Siemens Patches Password Reconstruction Vulnerability in SICAM PAS

The Industrial Control Systems Cyber Emergency Response Team ICS-CERT cautioned users who work in electrical substations to update certain builds of energy automation software this week. ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could...

LizardStresser IoT Botnets Part of 400Gbps DDoS Attacks

LizardStresser, a distributed denial of service botnet, has found new life leveraging hundreds of internet-based webcams in attacks against Brazilian-based banks, government agencies as well as a handful of U.S.-based gaming companies. Researchers at the Arbor’s Security Engineering and Response...

Mass General Hospital Confirms Third-Party Breach

A breach at Massachusetts General Hospital has potentially compromised the information of roughly 4,300 dental patients, the hospital warned Wednesday. MGH was quick to point out that the data leaked wasn’t stored or maintained on its systems but those of a third-party vendor that assists the...

Foxit Patches 12 Vulnerabilities, 8 That Could Lead to RCE

Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product. The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressin...

Conficker Used in New Wave of Hospital IoT Device Attacks

Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps are increasingly being targeted by hackers seeking to steal patient medical records from hospitals. Attackers consider the devices soft digital targets, seldom guarded with same security as client PCs and...

FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard

The Federal Trade Commission doesn’t investigate every reported breach, but when it comes to prosecuting data security cases it has an impressive 70 percent closure rate, according to agency officials. FTC Commissioner Maureen Ohlhausen shed light on the agency’s approach to enforcing data securi...

Hard Rock's Las Vegas Casino and Noodle and Co. Confirm Hacks

If you’re one of the millions who rocked out at Hard Rock Hotel and Casino Las Vegas or slurped noodles at a Noodles & Company fast food chain in the past year, it’s time to get paranoid. Both companies announced this week separate breaches that include unauthorized access to credit card data. Th...

Trains, Planes, Autos Increasingly in Cybercriminal's Bullseye

The transportation industry is increasingly being targeted by cyber criminals who see the sprawling multi-billion dollar industry as ripe for financially motivated attacks. According to IBM’s X-Force security team, the systems behind planes, trains and automobiles have now become bigger paydays f...

Botnet Powered by 25,000 CCTV Devices Uncovered

A botnet comprised entirely of internet-enabled closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. Researchers who came across the botnet recently said they weren’t surprised that IoT devices were being used to carry out a distributed denial...

Google Play Hit With Rash of Auto-Rooting Malware

Researchers have identified a recent wave of malware targeting the Google Play app marketplace that entices users to download utilities and games that when installed surreptitiously root devices. The exploit, which mobile security firm Lookout calls autorooting malware, gives attackers complete...

655,000 Healthcare Records Being Sold on Dark Web

A hacker selling upwards to 655,000 healthcare records on the dark web allegedly obtained them after exploiting a vulnerability in how companies implement remote desktop protocol, or RDP, functionality. The hacker, who goes by the handle “thedarkoverlord,” allegedly penetrated three healthcare...

Apple iOS Beta Kernel Unencrypted: Pros and Cons

Last week Apple cleared the air as to whether or not it intentionally released an unencrypted version of its iOS 10 beta kernel to the developer community, stating the move was intentional. “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operatin...

New CryptXXX Can Evade Detection, Outsmart Decryption Tools

Tweet Crooks behind the fast spreading CryptXXX ransomware updated the latest variant with better encryption technology and new methods to evade detection by researchers. This latest version of CryptXXX was spotted by researchers at SentinelOne that say the new updated sample has already earned...

Medical Study Blasts Hospitals' Security Practices

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations PDF,” offers a fascinating look behind the privacy...

Selfrando Technique Mitigates Attacks Unmasking Tor Users

The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers,...

Voter Database Leak Exposes 154 Million Sensitive Records

White hat hacker Chris Vickery uncovered a database of 154 million U.S. voter profiles on an unprotected server chockfull of sensitive data that includes voter names, addresses, email addresses, phone numbers, gun ownership information, preferences on gay marriage and links to individual social...

On the Rise of Ransomware, Bitcoin Phishing, and Exploit Kits

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: ThreatpostNewsWrapJune242016.mp3 Music by Chris Gonsalves...

Jkanime Site Infected, Redirecting to Exploit Kit, Ransomware

An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigg...

Necurs Botnet is Back, Updated Locky and Dridex

The notorious Necurs botnet is back in business, after mysteriously going dark for nearly a month. Researchers report the Necurs has returned to spewing massive volumes of email containing an improved version of the potent Locky ransomware and the Dridex banking Trojan. According to Proofpoint...

Mobile Advertising Firm Found Tracking Users To Pay $950K

After settling charges with the Federal Trade Commission this week a mobile advertising company will pay nearly $1M after it was determined the company tracked customers – including children – without their consent. InMobi, an India-based firm with offices across the world, will pay $950,000 in...

Carbonite Triggers Password Reset for 1.5M Customers After Reuse Attack

Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting that accounts was targeted in a password reuse attack. According to a statement issued by Carbonite on Tuesday hackers were attempting to break into user accounts using stolen credential...

Swagger Vulnerability Leads to Arbitrary Code Injection

An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...

WordPress 4.5.3 Security Update

WordPress last week updated to version 4.5.3, a security release for all versions of the content management system. The update patches more than two dozen vulnerabilities, including 17 bugs introduced in the last three releases, all published this year. Many of the vulnerabilities can be exploite...

Let's Encrypt Celebrates Big HTTPS Milestone

Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month. Let’s Encrypt launched to the general public just seven months ago. “Our goal is to get the entire web 100 percent HTTPS,” said Josh Aas, executi...

Patched libarchive Vulnerabilities Have Big Reach

The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software. As is the case with most open source software packages, patching the core library is only half the battl...

Nuclear, Angler Exploit Kit Activity Has Disappeared

Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...

Email Servers For More Than Half of World's Top Sites Can Be Spoofed

More than half of the world’s top sites suffer from misconfigured email servers, something that heightens the risk of having spoofed emails sent from their domains, researchers warn. Researchers at Detectify, a Swedish web security firm, recently combed through hundreds of domains and found that...

Ransomware A Two-Year Nightmare in the Making

The scourge of ransomware over the past two years has been impressive – and not in a good way. The number of frustrated computer users locked out of their PCs is at an all-time high with no signs of the ransomware epidemic relenting. According to security experts, the last two years have seen an...

Advantech Patches WebAccess Remote Code Execution Flaws

Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks. Exploiting the vulnerabilities would be a challenge, however, according to an advisory published Tuesday by the Industrial Control Systems Cyb...

Google Simplifies Two-Step Verification

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services. Making users drink from that pond, however, has been a different story. Simplifying the process of using the second form of authentication, most...

Bitcoin Phishing Campaign Uncovered

For the last month, attackers have used a combination of phishing and typosquatting to carry out a campaign aimed at stealing Bitcoin and blockchain wallet credentials. More than 100 phony Bitcoin and blockchain domains have been set up so far, many which mimic legitimate Bitcoin wallets. Most of...

Meet the 18-Year-Old Who Hacked the Pentagon

Ask David Dworken when he was in tenth grade what a cross-site scripting vulnerability is and you might get a strange look from the Alexandria, Va., teen. Fast forward two years and pose the same question Dworken and you’ll get a well-versed answer from the now white hat hacker and recent high...

Dept. of Justice Makes Plea for Mass Surveillance, Hacking

The Department of Justice is countering a growing chorus of privacy advocates who are against a rule change that will greatly expand law enforcement’s ability to hack into computers located around the world. In a blog post to the DoJ website late Monday, Assistant Attorney General Leslie Caldwell...

Apple Patches AirPort Remote Code Execution Flaw

Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware. Last night, Apple released an advisory warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was...

Citrix GoToMyPC Suffers Major Password Reuse Attack

Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend. John Bennett, product line director for Citrix said the attack was a result of leaked passwords from oth...

xDedic Hacked Servers Market May Be Larger Than Originally Thought

New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace. The underground marketplace was disclosed in a report published last Tuesday describing an eBay-style platfo...

Mobile Triada and Horde Variants Bypass Android Security

Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions. The Android Trojan called Triada,...

Acer Admits E-commerce Site Breached

Taiwanese electronics company Acer began sending letters to customers last week indicating that some of their sensitive financial information–credit card data included–may have been accessed over the last year or so. Customers’ names, addresses, card numbers, expiration dates, and three digit CVV...

Patrick Wardle on macOS Gatekeeper, Crypto Enhancements

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...

Google's Android Rewards Program Pays Out Half Million in First Year

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers ...

On xDedic, a Flash Zero Day, Facial Recognition, and More

Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: ThreatpostNewsWrapJune172016.mp3 Music by Chris Gonsalves...

Breached Credentials Used to Access Github Repositories

Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches. “This appears to be the result of an attacker using lists of email addresses and passwords from other online services...

Adobe Patches Flash Zero Day Under Attack by APT Group

Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against t...

Anti-Surveillance Measure Quashed: Orlando Massacre Cited as Reason

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privac...

Report: FBI Doing Poor Job Securing 411 Million Facial Recognition Photos

Privacy experts are arguing this week the FBI, which maintains a vast – and apparently even larger than expected – treasure trove of facial recognition photos, isn’t doing enough to safeguard the databases, many which contain images of innocent citizens. According to a report released by the...

Inside the xDedic Hacked Server Marketplace

An underground market peddling hacked servers was a unique find, even for a seasoned researcher such as Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic.biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was...

Cisco Won't Patch Critical RV Wireless Router Vulnerability Until Q3

Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution. The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware ...

Like Macros Before It, Attackers Shifting to OLE to Spread Malware

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggest...

Patched BadTunnel Windows Bug Has 'Extensive' Impact

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese...

FBI: Email Scams Take $3.1 Billion Toll on Businesses

Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015. Identified by the FBI as business e-mail compromise...