Facebook's FTC-Mandated Privacy Committee Now in Effect

Facebook on Thursday said it has started to report its privacy practices to a newly formed, independent Privacy Committee. The creation of the independent committee was part of the company’s settlement a year ago with the Federal Trade Commission FTC over data privacy violations, which came in...

IcedID Banker is Back, Adding Steganography, COVID-19 Theme

A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have...

Cisco Webex, Router Bugs Allow Code Execution

Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products,...

BofA Phish Gets Around DMARC, Other Email Protections

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning...

Five Password Tips for Securing the New WFH Normal

The shift to working from home is pushing system administrators to adjust to a new security normal. This includes new, high-profile challenges, such as the adoption of cloud applications, remote access to digital assets, and remote client support, to name a few. That said, good old-fashioned...

Phishing Campaign Targeting Office 365, Exploits Brand Names

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the...

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...

AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit

Advanced malware, dubbed AcidBox, has been identified by researchers who say a mysterious cybergang used it twice against Russian organizations as far back as 2017. In a report released Wednesday, Palo Alto Networks’ Unit 42 sheds new light onto attacks against the popular open-source...

Premier League's Return: A Hat Trick of Cyberthreats?

England’s Premier League is returning this week, with millions of soccer fans around the world looking to stream matches using their online video accounts. Unfortunately, the U.K.’s National Cyber Security Centre NCSC is warning on phishing, fraud and brute-forcing attempts by attackers looking t...

Shlayer Mac Malware Returns with Extra Sneakiness

A fresh variant of the Shlayer Mac OSX malware with advanced stealth capabilities has been spotted in the wild, actively using poisoned Google search results in order to find its victims. According to researchers at Intego, the malware, like many malware samples before it, is purporting to be an...

Coronavirus-Themed Cyberattacks Drop — Microsoft

A report from the Microsoft Threat Protection Intelligence Team found that Covid-19-themed cyberattacks peaked in early March and are now trending significantly down. The report also noted that those attacks have been a drop in the bucket compared to overall threats observed over the last four...

Fighting Cyber Attacks With Game Theory

The role of cybersecurity defenders is usually unfair. They have disadvantages — as they have to continuously build up perimeters that protect their networks and prevent intrusions. An attacker only needs to discover a single flaw, a small hole in the wall, and breach entire complex defenses. How...

LinkedIn 'Job Offers' Targeted Aerospace, Military Firms With Malware

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn’s messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware. The spear-phishing...

Qbot Trojan Reappears to Go After U.S. Banking Customers

Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected. Qbot a.k.a. Qakbot or Pinkslipbot harvests browsing data...

Adobe Patches 18 Critical Flaws in Out-Of-Band Update

Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited. In its security bulletin Adobe...

Theft of CIA's 'Vault 7' Secrets Tied to 'Woefully Lax" Security

A just-released report on the 2016 Central Intelligence Agency CIA data breach, which led to the Vault 7 document dump on WikiLeaks, blames “woefully lax” security by the nation’s top spy agency. The conclusions were part of an internal 2017 Department of Justice DoJ report on the CIA breach. On...

'Ripple20' Bugs Impact Hundreds of Millions of Connected Devices

A series of 19 different vulnerabilities, four of them critical, are affecting hundreds of millions of internet of things IoT and industrial-control devices. The issue is based in the supply chain and code reuse, with the bugs affecting a TCP/IP software library developed by Treck that many...

Shadow IT: Why It’s Still a Major Risk in Today’s Environments

Shadow IT is nothing new. Employees have long adopted software applications or cloud services without the knowledge or approval of their organization’s IT department, most often in search of easier ways to get their jobs done. People typically utilize unsanctioned apps not because they’re seeking...

Twitter Disrupts Wide-Ranging Political Disinformation Campaigns

Twitter has taken down three separate nation-sponsored influence operations, attributed to the People’s Republic of China PRC, Russia and Turkey. Collectively the operations consisted of 32,242 bogus or bot accounts generating the content and various amplifier accounts that retweeted it. “Every...

Intel Adds Anti-Malware Protection in Tiger Lake CPUs

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology CET, which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order...

WFH Alert: Critical Bug Found in Old D-Link Router Models

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. The routers, first introduced in 2013, reached end-of-life support in Feb. 2016. In Au...

WFH Alert: Critical Bug Found in Old D-Link Router Models

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. The routers, first introduced in 2013, reached end-of-life support in Feb. 2016. In Au...

Claire's Customers Targeted with Magecart Payment-Card Skimmer

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire’s for a month and a half, according to researchers. Claire’s – a purveyor of jewelry and accessories – closed its 3,000 physical retail locations worldwide on March 20, in the wake of the COVID-19 pandemic. ...

'Lamphone' Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are...

Protecting Unmanaged & IoT Devices: Why Traditional Security Tools Fail

We are currently experiencing the single largest explosion of network-enabled devices that we’ve ever witnessed. Many of these devices are running on the same networks as critical business solutions and may even be connecting directly to critical assets or delivering a critical capability...

Protecting Unmanaged & IoT Devices: Why Traditional Security Tools Fail

We are currently experiencing the single largest explosion of network-enabled devices that we’ve ever witnessed. Many of these devices are running on the same networks as critical business solutions and may even be connecting directly to critical assets or delivering a critical capability...

Knoxville Ransomware Attack Leads to IT Network Shutdown

The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city’s network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city’s intern...

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place. “We...

Android 'ActionSpy' Malware Targets Turkic Minority Group

Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites. Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The...

Black Lives Matter Emails Deliver TrickBot Malware

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. According to Swiss security firm Abuse.ch, threat actors are posing as government...

Microsoft Outlook Users Targeted By Gamaredon's New VBA Macro

The Gamaredon threat group has given its post-compromise toolset a facelift with the addition of a new Visual Basic for Applications VBA macro. The VBA macro leverages compromised victims’ Microsoft Outlook email accounts to send spear-phishing emails to their contacts – rapidly widening the...

Kubernetes Falls to Cryptomining via Machine-Learning Framework

A unique cyberattack campaign that targets Kubeflow, a machine-learning toolkit for Kubernetes, has affected large swathes of container clusters, according to Microsoft. The Kubeflow open-source project is a popular framework for running machine-learning ML tasks in Kubernetes. According to an...

Podcast: Would You Use A Contact-Tracing Coronavirus App?

As a world afflicted by the coronavirus pandemic begins to re-open restaurants, retail stores and more, public-health officials remain concerned about the spread of the virus. Technology for contact-tracing apps, intended to help citizens trace whether they were exposed to someone who has tested...

Helping Remote Workers Overcome Remote Attacks

Cybercriminals are experts at making the most of whatever they’re given. The current pandemic is no different, and they have been quick to profit from their victims’ fears. Adaptability has always been the hallmark of malicious actors, and the proliferation of “remote-everything” attacks is a pri...

Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina. In a tweet on Monday, the Honda Automobile Customer Service said it was “experiencing technical difficulties and are unavailable.” And later,...

Critical Intel Flaws Fixed in Active Management Technology

Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges. The critical flaws exist in Intel’s Active Management Technology AMT, which is used for remote out-of-band management of personal...

Encryption Utility Firm Accused of Bundling Malware Functions in Product

An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus...

Thanos Ransomware First to Weaponize RIPlace Tactic

Researchers have uncovered a new ransomware-as-a-service RaaS tool, called Thanos, which they say is increasing in popularity in multiple underground forums. Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique...

Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update

Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server,...

Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool

The APT known as TA410 has added a modular remote-access trojan RAT to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard,...

Adobe Warns of Critical Flaws in Flash Player, Framemaker

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. The bugs, if exploited, could enable arbitrary code-execution. In Tuesday’s June Adobe security updates, critical flaws tied to three CVEs were patch...

Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years

A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial...

Singapore’s Contact Tracing Wearable Causes Privacy Backlash

Singapore’s announcement that it is developing a wearable for contact tracing has caused citizens to voice concern for the technology’s impact on their data privacy, with more than 35,000 signing a petition against the devices. On Friday during a parliament session, Vivian Balakrishnan,...

SMBGhost RCE Exploit Threatens Corporate Networks

The release of a fully functional proof-of-concept PoC exploit for a critical, wormable remote code-execution RCE vulnerability in Windows could spark a wave of cyberattacks, the feds have warned. Microsoft patched the bug tracked as CVE-2020-0796 back in March; also known as SMBGhost or...

Phishing Attack Hits German Coronavirus Task Force

Researchers are warning of an ongoing phishing attack that’s targeting the credentials of more than 100 high-profile executives at a German multinational corporation that’s tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task forc...

Can Governments Defeat Nation-State Attacks on Critical Infrastructures?

For physical conflicts, we expect our government to protect us from nation-state adversaries. It turns out, though, that industrial enterprises are much better positioned to defeat most nation-state attacks on power plants, pipelines, and other critical infrastructures than governments are. For...

FTC Slams Children’s App Developer for COPPA Violations

Children’s app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission FTC of illegally collecting children’s data without parental consent. HyperBeard‘s website says it’s the largest mobile game developer and publisher in Mexico, with various games suc...

Electrolux, Others Conned Out of Big Money by BEC Scammer

A 64-year-old business email compromise BEC guru has plead guilty in Houston to bilking appliance giant Electrolux and one other company out of a combined half a million dollars — in addition to other fraud schemes. Kenenty Hwan Kim a.k.a. Myung Kim admitted in federal court the Southern District...

News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate

Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however...

WhatsApp Phone Numbers Pop Up in Google Search Results — But is it a Bug?

UPDATE A researcher is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find. But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chose...