15946 matches found
GTA Fan Forum Hacked: Old vBulletin Software To Blame
Outdated vBulletin forum software is being blamed for the breach of a Grand Theft Auto fan forum called GTAGaming. It marks the second time in two days a gaming forum has been targeted by hackers and that a SQL injection vulnerability is believed to have been exploited. The fan website notified...
Leaked ShadowBrokers Attack Upgraded to Target Current Versions of Cisco ASA
Exploits against enterprise-grade Cisco firewalls dumped by the ShadowBrokers have quickly—and apparently without a lot of strenuous effort—been upgraded to attack more current versions of ASA. Researchers at Silent Signal in Hungary yesterday tweeted they had ported the EXTRABACON attack to ASA...
Dutch, Belgian Ransomware Wildfire Disrupted, Decryption Keys Posted
The No More Ransom initiative released decryption keys for yet another strain of ransomware this week; now victims of the mostly Dutch-leaning ransomware called WildFire can get their files back without paying attackers. According to an update from the Dutch National Police on Wednesday, when it...
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES 3DES and Blowfish. Researchers are set to present new attacks against 64-bit ciphers tha...
Epic Games Forums Hacked, 800,000 User Accounts Exposed
Epic Games is warning users of a breach that impacts 800,000 user accounts tied to the company’s online forums. On Monday, the game developer temporarily shut down many of its forums and advised users to change passwords on any accounts that shared the same credentials for some of its forums. Epi...
GozNym Banking Trojan Targeting German Banks
GozNym’s Euro trip rolls on. Fresh from targeting banks in Poland, the banking Trojan has reportedly begun taking aim at banks in Germany. For many, August marks the long, dog days of summer but developers behind GozNym appear to be working hard. According to numbers published by IBM’s X-Force te...
Timing of Browser-Based Security Alerts Could Be Better
Multitasking may be the way of the connected world, but as it turns out, it’s not conducive to secure behavior online. Academics from Brigham Young University and the University of Pittsburgh came to that conclusion after using functional magnetic resonance imaging fMRI to study how the brain...
Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities
Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi...
Hancitor Malware Shifts Infection Strategies
Researchers said a new variant of the Hancitor downloader has shifted tactics and adopted new dropper strategies and obfuscation techniques on infected PCs. Researchers at Palo Alto Networks are currently tracking the biggest push of the Hancitor family of malware since June that it says has...
Juniper Acknowledges Equation Group Targeted ScreenOS
Juniper Networks on Friday acknowledged that exploits implants contained in the ShadowBrokers data dump do indeed target its products. “As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS,” said Derrick Scholl, director of security incident...
Eddie Bauer Confirms Payment Card Breach of US, Canadian Stores
Clothing store Eddie Bauer has become the latest retail chain to acknowledge that malware has led to a breach of its point of sale systems. In a press release .PDF late last week Eddie Bauer confirmed that any customers who used a payment card at a store over the past seven months, from January 2...
New Brazilian Banking Trojan Uses Windows PowerShell Utility
Microsoft’s PowerShell utility is being used as part of a new banking Trojan targeting Brazilians. Researchers made the discovery earlier this week and say the high quality of the Trojan is indicative of Brazilian malware that is growing more sophisticated. The banking Trojan is identified as...
Multiple Vulnerabilities Identified in 'Utterly Broken' BHU Routers
Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS...
On Shadow Brokers, the VeraCrypt Audit, and Pokemon Ransomware
Mike Mimoso and Chris Brook discuss the news of the week, including the Shadow Brokers debacle, the VeraCrypt audit, Pokemon ransomware, and a browser address bar vulnerability. Download: ThreatpostNewsWrapAugust192016.mp3 Music by Chris Gonsalves...
EFF Blasts Microsoft Over Windows 10 Rollout
The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10. The digital watchdog group says Microsoft’s strategy of pushing the Windows 10 upgrade application onto users...
OIG Report Finds Vulnerabilities in Medicaid Services Agency
Vulnerabilities exist in systems that belong to the Centers for Medicare & Medicaid Services, a federal agency that’s part of the United States’ Department of Health and Human Services. If exploited the bugs could result in the disclosure of personally identifiable information and the “disruption...
GPG Patches 18-Year-Old Libgcrypt RNG Bug
New versions of Libgcrypt and Gnu Privacy Guard GnuPG or GPG released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator. The flaws were privately disclosed by Felix Dörre and Vladimir Klebanov of Karlsruhe Institute...
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents. Especially hard hit are hospitals ...
Unsecured DNSSEC Easily Weaponized, Researchers Warn
DNSSEC is not invincible. Researchers this week described how a DNSSEC-based flood attack could easily knock a website offline and allow for the insertion of malware or exfiltration of sensitive data. The intent of Domain Name System Security Extensions, or DNSSEC, is to bolster DNS through a...
Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers
Cisco has quickly provided a workaround for one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers. The networking giant today released advisories saying that it...
Pokémon GO Spam, Ransomware, On the Rise
It didn’t take long for attackers to start capitalizing on the popularity of Pokémon GO. Shortly after Niantic, the company behind the now ubiquitous app, released it last month, researchers spotted a malicious, backdoored version of the app on a file repository service. Now attackers are pushing...
Browser Address Bar Spoofing Vulnerability Disclosed
Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. While Mozilla said it has patched the flaw in the affected Android version of the Firefox browser, Google said Chrome will be fixed in an upcoming September...
ShadowBrokers' Leak Has 'Strong Connection' to Equation Group
A high-stakes game of attribution started by a group claiming to have a cache of exploits belonging to the Equation Group took a somewhat definitive turn Tuesday afternoon. Researchers at Kaspersky Lab yesterday confirmed a connection between the tools currently up for auction by the ShadowBroker...
Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations
Researchers today identified a series of ongoing targeted attacks primarily designed to steal sensitive corporate financial data from industrial and engineering organizations in the Middle East. The group behind the campaign, nicknamed Operation Ghoul by researchers at Kaspersky Lab’s Global...
VeraCrypt Audit Under Way; Email Mystery Cleared Up
Update To say the VeraCrypt audit, which begins today, got off to an inauspicious start would be an understatement. On Sunday, two weeks after the announcement that the open source file and disk encryption software would be formally scrutinized for security vulnerabilities, executives at one of t...
Vawtrak Trojan Adds DGA, SSL Pinning
Attackers behind the Vawtrak banking Trojan have been keeping busy, updating the malware over the last few weeks with new a domain generation algorithm DGA and SSL pinning capabilities. Research published by security firm Fidelis on Tuesday explains the updates and breaks down how Vawtrak’s DGA...
$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered
Researchers claim to have found the largest ransomware-as-a-service RaaS ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Softwar...
TCP Flaw in Linux Extends to 80 Percent of Android Devices
Eight out of 10 Android devices are affected by a critical Linux vulnerability disclosed last week that allows attackers to identify hosts communicating over the Transmission Control Protocol TCP and either terminate connections or attack traffic. The flaw has been present in the TCP implementati...
Latest Windows UAC Bypass Permits Code Execution
Less than a month after disclosing a Windows User Account Control bypass, researcher Matt Nelson today published another attack that circumvents the security feature and leaves no traces on the hard disk. This time, the bypass relies on Event Viewer eventvwr.exe, a native Windows feature used to...
Westin, Marriott, Sheraton Hotels Hit By Payment Card Malware
Hotels from Vermont to California have been victimized in a data breach that may have leaked payment data from tens of thousands of point of sale purchases. Customers who frequented 20 hotels run by HEI Hotels and Resorts, a hospitality owner that counts hotel chains like Marriott, Sheraton, and...
EU Struggles to Determine Growing Cost of Cyberattacks
After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers. In a study released this week by the European Union Agency For Network And Information Security ENISA researchers assert that it’s vitally...
Undocumented SNMP String Exposes Rockwell PLCs to Remote Attacks
An undocumented SNMP community string has been discovered in programmable logic controllers PLCs built by Allen-Bradley Rockwell Automation that exposes these devices deployed in a number of critical industries to remote attacks. Researchers at Cisco Talos today said the vulnerability is in the...
Academics Devise New Way to Steal Data from Air-Gapped Computers
Stealing data from air-gapped computers is one of the great exercises in computer security: advanced attackers covet what’s stored on these isolated machines, while researchers try to figure out the novel ways adversaries could jump those gaps. The latest effort doesn’t involve USBs, heat,...
Simple Car Hack Open Millions Wireless Key Systems
Academic researchers added another hack to a growing list of compromises involving vehicles, and this one should give drivers pause the next time they leave valuables locked in their trunk. This hack involves millions of Volkswagen, Ford and Chevrolet vehicles that rely on an outdated key fob...
New Gmail Alerts Warn of Unauthenticated Senders
Google is expected soon to begin a gradual rollout of new security features in Gmail that warn users if the system could not authenticate the sender of an email message. Starting this week for browser-based users of Gmail and Android users, Google will display a question mark over a sender’s...
Microsoft Mistakenly Leaks Secure Boot Key
Update Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea. Two researchers operating under aliases my123 and slipstream this week posted a report—accompanied by a relentless chiptune—that...
Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable To MitM Attacks
Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks. Jasek said the problem is traced back to devices that use the Bluetooth Low Energ...
vBulletin Patches Serious Flaw in Forum Software
A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code. Researcher Dawid Golunski of Legal Hackers privately disclosed the vulnerability, which was patched Aug. 5 in versions...
Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability
Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service DoS attack. The hotfixes come more than two months after the vulnerabilities were publicly...
Serious TCP Bug in Linux Systems Allows Traffic Hijacking
A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 version 3.6 of the Linux kernel can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic. Researchers from the University of California, Riverside and the U....
Putting Apple Bug Bounty Rewards in Perspective
Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on...
Windows 10 Attack Surface Grows with Linux Support in Anniversary Update
Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded. The threat, according to Alex Ionesc...
August 2016 Microsoft Patch Tuesday Security Bulletins
A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks. Edge automatically renders PDF content when it’s set as a computer’s default browser, unlike most other browsers; the feature means...
Adobe Patches Experience Manager; No Flash Update
Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t. For the first time since January, Adobe did not release a security update for Flash Player. Given Flash’s legacy of being a target-rich environment for cybercriminals and advanced...
Misuse of Language: 'Cyber'
Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their...
Breach Forces Password Change on Oracle MICROS PoS Customers
Oracle is alerting customers it found malicious code in some of its MICROS point-of-sale systems and is requiring they change account passwords. The security measures come on the heels of reports the world’s No. 3 PoS service succumbed to a security breach perpetrated by the Carbanak gang. The...
ProjectSauron APT On Par With Equation, Flame, Duqu
A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day...
Qualcomm Chip Flaw Leaves 900m Android Devices Open to Attack
Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t...
iOS 9.3.4 Patches Critical Code Execution Flaw
Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. “An...
PLC Blaster Worm Targets Industrial Control PLCs
LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...