Lazarus Group Adds Magecart to the Mix

The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code. Lazarus members are targeting online payments made by American and European shoppers. Among the victims is Claire’s, the...

Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...

Email Sender Identity is Key to Solving the Phishing Crisis

Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes. An international law-enforcement team from the France and the...

Ring Doorbell's Police Partnerships Questioned Over Racial Bias

A U.S. congressman is asking Amazon if it plans to place a moratorium on police access to its Ring smart doorbell video footage, citing concerns around surveillance and racial bias. The inquiry comes on the heels of Amazon saying it would halt the sale of its Rekognition facial recognition platfo...

Trojans, Backdoors and Droppers: The Most-Analyzed Malware

Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters 72 percent of the...

Apache Guacamole Opens Door for Total Control of Remote Footprint

Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol RDP, researchers have warned. Admins should update their systems to avoid attacks bent on stealing information or remote code-execution. “Once in...

Facebook Privacy Glitch Gave 5K Developers Access to ‘Expired’ Data

Facebook is facing yet another privacy faux pas in how its users’ data is collected and used by third-party apps. The social media giant said that it recently discovered that 5,000 developers received data from Facebook users — long after their access to that data should have expired. In 2018, on...

FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps

Android mobile device users are being targeted in a new SMS phishing campaign that’s spreading the FakeSpy infostealer. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from the victims’ devices. The campaign was first discover...

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

A venerable point-of-sale POS malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System DNS tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates...

EvilQuest: Inside A 'New Class' of Mac Malware

The new malware sample discovered this week, dubbed EvilQuest by security researchers, may be ushering in a new class of Mac malware, according to Thomas Reed, director of Mac and mobile with Malwarebytes. While EvilQuest pretends to be ransomware, in the background it’s actually using its...

New Android Spyware Tools Emerge in Widespread Surveillance Campaign

Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. The campaign uses three never-before-seen Android surveillanceware tools, dubbed SilkBean, GoldenEagle and...

Email Sender Identity is Key to Solving the Phishing Crisis

Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...

Microsoft Releases Emergency Security Updates for Windows 10, Server

Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. Windows Codecs Library handles how the OS compresses large multimedia files such as photos and videos, and then decodes them for playback within applications. The...

Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings

Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its platform, Verizon Media, PayPal and Uber are in the...

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilitie...

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...

UCSF Pays $1.14M After NetWalker Ransomware Attack

The University of California, San Francisco UCSF has paid a $1.14 million ransom to recover data related to “important” academic work. The data was encrypted after the NetWalker ransomware reportedly hit the UCSF medical school. The UCSF, which includes a medical school and a medical center UCSF...

CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The...

How to Safeguard Data When the Majority of Your Workforce is Remote

Before our current situation, you and your teams may have implemented a comprehensive data protection plan. The scope of change businesses are currently facing is something none of us could have predicted. These changes will continue to impact how we work in the future. How can you be sure your...

REvil Ransomware Gang Adds Auction Feature for Stolen Data

The REvil ransomware gang also known as Sodinokibi has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns. The auction capability appeared at the beginning of June, according to an analysis from Cyberint. In...

Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores

With Magento 1 reaching end-of-life EOL on Tuesday, Adobe is making a last-ditch effort to urge the 100,000 online stores still running the outdated version to migrate to Magento 2. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. After June 30...

AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals

Facial recognition technology is still misidentifying people at an alarming rate – even as it’s being used by police departments to make arrests. In fact, Paul Bischoff, consumer privacy expert with Comparitech, found that Amazon’s face recognition platform incorrectly misidentified more than 100...

Unpatched Wi-Fi Extender Opens Home Networks to Remote Control

A popular Wi-Fi extender for the home has multiple unpatched vulnerabilities, including the use of a weak, default password, according to researchers. Also, two of the bugs could allow complete remote control of the device. The flaws have been found in Tenda PA6 Wi-Fi Powerline extender, version...

DarkCrewFriends Returns with Botnet Strategy

The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service DDoS attacks, command execution, information...

8 U.S. City Websites Targeted in Magecart Attacks

Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches. Unlike other skimmers, which...

'Cardplanet' Operator Sentenced to 9 Years for Selling Stolen Credit Cards

A cybercriminal responsible for running a “carding” website on the Dark Web is going to federal prison for nine years for selling stolen consumer payment information. Aleksei Burkov, a Russian national, was the operator of a website called “Cardplanet” that sold hundreds of thousands of debit- an...

Satori Botnet Creator Sentenced to 13 Months in Prison

A 22-year-old man has been sentenced to more than a year in prison for developing Mirai botnet variants that compromised hundreds of thousands of devices worldwide. The man, Kenneth Currin Schuchman, of Vancouver, Wash., was sentenced to 13 months in prison after pleading guilty to creating and...

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

A new privacy feature in Apple iOS 14 sheds light on TikTok’s practice of reading iPhone users’ cut-and-paste data, even though the company said in March it would stop. Apple added a new banner alert to iOS 14 that lets users know if a mobile app is pasting from the clipboard and thus able to rea...

Nationwide Facial Recognition Ban Proposed By Lawmakers

Lawmakers have proposed legislation that would indefinitely ban the use of facial recognition technology by law enforcement nationwide. The new bill comes after months of public concerns surrounding facial recognition’s implications for data privacy, government surveillance and racial bias. The...

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service DoS attacks in impacted Windows gaming devices. Nvidia’s graphics driver also known as the G...

Office 365 Users Targeted By 'Coronavirus Employee Training' Phish

Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to...

Emerging Ransomware Targets Photos, Videos on Android Devices

A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Called CryCryptor, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada. It’s propagating via two different bogus websites that...

Self-Propagating Lucifer Malware Targets Windows Systems

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service DDoS attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of...

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...

Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI

More than 1,000 technology experts and academics from organizations such as MIT, Microsoft, Harvard and Google have signed an open letter denouncing a forthcoming paper describing artificial intelligence AI algorithms that can predict crime based only on a person’s face, calling it out for...

Sodinokibi Ransomware Now Scans Networks For PoS Systems

Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale PoS software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments an...

Work From Home Opens New Remote Insider Threats

Employees working from home face a new world of workplace challenges. With childcare facilities mostly closed, many are juggling crying babies or barking dogs, all while tending to job responsibilities. Under those conditions mistakes happen, like sending an email – with critical internal company...

Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments

A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial,...

The Evolution of DevSecOps

The DevOps methodology offers organizations of all sizes from across all industries a framework for delivering value and responsiveness. Instead of traditional distinct development and operations teams, DevOps embraces multidisciplinary teams that use efficient practices that support continuous...

Remote Workers Pose New Security Risks

The sudden and massive shift to a work-from-home workforce has left millions of employees ill-prepared to handle the new cybersecurity challenges they face, a new study has found. Though many people had no previous work-at-home experience until this year, they were sent home to navigate the...

Report: ‘BlueLeaks’ Exposes Sensitive Data From Police Departments

Thousands of sensitive police department files – including police and FBI reports – were published on Friday by DDoSecrets Distributed Denial of Secrets, a self-proclaimed “transparency collective” that publishes covert data. The almost 270 gigabytes of data, dubbed “BlueLeaks,” is reportedly fro...

Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms

With Flash Player’s Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months. The End of Life EOL timeline has been a long time coming. Adobe first announced in July 2017 that it will no longer update or distribute...

AMD: Fixes For High-Severity SMM Callout Flaws Upcoming

Three high-severity vulnerabilities have been disclosed in AMD’s client and embedded processors that came out between 2016 and 2019. An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware. AMD...

Former DIA Analyst Sentenced to Prison Over Data Leak

A former analyst for the U.S. Defense Intelligence Agency DIA has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. The sentencing comes after the 32-year-old analyst, Henry Kyle Frese, pleaded guilty in February to...

News Wrap: Malicious Chrome Extensions Removed, CIA 'Woefully Lax' Security Policies Bashed

For the week ended June 19, Threatpost editors Lindsey O’Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week’s top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being us...

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

UPDATED Researchers this week said they discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. Netgear has since issued several hot fixes, available here. The flaw, a memory-safety issue present in the...

Google Yanks 106 ‘Malicious’ Chrome Extensions

Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. In the research, also published Thursday, Awake Security alleged millions of Chrome users have been targeted by threat actors. The...