15946 matches found
New Google Tools Help Devs Improve Content Security Policy Protection
Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...
Sofacy APT Targeting OS X Machines with Komplex Trojan
The prolific APT gang allegedly behind the DNC hack and other targeted attacks against Western military and political targets is using a new Trojan called Komplex to infect OS X machines used in the aerospace industry. The gang, known as Sofacy, APT28, Fancy Bear, Sednit and Pawn Storm, is...
Questions Mount Around Yahoo Breach
As Yahoo continues to investigate the biggest data breach in history, pressure is mounting on the company to admit when it knew about the attack, whether there was a delay in reporting it, and also about how it implements cryptography to secure data it’s responsible for. Security company Venafi...
Hancitor Downloader Abusing APIs, PowerShell Commands
Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect. The downloader is still spread through malicious attachments, and distributing malware designed to steal data, such as Pony and...
MarsJoke Ransomware Targets .EDU, .GOV Agencies
New ransomware has surfaced that targets state and local government agencies, and educational institutions that are less likely to have big budgets to ward off or mitigate threats, according to researchers. The ransomware, called MarsJoke, was detected in a large-scale email campaign last week th...
OpenSSL Fixes Critical Bug Introduced by Latest Update
OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library. The new flaw affects only OpenSSL 1.1.0a, which was made available last Thursday; users are urged to update to 1.1.0b...
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol OCSP was patched this week, closing a denial-of-service weakness in affected servers. The patch was the most severe of 14 released yesterday by OpenSSL. OCSP is an alternative in many cases to Certificate...
Researchers Find 'Severe' Security Hole in iOS 10 Backup
UPDATE A computer forensics firm says Apple weakened backup security protection with the Sept. 13 release of iOS 10, making it simple work for hackers to crack password protection used for backups of iOS devices stored on Macs and PCs. Elcomsoft, which explained the security hole in a blog post...
On the Yahoo Breach, the Security of IoT Forum
Mike Mimoso and Chris Brook discuss the news of the week, including the massive Yahoo breach, this week’s Security of Things Forum, Mamba ransomware, and the privacy implications of Google Allo. Download: ThreatpostNewsWrapSeptember232016.mp3 Music by Chris Gonsalves...
Medical Devices Should Withstand Rigor, Expert Says
CAMBRIDGE, Ma.—When it comes to managing medical device security risk, hospital administrators should focus on weathering the storm and not necessarily prevention, Dr. Kevin Fu, a noted medical device security expert, encouraged this week. “How do you fail gracefully when things go wrong? Will yo...
500 Million Yahoo Accounts Stolen By State-Sponsored Hackers
Yahoo says it was the victim of state-sponsored hackers who stole information associated with 500 million accounts. Yahoo CISO Bob Lord said the attack happened on the company’s network in late 2014; he did not name the country responsible. “The account information may have included names, email...
Drupal Patches Three Vulnerabilities in Core Engine
Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical, according to an advisory posted by the Drupal security team. Versions 8.x of the Drupal core are affected, and users are advised to upgrade to 8.1.10. Drupal is op...
Cisco Warns of Command Injection Flaw in Cloud Platform
It’s already been a busy month of patching for Cisco Systems, and on Wednesday the networking giant rolled out nine more security updates addressing critical vulnerabilities across its core product lines. Most notably, Cisco is warning of two security holes one rated critical, the other high foun...
DHS Announces Intent to Publish IoT Security Framework
CAMBRIDGE, Ma.—The Department of Homeland Security today formally announced its plan to develop a set of strategic principles for the Internet of Things, saying such a framework is necessary to protect the nation’s critical infrastructure from cyber threats. In a brief talk at the Internet of...
Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials
Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back four years. A report published today by Recode intimates that the total number of exposed credentials will be higher than the 200 million initially reported in early August. A request for comme...
Malware Evades Detection with Novel Technique
Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...
SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
SWIFT’s chief information security officer said Wednesday that the cooperative is still seeing cases where its customers’ environments have been compromised. “The threat is persistent, adaptive and sophisticated – and it is here to stay,” Alain Desausoi, the cooperative’s CISO said, adding...
Google Retreats on Some Allo Privacy Promises
Google released its Allo messenger application today, and right along with it a measure of controversy that has critics urging potential users to stay away. The angst stems from what seems to be a reversal on Google’s part to start logging chats in the app’s non-incognito mode by default, somethi...
iSpy Keylogger Targets Passwords, Skype, Webcams
Researchers are monitoring sales and infection rates of a new keylogger being sold on the dark web for $25 to $35. Along with capturing keystrokes, iSpy grabs passwords stored in web browsers, records Skype chats, takes webcam screenshots and steals the license keys of software such as Adobe...
Picking Up Where Neutrino Left Off: RIG Pushing CrypMIC Ransomware
When an exploit kit fades away, it usually doesn’t take long for another to take its place in the limelight, especially when the kit is an integral part of the ransomware ecosystem. That’s exactly what’s happened over the past few weeks as researchers say they’ve seen an uptick in RIG Exploit Kit...
Mozilla Patches Certificate Pinning Vulnerability in Firefox
As expected, Mozilla patched a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the expiration of certificate pins. The vulnerability allowed attackers to intercept encrypted browser traffic, inject a malicious NoScript extension update and gain...
Apple Squashes 68 Security Bugs With Sierra Release
With the release of macOS Sierra 10.12 Tuesday, Apple snuffed out dozens of lingering security vulnerabilities in OS X El Capitan and Yosemite. Along with updates to its OS, Apple addressed security bugs in its Safari web browser and macOS Server in separate security bulletins, also released...
Mamba Ransomware Encrypts Hard Drives Rather Than Files
Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive. The malware, called Mamba, has been found on machines in Brazil, the United States and India, according to...
Experts Want Transparency From Government's Vulnerabilities Equities Process
The federal government’s Vulnerabilities Equities Process—albeit a heavily redacted version—was turned over more than a year ago, and despite that measure of visibility, privacy and security watchdogs still don’t have the transparency they seek with the regard to the unreported flaws the governme...
Tesla Fixes 'Critical' Remote Hack Vulnerability
Several models of the Tesla S cars were hacked by researchers who were able to abruptly stop the car in its tracks, pop open the trunk while the car was being driven, and remotely turn on and off the windshield wipers. The hacks demonstrated by China’s Keen Security Lab, a division of Tencent, we...
Android Banking Trojan First to Gain Root Privileges
Developers behind an Android banking Trojan have fortified the malware with an exploit to help it gain root privileges; this is the first time a mobile banker that tries to obtain root privileges has been seen in the wild. Researchers detected the Tordow Trojan in February, but attackers have...
Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads
WordPress theme publisher DynamicPress fixed a flaw Monday that let anyone upload malicious files to sites running its business-themed Neosense WordPress templates, compromise the site and possibly the server hosting it. Walter Hop, security researcher with Netherlands-based company, Slik, made t...
Mozilla Patching Firefox Certificate Pinning Vulnerability
Mozilla is expected tomorrow to patch a critical vulnerability in Firefox’s automated update process for extensions that should put the wraps on a confusing set of twists surrounding this bug. The flaw also affected the Tor Browser and was patched Friday by the Tor Project. The vulnerability firs...
Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K
Facebook quickly resolved a vulnerability in its Business Manager tool late last month that could have let an attacker take over any Facebook page. Arun Sureshkumar, a security researcher in India, disclosed the vulnerability Aug. 29; a member of Facebook’s security team, Neal Poole, informed him...
Spyware Targeting Overseas Travelers Removed from Google Play
Google booted four spyware-laced apps from Google Play that targeted oversees travelers seeking embassy information and news for specific European countries. The apps gathered user information from Android phones including: contacts, email, GPS data, phone type, device ID and identified if the...
Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack
Cisco is warning its customers of new activity around the ShadowBrokers data dump, indicating that all versions of its IOS, IOS XE and IOS XR software are vulnerable to one of the many exploits released more than a month ago. “Cisco Product Security Incident Response Team PSIRT is aware of...
Snowden Slammed by House Committee Report
Edward Snowden’s hopes of a presidential pardon were dimmed Thursday when a House Committee report slammed the former U.S. defense contractor saying he has done “tremendous damage” to United States national security. That conclusion was part of a 36-page report PDF released Thursday by the House...
FBI Encouraging Ransomware Victims To Report Infections
The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat. The agency, in tandem with the Internet Crime Complaint Center IC3, issued a public service announcement on Thursday asking...
Bugs in Signal Messaging App Corrupt Attachments, Crash App
Makers of the mobile encrypted chat app Signal say they have fixed vulnerabilities in the Android version of the messaging app that allowed attackers to corrupt encrypted attachments and remotely crash the application. The vulnerabilities were discovered by Jean-Philippe Aumasson and Markus Vervi...
Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions
NAND mirroring was outright dismissed by FBI director James Comey as a means of breaking into San Bernardino terrorist Syed Farook’s iPhone 5c during the government’s spat with Apple earlier this year. “It doesn’t work,” Comey said. Well, turns out, it does. Sergei Skorobogatov of the University ...
On Schneier's DDoS Article, OS X Malware Detection, and Patches
Mike Mimoso and Chris Brook discuss the news of the week, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize. Download: ThreatpostNewsWrapSeptember162016.mp3 Music by Chris Gonsalves...
Neverquest Trojan Gets Big Summer Update
The once prolific banking Trojan Neverquest received a major code revamp over the summer and is now armed with modifications that can more adeptly hijack a victim’s PC, inject code into webpages and steal credentials. The update represents a significant enough change to the malware that researche...
Attack Leverages Windows Safe Mode
Researchers warn the Windows diagnostic feature Safe Mode can be used as a remote attack vector by hackers who already have access to a compromised PC or server. The method of attack is unusual, researchers said, and places attention on the diagnostic tool used to fix PC problems and remove...
Microsoft Patches Zero Day Used in AdGholas Malvertising Campaigns
An attack group behind a long-running malvertising campaign made effective use of a previously unreported low-level vulnerability in Microsoft’s Internet Explorer and Edge browsers to rake in money via banking Trojans and ad fraud. Microsoft patched the zero-day this week among dozens of other...
Cisco Patches Critical WebEx Meetings Server Vulnerability
Cisco warned customers of 12 vulnerabilities across its product line this week, including a critical vulnerability in the software that powers its conferencing product, WebEx Meetings Server. The company stressed on Wednesday that version 2.6 of its WebEx Meetings Server is vulnerable to a remote...
Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure
Bruce Schneier talks to Mike Mimoso about information he was given regarding an increase in DDoS and probing attacks targeting companies running core internet infrastructure in an attempt to test their defenses. For some additional context about this conversation, read an article by Schneier on...
DualToy Windows Trojan Attacks Android, iOS Devices
A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer. Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing...
Phony Pokémon GO Android App Gave Attackers Root Access
A rogue and malicious app that billed itself as a “Guide for Pokémon GO” managed to make it into Google Play’s marketplace. Once installed, the malware-laced app gave attackers root access to any Android device it was installed on. The app, actually a Trojan in disguise, contained a nasty piece o...
Snowden Makes Case for a Presidential Pardon
Edward Snowden took his case to the media Wednesday arguing a presidential pardon would be an important step in preserving democracy and his only hope in returning to the United States. He argued that under the current Espionage Act, future whistleblowers would be less inclined to come forward to...
Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains
Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced by Google’s Project Zero research team, th...
Microsoft Fixes 47 Vulnerabilities with September Patch Tuesday
Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today. The company is warning users that if left unpatched, 10 of the issues can lead to remote execution. The updates resolve issues in Microsoft Windows, Office, Office...
iOS 10 Security Updates Move to HTTPS
Update Apple has finally moved its iOS security update mechanism to HTTPS with today’s release of iOS 10. Previously, updates were sent to devices over HTTP and attackers already present on a network could interfere with updates. “An issue existed in iOS updates, which did not properly secure use...
Adobe Patches 29 Vulnerabilities in Flash Player
After a month free of Flash Player fixes and emergency patches, Adobe today resumed its monthly ritual of releasing a security update for the maligned software. Today’s update patched 29 issues, most of which enabled remote code execution attacks on the host system. Adobe also updated its Air SDK...
Tor Joins Movement Against Expanding Hacking Powers
The Tor Project on Monday made a public plea for others to speak out against the proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure, which are taking effect Dec. 1 barring a Congressional injunction. The amendments would expand the Department of Justice’s ability to hack...
Judge Rules Use of FBI Malware Is A 'Search'
Civil liberty advocates say a Texas judge got it right when he ruled on a controversial child porn case regarding the FBI’s use of malware to search a computer. Senior U.S. District Judge David Alan Ezra of the San Antonio division of the Western District of Texas court ruled that sending malware...