Tycoon Ransomware Banks on Unusual Image File Tactic

A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. The ransomware is housed in a trojanized version of the Java Runtime Environment JRE, according to researchers at...

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

With the U.S. presidential election months away, advanced persistent threat APT groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. On Thursday, Shane Huntley with Google’s Threat Analysis Group said on Twitter that two separate phishing...

Understanding the Payload-Less Email Attacks Evading Your Security Team

The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly...

Zoom Restricts End-to-End Encryption to Paid Users

Security experts are up in arms after learning that video conferencing app Zoom will only offer end-to-end encryption to paid users. On Zoom’s Wednesday first-quarter financial earnings call, Zoom CEO Eric Yuang said that the upcoming end-to-end encryption feature would not apply for free users...

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the...

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose,...

ZLoader-Laced Emails Masquerade As CVs From Job-Seekers

Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers – but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed maliciou...

Sophisticated Info-Stealer Targets Air-Gapped Devices via USB

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. Cycldek a.k.a. Goblin Panda, APT 27 and Conimes has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been...

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting XSS vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials. The attacks were...

TrickBot Adds BazarBackdoor to Malware Arsenal

A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaig...

Critical SAP ASE Flaws Allow Complete Control of Databases

Researchers are urging users to apply patches for several critical vulnerabilities in SAP’s Adaptive Server Enterprise ASE. If exploited, the most severe flaws could give unprivileged users complete control of databases and – in some cases – even underlying operating systems. ASE previously known...

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic

The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found. In fact, encounter rates for enterprise mobile phishing...

Joomla Resources Directory Users Exposed in Leaky AWS Bucket

An Amazon Web Services AWS cloud storage bucket that was left open to the public internet has exposed thousands of Joomla users’ personal information. About 2,700 individuals who signed up to use the Joomla Resources Directory JRD – a community forum for finding developers and service providers...

Two Critical Android Bugs Open Door to RCE

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution RCE on Android mobile devices. The critical bugs CVE-2020-0117 and CVE-2020-8597 exist in the Android System area, and would allow a remote attacker using a specially crafted transmissio...

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...

Octopus Scanner Sinks Tentacles into GitHub Repositories

The Octopus Scanner malware, which targets the Apache NetBeans Java integrated development environment IDE, has been nesting in at least 26 GitHub source-code repositories, according to researchers – waiting to take over developer machines. A team from GitHub Security Labs, acting on a tip from a...

Apple Jailbreak Zero-Day Gets a Patch

Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. In its notes for the release, Apple says very little else about the patches overall that it pushed o...

Podcast: Why Identity Access Management is the New Perimeter

With the proliferation of cloud in enterprise environments, the concept of “identity” today is very different than how it used to be. Threatpost host Cody Hackett talks to Brian Johnson, CEO and co-founder of DivvyCloud by Rapid7, about how identity access management IAM is rapidly changing – and...

Apple Pays $100K Bounty for Critical 'Sign in With Apple' Flaw

A researcher recently found a critical Apple vulnerability that, if exploited, could enable remote attackers to abuse the “Sign in with Apple” feature to take over victims’ third-party application accounts. The security researcher, Bhavuk Jain, reported the flaw to Apple via its bug bounty progra...

Minneapolis Police Department Hack Likely Fake, Says Researcher

As protests continue to proliferate across the globe in the wake of George Floyd’s death, the Minneapolis Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group. According to Troy Hunt at Have I Been Pwned HIBP, the group o...

Hosting Provider's Database of Crooked Customers Leaked

A hacker has leaked online the database of the largest free hosting service popular with cybercriminals, the result of a breach that took down the service earlier this year, according to a published report. A hacker going by the online name of “KingNull” uploaded on a file-hosting site a database...

Steganography Anchors Pinpoint Attacks on Industrial Targets

A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources. According to Kaspersky ICS CERT, the attacks seem bent on...

NTT Communications Data Breach Affects Customers, Threatens Supply Chain

Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. The total affected comes to as many as 621 customers, the company said, but security experts worry about the impacts of the data breach due to the company’s positionin...

NSA Warns of Sandworm Backdoor Attacks on Mail Servers

The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...

‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials

“Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. Researchers with Google’s Threat Analysis Group TAG warned that they’ve spotted a...

ACLU Sues Clearview AI Over Faceprint Collection, Sale

The American Civil Liberties Union ACLU has sued a New York-based startup for amassing a database of biometric face-identification data of billions of people and selling it to third parties without their consent or knowledge The U.S. citizens’-rights watchdog organization has filed suit in the...

Inside the Hoaxcalls Botnet: Both Success and Failure

The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service DDoS attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise. Researchers, however, have discovered th...

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...

Google Location Tracking Lambasted in Arizona Lawsuit

Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means – and claiming that Google makes it nearly “impossible” for users to opt out of such data tracking. The lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Goog...

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans...

Valak Loader Revamped to Rob Microsoft Exchange Servers

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Security researchers from Cybereason Nocturnus have discovered Valak, a...

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...

'[F]Unicorn' Ransomware Impersonates Legit COVID-19 Contact-Tracing App

A fresh ransomware strain known as “FUnicorn” has emerged, first seen this week targeting users by pretending to be an official government COVID-19 contact tracing app. According to an advisory from the Computer Emergency Response Team CERT from the Agency for Digital Italy AgID, the malware fami...

Hackers Sell Data from 26 Million LiveJournal Users on Dark Web

A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. The data contained in the files appears to be from a 2014 incident in which 33 million accounts were hacked, according to a published report...

StrandHogg 2.0 Critical Bug Allows Android App Hijacking

A critical privilege-escalation vulnerability affecting Android devices has been found that allows attackers to hijack any app on an infected phone – potentially exposing private SMS messages and photos, login credentials, GPS movements, phone conversations and more. The bug is dubbed the...

Turla APT Revamps One of Its Go-To Spy Tools

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

A hacker team has released a new method to jailbreak iPhones that they claim uses a zero-day exploit that allows them to jailbreak iPhones running iOS 11 through Apple’s most recent version of its mobile operating system – iOS 13.5. Calling it a “big milestone for jailbreaking,” one of its...

ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It

More than half of people haven’t changed their password in the last year – even after they’ve heard about a data breach in the news. That’s according to a recent survey, “Psychology of Passwords: The Online Behavior That’s Putting You At Risk,” that examined the online security and password...

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. According to Veracode’s annual State of Software Security report, these open-source libraries – free, centralized code repositories that provide ready-made applicati...

‘Coronavirus Report’ Emails Spread NetSupport RAT, Microsoft Warns

A recent spear-phishing campaign has been spotted spreading a weaponized NetSupport Manager remote access tool RAT, which is a legitimate tool used for troubleshooting and tech support. Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince...

Home Chef Serves Up Data Breach for 8 Million Records

Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, one of these, the popular Kroger’s Home Chef service, recently served up a side of data breach along with its perfectly measured ingredients. Accordin...

NSO Group Impersonates Facebook Security Team to Spread Spyware — Report

According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Grou...

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...

Long Tail Analysis: A New Hope in the Cybercrime Battle

Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic...

Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express CCX. Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. Th...

Silent Night Banking Trojan Charges Top Dollar on the Underground

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service MaaS model. Custom builds can run as much as $4,000 per month to use, which researchers say is now...

Supreme Court Phish Targets Office 365 Credentials

A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme...

Crooks Tap Google Firebase in Fresh Phishing Tactic

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service RaaS model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally,...

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

An infamous business email compromise BEC gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behi...