Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats

Research unveiled this week at CPX 360, a security event hosted by Check Point, disclosed vulnerabilities discovered in Zoom’s enterprise video conferencing platform. Zoom issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible...

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider MSSP market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t...

Wawa Breach May Have Affected More Than 30 Million Customers

A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The Joker’s Stash...

New ‘CacheOut’ Attack Targets Intel CPUs

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...

Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

NEW ORLEANS – Researchers have observed the blossoming of a new type of social media nuisance they are calling Trolling-as-a-Service. They say these rabble-rousing efforts have emerged as a clever new way for hackers to launch coordinated and dangerous attacks via Facebook and Twitter. Speaking a...

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...

MTTD and MTTR: Two Metrics to Improve Your Cybersecurity

For any organization to protect itself from cyberattacks and data breaches, it’s critical to discover and respond to cyber threats as quickly as possible. Shutting the window of vulnerabilities promptly makes the difference between a mild compromise and a catastrophic data breach. Understanding...

LoRaWAN for IoT: Beware Encryption Misconfigurations and Security Pitfalls

UPDATE The LoRaWAN protocol, which efficiently supports low-power wireless devices over wide area networks, has become standard in the world of the industrial internet of things IoT. One of its benefits is its support for end-to-end encryption. However, researchers are warning that while LoRaWAN...

Zoom Fixed Flaw Opening Meetings to Hackers

NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting...

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

UPDATE Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions. Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do...

As Necurs Botnet Falls from Grace, Emotet Rises

A mid-January spam campaign by criminals behind the popular Necurs botnet shows a dramatic drop in skill and savvy by perpetrators. In a shift from sending sophisticated messages with lethal payloads, Necurs botnets are now peddling get-rich-quick spam messages in what researchers are calling...

N.Y. Could Ban Cities from Paying Ransomware Attackers

New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...

Mandatory IoT Security in the Offing with U.K. Proposal

The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...

ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates

Ransomware costs more than doubled in the fourth quarter of 2019, with the average ransom payment skyrocketing to $84,116, a 104 percent surge up from $41,198 in the third quarter. Researchers said that the leap up in ransomware costs are due in large part to some attackers pushing variants such ...

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

UPDATE Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary. A remote attacker would not need to be authenticated to exploit the flaw, according to...

New Bill Proposes NSA Surveillance Reforms

A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency NSA to vacuum up the call records of millions of Americans. The “Safeguarding Americans’ Private Records Act” was...

Fake Smart Factory Honeypot Highlights New Attack Threats

A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems ICS face with increased exposure to the internet...

Critical, Unpatched 'MDhex' Bugs Threaten Hospital Devices

A collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals has been discovered. Dubbed “MDhex” by the researchers at CyberMDX who discovered them, the bugs would allow attackers to disable the devices, harvest personal health information PHI, change alarm...

U.S. Gov Agency Targeted With Malware-Laced Emails

A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,”...

Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia

The malvertising-focused trojan known as Shlayer has burbled to the top of the malware heap when it comes to targeting Mac users. It made up 29 percent of all attacks on macOS devices in Kaspersky’s telemetry for 2019, making it the No. 1 Mac malware threat for the year. To spread, it has been...

Cisco Warns of Critical Network Security Tool Flaw

A critical Cisco vulnerability exists in its administrative management tool for Cisco network security solutions. The flaw could allow an unauthenticated, remote attacker to gain administrative privileges on impacted devices. The flaw exists in the web-based management interface of the Cisco...

Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking

Technology Apple designed for its Safari web browser to protect users from being tracked when they surf the web may actually do just the opposite, according to new research from Google. Google researchers have identified a number of security flaws in Safari’s Intelligent Tracking Protection that...

Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment

The very first Pwn2Own hacking competition that exclusively focuses on the industrial control systems ICS has kicked off in Miami. So far, a total of $180,000 has been awarded for pwning five different products. The contest hosts at Trend Micro’s Zero Day initiative ZDI have allocated more than...

Vivin Nets Thousands of Dollars Using Cryptomining Malware

A recently uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign. Vivin is unique due to its longevity — the threat actor has been active since at least 2017 — and researchers with Cisco Talos point to Vivin as a good example of why...

sLoad Malware Revamped as Powerful 'StarsLord' Loader

The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning. After discovering it being used in several campaigns over the holidays, researchers...

Microsoft Leaves 250M Customer Service Records Open to the Web

UPDATE Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams...

Download: The State of Breach Protection 2020 Survey Report

Cynet launched in December 2019 the State of Breach Protection 2020 Survey. Based on the responses from 1,536 individuals, they now share the survey report that includes common practices, priorities, and preferences of security leaders as they strive to secure their organization from a breach...

New Muhstik Botnet Attacks Target Tomato Routers

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...

PoC Exploits Do More Good Than Harm: Threatpost Poll

When it comes to the release of proof-of-concept PoC exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll. Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a...

16Shop Phishing Gang Goes After PayPal Users

A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...

Citrix Accelerates Patch Rollout For Critical RCE Flaw

Citrix has quickened its rollout of patches for a critical vulnerability CVE-2019-19781 in the Citrix Application Delivery Controller ADC and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts. Several versions of the products still...

FTCODE Ransomware Now Steals Chrome, Firefox Credentials

FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019...

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...

Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

A hacker has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things IoT devices online on a popular hacking forum in what’s being touted as the biggest leak of Telnet passwords to date, according to a published report. The leak—revealed in a repor...

New JhoneRAT Malware Targets Middle East

Researchers are warning of a new remote access trojan RAT, dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ computers and is also able to...

Feds Cut Off Access to Billions of Breached Records with Site Takedown

The feds and international law enforcement have taken down a website that was selling access to billions of stolen personal records. The FBI and the Department of Justice said on Thursday that they, in conjunction with the Dutch police, the United Kingdom’s National Crime Agency and Germany’s...

Mobile Carrier Customer Service Ushers in SIM-Swap Fraud

Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found. SIM swapping is a form of fraud that allows crooks to bypass SMS-based two-factor authentication 2FA and crack online banking or other high-value accounts...

Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?

The practice of disclosing proof-of-concept PoC exploits has long caused a debate in the security community. As the name suggests, these outline steps used to exploit a vulnerability in a system to show how it can be done — and are used to test networks and pinpoint vulnerable aspects of a system...

News Wrap: PoC Exploits, Cable Haunt and Joker Malware

This week’s news wrap podcast breaks down the biggest Threatpost security stories of the week, including: Various proof-of-concept exploits being released for serious vulnerabilities this week – including for the recently-patched crypto-spoofing vulnerability found by the National Security Agency...

FBI Plans to Inform States of Election Breaches

The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked. The move—revealed in a media briefing Thursday and then published online later that day—extends the number of election officials who are...

Critical Cisco Flaws Now Have PoC Exploit

Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager DCNM tool for managing network platforms and switches. The three critical vulnerabilities in question CVE-2019-15975, CVE-2019-15976, CVE-2019-15977 impact DCNM, a platform for...

Google Account Security Keys Launch for iPhone

Google has extended its Advanced Protection Program for account security to the iPhone platform, aimed at those that are the most-targeted by cybercriminals: Members of political campaign teams, journalists, activists, executives, employees in regulated industries such as finance or government, a...

Satan Ransomware Reborn to Torment Businesses

A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting China, for now...

PoC Exploits Published For Microsoft Crypto Bug

Two proof-of-concept PoC exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The vulnerability CVE-2020-0601 could enable an attacker to spoof a code-signing certificate necessary for validati...

‘Fleeceware’ Apps Downloaded 600M Times from Google Play

Google has made a concerted effort in recent months to try to eliminate bad apps for its Android mobile platform on the Google Play store—something the company historically has battled. However, fleeceware apps—which trick users into paying excessive amounts of money for simple apps with...

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...

A Practical Guide to Zero-Trust Security

Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and...

Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft

A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...

U.N. Weathers Storm of Emotet-TrickBot Malware

The operators behind the notorious Emotet malware have taken aim at United Nations personnel in a targeted attack ultimately bent on delivering the TrickBot trojan. According to researchers at Confense, a concerted phishing campaign has been using emails purporting to be from the Permanent Missio...

Equifax Settles Class-Action Breach Lawsuit for $380.5M

A Georgia court granted final approval for an Equifax settlement in a class-action lawsuit, after the credit-reporting agency was hit by its massive 2017 data breach. Equifax will pay $380.5 million to settle lawsuits regarding the 2017 data breach, the Atlanta federal judge reportedly ruled this...