Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

A non-password protected cloud database containing hundreds of millions of customer records and internal logs for cosmetic giant Estée Lauder has been found exposed online, according to researchers. In all, 440,336,852 individual data pieces were exposed, according to researcher Jeremiah Fowler a...

Adobe Addresses Critical Flash, Framemaker Flaws

Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being...

Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution

Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers. The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally...

BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver

The operators behind the RobbinHood ransomware are using a vulnerable, legacy driver from Taiwan-based motherboard manufacturer Gigabyte in order to get around antivirus protections. The “bring-your-own-bug” tactic is likely to crop up in other attacks going forward, according to security analyst...

Active PayPal Phishing Scam Targets SSNs, Passport Photos

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill...

Equifax Breach: Four Members of Chinese Military Charged with Hacking

U.S. authorities have charged four Chinese military officers in the 2017 Equifax data breach, which compromised the data of nearly 150 million. The four, Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army PLA...

Docker Registries Expose Hundreds of Orgs to Malware, Data Theft

A slew of misconfigured Docker container registries has inadvertently exposed source code for 15,887 unique versions of applications owned by research institutes, retailers, news media organizations and technology companies. According to Palo Alto Networks’ Unit 42 division, the registries lacked...

Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm

A newly uncovered Emotet malware sample has the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device. If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them — a tactic that can rapidly escalate Emotet’s...

Wacom Tablet Data Exfiltration Raises Security Concerns

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton – and the company responded on Friday, downplaying the report. However, security researchers say the tablets still pose a risk and a privacy problem...

Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed

A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution RCE attacks – without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw CVE-2020-0022, which was patched earlier...

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs

About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller ADC and Citrix Gateway are still at risk from a trivial attack on their internal operations. If exploited, the flaw could allow unauthenticated attackers to gain remote access to a...

Phishing Campaign Targets 250 Android Apps with Anubis Malware

A new phishing campaign is attempting to deliver sophisticated malware that can completely hijack an Android mobile device to steal user credentials, install a keylogger and even hold a device’s data for ransom. The attacks are designed for mobile inboxes and leverage the Anubis malware, a...

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

UPDATE A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Over the past few weeks, the group h...

Metamorfo Returns with Keylogger Trick to Target Financial Firms

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various...

U.S. Finance Sector Hit with Targeted Backdoor Campaign

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The attack chain employed a known method called “VBA Stomping” to avoid detection. According to researchers at FireEye, the campaigns,...

The RSAC 2020 Trend Report

Each year, thousands of cybersecurity professionals submit proposals to be a speaker at RSA Conference. And each year, we mine these proposals for trends and commonalities. In The RSAC 2020 Trend Report, we examine the data from this year’s submissions to provide an interesting peek into what wil...

Charming Kitten Uses Fake Interview Requests to Target Public Figures

The Iran-based hacking group Charming Kitten has resurfaced with a new campaign that uses fake interviews to target public figures to launch phishing attacks and steal victims’ email-account information. In a report released Wednesday, security researchers at Certfa Lab say they discovered the...

Dropbox Passes $1M Milestone for Bug-Bounty Payouts

Dropbox, the cloud-based file-sharing service, has reported that it has paid out more than $1 million to bug-bounty hunters since starting its program in 2014. The milestone comes after the service tripled its bounties in 2017, and after running two live hacking events with the HackerOne platform...

CamuBot Banking Trojan Returns In Targeted Attacks

The CamuBot malware, known for targeting Brazilian bank customers, has returned in a slew of recent offensives. The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims’ mobile banking apps as an extra step to evade detection when making fraudulent...

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT...

WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows...

Critical Cisco 'CDPwn' Protocol Flaws Explained: Podcast

Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol CDP, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Researchers say that the vulnerabilities, which they collectively call CDPw...

Critical Cisco ‘CDPwn’ Flaws Affect Millions of Devices

Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol CDP, the info-sharing layer that maps all Cisco equipment on a network. Researchers at Armis say that the vulnerabilities, which they disclosed on Wednesday and collectively dubbed...

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

The Gamaredon advanced persistent threat APT group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in...

Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam

A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise BEC campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. outside of London announced in a recent website notice that £932,000 of the money pai...

Ransomware Attack Hinders Toll Group Operations

Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating...

Two Critical Android Bugs Get Patched in February Update

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday,...

Medtronic Patches Implanted Device, CareLink Programmer Bugs

Medtronic has released updates to address known vulnerabilities in its line of connected medical devices that were initially disclosed last year and in 2018. The vendor has addressed two sets of bugs. The first group, disclosed in March of last year, is found in a range of Medtronic implanted...

Twitter API Abused to Uncover User Identities

Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API...

AZORult Campaign Adopts Novel Triple-Encryption Technique

A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. What makes this campaign unique is...

Tesla Autopilot Duped By 'Phantom' Images

Researchers said that autopilot systems used by popular cars – including the Tesla Model X – can be fooled into detecting fake images, projected by drones on the road or on surrounding billboards, as real. Attackers could potentially leverage this design hole to trigger the systems to brake or...

Ashley Madison Breach Extortion Scam Targets Hundreds

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. The 2015 data breach of the adultery website led to 32 million accounts being publicly dumped online, including victims’ names,...

TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection

The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control UAC to deliver malware across multiple workstations and endpoints on a network, researchers have discovered. Researchers at Morphisec Labs te...

Advanced Obfuscation Marks Widespread Info-Stealing Campaign

A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format RTF documents that act as...

Evil Corp Returns With New Malware Infection Tactic

Cybercrime group Evil Corp a.k.a. Dudear is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware. Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors. Microsoft is unclear...

Iranian Hackers Target U.S. Gov. Vendor With Malware

Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to...

Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

Zero Day Initiative ZDI awarded more than $1.5 million in cash and prizes to bug-hunters throughout 2019, it said, resulting in 1,035 security vulnerability advisories for the year. Most of those advisories 88 percent were published in conjunction with a patch from the vendor, Zero Day Initiative...

Sodinokibi Ransomware Group Sponsors Hacking Contest

White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same...

Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program

Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security...

200K WordPress Sites Vulnerable to Plugin Flaw

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...

Coronavirus Campaigns Spread Emotet, Malware

As the coronavirus originating in the Wuhan province of China continues to stir widespread fears about a global public health crisis, some see an opportunity in the outbreak. A recent spate of malicious, botnet-driven emails is using the coronavirus as a theme, according to telemetry from IBM...

Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication

NEW ORLEANS – Sophisticated nation-state groups are increasingly using mobile devices as an infection vector. Oded Vanunu, head of products vulnerability research at Check Point research, told Threatpost during CPX 360 this week that because mobile devices come equipped with varying technologies,...

Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service DoS attacks against affected gear...

U.N. Hack Stemmed From Microsoft SharePoint Flaw

Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data. The breach was swept under the rug by...

Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition

Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The company unveiled the settlement on a quarterly financial call Wednesday, in which it...

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access DMA capability. DMA is a processing-efficiency approach for peripherals such as PCI cards or network interface cards that, as the name suggests,...

Apple Security Updates Tackle iOS Device Tracking, RCE Flaws

Apple’s latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution RCE. Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1...

Google Sets Record High in Bug-Bounty Payouts

Google paid out $6.5 million in bug-bounty rewards in 2019, which doubles the internet behemoth’s previous annual top total. It has also highlighted additional bonuses that are now in effect for Chrome and Android. Last year saw some notable changes for Google’s Vulnerability Reward Programs VRPs...

Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution. Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe...