Costin Raiu on the Importance of Using YARA

Ryan Naraine talks with Costin Raiu, the Global Director of GReAT at Kaspersky Lab, about the benefits of taking the YARA training class available at SAS 2017. Listen to learn about how YARA can be used in malware hunting, data analysis and incident response activities. Download:...

Box.com Plugs Account Data Leakage Flaw

Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says ...

Vermont Grid 'Hack' Latest Tumble Down Attribution Rabbit Hole

A Vermont utility was for a brief moment last week at the center of a geopolitical scandal in which the Russian government was implicated in an attack against a U.S. electric grid. As it turns out, a laptop at Burlington Electric Department was infected with the Neutrino Exploit Kit. There was no...

Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data

A slew of sensitive data pertaining to psychologists, doctors and other healthcare professionals involved with an arm of the U.S. Department of Defense was recently left unsecured online. Chris Vickery, a security researcher with MacKeeper who has stumbled across unsecured internal databases...

FBI-DHS Report Links Fancy Bear Gang to Election Hacks

In a report released Thursday the Federal Bureau of Investigation and the US Department of Homeland Security implicated Russian hacking group Fancy Bear in attacks against several election-related targets. According to the Joint Analysis Report, the hacking group Fancy Bear, believed to have ties...

PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities

Critical remote code execution vulnerabilities in two different libraries used to send emails via PHP were patched this week. An issue in PHPMailer, thought fixed, was resolved with an update, version 5.2.21, pushed late Wednesday. Developers with another mailing library for PHP, SwiftMailer,...

On IoT Botnets, Ransomware, and More

Mike Mimoso, Tom Spring, and Chris Brook recap 2016’s biggest news stories, including the proliferation of IoT botnets, the rise of ransomware, the FBI vs. Apple battle, Yahoo, and a rash of old password breaches. Download: Threatpost2016YearinReview.mp3 Music by Chris Gonsalves...

Four New Normals for 2017

Let’s not talk about cybersecurity predictions for 2017. Let’s talk instead about new normals, things that have ceased to be novel because, well, they happen all the time and everywhere. Let’s concede that things such as greedy ransomware, imposing IOT botnets, high-profile bug bounties and...

Android Trojan Switcher Infects Routers via DNS Hijacking

A new Android Trojan uses a victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites. The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices. Researchers at Kaspersky Lab, who discover...

PHPMailer Bug Leaves Millions of Websites Open to Attack

UPDATE A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. The flaw was disclosed by researcher Dawid Golunski of Legal Hackers, who said t...

Clever Facebook Hack Reveals Private Email Address of Any User

Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user. “The hack allowed me to harvest as many email addresses as I wanted from anybody on...

Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems

Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download. “Th...

Apple Delays App Transport Security Deadline

Apple backtracked on its plan to enforce a year-end deadline that would of required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. On Wednesday Apple said a requirement for developers to adopt App Transport Security wou...

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...

Congressional Group Says Encryption Backdoors Are a Bad Idea

The Congressional Encryption Working Group released its year-end report that concluded that encryption backdoors do more harm than good. The 12-page report said that “any measure that weakens encryption works against the national interest.” The bipartisan congressional panel recommended that the...

New Wave of Hailstorm Spam Pelts Inboxes

Spammers are turning to an old technique known as hailstorm to slip past anti-spam and anti-malware filters. Researchers say that hailstorm spam, first spotted in 2008, has been improved and is once again being used, only this time to spread Dridex banking malware and Locky ransomware. “Hailstorm...

Panasonic, IOActive Clash on Vulnerability Report

Panasonic Avionics has pushed back against research released Tuesday by IOActive suggesting that in-flight entertainment system firmware used by more than a dozen airlines contains vulnerabilities that allow a local attacker to manipulate data displayed to passengers, or put their personal data a...

Wassenaar Renegotiation Will Be in Trump Administration's Hands

A nearly two-year effort to renegotiate language related to export controls around intrusion software in the Wassenaar Arrangement was rejected earlier this month during the member states’ plenary meeting. This means that the overly broad language in the first draft of the rules, introduced in Ma...

New Decryptor Unlocks CryptXXX v3 Files

Researchers have neutralized the threat of the latest strain of the CryptXXX v.3 ransomware, releasing a decryption tool for unlocking files, and have added it to the RannohDecryptor, a free utility hosted by Kaspersky Lab’s No Ransom Project. Previous decryption tools had been available for...

Fraudulent Video Ad Bot Rakes in Close to $5 Million Daily

Researchers say a cybercrime group has been earning as much as $3 million to $5 million daily by generating up to 300 million fraudulent video-ad impressions per day. The group behind the ad fraud has created a complex bot farm called Methbot using thousands of proxies and dedicated, deceptive IP...

In-Flight Entertainment System Flaws Put Passenger Data at Risk

A simple tap on an in-flight entertainment system touchscreen kicked off an intellectual exercise that resulted in the discovery of a number of firmware vulnerabilities in embedded systems used by at least 13 airlines. The vulnerabilities in the Panasonic Avionics IFE firmware could allow a local...

ShadowBrokers Dump Came from Internal Code Repository, Insider

Update An analysis of the latest ShadowBrokers dump of alleged NSA spy tools points to an insider with access to a code repository belonging to the intelligence agency, experts said. Researchers at security company Flashpoint said today that its investigation of the leaked data points away from a...

Google Unveils Cryptographic Library Test Suite Wycheproof

Google continues to be in a giving mood this holiday season. The company on Monday announced Project Wycheproof, a collection of unit tests designed to help check for weaknesses in cryptographic algorithms. The project comes two weeks after Google debuted a fuzzer to help developers discover...

Stolen Yahoo Data Sold to Spammers, One Government Client

A database of one billion stolen Yahoo accounts has been sold to at least three different buyers for $300,000 each, and the group selling the data and behind the 2013 intrusion—the largest data breach on record—is a criminal operation, not a state-sponsored attack group as Yahoo claims. Andrew...

Insecure NAS Device Exposes 350 Ameriprise Investment Accounts

A trove of data belonging to Ameriprise Financial was found earlier this month that included Social Security numbers, decryption keys and confidential internal company documents. The breach is related to the use of a network attacked storage device that insecurely backed up data from an internal...

SQL Injection Attack is Tied to Election Commission Breach

Just as cybersecurity concerns over the U.S. presidential election reach a fevered pitch, the U.S. agency responsible for certifying that voting machines work properly says it may have been hacked. That’s after independent researchers say they uncovered evidence that hackers have infiltrated the...

Remote Code Execution Bug Found in Ubuntu Quantal

A remote code execution bug has been patched in the default installation of Ubuntu Desktop affecting all default installations of Quantal version 12.10 and later. According to researcher Donncha O’Cearbhaill, the bug allows for code injection when a user opens a specially crafted malicious file...

Nagios Core Patches Root, RCE Vulnerabilities

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software. The flaws were privately disclosed by researcher Dawid Golunski of Legal Hackers, who said the vulnerabilities can...

Tales of WordPress Plugin Insecurity Overblown Researchers Say

The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim. Hendrik Buchwald, a researcher and cofounder of RIPS, a German firm that performs static source code analysis, recently combe...

On Yahoo's One Billion Breach, a DDoS-For-Hire Crackdown and More

Mike Mimoso and Chris Brook discuss the news of the week including Yahoo’s latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches. Show notes: Yahoo Discloses Data From 1 Billion Accounts Stolen in 2013 Beta Firmware Updates Available fo...

DNSChanger Exploit Kit Hijacks Routers, Not Browsers

Attackers are targeting more than 166 router models with an exploit kit called DNSChanger that is being distributed via malvertising. Researchers at Proofpoint said the exploit kit is unique because the malvertising component of the attack doesn’t target browsers, rather a victim’s router. Some o...

Microsoft, Google to Block Flash by Default in Edge, Chrome

The acceleration of Flash’s ride off into the sunset hit top speed with Microsoft on Wednesday following up a similar announcement last week from Google that it would block Flash by default in the Edge browser. Google confirmed last Friday that it would be moving to HTML5 by default in Chrome in ...

Bug Hunters Prefer Communication Over Compensation

Unlike their criminal counterparts, it turns out that white hats aren’t necessarily as financially motivated when it comes to bug hunting. Bug bounties are everywhere, and many researchers are making a decent amount of money privately disclosing vulnerabilities through coordinated bounty programs...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

Yahoo Discloses Data From 1 Billion Accounts Stolen in 2013

Yahoo today disclosed another mega breach of its systems, this one occurring in August 2013 and resulting in the loss of data associated with more than one billion user accounts. Today’s revelation comes less than three months after Yahoo admitted state-sponsored hackers walked off in 2014 with...

Mirai Giving DDoS-as-a-Service Industry a Boost

The availability of the Mirai malware source code online isn’t a guarantee that just anyone can quickly convert it into a money-making IoT-based DDoS botnet. Researchers at Digital Shadows have been combing dark web sites such as the Hackforums where black hat Anna-Senpai dropped the Mirai code i...

Google Discloses Contents of Eight National Security Letters

Google on Tuesday disclosed the contents of eight National Security Letters it received between 2010 and 2015, becoming the latest company under reforms afforded by the USA Freedom Act to do so. The requests made by United States Federal Bureau of Investigation were made to Google to identify 21...

Apple Fixes 97 Vulnerabilities Across macOS, iTunes, Safari, iCloud

Apple released a massive update for macOS Sierra on Tuesday to address 72 vulnerabilities in the operating system. The update, which was flanked by updates for iCloud, iTunes, and Safari, comes a day after it fixed a dozen issues in iOS. Eleven of the vulnerabilities can lead to arbitrary code...

Flash Player Bug An Eavesdropper's Delight

Adobe yesterday patched a not-so-sweet 16 Flash Player vulnerabilities, including a zero day under attack. While not much is known about the targeted attacks using the Flash Player bug, or its victims, details have surfaced on another patched flaw that is a potential privacy nightmare...

Law Enforcement Targets Users of DDoS-For-Hire Services

Law enforcement authorities from more than a dozen countries last week carried out a series of operations designed to crack down on DDoS-for-hire services. Thirty four individuals who are alleged to have purchased stressers and booter services were arrested as part of the operation. Stressers and...

Zcash Spurs Rash of Malicious Mining Software

Cybercriminals are targeting computers with malicious mining software thanks in part to the appeal of a new cryptocurrency called Zcash that claims to cloak the sender, the recipient and value of transactions. That type of anonymity is not afforded by Bitcoin and is sought after by crooks, said...

Beta Firmware Updates Available for Vulnerable Netgear Routers

Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to car...

Microsoft Patches Publicly Disclosed IE, Edge Vulnerabilities

Microsoft today patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet. The critical Internet Explorer and Microsoft Edge bulletins are among six released today, along with six others with a severity rating of importan...

Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack

Adobe patched 31 vulnerabilities across nine different product lines Tuesday morning, including a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows. That vulnerability CVE-2016-7892 is one of 16 bugs in Flash tha...

KFC Warns 1.2 Million UK Customers of Colonel's Club Breach

Update KFC Corporation warned 1.2 million of its U.K.-based Colonel’s Club members to reset their account passwords after 30 members were targeted in an attack. The subsidiary of Yum Brands said that personal information including names, addresses, e-mail addresses may have been stolen. The...

Facebook Releases Free Certificate Transparency Monitoring Tool

The movement toward Certificate Transparency CT has brought about a healthy improvement, not only in the way organizations monitor and audit TLS certs, but also in cutting down the number of malicious or mistakenly issued certificates. CT, a framework developed by Google, works because Certificat...

Apple Fixes 12 Vulnerabilities in iOS 10.2

Apple updated its mobile operating system iOS 10 on Monday to address a handful of security vulnerabilities, including two issues that could have led to arbitrary code execution. The update, iOS 10.2, fixes 12 vulnerabilities in total. Topping the list was a flaw that could of allowed an attacker...

Netgear Routers Remain Exposed to Critical Flaw

At least three versions—and likely more—of Netgear routers remain vulnerable to a vulnerability that allows an attacker to gain root access on the device and remotely run code. A researcher who goes by the handle AceW0rm on Friday released details and a proof-of-concept exploit after months of...

Alpha Version of Sandboxed Tor Browser Released

A sandboxed version of the Tor Browser was released over the weekend, and while there are still some rough edges and bugs – potentially major, according to the developer– it could be the first step toward protecting Tor users from recent de-anonymization exploits. Yawning Angel, a longtime Tor...