Cybercriminals Expand Attack Radius and Ransomware Pain Points

AUTHOR: Melissa Bischoping is director, endpoint security research specialist at Tanium When ransomware strikes, security teams and business leaders are immediately faced with a flurry of questions, including: “Is the vulnerability patched?” “Does my vendor/supplier/customer’s compromise affect m...

The Challenge Digital Executive Protection Poses to Enterprise Security Teams

In our previous articles for Threatpost, we’ve talked a lot about how the attack surface has expanded into the personal digital lives of executives and high-profile employees. About how their online privacy, personal devices, and home networks are now primary targets – either to compromise them...

Scammers Target NFT Discord Channel

Discord a public chat application designed for gamers has grown popular among crypto owners all over the world. Attackers are targeting the Discord servers of several popular nonfungible token NFT projects. Josh Fraser founder of Origin protocol shared a thread on Twitter earlier this month,...

International Authorities Take Down Flubot Malware Network

International law enforcement has taken down the infrastructure behind Flubot, a nasty piece of malware which had been spreading with unprecedented speed across Android devices globally since December 2020. Europol revealed Wednesday that a collaboration between law enforcement in 11 countries le...

Being Prepared for Adversarial Attacks

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat...

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution RCE flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

UPDATE A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. The warning comes from Japanese security vendor Nao Sec, which tweeted a warning about the zero day over the weekend. It’s unclear if the...

Critical Flaws in Popular ICS Platform Can Trigger RCE

Critical flaws in a popular platform used by industrial control systems ICS that allow for unauthorized device access, remote code execution RCE or denial of service DoS could threaten the security of critical infrastructure. OAS—offered by a company of the same name–makes it easy to transfer dat...

Cybergang Claims REvil is Back, Executes DDoS Attacks

The defunct REvil ransomware gang is claiming responsibility for a recent distributed denial of service DDoS campaign against a hospitality customer of cloud networking provider Akamai. However, it’s highly possible the attack is not a resurgence of the infamous cybercriminal group but a copycat...

Link Found Connecting Chaos, Onyx and Yashma Ransomware

For a year now, threat actors have been using different versions of the same ransomware builder – “Chaos” – to attack governments, corporations and healthcare facilities. Now researchers from Blackberry have connected the dots, painting a picture of a malware that has evolved five times in twelve...

Zoom Patches ‘Zero-Click’ RCE Bug

Zoom patched a medium-severity flaw, advising Windows, macOS, iOS and Android users to update their client software to version 5.10.0. The Google Project Zero security researcher Ivan Fratric noted in a report that an attacker can exploit a victim’s machine over a zoom chat. The bug, tracked as...

Verizon Report: Ransomware, Human Error Among Top Security Risks

Ransomware, supply-chain threats and how organizations and their employees are their own worst enemy when it comes to security are some of the key takeaways of Verizon’s annual report on the last 12 months of cyber-attacks. The 2022 Data Breach Investigations Report DBIR published Tuesday provide...

Fronton IOT Botnet Packs Disinformation Punch

A fresh look at the Fronton DDoS-focused botnet reveals the criminal tool has more capabilities than previously known. The Fronton botnet first made the headline in March 2020. That is when, according to news reports, a hacktivist group called Digital Revolution said it obtained documents claimin...

Cybercrime Getting More Sophisticated: How to Protect Your Business?

Can it happen to us? Are we ready to combat a cyberattack? All over the world, security officers have been fielding these questions from CEOs and the Board of Directors in the wake of large, high-profile cyberattacks. Yes, is the honest answer when attackers have continuously expanded their...

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches

AUTHOR: Mohit Tiwari, CEO and Co-Founder, Symmetry Systems Compromised credentials and identities, third-party breaches, API attacks, and application exploits are all foundational entry points for today’s hackers. Recent months have brought many high-profile breaches from Samsung and Nvidia to Ok...

Snake Keylogger Spreads Through Malicious PDFs

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...

Closing the Gap Between Application Security and Observability

Infosec Insiders columnist Daniel Kaar, global director application security engineering at Dynatrace. When it’s all said and done, application security pros may come to look upon the Log4Shell vulnerability as a gift. Potentially one of the most devastating software flaws ever found, Log4Shell...

Executives’ Personal Digital Lives are the Soft-Underbelly of Enterprise Security

The unprecedented level of corporate cybersecurity risk now extends far beyond the four walls of the enterprise. There is no longer any difference between personal and corporate protection when it comes to members of the executive team and board. High-level individuals now have a single, unified...

380K Kubernetes API Servers Exposed to Public Internet

More than 380,000 Kubernetes API servers allow some kind of access to the public internet, making the popular open-source container-orchestration engine for managing cloud deployments an easy target and broad attack surface for threat actors, researchers have found. The Shadowserver Foundation...

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found...

DOJ Says Doctor is Malware Mastermind

On Monday, the U.S. Attorney’s Office for the Eastern District of New York revealed criminal charges against 55 year-old cardiologist Moises Luis Zagala Gonzalez of Cuidad Bolivar, Venezuela accusing him of being the mastermind behind the prolific Thanos malware. The inditement alleges he “design...

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups APTs use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University ...

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and...

Sysrv-K Botnet Targets Windows, Linux

Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. The botnet variant is being called Sysrv-K...

iPhones Vulnerable to Attack Even When Turned Off

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication NFC and Ultra-wideband UWB technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element SE...

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. The warning comes amid shared reports of multiple services and...

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have found. The new malware service, dubbed the Eternity Project by the...

Malware Builder Leverages Discord Webhooks

On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a new password-stealing malware builder. Malware builders are programs which so-called script kiddie hackers can craft their own executables on top of. Script kiddie is cybersecurity parlance for a novice hacker who use...

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

Lately, I’ve started wondering if the biggest risk concerning cyberattacks is that we’re becoming desensitized to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like your efforts ...

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

Intel Memory Bug Poses Risk for Hundreds of Products

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System CVSS score of 7. The vulnerability...

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point. The attacker crafted an unusual link using an “@...

Actively Exploited Zero-Day Bug Patched by Microsoft

Microsoft has revealed 73 new patches for May’s monthly update of security fixes, including a patch for one flaw–a zero-day Windows LSA Spoofing Vulnerability rated as “important”—that is currently being exploited with man-in-the-middle attacks. The software giant’s monthly update of patches that...

Ransomware Deals Deathblow to 157-year-old College

Illinois-based Lincoln College was established during the U.S. Civil War. Since then it has weathered two world wars, the Spanish Flu, the Great Depression, the Great Recession and a devastating fire. But two things it couldn’t survive? A ransomware attack and financial pressures tied to the impa...

Hackers Actively Exploit F5 BIG-IP Bug

Threat actors have started exploiting a critical bug in the application service provider F5’s BIG-IP modules after a working exploit of the vulnerability was publicly made available. The critical vulnerability, tracked as CVE-2020-1388, allows unauthenticated attackers to launch “arbitrary system...

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

Costa Rican President Rodrigo Chaves declared a state of national cybersecurity emergency over the weekend following a financially motivated Conti ransomware attack against his administration that has hamstrung the government and economy of the Latin American nation. The attack—attributed to the...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

FBI: Rise in Business Email-based Attacks a $43B Headache

The FBI warned the global cost of business email compromise BEC attacks is $43 billion for the time period of June 2016 and December 2021. According to FBI report, 241,206 complaints were lodged by the agency’s Internet Crime Center IC3. BEC or email account compromise EAC are an advanced scammin...

Insider Risk Cloud Tech Powered Remote Workforce

Exponential growth, lagging indicators, flattening the curve — the pandemic forced us all to get familiar with concepts like these. And these same ideas are extremely relevant to how we should all be thinking about Insider Risk right now. New findings from the Annual Data Exposure Report 2022, an...

The State of Secrets Sprawl: Podcast

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? In the latest in our Threatpost Podcast Series, host...

Podcast: The State of the Secret Sprawl

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? The recent The State of Secrets Sprawl from...

USB-based Wormable Malware Targets Windows Installer

Credit: Red Canary Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at...

CANs Reinvent LANs for an All-Local World

In an article I wrote over a year ago called “Securing the New Normal of Network Access,” I presented four access scenarios that modern organizations needed to enable users to stay securely connected and protected in the new normal of a work-from-anywhere world. Of course, “new” is a relative ter...

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems. The F5 BIG-IP is a combination of software and hardware that is designed around access control, application availability and...

VHD Ransomware Linked to North Korea’s Lazarus Group

Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific APAC region, researchers have found. Financial transactions and similarities to previous malware in its source code link a...

List of Threats You Can Prevent on the DNS Level

The Domain Name System DNS is the underlying fabric that connects almost every gadget, service and endpoint in a company. And depending on how you manage your DNS landscape, it might be your IT security team’s guardian angel or when poorly managed your worst nightmare. When responsibly taken care...

China-linked APT Caught Pilfering Treasure Trove of IP

Researchers from Cybereason’s Nocturnus Team have uncovered a massive, highly successful, three-year-long campaign of intellectual property theft. The perpetrators were likely able to siphon hundreds of gigabytes worth of “sensitive proprietary information from technology and manufacturing...

The Future of Executive Protection is Digital

Physical threats against executives are on the rise. Intensified by unprecedented societal tension, pandemic fatigue, and the economic crisis, corporate leaders are being confronted and assaulted, their vehicles vandalized, and their homes invaded. A 2021 study by the Center for Protective...