Researchers Break Petya Ransomware Encryption

Researchers have been combing through code related to the Petya ransomware long enough they’ve been able to cobble together a decryption tool that should allow most victims to generate keys in less than 10 seconds. A Twitter user who goes by the handle @leostone came up with a genetic algorithm o...

Encryption Bill: Bad for Privacy, Security and Business

A bill that would force companies to decrypt messages and unlock devices if ordered to do so by government court order, surfaced Friday and is rattling security and privacy advocates and IT business leaders. They contend the bill is misguided and will have a detrimental effect on civil liberties...

Moxa Won't Patch Publicly Disclosed Flaws Until August

Update A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team ICS-CERT. Researcher Joakim Kennedy of Rapid7 disclosed in March some...

WordPress Free Encryption Through Let's Encrypt Project

All custom domains hosted on WordPress.com will soon have their sites automatically encrypted for free. WordPress said late Friday afternoon that more than one million sites will have encryption automatically deployed. “We are closing the door to unencrypted web traffic at every opportunity,” wro...

Juniper Updates ScreenOS: Hopes RNG/NSA Controversy Over

Juniper Networks hopes to remove any clouds of uncertainty that its networking gear might still have a backdoor that could allow the NSA or hackers to snoop on traffic running through its hardware. On Thursday, Juniper completed an update to the way its ScreenOS software handles encryption. Junip...

Google Updates Safe Browsing Alerts for Network Admins

Google beefed up the way it displays Safe Browsing Alerts for Network Administrators this week, adding information about sites peddling unwanted and malicious software as well as those caught carrying out social engineering attacks. Google debuted the service, which notifies network admins after...

Latest Flash Zero Day Being Used to Push Ransomware

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infec...

Mac Adware 'OSX.Pirrit' Unleashes Ad Overload, For Now

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has...

Hack the Pentagon DOD Bug Bounty

MIAMI—Lisa Wiswell’s phone rang off the hook last summer in the throes of the OPM hack. But she wasn’t just answering questions from those whose security clearance and personal data disappeared into the Chinese ether; there were also hackers on the other end of the line offering their help...

FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen

The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 APT6 hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts...

In Keynote Comey Challenges Absolute Privacy

The method the FBI used to unlock the San Bernardino killer’s iPhone 5C does not work on newer models, FBI Director James Comey told a crowd of students on Wednesday night. In a Q&A following a keynote address at Kenyon College’s Expectation of Privacy conference in Gambier, Ohio, Comey spoke...

Defenders Need to Embrace Offensive Computer Security Skillsets

MIAMI—Defense may win football championships, but it gets steamrolled in computer security arenas. “A dollar of offense beats a dollar of defense,” said Nate Fick, CEO of Endgame Inc., on Thursday during his keynote address at Infiltrate Conference. Fick’s talk in front of an audience of exploit...

ExaGrid Private SSH Key Removed

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 private...

WhatsApp Encryption: A Good Start, but Far from a Security Panacea

WhatsApp’s addition of end-to-end encryption is a good start, but does not present users with a complete solution that protects against the prying eyes of intrusive governments and nosey third-parties. That’s the consensus among privacy and security experts that commend Facebook-owned WhatsApp fo...

Several Linux Kernel Vulnerabilities Patched in Ubuntu

Several vulnerabilities in Ubuntu’s implementation of the Linux kernel, including a use-after-free vulnerability and a timing side-channel vulnerability, were patched today. An advisory issued by Ubuntu Wednesday morning urges users to patch if they’re running 14.04 LTS or any derivative builds...

Information on 50 Million Turkish Citizens Dumped Online

Turkey’s communications minister this week is denying reports that personally identifiable information of 50 million of the country’s citizens has been leaked online. On Monday hackers published what they claim is a Turkish citizenship database, a cache of information downloadable via BitTorrent,...

Emergency Adobe Flash Player Security Update

Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS. “Successful exploitation could cause a crash an...

WhatsApp Adds End-to-End Encryption To One Billion Users

The world’s largest online communications company WhatsApp, with one billion users, announced Tuesday it added end-to-end encryption to its entire platform. The move is seen as a major win for security and privacy advocates. It also shifts the encryption spotlight away from Apple and its battle...

BREACH Revived to Steal Private Messages from Gmail, Facebook

The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...

Locky Ransomware Variant Changes C2, Spread Via Nuclear Exploit Kit

Security experts warn companies need to brace for new harder-to-detect and more determined variants of the Locky ransomware spotted recently in the wild. The news comes just as reported Locky ransomware attacks have waned in recent weeks. Locky is now trying to evade detection by changing the way...

Researcher Outlines Multiple Vulnerabilities in Quanta Routers

Routers manufactured by Quanta are riddled with critical vulnerabilities–backdoors, a hardcoded SSH key, and remote code execution flaws, to name a few–that won’t be patched because the company considers the product end of life. Researcher Pierre Kim found the flaws and reasons that the flaws are...

Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...

Data Leaking 'Surreptitious Sharing' Vulnerability Identified in Android API

Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf,...

April 2016 Google Android Nexus Security Bulletin

Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices. The public exploit—a rooting application—was privately disclosed to Google on March 15 by Zimperium researchers, and a less than a month after CORE Team researchers reported that CVE-2015-1805, which w...

Cisco's 'High Severity' Flaw Lets Malware Bypass FirePower Firewall

Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection. The flaw...

US, Canada Issue Ransomware Advisory

Ransomware clearly has people on many fronts worried, so much so that the United States and Canada took an unprecedented step last week to issue a joint advisory on the threat posed by crypto-ransomware. The U.S. Cyber Emergency Response Team together with the Canadian Cyber Incident Response...

New Heap-Spray Exploit Tied To LZH Archive Decompression

Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report...

Reddit Removes NSL Warrant Canary from Transparency Report

Reddit’s latest transparency report is missing a nugget of information that was present in a previous report. Last year’s report included a warrant canary which stated that as of Jan. 29, 2015, Reddit had never received a National Security Letter, Foreign Intelligence Surveillance Court order or...

FBI Cracks the iPhone, Scourge of Ransomware Hits Hospitals, and the Hack the Pentagon Program

Mike Mimoso and Chris Brook recap the week in news, including how the FBI cracked that iPhone, the barrage of ransomware hitting hospitals, and the Hack the Pentagon bug bounty trial program announcement. Download: ThreatpostNewsWrap-April12016.mp3 Music by Chris Gonsalves...

FBI Mum on How it Hacked Tor Browser

As Apple’s attorneys mull over their legal options for having the FBI explain how it hacked Syed Farook’s iPhone, a separate case playing out involving the security service and the anonymity software Tor may have a hand in predicting the outcome. According to a court filing earlier this week, the...

New Ransomware KimcilWare Targets Magento Websites

New ransomware called KimcilWare is targeting websites running the Magento ecommerce platform, used by the likes of Vizio, Olympus and Nike. According to security experts from the online community BleepingComputer, hackers exploit vulnerabilities in the Magento ecommerce platform and install the...

Hack The Pentagon Bug Bounty Opens April 18

The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain...

Apple, Google Faced All Writs Act Orders

The American Civil Liberties Union has dug up more proof that from the get-go the FBI’s attempt to crack open an iPhone used by the San Bernardino shooter Syed Rizwan Farook was not just about the one phone. The ACLU found court documents and on Wednesday published an interactive map visualizing...

SideStepper iOS MDM Security Attack

Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprise...

Big-Name Law Firms Fall Victim To Hackers

Wall Street-savvy hackers are behind a data breach that involves a who’s-who of New York City legal firms. Federal investigators are looking into the breach that included Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, both high-profile New York-based law firms. Cravath Swaine & Moore...

Root Servers Were Not Targets of 2015 DDoS Attack

When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses. The most recent attacks against the root servers happened over a two-day period starting last Nov. 30,...

1,400+ Vulnerabilities Identified in Medical Supply System

More than 1,400 vulnerabilities exist in a widely used drug cabinet system, according to an advisory issued by the Industrial Control Systems Cyber Emergency Response Team ICS-CERT on Tuesday. The problems exist in Pyxis SupplyStation, an automated medical supply cabinet manufactured by CareFusio...

MedStar Slowly Restoring Services After Malware Attack

Portions of the hospital chain MedStar Health remain offline Wednesday as a result of a major malware attack that occurred Monday and crippled the hospital’s computer systems and forced one of the largest healthcare providers in Maryland and Washington, D.C. to turn patients away. The healthcare...

Jamie Butler on Detecting Targeting Attacks

In a conversation from RSA Conference, Mike Mimoso talks to Endgame chief technology officer Jamie Butler about what’s new–if anything–with targeted attacks, the proliferation of ransomware, and what defenders are doing about detecting attacks on their networks. Download: JamieButlerRSA.mp3 Music...

Researchers Learning More About Petya Ransomware

Researchers are digging through samples of the Petya ransomware, and while they’ve learned some about its inner workings, they still haven’t mastered enough to come up with a decryptor. Petya is the latest twist on crypto-malware. It was found recently targeting companies in Germany in a spam...

SamSam: This New Breed Of Ransomware Targets Hospitals

Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub. Unlike traditional ransomware samples that rely on gullible users to click on a malware-infected email attachment or visit a booby-trapped website, this new breed of...

TrueCaller Patches Information Leak in Android App

Researchers are encouraging Android users who may have downloaded a popular caller identification application to update, as a previous version of the app inadvertently leaked user information. The app, Truecaller, specializes in phone call management and has been installed at least 100,000,000...

FBI Breaks into Terrorist's Encrypted iPhone

A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone. The DOJ said in its motion that it no longer needed Apple’s help as mandated in a Feb. 16 court order and asked that...

Zen Cart Shopping Cart App Plugs Big XSS Vulnerability

Popular open source shopping cart app Zen Cart is warning its users of dozens of cross-site scripting vulnerabilities found in its software. Affected websites, security experts say, risk exposing customers to malware, theft of cookies data and site defacement. Researchers at the security firm...

Facebook Fixes Instagram Vulnerability That Opened 1M Accounts to Compromise

Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he...

Petya Ransomware Master File Table Encryption

First ransomware locked your desktop. Then it encrypted your files. Not long after, webservers, shared drives and backups were targeted. Now? Introducing Petya, ransomware that targets the Master Boot Record. Spotted in email campaigns sent to human resources offices in German companies, the...

POS Malware Tool "Treasurehunt' Targets Small US-Based Banks, Retailers

As more US companies snuff out point of sale malware by deploying chip-and-PIN bankcard technology, attackers are rushing to exploit existing magnetic strip card systems still vulnerable to malware. A group of hackers that go by the name Bears Inc. are behind the latest barrage of attacks with a...

Badlock Bug in Samba SMB Protocol

Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website. Nonetheless, we have a little more than two week...

Stolen Data on 1.5 Million Verizon Enterprise Customers Up for Sale

Verizon is in the process of notifying customers of its Enterprise Solutions division that their data has been breached. The news comes a few days after a treasure trove of information on 1.5 million Verizon Enterprise customers reportedly made its way onto an underground cybercrime forum,...

PowerWare Ransomware Uses PowerShell for Fileless Infections

Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost. What sets...