Chaos Malware: Ransomware and Wiper

An under-construction malware called Chaos has been spotted, which is being advertised on an underground forum as being available for testing. While it calls itself ransomware, an analysis revealed that it’s actually more of a wiper. According to Trend Micro researcher Monte de Jesus, Chaos has...

Fuzz Off: How to Shake Up Code to Get It Right – Podcast

LAS VEGAS – In 2014, two teams of security researchers independently started fuzz testing OpenSSL. Within days, the advanced black-box software technique led to an exploitable vulnerability in OpenSSL: namely, the Heartbleed vulnerability. What is fuzzing? That’s what the FuzzCon event is all...

1M Stolen Credit Cards Hit Dark Web for Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials. Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a...

‘Glowworm’ Attack Turns Light Flickers into Audio

Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount of business is being conducted...

Black Hat: Scaling Automated Disinformation for Misery and Profit

LAS VEGAS – Researchers recently demonstrated the weaponization of deep neural networks that can be used to shape public opinion, enrage people on Twitter and possibly spark QAnon 2.0. The research, presented last week at Black Hat by Drew Lohn, senior fellow at the Center for Security and...

Auth Bypass Bug Exploited, Millions of Routers Affected

An authentication-bypass vulnerability affecting multiple routers and internet-of-things IoT devices is being actively exploited in the wild, according to researchers. The security flaw, tracked as CVE-2021-20090, was disclosed last week by researchers at Tenable. It affects devices from 20...

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. In a report posted on Monday, Zimperium’s zLabs mobile threat research teams wrote that FlyTrap has...

Cutting Through the Noise from Daily Alerts

According to a survey run on IR and SOC teams, analysts are required to keep track of an average of 6.8 threat intelligence feeds and manually handle an excessive number of alerts. The average security operations team receives over 11,000 alerts per day. Most of an analyst’s time almost 70% is...

Golang Cryptomining Worm Offers 15% Speed Boost

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...

Critical Cisco Bug in VPN Routers Allows Remote Takeover

A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a remote, unauthenticated attacker to take over a device – and researchers said there are at least 8,800 vulnerable systems open to compromise. Cisco addressed the bugs CVE-2021-1609 as part of ...

Zoom Settlement: An $85M Business Case for Security Investment

Ransomware isn’t the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More...

Angry Affiliate Leaks Conti Ransomware Gang Playbook

An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work. A security researcher shared a comment from an online forum allegedly posted by someone who did...

Black Hat: New CISA Head Woos Crowd With Public-Private Task Force

LAS VEGAS – Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency CISA, the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Called the Joint...

Auditors: Feds’ Cybersecurity Gets the Dunce Cap

Out of eight U.S. federal agencies identified two years ago with critical cybersecurity failures, seven still don’t meet basic standards, a new audit report found. The Federal government’s overall posture was given just a C-. Audited agencies included the Departments of State, Homeland Security,...

MacOS Flaw in Telegram Retrieves Deleted Messages

A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a “self-destruct” timer for messages on both the sender’s and recipient’s devices can allow someone to retrieve these messages even after they’ve been deleted, a researcher has found. Reegun Richard Jayapaul,...

Windows Hello Bypass Bug Patch is Faulty, Researchers Say

LAS VEGAS – Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user’s face planted on a tampered clone of an external USB-based webcam. The vulnerability, tracked as CVE-2021-34466, CVSS score: 5.7, was patched by Microsoft...

Black Hat: Charming Kitten Leaves More Paw Prints

LAS VEGAS – The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. The latest: a custom Android backdoor dubbed “LittleLooter” – used exclusively by the threat actor, as far as...

‘I’m Calling About Your Car Warranty’, aka PII Hijinx

LAS VEGAS – When you sign up on a new website, where does that information go? Some researchers decided to find out. On Wednesday, they released their preliminary information at a Black Hat USA 2021 session called Use and Abuse of Personal Information. Researchers created 300 fake identities,...

Black Hat: Bugs Allow Takeover of Capsule Hotel Rooms

LAS VEGAS – A series of vulnerabilities in internet of things IoT devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms’ amenities – and punish a loud neighbor. An inadvertent bug hunt began when Kya Supa, security consultant at LEXFO, was traveling...

Black Hat: Let’s All Help Cyber-Immunize Each Other

LAS VEGAS – The in-person Black Hat USA 2021 cybersecurity conference is back, after a pandemic-forced, year-long hiatus, with attendance notably down but spirts up among attendees eager to get back to networking, learning and returning to some normalcy. Event founder Jeff Moss kicked off...

Phishing Campaign Dangles SharePoint File-Shares

Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is “sneakier than usual” and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered. Microsoft Security...

We COVID-Clicked on Garbage, Report Finds: Podcast

Squawking pets, stir-crazy kids, Tiger King: Is it any wonder that work-from-home humans clicked on malicious CAPTCHAs at the astonishing rate of 50 times more than the non-pandemic year before? In the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the...

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...

Ransomware Volumes Hit Record Highs as 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a...

Raccoon Stealer Bundles Malware, Propagates Via SEO

Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target’s computer and new remote access features for dropping malware and scooping up files. The stealer-as-a-service platform, whose customers are typically rookie...

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found...

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics

Researchers have discovered nine vulnerabilities – collectively dubbed PwnedPiper – in the pneumatic tube systems PTS used in more than 80 percent of major hospitals in North America. The bugs, in Swisslog Healthcare’s Translogic PTS, include hard-coded passwords, unencrypted connections and...

Chipotle Emails Serve Up Phishing Lures

Customers who signed up for emails from fast-food chain Chipotle Mexican Grill were recently faced with bigger challenges than queso versus sour cream. A breach of the restaurant’s email marketing service last month lead to customers being served phishing lures and malicious links that redirected...

NSA Warns Public Networks are Hacker Hotbeds

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The recommendations, while pedestrian in scope, do offer system administrators a solid cheat sheet to share with their work-from-home crow...

Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

An attack earlier this month on Iran’s train system, which disrupted rail service and taunted Iran’s leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found. The initial...

UC San Diego Health Breach Tied to Phishing Attack

Authorities at the University of California San Diego Health reported a phishing attack led to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2,...

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards. But at least we have th...

Israeli Government Agencies Visit NSO Group Offices

UPDATE Authorities from multiple agencies of the Israeli government paid a visit the offices of the NSO Group as part of a new investigation into claims that the secretive firm is selling its spyware to threat actors for targeted attacks, according to the Israeli Ministry of Defense. A single twe...

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Siddartha Sharma and Adhokshaj Mishra Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying...

New Ransomware Gangs Haron & BlackMatter Are After Fat Cats

So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with. The first new group to appear this month was Haron, and the second is named BlackMatter. As Ars Technica‘s Dan...

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analyti...

Podcast: Why Securing Active Directory Is a Nightmare

This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory AD such a nightmare? When security...

No More Ransom Saves Victims Nearly €1 billion Over 5 Years

To date, the No More Ransom repository of ransomware decryptors has helped more than 6 million victims recover their files, keeping nearly a billion euros out of the hands of cybercriminals, according to a Monday release. Launched five years ago, No More Ransom is maintained via cooperation betwe...

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a “drastic” situation, given Zimbra’s...

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution RCE and authenticated privilege escalation on the client-side. The Dutch Institute for Vulnerability Disclosure DIVD on Monday issued a public advisory warning that the service and clien...

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that’s being actively exploited in the wild and can allow attackers to take over an affected system. The memory-corruption flaw, tracked as CVE-2021-30807, is found in the IOMobileFrameBuffer extension which exists...

IoT Piranhas Are Swarming Industrial Controls

Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was. One day he got flooded over IRC and was fascinated: What just happened? And how did it happen? He’s since spent the vast...

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex...

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft was quick to respond with a fix to an attack dubbed “PetitPotam” that could force remote Windows systems to reveal password hashes that could then be easily cracked. To thwart an attack, Microsoft recommends system administrators stop using the now deprecated Windows NT LAN Manager NTLM...

Malware Makers Using ‘Exotic’ Programming Languages

Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...

The True Impact of Ransomware Attacks

One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as ...

Discord CDN and API Abuses Drive Wave of Malware Detections

Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with Discord are at risk. Discord creates servers or specific groups or communities of users who can send voice, text and other media messages between one...

5 Steps to Improving Ransomware Resiliency

The ransomware landscape is evolving, and ransomware is now one of the most popular for cybercriminals and damaging types of malwares. The JBS, Colonial Pipeline and Kaseya attacks are the recent high-profile examples of the impact of ransomware and the monumental consequences it can have: Shifts...

FIN7 Liquor Lure Compromises Law Firm with Backdoor

Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one law firm, giving them a shot of the JSSLoade...