Rob Joyce to Take Over as NSA Cybersecurity Director

As the incoming Biden administration continues to shake up federal leadership, the National Security Agency announced Friday that Rob Joyce, who is currently serving at the U.S. Embassy in London, was named to lead its cybersecurity division. Joyce will inherit the job from Anne Neuberger, who wi...

SolarWinds Malware Arsenal Widens with Raindrop

An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. It was used in targeted attacks after the effort’s initial mass Sunburst compromise, researchers said. The SolarWinds espionage attack, which has affected several U.S. government...

Linux Devices Under Attack by New FreakOut Malware

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service DDoS attacks and cryptomining. The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning,...

Attackers Steal E-Mails, Info from OpenWrt Forum

The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information. Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in...

Medical Device Security: Diagnosis Critical

A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality. Last year, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued more than a...

CES 2021 Gadgets: Worst in Privacy and Security Awards

This year’s Consumer Electronics Show was hampered by the pandemic, but that didn’t stop an expert panel from convening to award this year’s dubious CES 2021 Worst in Show honors in the context of gadget privacy and security. Overall trends from the week included ever-connected devices constantly...

Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'

Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft...

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

Apple has removed a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called “ContentFilterExclusionList” and included a list of at least 50...

Google Boots 164 Apps from Play Marketplace for Shady Ad Practices

Google has removed 164 apps, downloaded a total of 10 million times, from its Google Play marketplace because they were delivering “disruptive” ads, considered malicious. Last year, the tech giant banned apps that delivered this type of advertising, called out-of-context ads. But the problem...

Facebook: Malicious Chrome Extension Developers Scraped Profile Data

Facebook has filed legal action against two Chrome extension developers that the company said was scraping user profile data – including names and profile IDs – as well as other browser-related information. The two unnamed developers under the business name Oink and Stuff, developed Chrome...

Florida Ethics Officer Charged with Cyberstalking

A Tallahassee city ethics officer was arrested and charged with cyberstalking her coworker and former lover, and is now banned by a judge from using the internet for anything besides work, paying bills and her legal defense. Julie Meadows-Keef is accused of cyberstalking Bert Fletcher, the...

Telegram Bots at Heart of Classiscam Scam-as-a-Service

A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate...

Cloud Attacks Are Bypassing MFA, Feds Warn

The Feds are warning that cybercriminals are bypassing multi-factor authentication MFA and successfully attacking cloud services at various U.S. organizations. According to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency CISA, there have been “several recent...

Ring Adds End-to-End Encryption to Quell Security Uproar

Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they s...

TikTok Takes Teen Accounts Private

TikTok has decided to boost privacy measures for its underage users, the popular video-sharing social-media company announced. TikTok’s popularity is being driven by teens — the company reported in 2019 about 60 percent of its 26.5 monthly users are between the ages of 16 and 24, and these latest...

High-Severity Cisco Flaw Found in CMX Software For Retailers

A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found...

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data

On the heels of a previously-reported cyberattack on the European Medicines Agency EMA, cybercriminals have spilled compromised data related to COVID-19 vaccinations onto the internet. The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in...

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Threat Analysis Group...

CISOs Prep For COVID-19 Exposure Notification in the Workplace

With the potential of employees going back into the workplace on the horizon, chief information security officers CISOs are mulling applications that utilize exposure notifications in order to track COVID-19’s spread in the office. Steve Moore, chief security strategist with Exabeam, said he is...

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that allows remote attackers to infect...

Data Breach at 'Resident Evil' Gaming Company Widens

A ransomware attack launched against gaming company Capcom last November keeps getting worse. The company now says that the personal data of up to 400,000 of its customers was compromised in the attack — 40,000 more than the company originally thought. Capcom is a Japan-based publisher of...

Mimecast Certificate Hacked in Supply-Chain Attack

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Microsoft 365...

BumbleBee Opens Exchange Servers in xHunt Spy Campaign

A webshell called BumbleBee has taken flight in an ongoing xHunt espionage campaign that has targeted Microsoft Exchange servers at Kuwaiti organizations. According to researchers at Palo Alto Networks’ Unit 42, BumbleBee so named because of its color scheme was observed being used to upload and...

Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content

Adobe Systems has patched seven critical vulnerabilities, which impact Windows, macOS and Linux users. The impact of the serious flaws range from arbitrary code execution to sensitive information disclosure. The software company’s regularly scheduled Tuesday security updates impact a slew of its...

Europol Reveals Dismantling of 'Largest' Underground Marketplace

Europol on Tuesday announced the takedown of DarkMarket, which according to the law enforcement agency is “the world’s largest illegal marketplace on the dark web.” DarkMarket served as a marketplace for cybercriminals to buy and sell drugs, counterfeit money, stolen or counterfeit credit card...

Ethical Hackers Breach U.N., Access 100,000 Private Records

Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information PII–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure...

Post-Backlash, WhatsApp Spells Out Privacy Policy Updates

WhatsApp is making explicit clarifications around its updated privacy policy, after reports ran amok about the messaging app mandating all-encompassing data-sharing with parent company Facebook. The app’s new privacy policy and terms of service, which will go into effect Feb. 8, says that WhatsAp...

Aliens and UFOs: A Final Frontier for Social Engineers

Buried deep within the most recent round of COVID-19 stimulus legislation was a little provision with potentially explosive consequences: The Pentagon has six months to release a full report on what they know about the existence of what they term Unidentified Aerial Phenomena UAP — or UFOs to the...

Millions of Social Profiles Leaked by Chinese Data-Scrapers

More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet – including details for celebrities and social-media influencers in the U.S. and elsewhere. The leak stems from a misconfigured ElasticSearch database owned...

Researcher Builds Parler Archive Amid Amazon Suspension

A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google. Archived content includes public posts from the social-media site. These posts reportedly included Parler...

SolarWinds Hack Potentially Linked to Turla APT

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat APT group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor...

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

The new year started off with a bang, with the SolarWinds hack revealed in late December acting as a jarring reminder to companies and U.S. government departments alike that cybercriminals continue to successfully exploit security lapses in technology. But beyond the SolarWinds supply-chain...

Ryuk Rakes in $150M in Ransom Payments

The Ryuk ransomware has earned its operators an estimated $150 million, according to an examination of the malware’s money-laundering operations. Joint research released this week from Brian Carter, principal researcher at HYAS, and Vitali Kremez, CEO at Advanced Intelligence, took a the look und...

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack

SolarWinds, which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency CISA Chris Krebs, and former Facebook security executive Alex Stamos. Texas-based SolarWinds hired the duo as...

FBI Warns of Egregor Attacks on Businesses Worldwide

The FBI has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. The malware currently is raging a warpath across businesses worldwide and has already compromised more than 150 organizations. The agency issued an advisory PDF that also shed new light and...

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability CVE-2020-16044 is separate from a bug reported in Google’s browser engine Chromium, which is...

Biden to Appoint Cybersecurity Advisor to NSC – Report

President-elect Joe Biden has reportedly tapped the National Security Agency’s cybersecurity director to serve in a brand-new cyber-role on his National Security Council. Anne Neuberger, a more than 10-year veteran of the NSA and its cyber-chief since 2019, will become the country’s deputy nation...

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

Nvidia, which makes gaming-friendly graphics processing units GPUs, on Thursday fixed a slew of high-severity flaws affecting its graphics driver. The vulnerabilities allow bad actors to cripple systems with denial of service attacks, escalate privileges, tamper with data or sniff out sensitive...

Fired Healthcare Exec Stalls Critical PPE Shipment for Months

The FBI has announced that Christopher Dobbins pleaded guilty and was sentenced to a year in prison for breaching and temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier. Last March, as doctors reported having to ration and reuse...

Threatpost Poll: Weigh in on Ransomware Security

It’s no secret that ransomware attacks continue to rise – with the number of attacks jumping by 350 percent since 2018. Healthcare systems have been hit particularly hard over the past year by ransomware actors, with a recent report saying that healthcare organizations have seen a 45 percent...

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research. The research author, Chuong Dong, a computer science student at...

Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire

WhatsApp is asking users to accept a new privacy policy that will share all of their data with Facebook beginning Feb. 8, a move that has users sounding an alarm once again about the privacy of their information in the hands of the social media giant. The Facebook-owned messaging service already...

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

The National Security Agency NSA is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security TLS protocol instances. The agency this week released new guidance and tools to equip companies to update from obsolete older...

It’s Not the Trump Sex Tape, It’s a RAT

As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to materialize — Trump sex tape as a lure for malware delivery. A campaign has been uncovered that labels a malware downloader with the filename...

Feds Issue Recommendations for Maritime Cybersecurity

The White House has released cybersecurity guidance for securing the Maritime Transportation System MTS, which operates along 25,000 miles of coastal and inland waterways in the United States. The document points out that the MTS encompasses “361 ports, 124 shipyards, more than 3,500 maritime...

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products. Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware CVE-2020-29583 and releas...

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

The U.S. government has identified Russia as the “likely” culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing. In ...

RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework

Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. However, those that maintain Zend Framework emphasize that t...