15946 matches found
Apple Safari Blocks Ad-Targeting Cookie Support
Apple has released an update to its Safari browser that blocks third-party cookies, following an announcement by Google that it would do the same for its Chrome browser. Through the release of Safari 13.1 on Tuesday, alongside some changes to Apple’s Intelligent Tracking Prevention ITP in iOS and...
Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East
A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to...
Covid-19 Privacy Poll: Phone Tracking, Public Health and Surveillance
As the coronavirus pandemic accelerates, authorities worldwide are plotting ways to flatten the curve of infection rates using potentially privacy-busting measures such as phone tracking, facial recognition and other tech. In this Threatpost poll, we want your take on whether sacrificing personal...
WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike
The World Health Organization WHO has attracted the notice of cybercriminals as the worldwide COVID-19 pandemic continues to play out, with a doubling of attacks recently, according to officials there. Problematically, evidence has also now apparently surfaced that the DarkHotel APT group has tri...
Critical Adobe Flaw Fixed in Out-of-Band Security Update
Adobe has released an out-of-band patch for a critical vulnerability in its Creative Cloud Desktop Application for Windows. The flaw can be exploited by an attacker to delete specific arbitrary files on the victim’s system. Creative Cloud acts as a central console for desktop users to quickly...
Domain Name Security: Important Measures You Need to Know
Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a doma...
Tekya Malware Threatens Millions of Android Users via Google Play
Researchers have discovered a new family of auto-clicker malware that commits mobile ad fraud, lurking in 56 apps on the Google Play store. Collectively, they have been downloaded nearly a million times worldwide. A team from Check Point Software recently discovered the malware, dubbed Tekya, whi...
Apache Tomcat Exploit Poised to Pounce, Stealing Files
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...
Apache Tomcat Exploit Poised to Pounce, Stealing Files
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...
Hackers Actively Exploited 0-Day in CCTV Camera Hardware
Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...
Hackers Actively Exploit 0-Day in CCTV Camera Hardware
Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...
Microsoft Warns of Critical Windows Zero-Day Flaws
Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...
Microsoft Warns of Critical Windows Zero-Day Flaws
Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...
Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website, “coronavirusmedicalkit.com,” was purporting to gi...
Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website, “coronavirusmedicalkit.com,” was purporting to gi...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
Defying Covid-19’s Pall: Pwn2Own Goes Virtual
Covid-19 has brought the world to grinding halt, but for the hacking competition Pwn2Own, that wasn’t the case. The event, planned for CanSecWest this week in Vancouver, went virtual along with the conference itself. Faced with travel restrictions and new social-distancing guidelines, contestants...
Defying Covid-19’s Pall: Pwn2Own Goes Virtual
Covid-19 has brought the world to grinding halt, but for the hacking competition Pwn2Own, that wasn’t the case. The event, planned for CanSecWest this week in Vancouver, went virtual along with the conference itself. Faced with travel restrictions and new social-distancing guidelines, contestants...
News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own
For the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activities – malware, phishing and other scams – tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus’ spread Privacy...
News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own
For the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activities – malware, phishing and other scams – tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus’ spread Privacy...
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus’ spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and...
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
In the midst of the ongoing coronavirus pandemic, facial recognition technology is being adopted globally as a way to track the virus’ spread. But privacy experts worry that, in the rush to implement COVID-19 tracking capabilities, important and deep rooted issues around data collection and...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices
Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...
Coronavirus Poll Results: Cyberattacks Ramp Up, WFH Prep Uneven
As the COVID-19 pandemic continues to sweep the globe and Americans are told to isolate from others, many organizations are sending employees home to work. While most respondents in a Threatpost poll this week said they feel prepared from a security standpoint for this transition, a fifth of them...
Coronavirus Poll Results: Cyberattacks Ramp Up, WFH Prep Uneven
As the COVID-19 pandemic continues to sweep the globe and Americans are told to isolate from others, many organizations are sending employees home to work. While most respondents in a Threatpost poll this week said they feel prepared from a security standpoint for this transition, a fifth of them...
Cisco Warns of High-Severity SD-WAN Flaws
Cisco Systems has fixed three high-severity vulnerabilities in its software-defined networking for wide-area network SD-WAN solutions for business users. If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. To exploit the vulnerabilities...
Cisco Warns of High-Severity SD-WAN Flaws
Cisco Systems has fixed three high-severity vulnerabilities in its software-defined networking for wide-area network SD-WAN solutions for business users. If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. To exploit the vulnerabilities...
Cloud Misconfig Mistakes Show Need For DevSecOps
Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...
Cloud Misconfig Mistakes Show Need For DevSecOps
Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...
What is the Best Defense Against Phishing Attacks?
Whether the subject line was “You’re account will be closed!” or the email address was [email protected], we have all received and rolled our eyes at a poorly disguised phishing attempt. While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and...
What is the Best Defense Against Phishing Attacks?
Whether the subject line was “You’re account will be closed!” or the email address was [email protected], we have all received and rolled our eyes at a poorly disguised phishing attempt. While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’
UPDATE Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. Since its discovery, an update has fixed what researchers said was a...
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’
UPDATE Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. Since its discovery, an update has fixed what researchers said was a...
Trend Micro Fixes Critical Flaws Under Attack
Trend Micro has released security updates patching five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan XG for Windows. Specifically, Apex One 2019 and OfficeScan XG SP1 and XG are affected by four critical-severity and one high-severity flaws. Two of these...
Trend Micro Fixes Critical Flaws Under Attack
Trend Micro has released security updates patching five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan XG for Windows. Specifically, Apex One 2019 and OfficeScan XG SP1 and XG are affected by four critical-severity and one high-severity flaws. Two of these...
TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol RDP accounts. According to BitDefender, the module has been used in campaigns against telecom, education and financial services industry targets in the United States and Hong...
TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol RDP accounts. According to BitDefender, the module has been used in campaigns against telecom, education and financial services industry targets in the United States and Hong...
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...
Authorities Eye Using Mobile Phone Tracking COVID-19's Spread
Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people’s personal data during the time of a global...
Authorities Eye Using Mobile Phone Tracking COVID-19's Spread
Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people’s personal data during the time of a global...
What Now? Facing Cyber Threats to Infrastructure in the Aftermath of Global Political Conflicts
In January 2020, the US Department of Homeland Security issued a National Terrorism Advisory Alert warning American targets that the Iranian government may carry out physical or cyber attacks in retaliation for the US strike that killed Iranian IRGC-Quds Force commander Qassem Soleimani in Iraq...
The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light o...
The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare
The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light o...
Magecart Cyberattack Targets NutriBullet Website
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...
Magecart Cyberattack Targets NutriBullet Website
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...