GM Bot Banking Malware Source Code Leak

Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...

Linux Mint Website Hacked, ISOs Replaced with Backdoored Versions

Attackers managed to hijack the website of the Linux Mint operating system to push a backdoored ISO image of the software to users over the weekend. The developers behind the software, one of, if not the most popular Linux distribution, are unsure what the hackers are aiming to achieve by the mov...

Joomla Joins WordPress As TeslaCrypt Ransomware Target

Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeti...

Christopher Ahlberg on Tracking Hackers Through Patterns Across Forums

Threatpost editor Mike Mimoso talks with Christopher Ahlberg, CEO, Recorded Future about tracking cybercriminals through patterns on hacker forums...

AirDroid Patches Vulnerability Exposing Android Data

A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan...

On the iPhone Encryption Debacle, the glibc Linux Vulnerability, and More

Mike Mimoso and Chris Brook discuss the week in news, including the iPhone encryption debacle, the glibc Linux vulnerability, and the latest ransomware headlines. Download: ThreatpostNewsWrapFebruary192016.mp3 Music by Chris Gonsalves...

Tavis Ormandy Discloses Comodo GeekBuddy VNC Server

Just when you thought it was safe to dive back into the Comodo waters, Google researcher Tavis Ormandy has surfaced with more trouble. Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Securit...

Hack Disarms SimpliSafe's Home Wireless Security Systems

More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm. IOActive published a proof of concept report on Wednesday that outlines how it...

Hollywood Hospital Pays $17K Ransom to Decrypt Files

After being knocked offline for nearly two weeks, officials at a California hospital that was hit with ransomware elected on Wednesday to pay attackers. The Hollywood Presbyterian Medical Center HPMC shut down computers on its network on Feb. 5, after attackers allegedly asked for 9,000 Bitcoin, ...

Apple Technically Able to Help FBI Crack Shooter's iPhone

Now that the Apple-FBI story has gone mainstream with rallies supporting CEO Tim Cook scheduled for Apple stores nationwide, presidential candidates weighing in, and a cute hashtag FBiOS affixed, it appears that Apple can technically comply with the judge’s order if must. Security company Trail o...

Sergey Lozhkin on How He Hacked His Hospital

Threatpost editor Mike Mimoso talks with Sergey Lozhkin, senior researcher at Kaspersky Lab’s Global Research and Analysis Team about medical device security and how he was able to access some devices at his local hospital via WiFi...

Locky Ransomware Borrows Tricks from Dridex

It’s been difficult to keep track of all the different strains of ransomware that have plagued users over the last year or two. Unlike many of them the latest to grab headlines is spreading through a decidedly old school vector: document-based macros. Named Locky, the ransomware appears to borrow...

Xen Project Explains Patch SNAFU

Xen Project dropped the ball on two important security patches when it released a maintenance update for its popular hypervisor software on Tuesday. On its company blog today, Xen acknowledged what it called an “oversight” and attempted to explain what went wrong. Effected is maintenance release...

Magnitude of glibc Vulnerability Coming to Light

Not since Stagefright have we had a vulnerability with the scale and reach of the glibc flaw disclosed on Tuesday. “It’s pretty bad; you don’t get bugs of this magnitude too often,” said Dan Kaminsky, researcher, cofounder and chief scientist at White Ops. “The code path is widely exposed and...

IEEE Highlights Top Security Risks For Wearables

As sales of IoT devices continue to see year-over-year double digit growth, security experts are urging the wearable industry to put security front and center when it comes to designing fitness tracker hardware, firmware and backend systems. In a report released Wednesday by the IEEE Center for...

Honeypots Help Illustrate Scores of Vulnerabilities in Medical Devices

There have been some strides made in the last year, but for the most part, security around the healthcare industry has remained the consummate laggard. In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare...

Apple CEO Tim Cook Opposes Court Order

Apple CEO Tim Cook late Tuesday defiantly challenged a U.S federal magistrate judge’s order that it help the FBI break into an iPhone 5c belonging to one of the shooters involved in last December’s attack in San Bernardino, Calif. Cook released a letter last night expressing his opposition to the...

Katie Moussouris on the Latest Wassenaar Arrangement Rules

Threatpost editor Mike Mimoso talks to HackerOne chief policy officer Katie Moussouris about the U.S. implementation of the Wassenaar Arrangement rules and where things stand close to seven months after the initial draft was pulled off the table for a rewrite...

glibc Linux remote code execution vulnerability

Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The vulnerability, discovered independently by researchers at Google and R...

Recapping SAS 2016: IoT Hacks, Metel, Poseidon, and More

Mike Mimoso and Chris Brook recap last week’s Security Analyst Summit — including lots of IoT and critical infrastructure talk, how a researcher hacked his hospital, news on APTs like Metel and Poseidon, and more. Download: ReflectingonSAS2016.mp3 Music by Chris Gonsalves...

Steve Adegbite on Data Integrity

Mike Mimoso talks with Steve Adegbite, Chief Information Security Officer at ETRADE, about data integrity and some of the challenges he encounters when it comes to encrypting data and dealing with third-party access to data...

Disabled PadCrypt Ransomware Includes Live Chat, Uninstaller

Several flavors of ransomware, most notably Cryptowall, have come packaged with support features. But a new piece of crypto-ransomware called PadCrypt has upped the game with a live chat feature that victims can use to interact with the attackers about ransom payments and other information...

VMware vCenter Server Patch Reissue

VMware on Saturday reissued a patch from October that incompletely addressed a critically rated remote code execution vulnerability in vCenter Server. The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowe...

Mazar Bot Actively Targeting Android Devices

Nearly three months after it was spotted for sale in a Russian hacker forum, the Mazar bot has been put to use in active attacks targeting Android devices. Researchers at Heimdal Security said on Friday the bot is being sent to Android users via SMS and MMS messages and if the victim executes the...

Vitaly Kamluk on the Adwind RAT

Mike Mimoso talks to Kaspersky Lab researcher Vitaly Kamluk who was critical in the discovery of the latest version of the cross-platform Adwind RAT. The remote access Trojan is unique in that it’s written in Java, giving this version—which is also known as Frutas, AlienSpy and JSocket—the...

Medical Device, Health Care Security Continues to Ail

TENERFIE, Spain – Sergey Lozhkin knows malware. Medical devices? Admittedly, not so much. That, however, was not an impediment to the Kaspersky Lab researcher in cracking the digital walls of a Moscow hospital and finding a shocking array of open doors on the network and weaknesses in medical...

Power Grid Honeypot Puts Face on Attacks

TENERIFE, Spain –The rhetoric around hacking the power grid would have you believe it’s a relatively mundane practice. Policymakers, intelligence agencies and vendors, for example, spread the word gleefully, leaning on scenarios such as state-sponsored hackers shutting off the lights in the dead ...

10 Year Poseidon APT Group Identified As First Portuguese Speaking Campaign

TENERIFE, Spain–For more than 10 years, attackers have carried out a series of covert attacks on firms worldwide and capitalized on that connection by coercing the companies into a phony business relationship where they can further steal data. Experts with Kaspersky Lab’s Global Research and...

IoT's Day of Reckoning on the Horizon

TENERIFE, Spain–When it comes to the internet of things, it isn’t Wi-Fi that scares Chris Rouland, it’s the whole wireless spectrum, constantly being updated with new and poorly secured protocols. Since these protocols can be reverse engineered so easily, he stressed the modern-day equivalent of...

Security Analyst Summit Inbar Raz

TENERIFE, Spain – Intelligence services may be the security industry’s boogeyman right now, but for a long time, IT security has done a good job of following the government’s lead when it comes to developing new approaches and strategies. At the Kaspersky Lab Security Analyst Summit, Inbar Raz of...

Modern Defenders Share, Visualize and Succeed

TENERIFE, Spain – Network defenders who rely solely on lists of assets to protect are running a fool’s errand. Instead, it’s crucial to think in graphs to not only visualize threats, but also to understand network edges, and dependencies between assets and accounts in order to be able to capture...

Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks

TENERIFE, Spain— Many bank robbers long ago dropped the stick-up man persona in favor of a keyboard and a reliable password-stealing Trojan. Banking malware, however, may soon not be good enough for the bad guys. More and more are copycatting the techniques deployed by advanced hackers to steal...

Scareware Signed with Apple Cert Targets Mac OS X Machines

A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. “Sadly, this particular developer certificate...

A Backdoor in Socat? Going Dark, IoT, and Previewing SAS 2016

Mike Mimoso and Chris Brook discuss the news of the week, including internet-connected teddy bears, the latest on the Going Dark debate, and whether or not there’s a backdoor in Socat. They also preview next week’s Security Analyst Summit in Tenerife, Spain. Download:...

WordPress Compromises Lead to Teslacrypt Ransoware

Website operators running sites on the WordPress platform need to be aware of a massive string of infections that as of Thursday were poorly detected by security products. Researchers at Heimdal Security said the compromised sites redirect victims to other domains hosting the Nuclear Exploit Kit,...

Government Promises Comment Period on Next Wassenaar Draft

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy...

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...

Google Safe Browsing Deceptive Embedded Content

Google’s Safe Browsing API is almost a living organism, constantly evolving and adapting to online threats. On Wednesday, Google announced the latest enhancements to the service, with new features that protect users on the web from deceptive embedded content. “You may have encountered social...

Comodo Chromodo Browser Disables Same-Origin Policy

Google researcher Tavis Ormandy has disclosed that the Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default. The same-origin policy is a fundamental tenet of web security, ensuring that scripts access data from a second webpage only if the two pages...

WordPress Update Fixes SSRF, Open Redirect Vulnerability

Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system. The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried...

eBay Vulnerability Opens Users Up to Phishing, Data Theft

Researchers are warning that some visitors to eBay.com could be tricked into opening a page on the site that could expose them to phishing attacks and data theft. The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an...

URLZone Back and Targeting Japanese Banks

After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan. Attackers have begun sending spam emails with poisoned attachments to customers at ...

Socat Weak Diffie-Hellman Prime Number

Update Socat is the latest open source tool to come under suspicion that it is backdoored. Socat is a versatile command line utility that builds bi-directional communication streams and moves data between channels, including files, network pipes, serial connected devices, sockets or a combination...

Fisher-Price, hereO Toys Expose Kids' Personal Data

As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations’ ability to receive and triage bug reports. Researchers at Rapid7 today disclosed details on a pair of vulnerabilities in to...

Harvard Paper Rebuts Going Dark

Since technology companies such as Google and Apple turned on end-to-end encryption by default and tied encryption keys to device passwords, the government’s inability to compel providers via warrants to turn over data has caused considerable angst. Going Dark is the government’s catch-all phrase...

February 2016 Android Nexus Security Bulletin

Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network. The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The...

Attackers Dropping Kasidet Bot via Office Macros

It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company zScaler, the bot Kasidet, also known as Neutrino, ha...

Data Theft Hole Identified in LG G3 Smartphones

A group of researchers are encouraging any smartphone users who own an LG G3 to upgrade their devices after coming across a serious security vulnerability. If exploited the bug could enable an attacker to run arbitrary JavaScript, and lead to a handful of issues, including data theft, phishing...

On BlackEnergy, Ransomware Hitting an Israeli Energy Consortium, Amazon as a CA, and More

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor. Download: ThreatpostNewsWrapJanuary292016.mp3 Music by Chr...

VirusTotal Firmware Malware Implant Scanning

Successful attacks against firmware are rare but provide hackers with one thing they covet most: persistence. Advanced attack groups have already accelerated their capabilities in finding ways to burrow into the BIOS and EFI as noted by the Snowden leaks’ description of the NSA’s attempts to...