'Unbreakable' Smart Lock Draws FTC Ire for Deceptive Security Claims

The Federal Trade Commission has slapped Tapplock, the maker of smart padlocks that it bills as “unbreakable,” with an official complaint that could lead to fines down the road. The agency alleges that the company engaged in false and deceptive claims about its security practices, after the lock...

PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack

A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up...

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...

ThreatList: Skype-Themed Apps Hide a Raft of Malware

Popular conferencing apps have become a major cybercrime lure during the COVID-19 work-from-home era – and Skype is the undisputed leader when it comes to being impersonated by malicious downloads, researchers have found. An April analysis from Kaspersky uncovered a total of 120,000 suspicious...

WhatsApp Axes COVID-19 Mass Message Forwarding

In an effort to stem what it says is misinformation being spread on its platform, WhatsApp is limiting the number of recipients to which its users can forward certain messages about the COVID-19 pandemic. Now, users of the Facebook-owned messaging app can only forward messages with double arrows ...

'Fake Fingerprints' Bypass Scanners with 3D Printing

New research has found that it’s possible to use 3D printing technology to create “fake fingerprints” that can bypass most fingerprint scanners used by popular devices. But, creating the attack remains costly and time-consuming. Researchers with Cisco Talos created different threat models that us...

COVID-19 CISO Checklist for Securing a Remote Workforce

The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise...

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

xHelper: The Russian Nesting Doll of Android Malware

The “undeletable” xHelper malware – which ultimately results in the installation of the Triada trojan – has become a virulent scourge for Android devices this year, according to researcher analysis – bringing with it a hallmark of being virtually indestructible for the common user. xHelper is kno...

FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFO...

A Brisk Private Trade in Zero-Days Widens Their Use

There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more...

FBI Threatens 'Zoom Bombing' Trolls With Jail Time

As reports of “Zoom bombing” explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. Authorities say that anyone who hacks into a teleconference meeting can be charged at the state and federal level. Charges can include the disruption ...

Apple Safari Flaws Enable One-Click Webcam Access

A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one maliciou...

Government VPN Servers Targeted in Zero-Day Attack

As the Chinese government turns to virtual private networks VPNs to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts...

Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx...

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. The flaws, both use-after-free bugs, have been part of “targeted attacks in the wild,” according to a Mozilla Foundation security advisory posted Friday. Both bugs have critical ratings and allow...

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. Thousands of container-compromise attempts are being observed every day as part of the campaign, according to Gal Singer, a...

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization WHO with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Researchers at FortiGuard Labs on Marc...

Google Squashes High-Severity Flaws in Chrome Browser

On Thursday, Google released security patches to stomp out high-severity vulnerabilities in its Chrome browser. Patches for all the bugs Google disclosed in its security advisory roll out over the next few days. Overall, eight security bugs were addressed in Chrome browser version 80.0.3987.162 f...

Zoom Removes Data-Mining LinkedIn Feature

Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service used for sales prospecting. When users enter a web conference meeting,...

In COVID-19 Scam Scramble, Cybercrooks Recycle Phishing Kits

Phishing attacks looking to take advantage of interest and fear around the COVID-19 health crisis are becoming a pandemic themselves – and apparently cybercriminals are looking to conserve resources by leaning on their older stockpiles of weapons to keep the infection wave going. Or Katz, a...

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. The Key Ring app allows users to upload scans and photos of various physical...

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses SMBs, for several months. RiskIQ researchers first discovered the skimmer, dubbed...

Wiper Malware Called "Coronavirus" Spreads Among Windows Victims

A new Windows malware has emerged that makes disks unusable by overwriting the master boot record MBR. It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that...

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

Researchers are warning of an upward surge in social-engineering lures in malicious emails that promise victims financial relief during the coronavirus pandemic. The slew of campaigns piggy-back on news of governments mulling financial relief packages, in response to the economic stall brought on...

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

A pair of security vulnerabilities in the WordPress search engine optimization SEO plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000...

Two Zoom Zero-Day Flaws Uncovered

UPDATE Two zero-day flaws have been uncovered in Zoom’s macOS client version, according to researchers. The web conferencing platform vulnerabilities could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera. As of Thursday, the two...

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections ATPs, researchers have found. The Cofense Phishing...

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

An extensive campaign has surfaced that targets Windows users belonging to a specific Asian religious and ethnic group. The attack making use of a series of watering-hole websites and a drive-by download gambit relying on fake Flash updates. According to analysis from Kaspersky, released on...

Zoom Scrutinized As Security Woes Mount

The New York attorney general, Letitia James, is demanding more information about how Zoom secures user data. The inquiry comes amidst mounting public scrutiny of the web conferencing platform’s data privacy and security policies. In a Monday letter, James questioned whether Zoom’s security...

8-Year-Old VelvetSweatshop Bug Resurrected in LimeRAT Campaign

Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware – making use of the hardcoded, VelvetSweatshop default password for encrypted files. LimeRAT is a full-featured remote access tool/backdoor that can allow attackers to access an infected system and install a...

Millions of Guests Impacted in Marriott Data Breach, Again

For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected. The attack was carried out via third-party software that Marriott’s hotel properties use to provide guest services, according to an online...

Covid-19 Poll Results: One in Four Prioritize Health Over Privacy

One in four respondents to a Threatpost reader poll said they were okay with sacrificing a portion of their personal privacy in exchange for some form of cellphone tracking that could – in theory – reduce coronavirus infection rates and save lives. While the majority of Threatpost readers were...

Nation-State Attacks Drop in Latest Google Analysis

Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products. Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost...

Zoom Kills iOS App’s Data-Sharing Facebook Feature

Zoom has removed a feature in its iOS web conferencing app that was sharing analytics data with Facebook, after a report revealing the practice sparked outrage. According to the Motherboard report last week that originally disclosed the privacy issue, the transferred information included data on...

Zeus Sphinx Banking Trojan Arises Amid COVID-19

The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx a.k.a. Zloader or Terdot began resurfacing in December. However, the researchers observed a significant increase in volume in Marc...

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers

An unpatched bug in the latest version of Apple’s iOS is blocking virtual private network VPN applications from cloaking some private data transmitted between a device and the servers they are requesting data from. While the bug remains unpatched, Apple is suggesting steps users can take to reduc...

Critical CODESYS Bug Allows Remote Code Execution

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit, th...

Tupperware Cyberattack Stores Away Customer Payment Cards

Cybercriminals hacked the official website of Tupperware, the popular food container giant, injecting a payment card skimmer into its checkout page in hopes of stealing the credit-card details of online customers. The attackers targeted the official Tupperware.com website, which averages close to...

Emerging APT Mounts Mass iPhone Surveillance Campaign

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain...

As Zoom Booms, Incidents of ‘ZoomBombing’ Become a Growing Nuisance

Officials at Zoom have released tips for users of their video-conferencing platform to help avoid getting “Zoom-bombed” by trolls and even more serious threat actors during online meetings. The developers of the online video-conferencing service cautioned users to avoid sharing Zoom meeting links...

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Cybercriminals are hijacking routers and changing Domain Name System DNS settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware. This latest attack...

Responding to the New Normal: How to Prevent Added Risk in Your Business

Our world has shifted dramatically over the last few weeks. Many people have moved from shock to acceptance as the novel coronavirus COVID-19 has taken hold across the world, across our nation, in our states, in our communities, and even in our organizations. Companies are particularly vulnerable...

Tokyo Olympics Postponed, But 5G Security Lessons Shine

The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...

Apple Update Fixes WebKit Flaws in iOS, Safari

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes. The most serious flaw in this latest security update, released Tuesday, exists in the WebKit and could enable remote code execution. Of the CVEs disclosed, 30 affected Apple’...

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.” Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities...

GE Employees Lit Up with Sensitive Doc Breach

A phisher’s treasure chest of personally identifiable information PII for General Electric employees has been exposed – thanks to the compromise of one of the company’s partners, Canon Business Process Services. In a data-breach notice filed with the State of California, General Electric GE noted...

TrickBot App Bypasses Non-SMS Banking 2FA

The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication 2FA security method used by banks – by fooling its victims into downloading a malicious Android app. The app, which researchers dubbed “TrickMo,” is still under active development. While TrickM...