WordPress Pushes Out Multiple Flawed Security Updates

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455...

Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

A popular precious-metals dealer, JM Bullion, has been the victim of a payment-skimmer attack. The company’s response was less than solid gold — it took months to notify its users of the breach. The Dallas-based company sells gold, platinum, silver, copper and palladium bullion, in the form of...

Scammers Abuse Google Drive to Send Malicious Links

Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. According to reports,, the recent attack stems from Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite peopl...

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, accordin...

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

What keeps researchers up at night leading up to Nov. 3 isn’t election-day winners and losers. Most cite possible attacks on local infrastructure, crippling ransomware incidents and disinformation campaigns. There are also many concerned voters this year. Election-related cybersecurity attacks ha...

WordPress Patches 3-Year-Old High-Severity RCE Bug

WordPress released a 5.5.2 update to its ubiquitous web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. In all, the WordPress Security and...

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection. The malware, dubbed “Firestarter,” is used by an APT threat group called “DoNot.” DoNot uses Firebase Cloud Messaging FCM, which is a cross-platform cloud soluti...

Wisc. GOP's $2.3M MAGA Hat Debacle Showcases Fraud Concerns

The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise BEC attack. It’s just the latest in a litany of attacks related to the upcoming election, and it...

Halloween News Wrap: Zombie Bugs, Hospital Deaths and Other Scary Cyberattack Stories

This Halloween week, Threatpost editors discuss the spookiest security stories, including: A wave of ransomware attacks targeting a number of hospitals, sparking worries about healthcare security and the impact on patients during COVID-19 “Zombie” vulnerabilities – including Zerologon and SMBGhos...

Wroba Mobile Banking Trojan Spreads to the U.S., via Texts

The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using...

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed their pleas to businesses and end users to update Windows systems with a patch...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic,...

University Email Hijacking Attacks Push Phishing, Malware

Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing...

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

The REvil ransomware gang claims it will rake in $100 million by year’s end. That’s according to a REvil group leader in a rare Q&A with the YouTube Channel for tech blog “Russian OSINT.” During the live interview, the REvil hacker warned of a “big attack coming…linked to a very large video game...

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement...

Oracle WebLogic Server RCE Flaw Under Active Attack

If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.” Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE...

Bug-Bounty Awards Spike 26% in 2020

Cross-site scripting XSS remained the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers in 2020 for a second year running, according to a list of top 10 vulnerabilities released on Thursday by HackerOne. The vulnerability — which enables attackers to...

Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns

Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed...

2 More Hospitals Hit by Growing Wave of Ransomware Attacks, As Feds Issue Warning

UPDATE Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 pandemic. The troubling trend prompted federal law enforcement and health officials, on Wednesday, to sound the alarm and issue a dire warning of...

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

More than 100,000 Windows systems have not yet been updated to protect against a previously-patched, critical and wormable flaw in Windows called SMBGhost. Microsoft patched the remote code-execution RCE flaw bug tracked as CVE-2020-0796 back in March; it affects Windows 10 and Windows Server 201...

'Copyright Violation' Notices Lead to Facebook 2FA Bypass

Scammers have hatched a new way to attempt to bypass two-factor authentication 2FA protections on Facebook. Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to...

How the Pandemic is Reshaping the Bug Bounty Landscape

The pandemic has overhauled the bug-bounty landscape, both for companies looking to adopt such programs and the bounty hunters themselves. Casey Ellis, founder and CTO of Bugcrowd, said that COVID-19’s far-reaching implications — including increasing the acceptance of remote work, pushing more...

Russian Espionage Group Updates Custom Malware Suite

The advanced persistent threat APT known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla a.k.a. Ouroboros, Snake, Venomous Bear or Waterbug is a...

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

Microsoft said that an Iranian threat actor has successfully compromised attendees of two global conferences – including ambassadors and senior policy experts – in an effort to steal their email credentials. The two conferences targeted include the Munich Security Conference, slated for Feb. 19 t...

Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote

The line between our personal and professional lives is blurring in an unprecedented fashion as we approach the 2020 presidential election. From Oracle and Walmart’s plans to invest in TikTok to a bug in Joe Biden’s campaign app that exposed millions of voter files – the role mobile technology wi...

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

The North Korean advanced persistent threat APT group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency CISA. Kimsuky a.k.a. Hidden Cobra has been...

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

The raging pandemic has forced many retailers to re-imagine their businesses, shifting from in-person to contactless interactions through online sales. This new socially distanced reality is colliding with the crush of an upcoming holiday shopping season, creating an unprecedented opportunity for...

Trump Campaign Website Defaced by Cryptocurrency Scam

UPDATE Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. Journalist Gabriel Lorenzo Greschler was the first to notice the attack while he was...

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe

More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli security research firm Security Joes. The researchers immediately...

Amazon Fires Employee Who Leaked Customer Names, Emails

Amazon has fired an employee who shared customers’ names and email addresses with a third party. An Amazon spokesperson told Threatpost that it has systems in place to limit and control access to information, and processes in place for identifying and investigating suspicious behavior. These...

Researchers: Instagram, LinkedIn Vulnerable to Preview-Link RCE Security Woes

UPDATE Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. At risk are Facebook Messenger, LINE, Slack, Twitter Direct Messages, Zoom and many others. In the case of Instagram and LinkedIn, it’s even possible to execute remo...

Majority of Microsoft 365 Admins Don't Enable MFA

Up to 78 percent of Microsoft 365 administrators do not have multi-factor authentication MFA security measures enabled. A recent report by CoreView Research also found that 97 percent of all total Microsoft 365 users do not use MFA, shedding a grim light on the security issues inherent with the...

Code42 Incydr Series: Secure data in the age of remote work

As 2020 began, security leaders were already abuzz about the data security for the growing remote workforce. Fast forward to today, and nearly half of the U.S. labor force is now WFH full time. A recent study by OpenVPN shows 90% of IT and Security pros believe that remote workers are not secure ...

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year, with the added factor of the coronavirus pandemic pushing many Black Friday shoppers online. Chris Eng, chief research officer with Veracode,...

Google Boots 21 Bogus Gaming Apps from Play Marketplace

Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Twenty-one gaming ads discovered on Google packed with adware from the HiddenAds family we...

Microsoft IE Browser Death March Hastens

As the death of the once dominant Internet Explorer IE draws closer, Microsoft is quickly pounding more nails into the browser’s coffin. On Monday, Microsoft hastened its IE-to-Edge browser-transition strategy and announced new controls for users and IT staff when it comes to how the lame-duck...

'Among Us' Mobile Game Under Siege by Attackers

The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers —...

Containerd Bug Exposes Cloud Account Credentials

A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host’s registry or users’ cloud-account credentials. Containerd bills itself as a runtime tool that “manages the complete container lifecycle of its host system, from image transfer and storage to...

Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients

Cybercriminals have hacked the systems of psychotherapy giant Vastaamo – and are now reaching out to therapy patients, threatening to dump their patient files if they do not pay a ransom. Finland-based Vastaamo, which has more than 40,000 psychotherapy patients, said on its website that its...

Nando's Hackers Feast on Customer Accounts

Diners at a popular chicken-dinner chain have seen hundreds of dollars siphoned out of their bank accounts, after cybercriminals were able to access their restaurant ordering credentials. The issue though is that payment-card information is not stored within Nando’s accounts, leaving some questio...

U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware

The Trump administration sanctioned a Russia government research institution on Friday claiming it was behind a series of cyberattacks using the highly destructive Triton malware. The Department of the Treasury’s Office of Foreign Assets Control OFAC said the Triton malware had been used in vario...

IoT Device Takeovers Surge 100 Percent in 2020

Connected cameras, refrigerators and other seemingly-mundane internet-of-things IoT devices are a cybercriminal favorite this year, with new research showing a sharp increase 100 percent in IoT infections observed on wireless networks. IoT devices are now responsible for 32.72 percent of all...

Louisiana Calls Out National Guard to Fight Ransomware Surge

The National Guard has been called in to help stop a series of government-focused ransomware attacks in Louisiana, according to a report. Local government offices across the Pelican State have been besieged by ransomware strikes, according to a cybersecurity consultant speaking to Reuters, with...

Election Security: Beyond Mail-In Voting

As a highly publicized event, every four years the U.S presidential election comes with inevitable security risks — and interest from high-level hackers and sophisticated cybercriminals looking to sway its results. The upcoming election ups the stakes — it has captured the attention of everyone...

Georgia Election Data Hit in Ransomware Attack

Ransomware gangs have officially entered the 2020 election fray, with reports of one of the first breaches of the voting season, on Hall County, Ga. The county’s database of voter signatures was impacted in the attack along with other government systems. Although the county said the voting proces...

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Nvidia, which makes gaming-friendly graphics processing units GPUs, has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card — it keeps users’ drivers up-to-date,...

Ransomware Takes Down Network of French IT Giant

French IT giant Sopra Steria was hit with a cyber attack this week that disrupted the business of the firm and is widely believed to be the work of the threat actors behind Ryuk ransomware. The company revealed the attack in a brief press statement released Oct. 22, two days after officials said...