Post Breach, Peatix Data Reportedly Found on Instagram, Telegram

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed...

'Minecraft Mods' Attack More Than 1 Million Android Devices

Scammers are taking advantage of the Minecraft sandbox video game’s wild success by developing Google Play apps which appear to be Minecraft modpacks, but instead deliver abusive ads, according to researchers. Since July, Kaspersky researchers have found more than 20 of these apps and determined...

Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

Researchers have found serious security and privacy issues in 11 different smart doorbells, distributed via online marketplaces like Amazon and eBay, which could be exploited by attackers to physically switch off the devices. Smart doorbells, which connect to a smartphone and alert users when...

Baidu Mobile Apps in Google Play Leak Sensitive Data

Multiple Android mobile apps found in Google Play, including Baidu Search Box and Baidu Maps, were found by researchers to be leaking data that could be used to track users – even if they switch devices. The apps have each been downloaded millions of times, according to Palo Alto Unit 42...

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Researchers have discovered a new backdoor written in the Go programming language Golang, which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access...

Tesla Hacked and Stolen Again Using Key Fob

Researchers have demonstrated for the third time how hacking into the key fob of a Tesla can allow someone to access and steal the car in minutes. The new attack again shows a security vulnerability in the keyless entry system of one of the most expensive electric vehicles EVs on the market...

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager. The critical unpatched bug is a command injection vulnerability. In a separate VMware advisory,...

GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

A recent social-engineering “vishing” attack on domain registrar GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing personal information of users. Vishing is a phishing scam that uses voice interactions over the phone to gain trust...

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 advanced persistent threat APT actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. TA416, which is also known as “Mustang Panda” and “RedDelta,” was spott...

Spotify Users Hit with Rash of Account Takeovers

Subscribers of Spotify streaming music service may have experienced some disruption, thanks to a likely credential-stuffing operation. Credential stuffing takes advantage of people who reuse the same passwords across multiple online accounts. Attackers will use IDs and passwords stolen from anoth...

Manchester United: IT Systems Disrupted in Cyberattack

The Manchester United football club in the U.K. has confirmed that the team fell victim to a cyberattack on its systems. Man U., one of the most popular soccer teams in the world, said that it was suffering ongoing IT disruptions. “The club has taken swift actions to contain the attack and is...

Joe Biden Campaign Subdomain Down After Hacktivist Defacement

A subdomain used by President-elect Joe Biden’s official campaign website was defaced last week by a self-proclaimed Turkish hacktivist and still remains out of commission. The subdomain, vote.joebiden.com, was part of the official campaign website JoeBiden.com used by the Biden campaign leading ...

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

A spike in recent phishing and business email compromise BEC attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple w...

VMware Fixes Critical Flaw in ESXi Hypervisor

VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...

Good Heavens! 10M Impacted in Pray.com Data Exposure

The Christian faith app Pray.com has leaked private data for up to 10 million people, according to researchers. The app offers “daily prayer and Bible stories to inspire, educate and help you sleep” on a subscription basis. Subscriptions run anywhere from $50 to $120. It offers a host of audio...

New Grelos Skimmer Variants Siphon Credit Card Data

Just as seasonal online shopping kicks into high gear, new variants of the point-of-sale Grelos skimmer malware have been identified. Variants are targeting the payment-card data of online retail shoppers on dozens of compromised websites, researchers warn. The Grelos skimmer malware has been...

Facebook Messenger Bug Allows Spying on Android Users

Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing. Natalie Silvanovich, a security researcher at Google Project Zero, discovered the vulnerability,...

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by...

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application is a popular messenger app with more than 100 million downloads from the Google Play store. Researchers at Trustwave...

Tis' the Season for Online Holiday Shopping; and Phishing

While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year — which opens up big opportunities for cybercriminals. This, along with COVID-19, is expected to anchor most of the scam and phishing lures in circulation this season. Since...

Code42 Incydr Series: Protect IP with Code42 Incydr

Stealing a jumbo-jet airplane sounds like a ridiculous movie, but it’s actually just one example of IP theft. It’s happening to tech giants like Twitter and Google, and consumer brands like Hershey. But it’s also happening to organizations built around security — like McAfee and even the CIA. In...

Food-Supply Giant Americold Admits Cyberattack

Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain and soon, COVID-19 vaccine distribution, has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission SEC. The filing was brief and read in part:...

IoT Cybersecurity Improvement Act Passed, Heads to President's Desk

Security experts are applauding the recent stamp of approval by the U.S. Senate on a groundbreaking internet-of-things IoT security regulatory effort. The IoT Cybersecurity Improvement Act, which was led in bipartisan sponsorship by Reps. Will Hurd R-Texas and Robin Kelly D-Ill., would require th...

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a...

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information PII to financial data – is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership’s finance specialis...

Widespread Scans Underway for RCE Bugs in WordPress Websites

Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have...

LAPD Bans Facial Recognition, Citing Privacy Concerns

The Los Angeles Police Department LAPD has banned the use of commercial facial-recognition services – citing “public trust” considerations. The move comes in the wake of a report that showed that more than 25 employees of the department had performed 475 searches so far using the Clearview AI, an...

Cisco Webex 'Ghost' Flaw Opens Meetings to Snooping

A vulnerability in Cisco’s Webex conferencing application could allow an attendee to act as a “ghost” in the meeting – allowing them to spy in on potentially sensitive company secrets. To exploit the flaw CVE-2020-3419, attackers can be remote – however, they would need access to join the Webex...

Google Chrome 87 Closes High-Severity 'NAT Slipstreaming' Hole

Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users. Overall, Google fixed 33 vulnerabilities in its latest version, Chrome 87.0.4280.66, which is being rolled out over the coming days. This...

Firing of CISA Chief Christopher Krebs Widely Condemned

Government officials and cybersecurity experts alike condemned President Trump’s firing of Christopher Krebs by tweet Tuesday, as the director of the Cybersecurity and Infrastructure Security Agency CISA became the latest victim of the president’s housecleaning efforts after his failed bid at a...

Multiple Industrial Control System Vendors Warn of Critical Bugs

Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries. Flaws are rated 9.8 out of 10 in severity by the industry standard Common Vulnerability Scoring System. The Real Time Automatio...

Defining Security Policies to Manage Remote Insider Threats

Even as state and local governments begin to relax COVID-19-related stay-at-home orders, many businesses have adapted to having more people work from home. This trend is likely to continue: Among the top 20 percent of earners, the number of people that work from home is close to 70 percent,...

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

As pharmaceutical companies such as Pfizer race to develop a vaccine for COVID-19, mobile phishing gangs are swapping up their tactics in hopes to get their hands on critical research. Cybercriminals previously targeted pharmaceutical company employee credentials. However, new research shows that...

COVID-19 Antigen Firm Hit by Malware Attack

Over the past two weeks, global biotech firm Miltenyi has been battling a malware attack on its IT infrastructure, the company said in a recent disclosure to its customers. Miltenyi, which has been working on treatments for COVID-19, is still wrestling with phone and email communications in the...

Zoom Takes on Zoom-Bombers Following FTC Settlement

Zoom has once again upped its security controls to prevent “Zoom-bombing” and other cyberattacks on meetings. The news comes less than a week after Zoom settled with the Federal Trade Commission over false encryption claims. Two of the new features allow moderators to act as “club bouncers,” givi...

Cisco Patches Critical Flaw After PoC Exploit Code Release

A day after proof-of-concept PoC exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management application for enterprise administrators, which gives them the ability to enforce various security...

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs. They say it is a liability that can be exploited by threat actors to bypass firewalls and give them access to people’s systems and expose...

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium...

Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack

Cybercriminals are tricking adult website visitors – including sites such as bravoporn.com and xhamster.com – in malvertising attacks that redirect victims to malicious websites serving up malware. The campaign, which is part of a larger malvertising effort dubbed “malsmoke”, has been tracked...

Citrix SD-WAN Bugs Allow Remote Code Execution

Three security bugs in the Citrix software-defined SD-WAN platform would allow remote code-execution and network takeover, according to researchers. The flaws affect the Citrix SD-WAN Center in versions before 11.2.2, 11.1.2b and 10.2.8. They consist of an unauthenticated path traversal and shell...

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim’s PCs. The attacks use stolen digital...

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Researchers have uncovered a wide-ranging global scam targeting Facebook users, after finding an unsecured database used by fraudsters to store the usernames and passwords of at least 100,000 victims. Researchers said that the cybercriminals behind the scam were tricking Facebook victims into...

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

Cybercriminals are embracing cloud-based services and technologies in order to accelerate their attacks on organizations and better monetize their wares, researchers have found. This is largely driven by cybercriminals who sell access to what they call “clouds of logs,” which are caches of stolen...

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather...

Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam

Instagram and TikTok social-media influencers Kelly Fitzpatrick and Sabrina Kelly-Krejci are among 13 defendants in a lawsuit filed by Amazon, which alleges that they participated in an an online scam to sell counterfeit luxury goods. Counterfeit goods are strictly forbidden in the Amazon...

Botnet Attackers Turn to Vulnerable IoT Devices

The vast number of Internet-of-Things IoT devices are proving to be lucrative for botnet operators to carry out various attacks – from sending spam to launching harmful distributed denial-of-service DDoS attacks, according to Derek Manky, Chief of Security Insights & Global Threat Alliances at...

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the...

2020 Reader Survey: Share Your Feedback to Help Us Improve

Dear Threatpost Reader, Thank you for taking the time to participate in our anonymous Reader Survey. With your help, we intend to continue bringing you timely and relevant news and information to keep you in touch with the cybersecurity industry. This survey will only take a few minutes of your...

Ticketmaster Scores Hefty Fine Over 2018 Data Breach

Ticketmaster’s UK division has been slapped with a $1.65 million fine by the Information Commissioner’s Office ICO in the UK, over its 2018 data breach that impacted 9.4 million customers. The fine £1.25million has been levied after the ICO found that the company “failed to put appropriate securi...