15946 matches found
Live Webinar: XDR and Beyond
Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. It’s a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it and many of the top cybersecuri...
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Softwar...
China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks
A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher. Researchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted...
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import Magmi plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the model...
U.S. Voter Databases Offered for Free on Dark Web, Report
UPDATE Personal information for several million American voters has turned up on a Russian underground cybercrime forum, according to reports – and users are purportedly looking to monetize it using a recently launched State Department program meant to prevent election-meddling. The personal...
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control C2 servers. That’s according to researchers who...
FBI: Ring Smart Doorbells Could Sabotage Cops
The FBI is worried that Ring doorbell owners can use footage collected from their smart devices to keep tabs on police, newly uncovered documents show. The documents – a 2019 Technical Analysis Bulletin from the FBI – was spotted by The Intercept in the BlueLeaks database, a trove of 270 gigabyte...
Pioneer Kitten APT Sells Corporate Network Access
An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity. Pioneer Kitten is a hacker group that specializes...
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. The Apple notary service is an automated system on recent macOS versions that scans software ranging from macOS apps, kernel extensions, disk images and installer...
Charming Kitten Returns with WhatsApp, LinkedIn Effort
The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. The targets are Israeli scholars from Haifa and Tel Aviv universities, and U.S. government...
Stolen Fortnite Accounts Earn Hackers Millions Per Year
UPDATE Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums. With Fortnite’s immense popularity skyrocketing over the past few years – it currently has more than 350 million global players – the game is a...
Critical Slack Bug Allows Access to Private Channels, Conversations
A critical vulnerability in the popular Slack collaboration app would allow remote code-execution RCE. Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various...
Instagram 'Help Center' Phishing Scam Pilfers Credentials
Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Researchers said that the campaign has been targeting hundreds of celebrities, startup business owners, and othe...
Elon Musk Confirms, Tesla Factory A Target of Foiled Cyberattack
Tesla co-founder and CEO Elon Musk has confirmed reports that the Tesla Gigafactory Nevada was a target of a cyberattack earlier in August, which was subsequently thwarted by the Federal Bureau of Investigation. Tesla Gigafactory Nevada is a lithium-ion battery and electric vehicle factory near...
DoJ Aims to Seize 280 Cryptocurrency Accounts Used by Hackers
The U.S. government aims to seize control of 280 illegal cryptocurrency accounts it claims were used by North Korean state-sponsored attackers in their efforts to hack cryptocurrency exchanges and funnel hundreds of millions in stolen funds through a Chinese money-laundering network. The U.S...
Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts
A former Cisco Systems employee pleaded guilty this week to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco’s collaboration application for enterprises. In a plea agreement in a San Jose federal court, Sudhish Kasab...
Facebook Hits Back At Apple’s iOS 14 Privacy Update
Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data...
Magecart’s Success Paves Way For Cybercriminal Credit Card 'Sniffer' Market
The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sol...
Malicious Attachments Remain a Cybercriminal Threat Vector Favorite
While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.” The reason why threat actors are still relying on this...
Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads
Attacks attributed to the Qbot trojan, known as the “Swiss Army knife” of malware, are on the uptick with a reported 100,000 recent infections, according to researchers. Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has shifted tactics again and adopted a bevy ...
Cisco Patches 'High-Severity' Bugs Impacting Switches, Fibre Storage
Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet...
Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack
Threat actors exploited a vulnerability in the popular 3D computer graphics Autodesk software in order to launch a recent cyber-espionage attack against an international architectural and video production company. Researchers said that further analysis of the attack points to a sophisticated,...
Disinformation Spurs a Thriving Industry as U.S. Election Looms
In the years since the 2016 U.S. Presidential Election, threat actors have pieced together a new playbook for sowing confusion and doubt within the American electorate. On Wednesday, researchers with Cisco Talos released a report PDF that details how a number of these new sophisticated campaigns...
Medical Data Leaked on GitHub Due to Developer Errors
Developer error caused the leak of 150,000 to 200,000 patient health records stored in productivity apps from Microsoft and Google that were recently found on GitHub. Dutch researcher Jelle Ursem discovered nine separate files of highly sensitive personal health information PHI from apps such as...
How to Write a Cybersecurity Playbook During a Pandemic
If it feels like you’re constantly revising the draft of your cybersecurity playbook these days, it’s because you probably are. Executing a thorough cybersecurity approach was hard enough before the pandemic. Then COVID-19 came along and forced all of your employees out of the office and into the...
Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform
Details tied to a pair of remote code execution bugs in Microsoft’s IoT security platform called Azure Sphere were released Monday. Also made public were specifics associated with two additional privilege escalation flaws impacting the same cloud security platform. Public disclosure of all four o...
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers. The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year. Fo...
Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide...
Shoring Up the 2020 Election: Secure Vote Tallies Aren't the Problem
With the 2020 U.S. Presidential Election coming up in just two months, cybersecurity concerns are taking center stage for average citizens and politicians. That said, the likelihood of election results being impacted by an attack are slim, security researchers say. The focus should be on other...
Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week. The flaw CVE-2020-6492 is a use-after-free vulnerability in the WebGL We...
Iran-Linked 'Newbie' Hackers Spread Dharma Ransomware Via RDP Ports
A group of ‘script kiddies’ tied to Iran are targeting companies worldwide with internet-facing Remote Desktop Protocol RDP ports and weak credentials in order to infect them with Dharma ransomware. The Dharma malware also known as Crysis has been distributed as a ransomware-as-a-service RaaS mod...
APIs Are the Next Frontier in Cybercrime
Application Programming Interface API usage has exploded, and cybercriminals are increasingly taking advantage of API security flaws to commit fraud and steal data. APIs, which are used to create connections between software programs and perform integrations, make everything a bit easier — from...
University of Utah Pays $457K After Ransomware Attack
The University of Utah coughed up a $457,000 ransom payment after a ransomware attack hit the university’s servers, impacting undisclosed student and faculty related data. The Salt Lake City school, which has 24,485 undergraduate students and 8,333 graduate students enrolled, as well as 1,592...
Researchers Sound Alarm Over Malicious AWS Community AMIs
Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Image...
News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app wa...
Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up
A former Uber security executive has been charged for his role in the cover-up of a massive 2016 data breach, in which attackers accessed the company’s Amazon Web Services accounts and stole data associated with 57 million passengers and drivers. The U.S. State Attorney for the Northern District ...
IBM Settles Lawsuit Over Weather Channel App Data Privacy
IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app’s permission prompt for users to...
Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government
The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. The effort features a worm that can propagate from machine to machine while stealing files from USB removable drives. Transparent...
Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege EoP bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows. Of note, both flaws were...
Senate Bill Would Expand Facial-Recognition Restrictions Nationwide
A bill making its way through the U.S. Senate aims to extend nationwide some of the restrictions on the collection of facial-recognition information already imposed by an Illinois state law, as well as expand private citizens’ legal powers to sue companies that violate them. The news comes as...
Cisco Critical Flaw Patched in WAN Software Solution
Cisco patched a critical flaw in its wide area network WAN software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services vWAAS, which is software that Cisco describes as ...
IBM AI-Powered Data Management Software Subject to Simple Exploit
The IBM’s next-gen data-management software suffers from a shared-memory vulnerability that researchers said could lead to other threats — as demonstrated by a new proof-of-concept exploit for the bug. The IBM Db2 is a family of hybrid data-management products containing artificial intelligence,...
Researchers Warn of Flaw Affecting Millions of IoT Devices
Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things IoT devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity or even overdose a...
FritzFrog Botnet Attacks Millions of SSH Servers
A peer-to-peer P2 botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January. SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connectio...
Airline DMARC Policies Lag, Opening Flyers to Email Fraud
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC Domain-based Message Authentication, Reporting & Conformance is considered the industry standard for email authentication to prevent attackers from...
The Sounds a Key Make Can Produce 3D-Printed Replica
Security researchers have given a whole new meaning to “picking a lock,” demonstrating that they can use audio and signal-processing technology to listen to the sounds a key makes when it opens a lock and then 3D-print a duplicate from a recording. The attack, called SpiKey, leverages any basic...
Researchers Warn of Active Malware Campaign Using HTML Smuggling
An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign...
Large Orgs Plagued with Bugs, Face Giant Patch Backlogs
Large companies find an average of 779,935 individual security bugs when running routine vulnerability scans; and over the course of six months, an average of 28 percent of those vulnerabilities will remain unmitigated. This leaves many of these organizations in a sitting-duck position for...
AWS Cryptojacking Worm Spreads Through the Cloud
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services AWS cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency. According to researchers at Cado Security, the...
IcedID Trojan Rebooted with New Evasive Tactics
Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features — including a password-protected attachment...