Verizon DBIR: Web App Attacks and Security Errors Surge

Verizon’s 2020 Data Breach Investigations Report DBIR, released Tuesday, analyzed 32,002 security incidents and 3,950 data breaches to sniff out the top causes of data breaches over the past year. While cyber-espionage attacks and malware decreased, other trends, such as security “errors” cloud...

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine SSU took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail...

The Windows 7 Postmortem: What’s at Stake

In January 2020, Microsoft officially ended its extended support and discontinued patching of Windows 7. Despite the long lead time and repeated reminders, numbers since the COVID-19 pandemic have shown a slight uptick in Windows 7 deployments. The recent estimates show that more than 26 percent ...

EasyJet Hackers Take Off with Travel Details for 9M Customers

European budget airline EasyJet has been hacked, with attackers making off with personal details for 9 million customers. It was, the airline said, a “highly sophisticated attack” that exposed the email addresses and travel itineraries of the victims, along with payment-card information for 2,208...

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

UPDATE A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims. The malware, dubbed WolfRAT, is under active development, and was recently identified in campaigns targeting Thai users...

Bluetooth Impersonation Attacks Affect Legions of Devices

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to...

Adobe Patches Critical RCE Flaw in Character Animator App

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw CVE-2020-9586 is found in versions 3.2 and earlier...

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

A new phishing campaign can bypass multi-factor authentication MFA on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. Researchers at Cofense Phishing Defense Center discovered the...

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Denial-of-service DoS attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report DBIR released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry...

Ransomware Gang Arrested for Spreading Locky to Hospitals

A cybercriminal gang have been arrested for spreading the Locky ransomware among hospitals, among other crimes. In an operation spearheaded by Romania’s law enforcement department, four people have been taken into custody after their houses were raided – three in Romania and one in neighboring...

ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims’ networks. ProLock’s leveraging of QakBot gives it bolstered persistence, anti-detection and credential-dumping techniques. ProLock ransomware first emerged in March as a successor to another rece...

Edison Mail iOS Bug Exposes Emails to Strangers

Edison Mail, a popular third-party email app, has warned thousands of iOS users that their emails may have been compromised after a security flaw exposed emails to complete strangers. Edison Mail, owned by Edison Software Inc., is in the top 100 productivity apps on the Apple app store, and touts...

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries

Threatpost editors discuss the top news stories of the week ended May 15, including: Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list...

RATicate Group Hits Industrial Firms With Revolving Payloads

Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla. At least six separate campaigns have been tied to RATicate, with the first wave...

Quantum Security Goes Live with Samsung Galaxy

Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation RNG chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum...

Paying Ransomware Crooks Doubles Clean-up Costs, Report

New research bolsters the often ignored advice to organizations not to pay a ransomware demanded by attackers. The report found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run. Research conducted by Vanson Bourne and...

Innovative Spy Trojan Targets European Diplomatic Targets

A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan RAT. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa...

TikTok Violated Children’s Privacy Law, FTC Complaint Says

The popular video sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission FTC alleging the platform failed to adequately protect children’s privacy. The complaint alleged that TikTok violat...

Microsoft Adds DNS-Over-HTTPS Support for Windows 10 Insiders

Microsoft has announced the first testable version of DNS-Over-HTTPS DoH support, available for its Windows 10 operating system. Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628. This is accessible for members of...

Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App

The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens – eschewing the API model proposed by Apple and Google in April. The app is called “Healthy Together” and it was created by a startup calle...

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...

Login with Facebook Bug Earns $20K Bounty

Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting XSS vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could allow threat actors to hijack...

Texas Courts Won't Pay Up in Ransomware Attack

A ransomware attack has hit the information technology office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested by the cybercriminals. Specifically affected is the...

Leaked NHS Docs Reveal Roadmap, Concerns Around Contact-Tracing App

A COVID-19 contact-tracing app to be rolled out by the UK’s National Health Service NHS has been thrust into the spotlight thanks to sensitive documents being leaked via a public Google Drive link. Contact tracing has emerged as a top idea for dealing with the coronavirus pandemic and is consider...

Ramsay Malware Targets Air-Gapped Networks

A cyber-espionage malware has been discovered that’s capable of collecting and exfiltrating sensitive documents from within air‑gapped networks. The malware, dubbed Ramsay, is still under active development — so far, researchers have found three different samples, with each sample adding new...

Healthcare Giant Magellan Struck with Ransomware, Data Breach

UPDATE Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. The company, which says it “empowers 1 in 10 Americans to lead healthier, more vibrant lives” according to its website, said the incident was discovered on April 11. It also said that it...

Feds Reveal Hidden Cobra's Trove of Espionage Tools

The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The disclosure was the result of a broad government effort to combat the advanced persistent threat group, who have...

REvil Ransomware Attack Hits A-List Celeb Law Firm

A popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna, has been hit by a ransomware attack. Hackers are now threatening to release the 756 gigabytes of data allegedly stolen – including non-disclosure agreements, client contracts and personal...

Microsoft Addresses 111 Bugs for May Patch Tuesday

Microsoft has released fixes for 111 security vulnerabilities in its May Patch Tuesday update, including 16 critical bugs and 96 that are rated important. Unlike other recent monthly updates from the computing giant this year, none of the flaws are publicly known or under active attack at the tim...

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead to cross-site request forgery CSRF and...

Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK

Adobe has fixed 16 critical flaws across its Acrobat and Reader applications and its Adobe Digital Negative DNG Software Development Kit. If exploited, the flaws could lead to remote code execution. Overall, Adobe fixed vulnerabilities tied to 36 CVEs in its regularly-scheduled Tuesday security...

Chatbooks Confirms Breach After ‘Shiny Hunters’ Sell Data

Photo-print service Chatbooks has confirmed a data breach, a week after cybercriminals listed a database containing customer email addresses, passwords and more for sale on an underground forum. The Utah-based company allows users to create customized photo books. Nate Quigley, CEO of Chatbooks,...

Anubis Malware Upgrade Logs When Victims Look at Their Screens

The Anubis malware, which threat actors use to persistently attack Google’s Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen. The new feature is one of several that haven’t been...

Astaroth’s New Evasion Tactics Make It 'Painful to Analyze'

The operators of the Astaroth infostealer have implemented several new tactics aimed at evading detection, which researchers say have made the malware “painful to analyze.” Astaroth first emerged in 2017, but has steadily been used over the years in increasingly sophisticated campaigns aimed at...

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...

Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack

A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...

Sphinx Malware Returns to Riddle U.S. Targets, with Modifications

The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...

Black Hat USA, DEF CON 28 Go Virtual

Cybersecurity conferences Black Hat USA and DEF CON 28 will not be held in person this year due to the coronavirus pandemic. The conferences will both instead be transformed into completely virtualized events. Both back-to-back annual conferences were set to take place in Las Vegas this year; Bla...

Hackers Breach 3.5 Million MobiFriends Dating App Credentials

The credentials of 3.5 million users of MobiFriends, a popular dating app, have surfaced on a prominent deep web hacking forum, according to researchers. MobiFriends is an online service and Android app designed to help users worldwide meet new people online. The Barcelona-based developer of...

Report: Microsoft’s GitHub Account Gets Hacked

Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports. A group that calls itself Shiny Hunters claims it stole and then leaked the data, which did not appear to include...

Podcast: Shifting Cloud Security Left With Infrastructure-as-Code

Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to Google Cloud. Infrastructure-as-Code IaC security capabilities can help companies shift their cloud security “left” to improve developer productivity, avoid...

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity. Research uncovered th...

Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA

Cisco has stomped out 12 high-severity vulnerabilities across several network security products. The flaws can be exploited by unauthenticated remote attackers to launch an array of attacks – from denial of service DoS to sniffing out sensitive data. Specifically affected is Cisco’s Firepower...

Zoom Beefs Up End-to-End Encryption to Thwart 'Zoombombers'

Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture. “Logged-in users will...

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found. Researchers from Secureworks Counter Threat Unit CTU have observed an...

Naikon APT Hid Five-Year Espionage Attack Under Radar

After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around th...

Lazarus Group Hides macOS Spyware in 2FA Application

The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan RAT to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new...

InfinityBlack Dismantled After Selling Millions of Credentials

The InfinityBlack hacking group, which is responsible for selling millions of stolen credentials, has been dismantled. Polish and Swiss law-enforcement authorities, supported by Europol, arrested five individuals in Poland believed to be members of InfinityBlack, on April 29. According to Europol...

Microsoft Shells Out $100K for IoT Security

Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things IoT that encompasses hardware, OS and cloud elements. The top reward will come in at $100,000. The Azure Sphere Security Research Challenge is an expansion of a program...