Apple Fixes Vulnerabilities Across OS X, iOS, Safari

Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS. The OS X update graduates the desktop and server operating system to OS X El Capitan v10.11.6 and applies to anyone running OS X...

CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack

An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy...

Researchers Crack Furtim, SFG Malware Connection

New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies. According to security experts at Damballa, Furtim and the recently discovered SFG malware a...

Two Million Passwords Breached in Ubuntu Hack

Linux users who frequent the Ubuntu forums may want to change their passwords following news that an attacker was able to breach the service and its two million users. Jane Silber, Chief Executive Officer at Canonical,the company that maintains the service, acknowledged on Friday that a known SQL...

Juniper Crypto Bug Let Attackers Eavesdrop on Router, Switch Traffic

Juniper Networks patched a crypto bug tied to its public key infrastructure that could have allowed hackers to access the company’s routers, switches and security devices and eavesdrop on sensitive communications. The flaw was tied to Juniper products and platforms running Junos, the Juniper...

Neutrino EK Spotted Leveraging Patched IE Zero Day

Attackers behind the Neutrino Exploit Kit didn’t take long to co-op a recently patched Internet Explorer zero-day into its arsenal. Researchers claim the kit has been pushing CVE-2016-0189, a vulnerability that was reportedly used in targeted attacks on South Korean organizations earlier this yea...

Scan Reveals Hydropower Plants, Other Critical Infrastructure Exposed Online

An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy, and a smart building in Israel hosting luxury apartments. The investigation, conducted by researchers at Internet Wache of Berli...

On Pokemon and Privacy, Riffle, the Fiat Chrysler Bug Bounty Program, and More

Mike Mimoso and Chris Brook discuss the news of the week, including privacy and Pokemon GO, a new MIT anonymity system, the Fiat Chrysler bug bounty program, and a patched printer spooler vulnerability. Download: ThreatpostNewsWrapJuly152016.mp3 Music by Chris Gonsalves...

EFF Again Calls for Investigation Around W3C's DRM Extension

Digital rights advocates are again pleading with the World Wide Web Consortium W3C to reconsider standardizing DRM in Encrypted Media Extensions, a draft specification that would ultimately feed into HTML 5. Advocacy groups like the Electronic Frontier Foundation EFF and security researchers alik...

Cisco Patches DoS Flaw in NCS 6000 Routers

Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers. The flaw rests in the management of system timer resources and could allow an attacker to remotely crash the...

CryptoDrop Early-Warning Ransomware Detector

While most of the discussion around ransomware is rightly so about the unabated stampede of new strains and variations on existing samples, relatively little discourse focuses on detection beyond antivirus and intrusion prevention systems. Some generic ransomware detection systems for Windows and...

Stampado Ransomware Sells on Dark Web for $39

Dirt cheap ransomware selling for as little as $39 on the dark web has security experts concerned the low price coupled with its potency could trigger a wave of new infections. The ransomware is called Stampado and besides its hallmark low price, the ransomware is also unique because it threatens...

Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug. Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit...

China Hacked FDIC And Agency Covered It Up

A scathing congressional report points the finger at hackers sponsored by the Chinese government for their role in a series of hacks against the U.S. Federal Deposit Insurance Corp. FDIC. The report also alleges the agency covered up the hacks in order to guarantee the appointment of current...

Drupal Patches Three Remote Code Execution Vulnerabilities in Modules

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...

MIT Anonymity Network Riffle Promises Efficiency, Security

Researchers from MIT believe a new anonymity scheme they’ve devised dubbed Riffle could contend with Tor, claiming it’s every bit as secure as Tor, and bandwidth-efficient, to boot. According to a paper, “Riffle: An Efficient Communication System With Strong Anonymity,” .PDF released this week, t...

Intel Patches Local EoP Vulnerability Impacting Windows 7

Intel issued an important security patch Monday for a vulnerability that could allow hackers to execute arbitrary code on targeted systems running Windows 7. The bug, located in Intel’s HD graphics Windows kernel driver, leaves affected systems open to a local privilege escalation attacks that...

Seeking Alpha Mobile Financial App Forgoes Encryption

A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. The Seeking Alpha mobile app for Android and iOS also leaks everything from HTTP cooki...

July 2016 Microsoft Patch Tuesday Security Patches

Networked printers have always posed an interesting attack vector, mostly for academics looking for vulnerabilities, and vandals sending garbage to the print bin. Microsoft, today, however patched a legitimate vulnerability that an attacker could abuse to attack corporate and home networks...

Google, Niantic to Limit Data Pokémon GO Collects

Niantic, Inc. – the company behind the ubiquitous, can’t-go-10-minutes-without-hearing-about-it Pokémon GO game – said Monday night it wasn’t the company’s intent to request full access permission of its users’ Google accounts. The company, a Google spinoff, was put in the crosshairs over its...

Little Snitch Bug Leaves Some Mac Systems Open to Attack

Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker...

July 2016 Adobe Flash Player Patches

Adobe today pushed out an updated Flash Player that patched 52 vulnerabilities, most of which led to remote code execution on compromised machines. The 52 flaws represent one of the biggest security updates in Flash this year, in what has been a busy time around the beleaguered software. Already,...

xDedic Hacked Server Market Resurfaces on Tor Domain

The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new $50 USD enrollment fee. XDedic’s original domain xdedic.biz disappeared shortly after a June 16 Kaspersky Lab report describing how xDedic provided a platform for the sale of compromised RDP server...

Ranscam Ransomware Deletes Files Outright

Researchers have observed ransomware so sophisticated over the last few months that we’ve seen a variant tease researchers with strings of hidden code and another composed entirely of JavaScript. But not every attacker is technically proficient; researchers are suggesting the ones behind a new...

Malware Dropper Built to Target European Energy Company

A malware dropper with designs on specific targets was found in a private underground forum and is likely the predecessor to the Furtim malware that was uncovered in May. Researchers at SentinelOne today published a report that says the dropper sample they investigated, which they’re calling SFG,...

Jigsaw Ransomware Decrypted, Again

The four-month-old Jigsaw ransomware has been defeated again. The ransomware, that packs an emotional punch with its creepy graphics and hallmark countdown clock, can be overcome simply by tricking the ransomware code into thinking you’ve already paid. Researchers at Check Point published a fix f...

Datadog Forces Password Reset Following Breach

Datadog, a software-as-a service-based provider of IT infrastructure monitoring and analytics services, has forced a password reset on all of its user and admin accounts following a breach last Friday. “We have detected unauthorized activity associated with a handful of production infrastructure...

Malicious Pokémon Go Features Backdoor, RAT

Researchers are warning would-be Pokémon Trainers that a malicious, backdoored version of the massively popular game Pokémon Go could be making the rounds soon. An APK Android application package file of the game has been rigged with a remote access tool RAT called Droidjack that if installed,...

Google Updates CA Trust Mechanisms in Android Nougat

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an...

IoT Medical Devices: A Prescription for Disaster

If you’re sick and sitting in a drab hospital room hooked-up to a dialysis pump, the last thing you want to worry about is hackers. But according to IT healthcare security experts, there is a chance that life-saving dialysis machine is infected with malware, could even be processing fraudulent...

91 Percent of Public-Facing ICS Components Are Remotely Exploitable

We live in an increasingly connected world, but even in an age when DDoS attacks can take entire airlines offline, many critically sensitive industrial control systems ICS are still connected to the internet. A pair of reports released today by Kaspersky Lab reveal how dire the situation really i...

Google Testing Post-Quantum Cryptography in Chrome

Plenty has been speculated since the Snowden documents were made public about the NSA’s interest in building a quantum computer that could break current encryption securing communication worldwide. Quantum computing on a practical scale is a distant goal, but some do exist that leverage some...

Facebook Messenger End-to-End Encryption Not On By Default

Facebook today began a test program rolling out opt-in end-to-end encryption for its Messenger service called Secret Conversations. The end-to-end encryption is based on the Signal protocol developed by Open Whisper Systems, the same protocol that stands up the crypto in the Signal and WhatsApp...

'Dropping Elephant' APT Attackers Targets Old Windows Flaws

Don’t judge an APT by its exploits alone. That’s the takeaway from a report that details a unique advanced persistent threat that leverages a kludge of unsophisticated, outdated and rudimentary attack tools to conduct cyber espionage. The target of the attacks are government and diplomatic agenci...

On the Android Crypto Weakness, FDE Bypass, Hummingbad, and More

Mike Mimoso, Tom Spring and Chris Brook discuss the news of the week, including all things Android: the crypto weakness, the full disk encryption bypass, and new malware, Hummingbad, which impacts the mobile operating system. The three also discuss the TP-Link router fiasco. Download:...

CryptXXX, Cryptobit Ransomware Spreading Through Campaign

Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems...

CryptXXX Ransomware Updates Ransom Note, Payment Site

For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more...

D-Link Wi-Fi Camera Flaw Extends to 120 Products

Update A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Researchers at Senrio, who found the original vulnerability, disclosed today additional details of product vulnerabilities related to the component aft...

Android KeyStore Encryption Scheme Broken, Researchers Say

The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say. In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integri...

APT Group 'Patchwork' Cuts-and-Pastes a Potent Attack

An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted...

Researchers Tie Pirrit Adware to Israeli Marketing Company

Researchers have linked a variant of the Pirrit adware for Mac OS X to an Israeli online marketing company called TargetingEdge that is still in stealth mode. Amit Serper, lead Linux and Mac OS X researcher at Cybereason, said that script he wrote to remove the original version of Pirrit from...

July 2016 Android Security Bulletin

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point ou...

TP-Link Loses Control Over Configuration Domain

Top router firm TP-Link has lost control of two key domains accessed by millions of consumers and small businesses each month. The domains, which are used to configure the company’s routers, have expired and been resold to domain name brokers who are actively seeking buyers. Security experts say...

Adwind RAT Resurfaces, Targeting Danish Companies

The remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies, researchers said. In emails purporting to be order requests coming from either spoofed or fake return addresses, attackers are spreading malicious .jar, or Java archive...

Most Post-Intrusion Cyber Attacks Involve Everyday Admin Tools

Think hackers use advanced malware and mysterious tools once they have infiltrated a network? According to security startup LightCyber, most attackers use the same mainstream security tools the good guys use, only for lateral movement, network mapping and remote control of endpoints. Of course,...

Encryption Bypass Vulnerability Impact Half Android Devices

A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack. Researchers at Duo Labs said the...

The Changing Face of Pseudo-Darkleech

The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware. The campaign has been a bit of chameleon since it was disclosed in March 2015 by researchers at Sucuri. The latest...

HummingBad Android Malware Connected to YiSpecter iOS Attacks

The same group of cybercriminals behind a strain of iOS malware uncovered last year have apparently diversified and now dabble in Android malware. The group, dubbed Yingmob, has been running a malware campaign named HummingBad that controls 10 million Android devices globally and rakes in $300,00...

Scope of ThinkPwn UEFI Zero Day Expands

A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte. The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available. Oleksiuk said the fla...

Locky Variant Zepto Debuts with Big Spam Push

Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread...