Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme

Google has removed two malicious ad blockers from its Chrome Web Store after a researcher discovered they were carrying out ad fraud and deceived Chrome users by using names of legitimate and popular blockers. Researcher Andrey Meshkov from rival ad blocker maker AdGuard discovered that the...

Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update

Microsoft has released out-of-band security updates addressing two vulnerabilities – including an Internet Explorer zero-day vulnerability being actively exploited in the wild. The Internet Explorer zero-day vulnerability CVE-2019-1367 is a remote code execution flaw that could enable an attacker...

More U.S. Utility Firms Targeted in Evolving LookBack Spearphishing Campaign

A spearphishing campaign, first spotted in July targeting three U.S. utility companies with a new malware variant, has evolved its tactics and extended its targeting to include nearly 20 companies. The campaign was first discovered in phishing emails, sent between July 19 and 25, which targeted...

Google Assistant Audio Privacy Controls Updated After Outcry

Google is unveiling new privacy controls for the Google Assistant virtual assistant, after the company came under fire earlier this year for eavesdropping on users’ personal audio snippets – without their permission. The tech giant on Monday promised more transparency around the audio data that i...

200K Sign Petition Against Equifax Data Breach Settlement

Consumers are furious over what they view as an unfair settlement between the U.S. government and Equifax over the latter’s now-infamous 2017 data leak–so much so that more than 200,000 of them so far have signed a petition against the deal. “Don’t let Equifax escape liability” is the title of th...

Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica

Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica...

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks

A vulnerability has been discovered in the Forcepoint VPN Client software for Windows. The flaw could enable an attacker – with an existing foothold on a system – to achieve an escalation of privilege, persistence and in some cases defense evasion. The vulnerability CVE-2019-6145 stems from an...

News Wrap: Emotet's Return, U.S. Vs. Snowden, Physical Pen Testers Arrested

From the re-emergence of an infamous malware, to a new lawsuit against Edward Snowden, Threatpost editors Lindsey O’Donnell and Tara Seals break down this week’s top news. Top stories include: Emotet, the notorious banking trojan, is back after a summer hiatus. The U.S. sued Edward Snowden over h...

Mattress Company Leaks Data Records of 387K Customers

A Wisconsin mattress company leaked the records of 387,000 customers online in a database that lacked password protection, a security researcher has found. The incident once again demonstrates the potential security consequences of failing to take even the simplest security measures to protect...

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

A vulnerable municipality payment software, which previously led to the breach of hundreds of thousands of payment cards in 2017, has been targeted once again. This time it was part of a breach involving of eight cities in August. The hack targets a flaw in Click2Gov software, which is used in...

Microsoft Silent Update Torpedoes Windows Defender

A broken Microsoft Windows Defender signature file that was causing system file checks to fail got a patch this week – but the patch caused an even bigger issue, making Defender user-triggered antivirus scans fail altogether. The issue was in place for about a day before Microsoft re-patched the...

These Hacks Require Literally Sneaking in the Backdoor

After slipping past security, picking a backdoor lock and gaining access to a company’s inner sanctum, a skilled hacker can cause mayhem. They can plant malware on a network, grab physical files and walk out the front door with a donut pilfered from the employee break room. Meet the world of a...

Smart TVs, Subscription Services Leak Data to Facebook, Google

Smart TVs and so-called “over the top” OTT platforms are the latest IoT devices found “spying” on users and leaking sensitive data to companies such as Facebook, Amazon, Google and Netflix, according to two separate studies conducted by university researchers as well as independent research done ...

Marc Rogers: Success of Anonymous Bug Submission Program 'Takes A Village'

A global anonymous bug submission platform, announced at DEF CON in August, aims to help encourage ethical hackers to submit high-level bugs anonymously that might otherwise trigger a barrage of questions or put researchers in legal hot water. DEF CON conference founder Jeff Moss said the goal wa...

IRS Emails Promise a Refund But Deliver Botnet Recruitment

U.S. taxpayers are being offered fake refunds in the latest wave of phishing emails, which ultimately deliver an payload that adds the target machine to the multifunctional Amadey botnet. Amadey is a relatively new botnet, first noted late in Q1 of 2019, according to Milo Salvia, security...

Rethinking Responsibilities and Remedies in Social-Engineering Attacks

In the pantheon of catchy cybersecurity slogans that should never have caught on, two about social engineering spring to mind almost immediately: “End users are the weakest link” and “attackers only have to be lucky once; defenders have to be lucky all the time.” Both of those statements have bee...

Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic

Emotet, the banking trojan that has evolved into so much more, is back after a summer hiatus, dropping other banking trojans, information stealers, email harvesters, self-propagation mechanisms and ransomware. According to researchers at Cisco Talos, Emotet took a breather at the beginning of Jun...

Edward Snowden Sued by U.S. Over New Memoir

The U.S. has sued whistleblower Edward Snowden over his new memoir, alleging he published the book in violation of non-disclosure agreements signed with both the CIA and NSA. Edward Snowden, a former employee of the Central Intelligence Agency and contractor for the National Security Agency NSA, ...

New! RFP Template for Selecting EDR/EPP and APT Security

Once upon a time, only big organizations worried about Advanced Persistent Threats. But it soon became obvious that every organization could find itself under fire, regardless of size or industry, and whether as direct targets or collateral damage. Most security decision makers in these...

Massive Gaming DDoS Exploits Widespread Technology

UPDATE Akamai Wednesday revealed that it’s witnessed the fourth-largest DDoS attack the company has ever encountered, leveraging a widespread and highly exploitable UDP amplification technique known as WS-Discovery WSD. WSD—a consumer device network discovery and connectivity technology—was seen...

Malware Moves: The Rise of LookBack – And Return of Emotet

Malware activity for various families continues to ebb and flow; with a popular malware called LookBack recently discovered in a slew of campaigns, and Emotet and other malware variants that were quiet over the summer set to make a dangerous comeback. Researchers believe that nation-state actors...

Panda Threat Group Mines for Monero With Updated Payload, Targets

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloa...

AMD Radeon Graphics Cards Open VMware Workstations to Attack

A remote code-execution bug exists in some configurations of the AMD Radeon graphics card that could allow an attacker to take control of a targeted system. The hack entails luring users of vulnerable systems to visit a specially crafted website that can deliver “a malformed pixel shader” to eith...

Cisco Extends Patch for IPv6 DoS Vulnerability

Cisco has extended its patch for a high-severity IPv6 denial-of-service DoS vulnerability that was first addressed in 2016. The bug CVE-2016-1409 is a vulnerability in the IPv6 packet processing functions of multiple Cisco products, which could allow an unauthenticated, remote attacker to cause a...

Google Calendar Settings Gaffes Exposes Users' Meetings, Company Details

Google has come under fire for a configuration setting tied to its Google Calendar service, which has left hundreds of calendars inadvertently open to the public – and could potentially expose billions more. It’s important to note that no actual vulnerability exists in the settings of Google...

LastPass Fixes Bug That Leaks Credentials

LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...

Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population

The entire population of Ecuador has been impacted by an open database on an unsecured server, housing a massive amount of personal information collected from public-sector sources by a marketing analytics company. The leaked database, which was found by vpnMentor’s research team, includes record...

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

More than a hundred vulnerabilities have been found in small office/home office SOHO routers and network-attached storage devices NAS from vendors that include Asus, Zyxel, Lenovo, Netgear and other top names, which open them up to remote attackers. That’s according to Independent Security...

U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks

The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 WannaCry ransomware attacks and the 2014 cyberattack on Sony Pictures Entertainment. The three that were sanctioned are the infamous Lazarus Group, as well...

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate digital certificate...

WordPress XSS Bug Allows Drive-By Code Execution

A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts

An iPhone lock screen bypass has been discovered that could enable an attacker to access victims’ address books, including their contacts’ names, email addresses, phone numbers, mailing addresses and more. The hack was first discovered by researcher Jose Rodriguez, an Apple enthusiast based in...

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...

North Korean Spear-Phishing Attack Targets U.S. Firms

Researchers have uncovered an ongoing, sophisticated malware campaign aiming at U.S.-based targets with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions. The campaign, which researchers from Prevailion call “Autumn Aperture” and link...

News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit

Threatpost editors break down the biggest news stories of this week ended Sept. 13, including: Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors A Telnet backdoor opened more than 1 million Imperial Dabman IoT...

Cybercriminals Adding Sophistication to BEC Threats

Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...

Library-Themed University Phishing Attack Expands to Massive Scale

Indicating a campaign of massive scale, at least 20 new phishing domains targeting more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United Kingdom and the United States have cropped up, bent on lifting credentials from students heading back to school. The domains are...

California Passes Bill to Ban Police Use of Facial Recognition

The California Senate has passed a bill in a 22-15 vote that would ban the use by law enforcement of body cams that use facial recognition. The move will send AB 1215, already passed by the California Assembly back in May on a 45-17 vote, to the desk of Gov. Gavin Newsom to be signed into law. Th...

1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack

A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say. Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM...

UNICEF Leaks Personal Data of 8,000 Users via Email Blunder

The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and...

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

While macOS is often touted as “safer” on the cybersecurity front compared to Windows-based systems, cybercriminals are in fact increasingly targeting Apple’s ecosystem. The number of attacks on macOS users through malicious and potentially unwanted programs has been increasing annually since 201...

Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database

UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...

198 Million Car-Buyer Records Exposed Online for All to See

Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer...

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session SSH; but, luckily, such an attack would be difficult to...

CISO/CIO: Get an iPad and Apple Watch with an App Monitoring your Security 24/7

If you are a CISO or CIO, you need to know what is going on with your organizational security. Together with that, you cannot afford to be inundated with alerts, messages and other data whenever something happens. On the one hand, you need to be in the know, because cyberattacks can occur at any...

Strangest Phishing Lures of 2019: From Divorce Papers to Real Estate Decoys

Hackers aren’t just targeting infrastructure anymore – they’re actively playing on the emotions of people, whether it’s a consumer who desperately wants to lose weight to an employee who is nervous he will lose his job if he doesn’t do exactly what his boss says. That’s according to Proofpoint’s...

Feds Indict 281 People for Involvement in Massive Email Fraud Scheme

Federal authorities have arrested 281 people and seized nearly $3.7 million in a coordinated effort between multiple agencies to disrupt a massive email-fraud scheme. Perpetrators of a global business email compromise BEC scheme were the target of a four-month investigation that began in May call...

Insider Threats Are Rising – But They Shouldn’t Be

There’s never been a shortage of risk that organizations face from insiders gone bad — those incidents where insiders steal information from their employers, clients, partners and government agencies. Many times, malicious insiders seek monetary gain. They’ll steal information such as account...

Microsoft Addresses Two Zero-Days Under Active Attack

Two elevation-of-privilege vulnerabilities that have been exploited in the wild as zero-days are at the heart of September’s Patch Tuesday update from Microsoft. The two EoP vulnerabilities under active attack consist of CVE-2019-1214, which exists in the Windows Common Log File System CLFS Drive...

ThreatList: Amidst Data Breaches, Account Creation Fraud Soars in 2019

The first half of 2019 saw a 13 percent increase in fraudulent activity compared to the previous six months, with a spike in June representing the highest-volume bot attack that’s been recorded since 2016, according to an analysis from LexisNexis Risk Solutions. The firm’s report, with data glean...