Newsletter WordPress Plugin Opens Door to Site Takeover

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...

Twitter Could Face $250M FTC Fine Over Improper Data Use

Twitter may be facing a Federal Trade Commission FTC fine of up to $250 million, after the social media giant last year revealed the improper use of users’ email addresses and phone numbers. In October 2019, Twitter acknowledged that user phone numbers and email addresses gathered for security...

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks

Google and Amazon overtook Apple in the second quarter Q2 of 2020 as the brand most spoofed by attackers to lure people into falling for phishing attacks. The leaderboard change is likely due to activity related to the COVID-19 pandemic, according to new research. While the number of so-called...

Podcast: Learning to ‘Speak the Language’ of OT Security Teams

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions. Information technology IT and operational technology OT may have many of the same objectives – but too often they don’t see eye-to-eye when it comes to top priorities, said Andrew Ginter, VP Industrial Security at Waterfall...

Google Updates Ad Policies to Counter Influence Campaigns, Extortion

Google is making two changes in its advertising policy as the U.S. moves into the fall election season ahead of the presidential contest in November, in an attempt to thwart disinformation campaigns. For one, Google is updating its Google Ads Misrepresentation Policy to prevent coordinated activi...

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

UPDATE Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL End of Life. The remote code execution...

Garmin Pays Up to Evil Corp After Ransomware Attack — Reports

Garmin, the GPS and aviation tech specialist, reportedly negotiated with Evil Corp for an decryption key to unlock its files in the wake of a WastedLocker ransomware attack. The attack, which started on July 23, knocked out Garmin’s fitness-tracker services, customer-support outlets and commercia...

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious action...

Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup “group,” access the group’s member details and even redirect Meetup payments to an attacker-owned PayPal account. Meetup is a service...

4 Unpatched Bugs Plague Grandstream ATAs for VoIP Users

UPDATE Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors ATAs threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to...

Authorities Arrest Alleged 17-Year-Old 'Mastermind' Behind Twitter Hack

Authorities have charged three people who were allegedly behind with the recent high-profile Twitter hack – including a 17-year-old Tampa, Florida teen that they also arrested and say is the “mastermind” behind the attack. Hillsborough State Attorney Andrew Warren said on Friday that Florida law...

CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report

CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. Independent malware hunter @JAMESWT tweeted on Thursday that a malware sample used against CWT formerly known as Carlson Wagonli...

Anti-NATO Disinformation Campaign Leveraged CMS Compromises

Researchers have uncovered a widespread influence campaign that aims to discredit the Northern Atlantic Treaty Organization NATO, an intergovernmental military alliance between 30 North American and European countries. According to new research from FireEye, the campaign has been ongoing since at...

Twitter: Epic Account Hack Caused by Mobile Spearphishing Scam

A mobile spearphishing attack targeting “a small number of employees” is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam. The company posted an update late Thursday on the situation, which has been unfolding since July 1...

Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More

Despite COVID-19 pushing the Black Hat USA 2020 conference to go virtual for the first time, you can expect a steady stream of new security research, threat intel and an impressive lineup of high-profile speakers. This year’s conference kicks off with Matt Blaze, McDevitt Chair in Computer Scienc...

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...

Doki Backdoor Infiltrates Docker Servers in the Cloud

A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control C2 domain names. Doki however is meant to provide a persistent capability for code-execution on an infected...

Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...

Critical Magento Flaws Allow Code Execution

Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...

Billions of Devices Impacted by Secure Boot Bypass

Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 which stands for the GRand Unified Bootloader version 2 is the default bootloader for the majority of computing systems. Its job is to manage part of th...

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Remote code-execution vulnerabilities in virtual private network VPN products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to...

Critical Security Flaw in WordPress Plugin Allows RCE

Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files including PHP files and ultimately execute remote code on vulnerabl...

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems

Face masks not only have shown in research to slow the spread of COVID-19, they also deter facial-recognition technology from correctly identifying people, according to a new study. New research from the National Institute of Standards and Technology NIST found that even the best of 89 commercial...

OkCupid Security Flaw Threatens Intimate Dater Details

Researchers have discovered a slew of issues in the popular OkCupid dating app, which could have allowed attackers to collect users’ sensitive dating information, manipulate their profile data or even send messages from their profile. OkCupid is one of the most popular dating platforms worldwide,...

Lazarus Group Brings APT Tactics to Ransomware

Targeted ransomware attacks are on the rise, usually perpetrated by financially motivated threat gangs, which often work in concert together. However, researchers said that a recent strain of ransomware, called VHD, can be linked to an unusual source: The Lazarus Group APT. According to researche...

Podcast: Security Lessons Learned In Times of Uncertainty

Derek Manky With the coronavirus pandemic breaking out, and corporate workforces going remote, “uncertainty is a key word” for 2020, Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, said. The uncertain times led to an outpouring of cybercriminal...

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations. The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded with...

Microsoft Revamps Windows Insider Preview Bug Bounty Program

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft...

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability CVE-2020-3452 in question, which ranks 7.5 out of 10 on the CVSS scale, were released last...

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Encryption expert Riana Pfefferkorn believes new proposed laws – the EARN IT Act and the Lawful Access to Encrypted Data Act – pose dire threats to cybersecurity and privacy. In this Threatpost interview, Pfefferkorn, who is associate director of Surveillance and Cybersecurity at the Stanford...

DJI Drone App Riddled With Privacy Issues, Researchers Allege

Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. The...

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

The U.S. National Security Agency NSA and the Cybersecurity and Infrastructure Security Agency CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric...

News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags

In this week’s Threatpost news wrap podcast, editors Tara Seals and Lindsey O’Donnell-Welch break down the top security news stories, including: Hackers accessed direct messages DMs for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitt...

Malicious 'Blur' Photo App Campaign Discovered on Google Play

A new campaign of malicious photo apps on Google Play floods Android devices with random ads instead of functioning as advertised. They also elude detection by making its icon disappear from the device home screen soon after it’s downloaded. Researchers at the White Ops Satori Threat Intelligence...

Cisco Network Security Flaw Leaks Sensitive Data

A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense FTD software, which is part of...

UPDATED: Garmin Suffers Reported Ransomware Attack

Garmin, maker of fitness trackers, smartwatches and GPS-related products, has reportedly suffered a widespread ransomware attack — though the facts around the cause remain unconfirmed for now. The manufacturer tweeted on Thursday that its Garmin Connect service is down; Garmin is a free app for...

Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers

The COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things IoT devices seeing sharp increases in the U.S. for the first half of the year. According to SonicWall’s 2020 Cyber Threat Report ransomware attacks are up, particularly in th...

ASUS Home Router Bugs Open Consumers to Snooping Attacks

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices – and eavesdrop on all of the traffic and data that flows through them. The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality...

Cisco, Zoom and Others Must Bolster Security, Say Privacy Chiefs

Global privacy commissioners issued a joint public decry against leading video conferencing companies such as Cisco Systems, Microsoft and Zoom to demand the companies beef up their security and privacy strategies. The critique was delivered via an open letter published by data protection and...

Twitter: Hackers Accessed Private Messages for Elite Accounts

Hackers accessed direct messages DMs for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. An elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late...

OilRig APT Drills into Malware Innovation with Unique Backdoor

A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the...

Apple Security Research Device Program Draws Mixed Reactions

Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. The program offers security researchers specially configured iPhones with shell access, and special...

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

In this in-depth Threatpost podcast Christoph Hebeisen, who leads the Security Intelligence Research Division at Lookout, shares a behind-the-scenes look at how his team discovered and tracked three never-before-seen surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal. Hebeisen...

Leak Exposes Private Data of Genealogy Service Users

A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch...

Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot

Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full fledged botnet that’s...

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will “blindside” the world: “fakeable” voices. More bad actors using artificial...

Critical Adobe Photoshop Flaws Patched in Emergency Update

Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices. Overall,...

Diebold ATM Terminals Jackpotted Using Machine’s Own Software

Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by...