Steam Patched Broken Crypto in Wake of Replay, Padding Oracle Attacks

The digital gaming platform Steam was quick to patch a cryptographic issue in its client recently that could have allowed an attacker to read sensitive information sent over its network, take over an account, or view plain-text passwords. Valve, the Bellevue, Wash.-based video game developer that...

Platinum APT Group Abuses Windows Hotpatching

An obscure Windows feature known as hotpatching, missing in the OS since the introduction of Windows 8, is a preferred tool used by a resourced attack group called Platinum that was uncovered by Microsoft. The group has carried out targeted attacks in South and Southeast Asia since at least 2009,...

Empty DDoS Threats Still Net Attackers $100,000

With some members of the so-called Armada Collective in jail, another actor has decided to co-opt their technique of sending threatening DDoS extortion messages to businesses worldwide. Only difference is, this group isn’t following through with its threat, and it’s still collecting serious money...

Verizon DBIR Top Targets: Credentials, Phishing and PoS

A lack of security common sense still plagues businesses with 30 percent of phishing emails opened by campaign targets. Worse, 12 percent click on the attachments inside those phishing attacks, giving crooks easy access to systems to snarf up credentials that are later used to pull off financiall...

New Decryptor Unlocks CryptXXX Ransomware

When exploits kits, in particular Angler, spread ransomware infections, people get nervous. The latest strain to appear in the virulent Angler kit is CryptXXX, which researchers at Proofpoint and Fox IT tied to the same group dropping old-school Reveton ransomware and Bedep click-fraud malware...

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits

A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and...

One Million Access Facebook Over Tor

Accessing Facebook over Tor may seem to be a contradiction, but apparently that’s not the case for a million or so users of the anonymity service. Facebook on Friday said that in April, for the first time, there were more than one million people accessing Facebook over Tor in a 30-day period. As ...

GozNym Trojan Attackers Set Sights on Europe, Poland

The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks. The malware has started targeting corporate, SMB, investment banking and consumer accounts at...

Bangladesh Bank Hackers Accessed SWIFT System to Steal, Cover Tracks

Hackers behind the $81 million heist in February at Bangladesh Bank used stolen credentials to inject a malware toolkit into the financial institution’s implementation of the SWIFT payment system. The attackers used the access afforded by the credentials to send fraudulent money transfers to...

MIT Launches Experimental Bug Bounty Program

The effectiveness of bug bounty programs is difficult to deny, especially after adoption of one at Uber, which announced last month it would begin paying $10,000 for critical bugs, and the Department of Defense, whose Hack the Pentagon illustrates the government’s softening stance on hackers. The...

Experts Weigh-In Over FBI $1.3 Million iPhone Payout

Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of the San Bernardino shooter? For some in the security community the answer is a resounding yes. For others, the answer is not so clear-cut. FBI Director James Comey said on...

On the Apple/FBI Hearing, Viber Adding End-to-End Encryption, TeslaCrypt and More

Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO’s stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end encryption, Teslacrypt, and more. Download: ThreatpostNewsWrapApril222016.mp3 Music by Chris Gonsalves...

Core Windows Utility Can Be Used to Bypass AppLocker

A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker. A researcher who requested anonymity found and privately disclosed the issue to...

PoS Attack Net Crooks 20 Million Bank Cards, Up to $400 Million

In a storyline that rivals an episode of The Sopranos, researchers at FireEye documented the heist of bank card data from 20 million individuals that involved a complex web of crooks that may have netted hackers more than $100 million since 2014. In conjunction with recently acquired Isight...

Adobe Analytics AppMeasurement for Flash Library Patch

Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content. The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy...

Cisco Patches Five Denial of Service Vulnerabilities Across Three Products

Cisco released software updates to address five separate denial of service vulnerabilities, all which the company considers either high or critical severity, across its product line this week. According to a series of security advisories issued on Wednesday, three of the five vulnerabilities exis...

Apple Transparency Report Government Requests for Data

Apple’s latest transparency report published on Wednesday shows a big increase in the number of law enforcement and government requests for account and device data. Publication of the report comes on the heels of the latest chapter in the Apple-FBI tussle over encryption and privacy. Tuesday’s...

Misunderstanding APT Indicators of Compromise

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. Reports of APT activities detail compromises spanning multiple organizations, sectors, industry...

Viber Heats Up Crypto-Debate: Adds Encryption to 711 Million Users

Messaging firm Viber is adding end-to-end encryption for 711 million of its users, becoming the latest tech firm to embrace encryption on an massive scale. Making the move even more provocative is the fact Viber is owned by a Japanese conglomerate and operates out of Israel – making it immune to...

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These sample...

Oracle Fixes 136 Vulnerabilities With April CPU

Oracle fixed 136 vulnerabilities across 46 different products this week as part of its quarterly Critical Patch Update. More than half of the CVEs, 72, could be remotely exploitable without authentication. Fixes for a slew of products, including Oracle’s Database Server, E-Business Suite, Fusion...

RansomWhere? Generic OS X Ransomware Detection

With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific;...

BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack

BlackBerry’s CEO made the company’s stance on lawful access requests clear this week and is defending actions to provide Canadian law enforcement with what it needed to decrypt communications between devices. The company’s CEO John Chen penned a statement on Monday, reiterating that one of...

Apple and FBI Faceoff at House Encryption Hearing

Representatives from Apple and the FBI testified Tuesday at a House Energy and Commerce Committee hearing on the ongoing encryption debate. Both vowed to work cooperatively to move past the current encryption impasse and find common ground. They also used the hearing to clarify stances on...

2015 Google Android Security Report

Last year was a landmark time for Android security. Google dealt with a major vulnerability in Stagefright, launched a monthly patch release and vulnerability rewards program, and continued to chip away at the number of malicious applications that find their way onto devices. Given all of that...

Range of Mousejack Attack More Than Doubles

The Mousejack vulnerability raised awareness of the potential risks introduced by a wireless mouse or keyboard to the enterprise. From a relatively short distance, a hacker could send packets to the device that generate keystrokes on the host computer rather than mouse clicks. In short order,...

APT Threat Targets Tibetans, Journalists and Human Rights Workers

Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File RTF documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back ...

Direct Communication with Webmasters Fixes Bugs Quicker

Google has trumpeted its Safe Browsing alerts as a key component in redirecting victims away from potentially malicious websites. An offshoot of that work is that apparently webmasters heed those warnings too and remediate vulnerabilities and bugs quicker. A co-branded study between Google and th...

New MIT Scanner Finds Web App Flaws in a Minute

A new web application security scanner, developed by a former MIT student now Berkeley postdoctoral researcher, could be a real find for developers wishing to lock down bugs that live outside the OWASP top 10. The static-analysis tool is called Space and will be unveiled at the upcoming...

3.2 Million Servers Vulnerable to JBoss Attack

Cisco Talos said on Friday that 3.2 million servers are vulnerable to the JBoss flaw used as the initial point of compromise in the recent SamSam ransomware attacks. Worse, researchers said that thousands of servers have already been backdoored. Hardest hit have been K-12 schools running library...

Google Stresses Transparency in New Chrome Web Store Policies

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has porte...

Microsoft Wins Widespread Support in Privacy Clash With Govt.

Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic...

VMware Patches Critical Session Handling Vulnerability

VMware fixed a critical vulnerability in one of its products this week that if exploited by an attacker, could’ve led to a man-in-the-middle attack. According to an advisory, the problem existed in VMware’s Client Integration plugin, a collection of tools present in a handful of other products th...

URL Shorteners Put Private Cloud Data at Risk

URL shorteners are convenient, but for a long time gave security practitioners anxiety because it was difficult to determine where the shortened address was taking you. Two researchers have now given you new reasons to fear URL shorteners, especially for those storing and sharing data on...

On Badlock, Encryption Legislation, and Cryptoworms

Mike Mimoso and Chris Brook recap the week in news, including the Badlock bust, encryption legislation Burr-Feinstein, the California decryption bill and the dawn of ‘cryptoworms’ – Mike also discusses last week’s Infiltrate Conference in Miami. Download: ThreatpostNewsWrapApril152016.mp3 Music b...

Katie Moussouris on Free ISO 29147

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0. Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard tha...

California Kills Phone Decryption Bill

Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote. But opponents of the bill, who...

Apple Deprecates QuickTime For Windows, Won't Patch New Flaws

The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform. US-CERT today pushed out an alert advising QuickTime for Windows users that the only...

Katie Moussouris on Hack the Pentagon, Embracing Hackers

Mike Mimoso talks to Katie Moussouris about her newly launched consultancy Luta Security, the Hack the Pentagon bug bounty program, and some ISO news around vulnerability disclosure. Download: KatieMoussourisonHerNewConsultancyHackthePentagonandMore.mp3 Music by Chris Gonsalves...

Bank Trojans Nymaim, Gozi Merge Create GozNym

Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an...

Google Chrome Security Update 50.0.2662.75

Google on Wednesday pushed its third Chrome update since the beginning of March, patching a pair of high-severity vulnerabilities in the browser. Yesterday’s update brings Chrome to version 50.0.2662.75 and patched 20 vulnerabilities, according to the Google Chrome Releases blog. Eight of the bug...

Jigsaw Ransomware Decryption Tool

Menacing ransomware called Jigsaw threatened to delete thousands of files an hour if victims didn’t pay 0.4 Bitcoins or $150. Worse, restarting your PC, according to the attackers, would also cost victims 1,000 deleted files. The icing on the cake was a menacing image of “Billy the Puppet” from t...

Qbot Malware is Back: 54K Infections in One Month

The Qbot malware is back and hard at work again with infections reported on 54,517 machines, according to researchers at BAE Systems—with 85 percent of those impacted systems residing in the United States. Qbot’s latest incarnation has learned new tricks since its early days in 2009, and is rilin...

Broken IBM Java Patch Disclosure

Update For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in...

CBS Sports App Transmitted Data Unencrypted

CBS recently fixed a vulnerability in its popular Sports application that could have exposed users to man-in-the-middle attacks and inadvertently leaked personal data. According to researchers, upon registration, users’ names, email addresses, account passwords, dates of birth, and zip codes were...

Microsoft Unleashes 13 Bulletins, 6 Critical

Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock. Microsoft addressed a number of critical browser vulnerabilities found in Internet...

Badlock Windows, Samba Man-in-the-Middle Vulnerability

Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message blo...

ZeuS Banking Trojan Resurfaces As Atmos Variant

Old nemeses die hard, especially when you’re banking malware named ZeuS. According to Denmark-based Heimdal Security, the potent 9-year-old malware ZeuS has morphed into the up-and-coming Atmos malware – now targeting banks in France. Researchers are warning that the criminals behind Atmos have...

iMessage Executes JavaScript URIs as Clickable Links

At the height of the Apple-FBI battle, researchers at Johns Hopkins University tunneled their way through the encryption protocol protecting iMessage to get at content sent via the Apple application Last week, a decidedly less complicated approach surfaced. Rather than having to learn crypto,...

Meet The Cryptoworm, The Future of Ransomware

Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and...