Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

For months, Microsoft’s Power Apps portals exposed personal data tied to 38 million records ranging from COVID-19 vaccination status, Social Security numbers and email addresses. Consumers most affected by what is being called a “platform issue” are those doing business with American Airlines,...

ProxyShell Attacks Pummel Unpatched Exchange Servers

Over the weekend, the Cybersecurity & Infrastructure Security Agency CISA issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Securi...

Windows 10 Admin Rights Gobbled by Razer Devices

A zero-day bug in the device installer software for Razer peripherals – be they a Razer mouse, keyboard or any device that uses the Synapse utility – gives the plugger-inner full admin rights on Windows 10, just by inserting a compatible peripheral and downloading Synapse. There’s apparently...

Managing Privileged Access for a Post-COVID Perimeter

For many, 2021 signifies a year of recovery, reflection and reimagining. After the whirlwind year of 2020, we witnessed all aspects and facets of our lives and businesses turn upside down as our communities and economies adapted to the disruptions of the COVID-19 pandemic. As we all know, the...

Attackers Actively Exploiting Realtek SDK Flaws

Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits SDK deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector...

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service DDoS attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be “extremely...

Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits

Researchers have discovered a Nigerian threat actor trying to turn an organization’s employees into insider threats by soliciting them to deploy ransomware for a cut of the ransom profits. Researchers at Abnormal Security identified and blocked a number of emails sent earlier this month to some i...

What’s Next for T-Mobile and Its Customers? – Podcast

What’s the opposite of a resilient operation? It’s when your wireless carrier gets breached for the sixth time in a few years, you try to change your PIN online, and the site tells you “No can do.” As of Wednesday, T-Mobile had confirmed its sixth breach over the last three years. The purported...

How Ready Are You for a Ransomware Attack?

Determining how hard a target you present for the current wave of human-driven ransomware involves multiple considerations. There are four steps to analyzing how prepared you are for a ransomware attack. Such analysis roughly breaks down as follows: 1 How easy it is to break into your environment...

Critical Cisco RCE Bug in Small Business Routers to Remain Unpatched

A critical security vulnerability in Cisco Small Business Routers RV110W, RV130, RV130W and RV215W models allows remote code execution RCE and denial of service DoS. The networking giant said that no patch or workaround will be coming for the bug, since the routers reached end-of-life back in 201...

InkySquid State Actor Exploiting Known IE Bugs

The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...

Windows EoP Bug Detailed by Google Project Zero

It looked like Google Project Zero blew its own 90-day disclosure window when, on Wednesday, it disclosed an elevation of privilege EoP flaw in Windows that it reported to Microsoft just over a month ago on July 8. But no: It turns out that Microsoft flip-flopped on whether or not it was planning...

COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows that COVID-19 data could ...

Postmortem on U.S. Census Hack Exposes Cybersecurity Failures

Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. However,...

Bogus Cryptomining Apps Infest Google Play

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. They may have been removed, but researchers at Trend Micro noted...

T-Mobile: >40 Million Customers’ Data Stolen

T-Mobile has confirmed much of what a threat actor bragged about over the weekend: Personal details for tens of millions of current, former or prospective T-Mobile customers were stolen in a huge breach of its servers. On Tuesday, it disclosed further details on the data breach in a post on its...

Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks

The potential danger from a raft of memory-allocation bugs discovered by Microsoft in April has now spread to older versions of multiple BlackBerry QNX products. The Cybersecurity Infrastructure and Security Agency CISA and BlackBerry warned in separate alerts Tuesday that threat actors can take...

Kerberos Authentication Spoofing: Don’t Bypass the Spec

Authentication is the front gate to security systems, so if you bypass it, you can pretty much do whatever you want. You can log in as an admin and change configurations, access protected resources and gain control of appliances to steal sensitive data from them. For these reasons, the...

Unpatched Fortinet Bug Allows Firewall Takeovers

UPDATE An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall WAF platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said. FortiWeb is a cybersecurity defense platform, aimed at...

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between...

The Overlooked Security Risks of The Cloud

Cloud networking has done more to change computing as we know it than any other innovation in the last 15 years. It’s enabled small companies to quickly deploy an online presence, large companies to scale as demand ebbs and flows, and in a post-COVID world, it provides the foundation for a remote...

LockBit 2.0 Ransomware Proliferates Globally

The LockBit ransomware-as-a-service RaaS gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware. Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis...

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things IoT devices – one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and...

Terrorist Watchlist Exposed Online with Nearly 1.9M Records

A researcher has revealed the discovery of a federal terrorist watchlist that includes 1.9 million records, which were available online without any security protections. The data remained exposed for three more weeks even after the Department of Homeland Security DHS was informed about it...

Apple: Image-Detection Backdoor ‘Narrow’ in Scope

Apple provided additional design and security details this week about the planned rollout of a feature aimed at detecting child sexual abuse material CSAM images stored in iCloud Photos. Privacy groups like the Electronic Frontier Foundation warned that the process of flagging CSAM images...

How to Reduce Exchange Server Downtime in Case of a Disaster?

Exchange Server downtime may occur at any point in time due to several reasons, such as malware attack, server crash, database corruption, and hardware or software-related issues/incompatibility. However, downtime can impact productivity and lead to data loss that can have severe implications on...

Phishing Costs Nearly Quadrupled Over 6 Years

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large U.S. companies are now losing, on average, $14.8 million annually, or $1,500 per employee. That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute th...

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Simply by changing the account’s email address, the exploit allowed anyone to artificially boost their digital billfold to...

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

A stored cross-site scripting XSS vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said. SEOPress is a search engine optimization SEO tool that lets site owners manage SEO metadata, social-media cards, Google Ad settin...

100m T-Mobile Customer Records Purportedly Up for Sale

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credenti...

Cyberattackers Embrace CAPTCHAs to Hide Phishing

Cyberattackers are using Google’s reCAPTCHA aka the “I am not a robot” function and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. There are signs however that those evasion efforts may be losing their efficacy. CAPTCHAs are familiar to most...

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

Could a cyberattack spark the next financial crisis? Following the calamitous, widespread SolarWinds attacks in April, that’s exactly what the New York State Department of Financial Services DFS has suggested. “This incident confirms that the next great financial crisis could come from a...

Exchange Servers Under Active Attack via ProxyShell Bugs

Researchers’ Microsoft Exchange server honeypots are being actively exploited via ProxyShell: The name of an attack disclosed at Black Hat last week that chains three vulnerabilities to enable unauthenticated attackers to perform remote code execution RCE and snag plaintext passwords. In his Blac...

WordPress Sites Abused in Aggah Spear-Phishing Campaign

Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found. The threat group Aggah, believed to be...

Rogue Marketplace AlphaBay Reboots

The illicit marketplace AlphaBay appears to have resurfaced, four years after a high-profile takedown by international law enforcement agencies. The reboot, according to researchers at Flashpoint, isn’t an exact a replica. Rather, the reconstituted version of the site is described as an homage to...

Black Hat: Novel DNS Hack Spills Confidential Corp Data

LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...

AdLoad Malware 2021 Samples Evade Apple XProtect

A swelling wave of AdLoad malware infections in macOS devices is cresting its way past Apple’s on-device malware scanner, researchers said. The campaign is using around 150 unique samples, some of which are signed by Apple’s notarization service. AdLoad is a well-known Apple threat that’s been...

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the...

QR Code Scammers Get Creative with Bitcoin ATMs

With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors are going so far as to send potential victims to gas stations to use Bitcoin ATMs in their endeavors to exploit the technology. The Better Business Bureau B...

Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution RCE vulnerability in the Windows Print Spooler that can be filed under the PrintNightmare umbrella. The news comes amid plenty of...

Accenture Confirms LockBit Ransomware Attack

081321 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “Whi...

NSA Watchdog Will Review Tucker Carlson Spy Claims

The National Security Agency’s Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing...

Friends Reunion Anchors Video Swindle

The second quarter saw a rise in entertainment lures for fraud and phishing, including one campaign capitalizing on the buzz around “Friends: The Reunion.” Researchers at Kaspersky found fake sites supposedly hosting video for the much-anticipated special episode of the popular sitcom, according ...

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, while the key may be interesting to security researchers, it’s not likely to be of use to any of...

SAP Patches Nine Critical & High-Severity Bugs

SAP has released 19 new and updated security patches, three of them rated as “HotNews” critical and six as high-priority. “HotNews” is the severity rating that SAP gives to critical vulnerabilities. Two of this month’s sizzlers have a CVSS score of 9.9 and affect SAP Business One and SAP NetWeave...

Crypto Hack Earned Crooks $600 Million

Attackers reportedly stole $600 million from the cryptocurrency platform Poly Network, in what experts say is one of the largest crypto heists to date. Poly Network, a decentralized finance DeFi platform based in China, publicly acknowledged that an attacker “exploited a vulnerability” that allow...

Connected Farms Easy Pickings for Global Food Supply-Chain Hack

A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern...

Actively Exploited Windows Zero-Day Gets a Patch

Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17...

eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices

Operators of the nearly-year-old eCh0raix ransomware strain that’s been used to target QNAP and Synology network-attached storage NAS devices in past, separate campaigns have, gotten more efficient. According to researchers, both have put out a new variant that can target either vendors’ devices ...