TrickBot Evolves to Go After SSH Keys

The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications. OpenSSH is a connectivity tool for remote login with the SSH protocol; it encrypts all traffic to eliminate eavesdropping. OpenVPN meanwhile is used for secure private...

NYPD Fingerprint Database Taken Offline to Thwart Ransomware

The New York Police Department’s database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports. The malware was introduced to the network via a contractor who was installing a digital display, according to an article in the New York Post. To do t...

PoS Malware Exposes Customer Data of Catch Restaurants

Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale PoS systems — but not before it exposed credit-card information from unknowing diners. Catch Hospitality Group, which owns the three NYC hotspots, said in a data-breach notice this...

ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes

As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...

Three Areas to Consider, to Focus Your Cyber-Plan

How’s this for concerning news: Half of all organizations don’t have the wherewithal to stop malicious actors from stealing sensitive information, taking down critical assets or damaging customer trust. According to a recent report from FireEye, 51 percent of organizations don’t believe they are...

Critical Flaws in VNC Threaten Industrial Environments

The open-source Virtual Network Computing VNC project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution RCE. According to researchers at Kaspersky...

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media source...

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...

News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws

Threatpost news editors break down the top stories of the week, including: The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place. Five U.S. Senators are...

Google Will Award $1M-Plus to People Who Can Hack Titan M Security Chip

Google is willing to award up to $1.5 million to hackers who can successfully hack its Titan M security chip on the company’s Pixel devices as part of an expansion of its Android bug-bounty program unveiled this week. The company revealed increased payouts to its Android Security Rewards in a blo...

Senators Demand Amazon Disclose Ring Privacy Policies

Five U.S. Senators are demanding that Amazon disclose how it’s securing Ring home-security device footage – and who is allowed to access that footage. The demands, outlined in a Wednesday letter to Amazon CEO Jeff Bezos, come on the heels of several security vulnerabilities and privacy-related...

Microsoft Outlook for Android Bug Opens Door to XSS

Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug CVE-2019-1460 would allow an attacker to perform cross-site scripting XSS attacks on the affected systems and run scripts in the security context of the current user, according to...

Linux Webmin Servers Under Attack by Roboto P2P Botnet

Vulnerable Linux Webmin servers are under active attack by a newly-discovered peer-to-peer P2P botnet, dubbed Roboto by researchers. The botnet is targeting a remote code-execution vulnerability CVE-2019-15107 in Webmin, a web-based system configuration tool for Linux servers. CVE-2019-15107 was...

Gnip Banking Trojan Shows Ongoing, Aggressive Development

A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating — including a sample released in...

Download: 2019 Security Team Assessment Template

As a security professional, it is critical that you assess the performance of your security team and keep in-the-know regarding your current security posture, in addition to planning ahead. ‘The Ultimate 2019 Security Team Assessment Template‘ is a first-of-its-kind tool that encapsulates all the...

Popular Apps on Google Play Store Remain Unpatched

Most people think if they keep their mobile apps updated to the latest version, they also are patching for critical vulnerabilities. Not so, said researchers from Check Point Software, which discovered that outdated code—including known vulnerabilities—are still present in hundreds of popular app...

Security Firms, Nonprofits Team to Fight Stalkerware

The scourge of so-called “stalkerware” has accelerated as mobile cyberattacks in general have become more common, and it’s something that’s being addressed through a security industry collaboration that launched this week. The term “stalkerware” refers to both surreptitious spyware available on t...

Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor

Mozilla is bumping up its bug bounty payouts and has added new websites and services – including the recently deployed Firefox Monitor– to its bug bounty program in hopes of attracting more researchers to sniff out vulnerabilities. The browser-maker is doubling bug bounty payouts for most of its...

Apache Solr Bug Gets Bumped Up to High Severity

A bug impacting the Linux enterprise-search platform called Apache Solr has been revised from low to high-severity after researchers discovered a new remote code execution exploit. The warning comes from Tenable, which is reporting that the newly-identified default configuration vulnerability cou...

High-Severity Windows UAC Flaw Enables Privilege Escalation

Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control UAC, a security feature of Windows within Secure...

ThreatList: Admin Rights for Third Parties is the Norm

Organizations are continuing to fall down on the job when it comes to addressing cybersecurity risk around third parties; in fact, 61 percent of respondents in a recent survey said they’re unsure if partners, contractors, suppliers and others are accessing or attempting to access unauthorized dat...

Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online

The passwords and other personal data of more than 2.2 million users of two websites were revealed online as the result of data breaches that happened earlier this year, a notable security researcher warned. Personal information belonging to the users of cryptocurrency wallet service GateHub and...

400 Vet Locations Nipped by Ryuk Ransomware

National Veterinary Associates NVA has been hit with the Ryuk ransomware, in an attack that affects 400 clinics across the country. The California company said that it could take a week for its facilities to be fully back up and running normally. Patient records, payment systems and practice...

D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List

D-Link has warned that more of its routers are vulnerable to critical flaws that allow remote hackers to take control of hardware and steal data. The routers won’t be fixed, said D-Link, explaining that the hardware has reached its end-of-life and will no longer receive security updates. The...

Google Discloses Android Camera Hijack Hack

Researchers have disclosed a high-severity issue that could allow attackers to hijack the Google Camera App, the built-in smartphone camera for Android phones. The issue was fixed for Google-manufactured phones in July – but Google said patches are still rolling out to smartphones in the broader...

McDonalds-Themed Facebook Ads Serve Up Banking Trojans

The Mispadu banking trojan is using a McDonalds malvertising tactic to ultimately steal payment-card data and online banking information. Written in Delphi, Mispadu targets Brazil and Mexico, uses pop-up windows and contains backdoor functionality. According to researchers at ESET, Mispadu spread...

Fake 'Windows Update' Installs Cyborg Ransomware

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...

Macy's Suffers Data Breach by Magecart Cybercriminals

The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card...

Americans Concerned and Confused Over Privacy, Survey Reveals

Call it a case of Facebook privacy breach fatigue. When asked, Americans say companies do a worse job than the government when it comes to protecting data collected on their behalf. They also complain potential risks they face because of data collection by companies outweigh the benefits. The...

WhatsApp Remote Code Execution Triggered by Videos

Facebook has quietly patched a vulnerability in the popular WhatsApp messaging platform, which could be exploited to launch remote-code-execution or denial-of-service attacks on victims. Attackers can exploit the flaw merely by sending a target user a video — specifically, a specially crafted MP4...

The Unhappiest Subscribers on Earth? Disney+ Accounts Hacked & Hijacked

The highly anticipated Disney+ streaming service launched last week – and was promptly targeted by hackers looking to compromise users’ accounts. Around 4,000 customer account credentials have shown up for sale on hacking forums for around $3 each, according to reports. An investigation by ZDNet...

Office 365 Admins Targeted in Ongoing Phishing Scam

A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene. According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to send out phishing lures – thus...

Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites

A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors’ payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data – a...

‘Wildly Different’ Privacy Regulations Causing Compliance Chaos

From the General Data Protection Regulations GDPR to the California Consumer Privacy Act CCPA, the security landscape is becoming increasingly fraught with regulatory efforts. While privacy regulation has positive implications for data security, companies are finding themselves struggling to stay...

Tianfu Cup Round-Up: Safari, Chrome, D-Link Routers and Office 365 Successfully Hacked

Hackers over the weekend successfully compromised widely used software and hardware–including browsers Safari and Chrome, D-Link routers and the Office 365 suite–using zero-day vulnerabilities at the annual Tianfu Cup gathering. The hacking competition, held in Chengdu, China, is very similar to...

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers. The news comes as a new report shows that in tandem, the retail industry is experiencing more breaches than any other industry in 2019 as criminals consistent...

James Clapper: Lessons Learned in a Post-Snowden World

LAS VEGAS – The 2013 leaks by Edward Snowden highlight holes in the U.S. government around transparency and proactively dealing with insider threats, former national intelligence director James Clapper acknowledged. The U.S. intelligence community needs to be more transparent with the public, whi...

Lizard Squad Threatens UK's Labour Leader with Cyberattacks Against His Family

Lizard Squad, the well-known hacktivist cybergang, is pledging to mount personal cyberattacks on Britain’s Labour Party leader, Jeremy Corbyn. As the UK continues to be roiled by Brexit debate ahead of a Dec. 12 general election, the Labour Party said on Tuesday that it had been targeted by a...

Podcast: Managing an Out-Of-Control Security Tech Stack

This podcast is sponsored by Arctic Wolf. In this sponsored podcast, Threatpost podcast host Cody Hackett and Sam McLane, chief technology officer with Arctic Wolf, discuss important considerations when building a multi-layered cybersecurity strategy and best practices when evaluating security...

Stealthy Malware Flies Under AV Radar with Advanced Obfuscation

Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of...

Double Vision: Stealthy Malware Dropper Delivers Dual RATs

A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...

Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns

With the checkra1n iPhone jailbreak now available, security experts are urging mobile-device managers to keep on their toes as the powerful new tool becomes available to hackers and iPhone users who may recklessly use it. Jailbreaking is the process of hacking these devices to bypass DRM...

California's Domino Effect on U.S. Privacy Regulation

LAS VEGAS – The California Consumer Privacy Act CCPA, which goes into effect in January 2020, will implement strict requirements for companies to create more transparency about how user data is being used and disseminated. Microsoft’s acknowledgement this week that it will extend CCPA to all of i...

Website, Know Thyself: What Code Are You Serving?

When we think of “securing our website” from attackers, we often think of securing against hooded figures somewhere in Eastern Europe working out of a smoky office above an illegal gambling den. Not only is that probably geographically insensitive, it’s also not necessarily the best way threat to...

APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims

The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, linked to its own...

Threat Actor Impersonates USPS to Deliver Backdoor Malware

A new threat actor has been found impersonating the U.S. Postal Service USPS and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. The campaigns, which researchers from cybersecurity firm...

Download: The Comprehensive Compliance Guide

A large part of the CISO/CIO responsibility is ensuring compliance standards are met. As one of the main drivers of security product purchase and implementation, regulation comes in many different shapes and sizes. Some standards provide clear consequences for failure to meet them. Others provide...

Innovative PureLocker Ransomware Emerges in Targeted Attacks

The PureLocker ransomware – so-called because it’s written in the PureBasic programming language – has been spotted being used in targeted attacks against both Windows and Linux-based production servers at enterprises. Researchers said it shows unusual characteristics that underscore the innovati...

ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks

LAS VEGAS – From insider threats, Internet of Things insecurity, to medical device hacking, ENFUSE 2019 broke down the top privacy and security issues help desks are seeing today. It also tackle what regulatory efforts are being developed to address those threats. Threatpost editor Lindsey...

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

LAS VEGAS – From drones to facial recognition, new technology applications are introducing unique consumer privacy issues for civil society — and U.S. lawmakers and legal teams are struggling to keep up. Privacy is a fundamental human right for consumers, but new ways in which data is collected a...