Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks

Researchers are warning that an old Twitter API still used by popular iOS mobile apps that could be abused as part of a man-in-the-middle attack. It could be used to hijack Twitter accounts and compromise other third-party apps that are linked to the same “login with Twitter” feature. According t...

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. The vulnerability CVE-2019-16920 exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products,...

Alabama Hospitals Pay Up in Ransomware Attack

An Alabama hospital system has paid its attackers in a ransomware attack that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much the hospitals paid for the decryption key, but noted that they have started a “methodical” process of system restoration. “We...

Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says

A group of hackers tied to Iran has been attempting to break into accounts associated with the 2020 reelection campaign of President Trump, researchers have discovered. Researchers from the Microsoft Threat Intelligence Center said they first observed activity from a group called Phosphorus in...

Google Warns of Android Zero-Day Bug Under Active Attack

Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the...

Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier

LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...

AG Barr, Officials to Facebook: Don't Encrypt Messaging

U.S. Attorney General William Barr is among government officials asking Facebook CEO Mark Zuckerberg to halt or at least delay a plan to add end-to-end encryption to its messaging services in an effort to bolster consumer privacy. The move, unveiled Thursday, once again sparked the privacy debate...

Virus Bulletin 2019: Magecart Infestations Saturate the Web

LONDON — Magecart, the digital card-skimming collective, is now so ubiquitous that its infrastructure is flooding the internet. In a paper presented at Virus Bulletin 2019 this week in London, Jordan Herman and Yonathan Klijnsma of RiskIQ said that there are now 573 known C2 domains for the group...

New Reductor Malware Hijacks HTTPS Traffic

Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure HTTPS traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server. Once infected, Reductor is use...

Foxit PDF Reader Vulnerable to 8 High-Severity Flaws

Patches are available for eight high-severity flaws impacting the popular PDF software Foxit Reader. The bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems. This week, Foxit Software, the company behind Foxit Reader,...

WhatsApp Flaw Opens Android Devices to Remote Code Execution

A security researcher has identified a flaw in the popular WhatsApp messaging platform on Android devices, which could allow attackers to launch privilege elevation and remote code execution RCE attacks on victims. Exploiting the flaw—described in a Wednesday post on GitHub by a Singapore-based...

Zendesk Exposes 10,000 Accounts to Unknown Third Party

Cloud-based customer service company Zendesk notified customers that account information for 10,000 users was accessed prior to November 2016. In a note posted Wednesday, Zendesk said email addresses, user names, and phone numbers were accessed for customers and users of its Support and Chat...

Why This New Cybergang is Heralding a New Age For BEC

A newly-uncovered business email compromise BEC cybergang, dubbed Silent Starling, has found success using a tricky technique to swindle funds from more than 500 organizations worldwide. The West African cybergang has been using a method that researchers with Agari – who discovered them in late...

Virus Bulletin 2019: Geost Android Botnet Goes After Millions of Euros

LONDON — A powerful Android botnet dubbed Geost has been spotted targeting Russian citizens, with the end goal of distributing a banking trojan to victims. The botnet has infected more than 800,000 Android devices, controlling several million Euros held in five banks, according to researchers fro...

Virus Bulletin 2019: Japanese Attacks Highlight Savvy APT Strategy

LONDON — Three separate, multi-year APT campaigns targeting region-specific software showcase a savvy technique of leveraging zero-day vulnerabilities in niche software in order to infect victims with malware. According to researchers at JPCERT in Japan, speaking at Virus Bulletin 2019, both the...

Google Adds Password Checkup Feature to Chrome Browser

Google will soon alert Chrome browser users of weak or compromised passwords. The checks will be in real time as Chrome users visit a password protected website. Bad passwords will trigger a red dialogue box alerting users to take action to better protect their account. The move integrates a...

Hack Breaks PDF Encryption, Opens Content to Attackers

Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH...

Ransomware Attacks Leave U.S. Hospitals Turning Away Patients

A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments. A ransomware attack, reported on Tuesday,...

Hackers Turn to OpenDocument Format to Avoid AV Detection

Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software. Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because the...

Google Play Malicious Apps Racked Up 335M+ Installs In September

Despite Google’s stepped up efforts to ban malicious apps hosted on Google Play 172 harmful apps – installed 335 million times by users – have been discovered on the platform in September alone. ESET researcher Lukas Stefanko said on Tuesday that the majority of those 172 malicious apps were...

Malvertising Attack Hijacks 1B+ Sessions With Webkit Exploit

Researchers have discovered a new wave of attacks launched by the threat group eGobbler where victims are redirected to websites with malicious payloads. Security experts believe eGobbler was behind this year’s prolific Easter malvertising attack. This time, more than 1 billion ad impressions wer...

New Bug Found in NSA’s Ghidra Tool

A medium severity bug reported on Saturday impacts Ghidra, a free, open-source software reverse-engineering tool released by the National Security Agency earlier this year. The vulnerability allows a remote attacker to compromise exposed systems, according to a NIST National Vulnerability Databas...

Senate Passes Bill Aimed At Combating Ransomware Attacks

The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed...

Critical Exim Flaw Opens Servers to Remote Code Execution

A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Exim, which is free software used on Unix-like operating systems including Linux or Mac OSX, serves as a mail...

iOS Exploit 'Checkm8' Could Allow Permanent iPhone Jailbreaks

A researcher is warning of an un-patchable bug affecting hundreds of millions of iPhones that gives attackers system-level access to handsets via an unblockable jailbreak hack. Right now, the scope of the attack is limited. The exploit is dubbed “checkm8” by a security researcher who goes by the...

Masad Spyware Uses Telegram Bots for Command-and-Control

A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control C2 hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal...

Dunkin’ Donuts Gets Hit with Lawsuit Over 2015 Attack

Dunkin’ Donuts is being sued for violating New York state data breach notification laws. The lawsuit alleges that Dunkin’ parent company, Dunkin’ Brands, failed to disclose a breach in 2015 that affected nearly 20,000 customers who were part of the company’s DD Perks loyalty program. New York...

Arcane Stealer V Takes Aim at the Low End of the Dark Web

A general-purpose info-stealing malware is poised to make a splash in cybercrime circles, thanks to its market niche: It’s positioned as an ideal tool for low-skilled adversaries looking to get some skin in the game without having a lot of expertise. According to the Fidelis Threat Research Team...

Microsoft Blacklists Dozens of New File Extensions in Outlook

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables. The move will prevent users from downloading email attachment...

News Wrap: GandCrab Operators Resurface, Utilities Firms Hit By LookBack Malware

On this week’s news wrap podcast, Threatpost editors Tara Seals and Lindsey O’Donnell break down the top news, including: Despite claiming they were retiring, GandCrab’s authors have been linked to the REvil/Sodinokibi ransomware via a technical analysis. A spearphishing campaign, first spotted i...

Thousands of PCs Affected by Nodersok/Divergent Malware

New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own...

DoorDash Data Breach Impacts Personal Data of Almost 5M Users

Food delivery service DoorDash disclosed a data breach that affects almost 5 million customers, drivers and merchants using its platform. DoorDash, an on-demand food delivery service, connects end users with local restaurants and relies on contracted drivers who use their own vehicles for deliver...

Rash of Exploits Targets Critical vBulletin RCE Bug

A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...

5G and IoT: How to Approach the Security Implications

When it comes to the next generation of mobile networks, 5G promises a more Internet of Things-friendly ecosystem with vast improvements over the current capabilities of 4G – however, its intersection with IoT will also raise the stakes on cybersecurity. The benefits of 5G are myriad: Not only wi...

Cisco Patches 13 High-Severity Router and Switch Bugs

Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity. The bulk of the high-severity vulnerabilities are tied...

Phish Uses Google's URL Decoding to Swim Past Defenses

A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...

Vimeo Slapped With Lawsuit Over Biometrics Privacy Policy

Vimeo, the popular ad-free video platform, is facing a lawsuit that alleges it stored people’s facial biometrics without their consent or knowledge. The lawsuit, which was filed on Sept. 20, claims Vimeo violated the Illinois Biometrics Information Privacy Act BIPA. This is a law that imposes...

CISOs: Support vendor security ops for best cloud results

Data from McKinsey Insights suggests that many CISOs are uneasy about increasing dependence on SaaS applications and the security risks – real or perceived – the cloud represents. Their apprehension isn’t slowing down cloud adoption. As McKinsey put it, “Most companies … will eventually confront...

Cyber-Risk Business Cases: Using Economic Impact to Justify TIG Investment

It sure is a difficult time to be a network defender. According to one industry report, as many as 85,000 malicious websites are launched daily, along with 8 million spam and phishing attacks; and, there are anywhere from 30-50 million malicious domains out there at any time. Scale seems to be...

Chrome Bug, Not Avid Software, Causes Damage to MacOS File Systems

Researchers have tracked a problem that caused corruption to the file systems of macOS users to a bug in a Google Chrome update after users originally feared it was a problem with Avid Media Composer. People using the Avid software for video editing on macOS platforms posted warnings Tuesday on...

Magecart Group Targets Routers Behind Public Wi-Fi Networks

A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks ...

'Narrator' Windows Utility Trojanized to Gain Full System Control

A suspected Chinese advanced persistent threat APT group has been spotted attacking tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows. According to BlackBerry Cylance, the attackers also deploy a version of the...

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting XSS attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and...

Cybercrooks Target U.S. Veterans with Fake Hiring Website

Researchers are warning that a fake website – purporting to help U.S. military veterans search for jobs — actually links to installers that download malware onto victims’ systems. The website spoofs a legitimate website for U.S. military veterans offered by the U.S. Chamber of Commerce...

What You Need to Know About Next Gen EDR

Endpoint Detection & Response EDR is the main mode of cybersecurity utilized by many organizations. Already recognized in 2012 as its own category, EDR was pushed as the ideal response to the rapidly changing threatscape that until then had been dealt with though not so successfully primarily...

Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards

Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the...

GandCrab Operators Resurface with REvil Malware

The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...

Adobe Unscheduled Update Fixes Critical ColdFusion Flaws

Adobe has issued an unscheduled security update that fixes two critical flaws in its ColdFusion product. The critical vulnerabilities could enable an attacker to either execute arbitrary code or bypass access control on impacted systems. Overall, Adobe released three patches – one for an...

Dtrack RAT is Behind Virulent ATM-Espionage Campaign

An espionage malware called Dtrack – and a related variant, ATMDtrack – has been traced back to the notorious North Korea-linked Lazarus Group APT. Both have been identified this month targeting victims in India. According to researcher Konstantin Zykov of Kaspersky, researchers first uncovered...

Zebrocy Retools for New Political Attacks

The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...