China-Linked Hackers Spy on Texts With MessageTap Malware

Researchers have discovered a new malware used for cyber-espionage efforts by China-linked threat group APT41. The malware intercepts telecom SMS server traffic and sniffs out certain phone numbers and SMS messages – particularly those with keywords relating to Chinese political dissidents. The...

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Future attacks on industrial control system ICS networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remain...

Fake Voicemail/Office 365 Attack Targets Enterprise Execs

A phishing campaign is making the rounds that uses fake voicemail messages to lure victims into revealing their Office 365 email credentials. The targets are “high-profile companies,” according to researchers, mainly in the tourism, entertainment and real-estate industries. A wide range of...

Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant

A new Gafgyt variant is adding vulnerable internet of things IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service DoS attacks against the Valve Source Engine, a video game engine...

Insurance Pays Out a Sliver of Norsk Hydro's Cyberattack Damages

On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to...

WhatsApp Spyware Attack: Uncovering NSO Group Activity

On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After...

U.S. Universities Get Failing Grades for DMARC Adoption

The U.S. higher education system is lagging when it comes to implementing email security – even though the segment remains a top target for phishing and spam campaigns. According to an analysis from Red Sift shared with Threatpost, only 3 percent of the top 200 schools in the 2020 WSJ/THE College...

Murky Details Surround Bed, Bath and Beyond Breach

Housewares and home furnishings purveyor Bed, Bath and Beyond has disclosed a data-thieving cyber attack that allowed the adversaries to access customers’ online accounts. According to a Tuesday SEC filing, the company “discovered that a third party acquired email and password information from a...

MSPs Can Now Provide Managed Detection and Response with Cynet 360

Today, managed detection and response MDR is a rapidly growing market segment, actively pursued by some 27 percent of organizations, according to April 2019 numbers released by ESG Research. According to the same, another 11 percent of organizations plan to pursue MDR in the future. The Cynet 360...

Android Malware Plaguing 45K Devices Remains a Mystery

Researchers are on the hunt for the infection vector behind a mysterious mobile malware that has infected over 45,000 Android devices in the past six months. Researchers said they have detected a surge in detections of the malware, dubbed Xhelper, which can hide itself from users, download...

City of Johannesburg, on Second Hit, Refuses to Pay Ransom

The city of Johannesburg, South Africa, is refusing to pay a ransom of four Bitcoins to a hacker group who accessed the city’s network and stole sensitive data, threatening to release it if the ransom wasn’t paid. It’s the second time in several months that the city has been hit with a cyberattac...

Australia Proposes Facial Recognition to Watch Porn

The Australian government has proposed using facial recognition to verify the age of people wanting to access pornography online. Unlike in the U.S., Australian law actually doesn’t prohibit minors from visiting adult sites, so the facial-recognition measure would be part of changing this policy...

Facebook Sues NSO Group Over Alleged WhatsApp Hack

Facebook has filed a lawsuit against Israeli company NSO Group, creator of the Pegasus spyware, alleging that it was behind the massive WhatsApp hack earlier this year. In May 2019, a zero-day vulnerability was found in WhatsApp’s messaging platform, exploited by attackers who were able to inject...

Joker's Stash Drops Largest-Ever Credit Card Cache on Dark Web

Joker’s Stash, a Dark Web destination that specializes in trading in payment-card data, has added 1.3 million credit and debit cards to its inventory, belonging to Indian banking customers. Researchers said it’s the largest stolen payment card cache ever put up for sale. According to Group-IB, th...

New Adwind Variant Targets Windows, Chromium Credentials

A new version of the Adwind remote access trojan RAT has been discovered taking aim at new targets. Adwind a.k.a. JRAT or SockRat is a Java-based remote access trojan that sniffs out data – mainly login credentials – from victims’ machines. While Adwind has historically been platform-agnostic,...

Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom

At least 16 anti-doping authorities and sporting organizations around the world have been hit by cyberattacks as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020. The attacks, which began Sept. 16, have been linked to infamous Russian threat group Fancy Bea...

Country of Georgia Suffers Widespread Cyberattack

A cyberattack hit the small country of Georgia, Monday, knocking 2,000 websites as well as the national TV station offline in the largest cyberattack the nation has ever seen. The relatively unsophisticated defacement attack—which replaced normal functionality with an image of former Georgian...

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware...

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity

Despite investing 2.4 billion euros since 2016 to upgrade its cybersecurity profile, Italian banking institution UniCredit has suffered its third recent data breach, this time impacting 3 million customers. The company said in a short data breach announcement on its website that names, telephone...

Pwn2Own Expands Into Industrial Control Systems Hacking

Industrial control systems ICS used to manage critical infrastructure and manufacturing will be the main target in next year’s popular Pwn2Own’s annual hacking competition. Over the past few years, Pwn2Own – a hacking contest that draws in white-hat hackers looking for fame and fortune through...

PHP Bug Allows Remote Code-Execution on NGINX Servers

A buffer underflow bug in PHP could allow remote code-execution RCE on targeted NGINX servers. First discovered during a hCorem Capture the Flag competition in September, the bug CVE-2019-11043 exists in the FastCGI directive used in some PHP implementations on NGINX servers, according to...

Magecart Gang Targets Skin Care Site Visitors For 5+ Months

The website of popular skin care brand First Aid Beauty has been hacked by the infamous Magecart group, which embedded digital card skimmers on the site to steal visitors’ payment-card information. The skimmers were undetected on the website for more than five months. First Aid Beauty is an...

Cybercriminals Impersonate Russian APT ‘Fancy Bear’ to Launch DDoS Attacks

Cybercriminals posing as the Russian APT group Fancy Bear have been launching DDoS attacks against companies in the financial sector and demanding ransom payments, according to a new report. The large-scale, multi-vector DDoS attacks come with accompanying ransom letter. They started about a week...

Is AWS Liable in Capital One Breach?

Amazon is at least partly blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging. Security researchers however are of two minds. In a letter to the Federal Trade Commission FTC this week, U.S. senators Ron Wyden D-Ore. and Elizabeth Warr...

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack

An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages...

News Wrap: Hotel Robot Hacks, FTC Stalkerware Crackdown

Threatpost editors break down the top news stories for the week ended Oct. 25. The biggest stories include: An unsecured NFC tag opening a door to trivial exploitation of robots that are used inside Japanese hotels. The FTC has banned the sale of three apps – marketed to monitor children and...

Ransomware, Mobile Malware Attacks to Surge in 2020

Cyber threats like targeted ransomware, mobile malware and sophisticated phishing attacks will escalate in 2020, researchers warn. However, defenses like artificial intelligence AI, cyber insurance and faster security response will also increase, helping defend companies against imminent threats,...

7M Adobe Creative Cloud Users Exposed to Hackers

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as...

Religious Website Data Exposed for Months

Religious website service Clover Sites exposed customer data for at least six to seven months, with the dataset found twice in two separate, insecure cloud databases. Clover offers a content management system for building and managing faith-based websites, with a “Clover Donations” module for...

Raccoon Malware Scavenges 100,000+ Devices to Steal Data

A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. The malware...

Cash App Twitter Giveaway a Haven for Stealing Money

Scammers looking to piggyback on the CashAppFriday trending topic on Twitter are stealing between $10 to $1,000 from each victim that falls for their efforts. According to researchers at Tenable, the scams include phishing with some links garnering up to 500 clicks each, a hoax called...

Samsung Rolls Out Fix For Galaxy S10 Fingerprint Sensor Glitch

Samsung has reportedly started rolling out a software patch for the Galaxy S10 and Note10, addressing glitches in both phone models that allow the bypass of their built-in fingerprint authentication sensors. The fix comes after Samsung admitted last week that anyone can bypass the Galaxy S10...

ThreatList: Sharp Increase in Fake Mobile Apps Impersonating Legit Ones

Malicious mobile apps that try to dupe consumers by mimicking reputable apps is a persistent problem that’s on the rise, making an app store’s commitment to security a key factor to consider for mobile users who want to avoid these threats, according to a new report. The number of blacklisted app...

Apple Removes 17 Malicious iOS Apps From App Store

Researchers have uncovered 17 apps on Apple’s official App Store infected with malware. Apple has since removed the apps from the App Store – but a “significant” number of iOS users could have installed them, researchers said. Once downloaded, the malicious apps infect victims with a trojan...

Bedside Hotel Robot Hacked to Stream In-Room Video

A Japanese hotel chain called “Henn na” that uses robots in lieu of human staff is wrestling with bedside bots that researchers hacked to view video footage from guest rooms. The chain’s parent, HIS Group, owns 10 locations throughout Japan that leverage robots with facial recognition capability...

Fujitsu Wireless Keyboard Plagued By Unpatched Flaws

Two high-severity flaws, discovered in a popular Fujitsu wireless keyboard set, could allow attackers from a short distance away to “eavesdrop” on passwords entered into the keyboards, or even fully takeover a victim’s system. Making matters worse, the impacted Fujitsu wireless keyboard LX390...

ThreatList: Google's Advertising Network Dominates Global Data Collection

When it comes to data collection, Google’s combined arsenal of advertising tools and services continue to help it dominate at a global level. Close behind are AOL Advertising, Moat and AppNexus. Each are singled out by researchers in new report that brings to mind the privacy-busting quote, “If...

Critical Firefox Bugs Allow Arbitrary Code-Execution

Critical vulnerabilities have been discovered in the Mozilla Firefox web browser and Firefox Extended Support Release ESR, and a high-severity bug has been reported for Google Chrome, all of which could allow for arbitrary code execution. The bugs were announced as part of larger updates to Chrom...

15 Years Later, Metasploit Still Manages to be a Menace

The popular penetration testing and hacking framework Metasploit may be getting long in the tooth, but it hasn’t lost its bite in the hands of bad actors. According to researchers, hackers are still using the tool and a highly effective technique called Shikata Ga Nai Japanese for “nothing can be...

FTC Cracks Down on Stalkerware With Retina-X App Bans

UPDATE The Federal Trade Commission FTC has barred the sale of three “stalking apps” until their developer can prove they are used legally. The case is the first crackdown by the FTC on “stalkerware,” which is software that can be installed on devices to track their owners’ location, activity and...

Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing

Two open-redirect vulnerabilities in Bridge, a commercial WordPress theme purchased more than 120,000 times, would allow an attacker to mount spearphishing attacks against site administrators. An open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. F...

No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks

Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the...

Magecart 5 Linked to Carbanak Gang

Researchers have linked Magecart Group 5, the credit-card skimming cybercriminals behind the Ticketmaster breach, to Dridex phishing campaigns and the infamous Carbanak group. Magecart – which is an umbrella group encompassing several different affiliates all using the same modus operandi – injec...

Three Service Account Secrets Straight from Hackers and Security Pros

Barbara Hoffman, Product Marketing Manager, Thycotic Nearly 19,000 infosec experts travel from all over the world to attend the annual Black Hat Conference. They come to share, educate and disclose their security research on the latest vulnerabilities and cyberthreats. We here at Thycotic love to...

Cynet’s free vulnerability assessment offering helps organizations significantly increase their security

Long before a cyberattack is underway, organizations need to be focused on improving their security. Part of this is to always be monitoring their environment, on the lookout for weaknesses and ready to take action if they are found. This is the best way to ensure the organization remains immune ...

Survey Finds People are Privacy Hypocrites

Even while people remain concerned about their own privacy in the workplace and online, most still admit to violations of their coworkers’ privacy by “creeping” on PC screens and “peeking” at documents found in printer trays, a new survey has found. The survey—commissioned by HP as part of Nation...

Gustuff Android Banker Switches Up Technical Approach

An Instagram-initiated campaign using the Gustuff Android mobile banking trojan has rolled out in October, featuring an updated version of the malware that lowers its detection profile. How the cybercriminals are rolling out the campaign is the same as a previous offensive seen in June, according...

U.S. Government, Military Personnel Data Leaked By Autoclerk

A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel. Autoclerk, which was acquired by the Best Western Hotel and Resorts Group in August, provides...

Turla Compromises, Infiltrates Iranian APT Infrastructure

The Turla APT group has been spotted co-opting two cyberweapons from an Iranian APT APT 34, according to one set of researchers, known as the Nautilus and Neuron implants, and deploying them against targets in the Middle East. The group also infiltrated the global operational infrastructure used ...

Avast Network Breached As Hackers Target CCleaner Again

Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account. Avast said that it believes that the intrusion, first detected on Sept. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is...