Generic OS X Malware Detection Method Explained

When it comes to detecting OS X malware, the future may not be rooted in machine learning algorithms, but patterns and heatmap visualization, a researcher posits. In an academic paper published by Virus Bulletin on Monday, Vincent Van Mieghem, a former student at the Delft University of Technolog...

New Windows Patch Policy At Odds With Acceptable Risk

With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses. “Tomorrow it’s going to be business as usual, but it will...

FDA, DHS Investigating St. Jude Device Vulnerabilities

The U.S. government has entered into the St. Jude-MedSec-Muddy Waters fray with an investigation into claims St. Jude medical devices are vulnerable to cyberattacks. The Food and Drug Administration and Department of Homeland Security also apparently disapprove of the approach taken by MedSec and...

Critical MySQL Vulnerability Disclosed

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code,...

Patched Android Libutils Vulnerability Harkens Back to Stagefright

This week’s Android Security Bulletin patched a calamity of vulnerabilities that threatened almost every device in circulation and illustrated the fragility of the Android ecosystem. The bulletin addressed more than 50 vulnerabilities, including nine rated critical by Google because of the...

White House Hires First Federal CISO

The White House announced yesterday it has hired retired Brigadier General Gregory J. Touhill, right, to serve as the first federal chief information security officer. Touhill will be responsible for setting policies, strategies and practices across federal agencies. According to a White House bl...

Fallout Over OPM Breach Report Begins

Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S. Hou...

Chrome to Label Some HTTP Sites 'Not Secure' in 2017

Chrome users who navigate to some HTTP sites will be notified, starting in January, they’re on a site that isn’t secure. Google said today the browser will begin explicitly labeling HTTP connections that feature either a password or credit card form as non-secure. The company said the plan is its...

Wordpress Update Resolves XSS, Path Traversal Vulnerabilities

WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday. WordPress 4.6.1 Security and Maintenance Release — WordPress @WordPress September 7, 2016 The update addresses two separate security issues, a cross-site...

DHS Urges Vigilance in Protecting Networking Gear

After a summer of high-profile attacks and disclosures centered around enterprise network infrastructure, the Department of Homeland Security on Tuesday put out an alert explaining some of the tactics used by advanced attackers, and urged special caution in maintaining supply chain integrity. The...

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware

When asked to describe what it’s like to deal with the constantly looming threat of ransomware, Chad Wilson, the Director of Information Security at Children’s National Medical Center in Washington D.C., didn’t beat around the bush. “I’ll sum it up in one word: It’s scary,” Wilson said at a Feder...

Google Shares Android Nougat, Safe Browsing Security Enhancements

Google this week shared with developers security enhancements it has added to the new Nougat version of Android and additional security features for webmasters via Safe Browsing to help pinpoint harmful content on websites. Under the banner of its nine-year-long Safe Browsing initiative, Google...

Critical Flaws Found in Network Management Systems

Eleven critical vulnerabilities have been patched in network management systems NMS from four leading manufacturers: Cloudview, Netikus, Paessler and Opmantek. The flaws enable remote cross-site scripting and command-injection attacks. Public disclosure of the vulnerabilities coincided with a...

Data Stealing Mac OS X Backdoor Uncovered

Researchers on Wednesday confirmed that an OS X variant of a recently discovered family of cross-platform backdoors exists. Stefan Ortloff, a researcher with Kaspersky Lab’s Global Research and Analysis Team, identified the family of backdoors called Mokes in January, but it wasn’t until Tuesday...

St. Jude Alleges False Claims, Stock Manipulation in Suit Against Med Sec, Muddy Waters

St. Jude Medical yesterday filed a lawsuit alleging that investment research firm Muddy Waters and healthcare security research company Med Sec made false claims in a report focused on the security of St. Jude products. The report released Aug. 25 warned of potentially catastrophic cybersecurity...

Google Shuts Down Potentially Massive Android Bug

The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or ...

Cry Ransomware Using UDP, Imgur, Google Maps

Ransomware purporting to come from a phony government agency, something called the Central Security Treatment Organization, has been making the rounds, researchers say. The ransomware, which is already known by a number of names including Cry, CSTO ransomware, or Central Security Treatment...

Google Patches Quadrooter Vulnerabilities in Android

The Quadrooter vulnerabilities made a lot of people take notice because the scale of affected Android devices more than 900,000 put it on a level with Stagefright and other bugs that impact a large majority of the Android ecosystem. Some details on the four vulnerabilities were publicly disclosed...

Number of Devices Sharing Private Crypto Keys Up Sharply

Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...

Yelp Launches Public Bug Bounty

For a long time, Yelp.com has been one of the Internet’s most-frequented resources for crowd-sourced local business, restaurant and hospitality reviews and tips. Starting today, the door will be open to researchers and bug-hunters who are invited to participate in Yelp’s public bug bounty. The...

Adding CIA to DNA

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Alexandrea Mellen. White and black hat hackers specialize in altering, accessing and sometimes destroying information. Genetic engineers take th...

Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program

Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program. The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and...

Patch Fixes Nexus 5X Lock-Screen Bypass Vulnerability

Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the devic...

Apple Patches Trident Vulnerabilities in OS X, Safari

The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple...

On MedSec, Muddy Waters, Angler and Lurk, Fairware, and Bashlite

Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler exploit kit was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware. Download: ThreatpostNewsWrapSeptember22016.mp3 Music by Chris...

Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down

A global malvertising campaign exposing potentially one million users to the risk of being infected with CrypMIC ransomware delivered via the Neutrino Exploit Kit has been shut down, according to researchers. Cisco’s Talos Security Intelligence and Research Group, which discovered the criminal...

Insecure Redis Instances at Core of Attacks Against Linux Servers

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose ...

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company. Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time...

Patched ColdFusion Flaw Exposes Applications to Attack

An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a...

SWIFT Warns Banks Of More Cyberattacks

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions. It’s the latest...

OneLogin SecureNotes Breach Exposed Data in Cleartext

Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the...

Researchers: MedSec, Muddy Waters Set Bad Precedent With St. Jude Medical Short

Security researchers warn mixing vulnerability disclosures with stock market bets sets a troubling precedent that erodes confidence in the relationship between businesses and white hat hackers who help uncover threats. Researchers are responding to the unprecedented partnership between security...

2012 Dropbox Hack Spilled Emails, Hashed Passwords on 68 Million

When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users. The fact that the online storage site was hacked four years ago was no secret. But details around the sheer size of the stolen database, which contains users’ email addresses plus hashed and salt...

Linux Webserver Folders Deleted in Fairware Attacks

Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely. Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH,...

BASHLITE Family Of Malware Infects 1 Million IoT Devices

More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say. According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web ...

How to Leak Data From Air Gapped Computers With USB Devices

Researchers at Ben-Gurion University of Negev have found a way to take a run-of-the-mill USB device and use it to leak data from an air-gapped computers via RF signals. Academics with the school’s Cyber Security Research Labs division claim they’ve come up with software, dubbed USBee, that can...

Lurk Criminal Gang Also Behind Angler Exploit Kit

The June arrest of a Russian cybercrime gang responsible for the Lurk Trojan also put to rest the infamous Angler Exploit Kit. Researchers at Kaspersky Lab today published a detailed report on the Lurk takedown, confirming at the same time the connection between the Lurk gang and Angler. Activity...

Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook

Alleging a trail of broken promises, two privacy-focused advocacy groups yesterday filed a complaint with the Federal Trade Commission against a recent WhatsApp privacy policy change that states it will begin sharing user data with parent company Facebook. The Electronic Privacy Information Cente...

FBI Warned State Election Board Systems of Hacks

The Federal Bureau of Investigation’s Cyber Division this month warned election officials nationwide to fortify voter registration data systems in the wake of two breaches it was able to detect earlier this summer. A “flash” warning sent by the agency about 10 days ago warned state boards of...

1.7 Million Opera Browser Users Told To Reset Passwords

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync password...

RIPPER ATM Malware Uses Malicious EMV Chip

Update This story was updated Aug. 31. A never-before-seen malware family known as RIPPER is being blamed for a rash of ATM heists in Thailand last week. The malware, found by researchers at FireEye, is responsible for the theft of 12 million baht $378,000 from ATMs at banks across Thailand. The...

Dropbox Forces Password Reset for Older Users

Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log into their account. The company claims the move is “purely a preventative measure” and stressed that there’s no pro...

Pacemaker Hacking Fears Rise With Critical Research Report

Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report releas...

On Shadowbrokers, Cisco, Sweet32, Wildfire, and More

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on ShadowBrokers and Cisco, the Sweet32 collision attack, decryptors for the Wildfire ransomware, and this week’s gaming forum breaches. Download: ThreatpostNewsWrapAugust262016.mp3 Music by Chris Gonsalves...

Emergency iOS Update Patches Zero Days Used by Government Spyware

Apple rushed an emergency iOS update today after the discovery of three zero-day vulnerabilities used by governments to spy on the activities of human rights activists and journalists. The zero days, called Trident, allow an attacker to take complete control of an iPhone or iPad with just one...

France, Germany Call for European Decryption Law

The United States is months removed from this spring’s Apple vs. FBI debacle, but the debate around encryption is just beginning to play out in Europe. A joint press conference held Tuesday in Paris between Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard...

Keystroke Recognition Uses Wi-Fi Signals To Snoop

A group of academic researchers have figured out how to use off-the-shelf computer equipment and a standard Wi-Fi connection to sniff out keystrokes coming from someone typing on a keyboard nearby. The keystroke recognition technology, called WiKey, isn’t perfect, but is impressive with a reporte...

VMware Identity Manager vRealize Automation Patches

VMware this week patched a single vulnerability that pops up in two of its products that allows an attacker to elevate privileges on a compromised machine. The virtualization company patched CVE-2016-5335 in its Identity Manager and vRealize Automation software. “Exploitation of this issue may le...

Tor Update Fixes ReachableAddresses Problem

The Tor Project on Wednesday updated its software package to version 0.2.8.7 and fixed a number of issues, including a bug it calls “important” in the ReachableAddresses option. ReachableAddresses is a list of IP addresses and ports that are permitted by a firewall; admins can set IP ranges and...

Cisco Begins Patching Equation Group ASA Zero Day

Cisco today began the process of patching a zero-day vulnerability in its Adaptive Security Appliance ASA software exposed in the ShadowBrokers data dump. Users on affected versions of ASA, 7.2, and 8.0 through 8.7, are urged to migrate soon to 9.1.79 or later. Newer versions that are also...