Gonsalves...

GitHub Code Execution Bug Fetches $18,000 Bounty

GitHub recently awarded $18,000 to a researcher after he came across a bug in its GitHub Enterprise management console that could have resulted in remote code execution. The company patched the vulnerability at the end of January, but news of the flaw didn’t surface until this week when GitHub an...

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security. DHS’ US-CERT warned enterprises that running standalone inspection...

Fileless Malware Campaigns Tied to Same Attacker

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. The campaigns, disclosed by Kaspersky Lab and Cisco’s Talos research outfit in the last five weeks, made extensive use of fileless malware a...

Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

Hackers took down Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux over the course of 11 hours on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver. Contestants with the Chinese security firm Qihoo 360 were t...

Intel, Microsoft Announce New Bug Bounties

Intel announced its first bug bounty program, offering up to $30,000 to researchers who find critical vulnerabilities in its hardware. The invite-only program, which is being run on the HackerOne platform, was announced today at the CanSecWest conference in Vancouver. Intel said its software,...

WhatsApp and Telegram Vulnerabilities Opened Users to Account Takeover

Encrypted messaging services WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account, access personal and group conversations, along with photos, videos and other files. A trio of researchers with Check Point Software Technologies,...

FSB Officers, Criminal Hackers Indicted in Yahoo Breach

The U.S. Department of Justice today indicted four individuals, including two Russian FSB officers, it alleges are connected to a massive breach of Yahoo’s network and the theft of information associated with 500 million accounts. One of the men, Karim Baratov, 22, was arrested March 14 in Canada...