OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a...

Android Spyware Variant Snoops on WhatsApp, Telegram Messages

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns...

Facebook Small Business Grants Spark Identity-Theft Scam

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. The perpetrators are trying to dupe people into thinking that the social network is handing out free money to...

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix. The vulnerability in question CVE-2020-0688 exists in the control panel of Exchange,...

Why Web Browser Padlocks Shouldn't Be Trusted

For years, Apple, Firefox, Google and Microsoft relentlessly made the point that in order to avoid rogue sites you must make sure your browser “padlock” is either locked, green or is otherwise indicating a site as being “secure.” Now, cybersecurity firms are stressing that those padlocks are not...

Zerologon Attacks Against Microsoft DCs Snowball in a Week

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...

The Network Perimeter: This Time, It’s Personal

In the rear-view mirror of history, the state of cybersecurity will not take top billing away from the COVID-19 pandemic. However, the one has been significantly affected by the other, and only time will tell what the full fallout will be. The first six months of 2020 saw significant developments...

Las Vegas Students' Personal Data Leaked, Post-Ransomware Attack

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang. In early September, the Associated Press reported that the distri...

Telehealth Poll: How Risky Are Remote Doctor Visits?

Telemedicine is enjoying a healthy boom, as more doctors, clinics and hospitals reduce in-person risks associated with COVID-19. Pre-pandemic, .01 percent of healthcare visits were virtual. The percentage today has leveled off to 21 percent, after peaking at 69 percent earlier this year, accordin...

Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials

An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials. Windows 7 reached end-of-life EOL on Jan. 14, with Microsoft urging enterprises to upgrade to its...

Mac, Linux Users Now Targeted by FinSpy Variants

The FinSpy commercial spyware is back in recently observed campaigns against organizations and activists in Egypt. While the spyware previously targeted Windows, iOS and Android users, researchers have discovered these campaigns using new variants that target macOS and Linux users. FinSpy is a...

Universal Health Services Ransomware Attack Impacts Hospitals Nationwide

A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...

Joker Trojans Flood the Android Ecosystem

More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. Researchers at Zscaler have found 17 different samples of Joker being regularly uploaded to...

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens

Twitter developers are being warned of a security bug that may have exposed their applications’ credential information – including sensitive application keys and access tokens. The issue stemmed from a caching issue in developer.twitter.com. When developers visited this website, it temporarily...

Bug Bounty FAQ: Top Questions, Expert Answers

Seldom does Threatpost have the privilege to tap the collective brain trust of one cybersecurity corner of the threat landscape. But last month, Threatpost brought together leading voices in the bug bounty community to participate in a webinar Five Essentials for Running a Successful Bug Bounty...

FortiGate VPN Default Config Allows MitM Attacks

Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle MitM attacks, according to researchers, where threat actors could intercept important data. According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the...

Industrial Cyberattacks Get Rarer but More Complex

Cyberattacks against the oil and gas industry inched up only slightly compared to the second half of 2019. Security experts say they are encouraged by the anemic growth, but at the same time are expressing concern that attacks are now becoming more potent, targeted and complex. According to new...

Ring's Flying In-Home Camera Drone Escalates Privacy Worries

Ring’s newly announced robot drone – a connected device that flies around homes taking security footage – is causing privacy experts’ concerns to take off. Amazon on Thursday unveiled the Always Home Cam as part of its Ring division, which will cost $249.99 and starts shipping next year. The...

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Microsoft has suspended 18 Azure Active Directory applications that were being leveraged for command-and-control C2 infrastructure by what it says is a Chinese nation-state actor. While Microsoft services like Azure Active Directory AD – its cloud-based identity and access management service – ar...

Feds Hit with Successful Cyberattack, Data Stolen

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency CISA issued an alert on Thursday, not naming the agency but providing technical details of...

Cisco Patch-Palooza Tackles 29 High-Severity Bugs

Cisco Systems released a barrage of patches, Thursday, aimed at fixing bugs in the networking giant’s ubiquitous IOS operating system. The patches plug holes in a wide range of products and address denial-of-service, file overwrite and input validation attacks. The advisory was planned and part o...

Free Apple iPhone 12? Chatbot Phish Spreads Via Texts

A mobile phishing campaign is spreading via text messages purporting to come from an Apple chatbot – and offering “free trials” of iPhone 12. The iPhone 12 is due to be released in October, and the buzz is high for Appleheads who are anxiously awaiting the launch. Cybercriminals are taking...

Alien Android Banking Trojan Sidesteps 2FA

A newly uncovered banking trojan called Alien is invading Android devices worldwide, using an advanced ability to bypass two-factor authentication 2FA security measures to steal victim credentials. Once it has infected a device, the RAT aims to steal passwords from at least 226 mobile application...

Zerologon Patches Roll Out Beyond Microsoft

UPDATE The “perfect” Windows vulnerability known as the Zerologon bug is getting a patch assist from two non-Microsoft sources, as they strive to fill in the gaps that the official fix doesn’t address. They roll out as Microsoft announced that it is tracking active exploitation in the wild. “We...

Gamer Credentials Now a Booming, Juicy Target for Hackers

Credential theft targeting hardcore gamers has hit an all-time high as scams, illicit markets and account takeovers have become a booming business. The driving force behind the uptick in gaming-related crime is a sudden spike in usage of online games, spurred by the coronavirus pandemic and...

Critical Industrial Flaws Pose Patching Headache For Manufacturers

While patch management already presents challenges for enterprises, it’s even more of a headache for manufacturers and other industrial firms – who may even need to shut down entire factory operations in order to apply fixes. Sharon Brizinov, the principal vulnerability researcher with Claroty, h...

CISA: LokiBot Stealer Storms Into a Resurgence

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...

OldGremlin Ransomware Group Bedevils Russian Orgs

A new cybercriminal group called OldGremlin has been targeting Russian companies – including banks, industrial enterprises and medical firms – with ransomware attacks. OldGremlin relies on a bevy of tools, including custom backdoors called TinyPosh and TinyNode, to gain an initial foothold in the...

Google Chrome Bugs Open Browsers to Attack

Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures. Overall, Google’s release of Chrome 85.0.4183.121 for...

Known Citrix Workspace Bug Open to New Attack Vector

A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...

Microsoft Overhauls ‘Patch Tuesday’ Security Update Guide

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update, according to Microsoft, is meant to deliver a more intuitive user experience. For its latest update,...

Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code. Two severe bugs CVE-2020-15674 and CVE-2020-15673 are errors in the browser’s memory-safety protections, which prevent memory access...

Activision Refutes Claims of 500K-Account Hack

After reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty CoD players, the gaming giant is disputing the claim. The alleged breach was first flagged by the oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts...

Google Cloud Buckets Exposed in Rampant Misconfiguration

Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents. In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or...

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored o...

Unsecured Microsoft Bing Server Leaked Search Queries, Location Data

An unsecured database has exposed sensitive data for users of Microsoft’s Bing search engine mobile application – including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data wa...

DHS Issues Dire Patch Warning for ‘Zerologon’

Federal agencies that haven’t patched their Windows Servers against the ‘Zerologon’ vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security. With only hours until the deadline for the directive, issued on Friday,...

Firefox for Android Bug Allows 'Epic Rick-Rolling'

A vulnerability in Firefox for Android paves the way for an attackers to launch websites on a victim’s phone, with no user interaction. The attack manifests in the form of a Firefox browser window on the target device suddenly launching, without the users’ permission. This can be used for various...

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication 2FA securit...

UPDATE – TikTok Ban: Security Experts Weigh in on the App's Risks

UPDATE Chinese apps TikTok and WeChat over the weekend have gotten an 11th hour reprieve from a plan to cut off access to them. As a ban on U.S. downloads loomed for Sunday, TikTok owner ByteDance reached an agreement to sell significant ownership stakes to Oracle and Walmart. While the deal is...

Stubborn WooCommerce Plugin Bugs Gets Third Patch

E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. Two fixes for the flaws, first available on Aug. 22 and second on Sept. 2, failed to patch the...

SecOps Teams Wrestle with Manual Processes, HR Gaps

Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester Consulting – with respondents painting a picture of major resource and technology gaps hamstringing their efforts to block cyberattacks. According to the...

Security Takeaways from the Great Work-from-Home Experiment

As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600...

Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach

The operators of the Maze ransomware have added a fresh trick to their bag of badness: Distributing ransomware payloads via virtual machines VM. It’s a “radical” approach, according to researchers, meant to help the ransomware get around endpoint defense. That’s according to researchers with Soph...

Mozi Botnet Accounts for Majority of IoT Traffic

The Mozi botnet, a peer-2-peer P2P malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things IoT devices, according to researchers. IBM X-Force noticed Mozi’s spike with...

Apple Bug Allows Code Execution on iPhone, iPad, iPod

Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary...

Google Play Bans Stalkerware and 'Misrepresentation'

Google is taking the step of prohibiting “stalkerware” in Google Play, along with apps that could be used in political-influence campaigns. Effective October 1, apps that would allow someone to surreptitiously track the location or online activity of another person will be removed from the intern...

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

UPDATE Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 a.k.a...

California Elementary Kids Kicked Off Online Learning by Ransomware

As students head back to the classroom, the spate of ransomware attacks against schools is continuing. The latest is a strike against a California school district that closed down remote learning for 6,000 elementary school students, according to city officials. The cyberattack, against the Newha...

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

A state-sponsored threat group linked to China has been engaged in a five-month long cyberattack against the Vatican and other Catholic Church-related organizations. Attacks have come in the form of spear phishing emails laced with the PlugX remote access tool RAT as the payload. Researchers with...