15946 matches found
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
A zero-day remote code-execution RCE bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said – prompting an emergency patch to roll out over the weekend. The security vulnerability bug CVE-2022-24086 is a critical affair, allowing pre-authentication R...
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution RCE as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of...
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn. The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting target...
Apple Patches Actively Exploited WebKit Zero Day
Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of...
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...
Sharp SIM-Swapping Spike Causes $68M in Losses
SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...
SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs
There’s a trio of critical vulnerabilities, fixed on Tuesday, in SAP business applications that use the ubiquitous Internet Communication Manager ICM: the component that gives SAP products the HTTPS web server they need to connect to the internet or talk to each other. The vulnerabilities,...
SAP Patches Severe ‘ICMAD’ Bugs
There’s a trio of critical vulnerabilities, fixed on Tuesday, in SAP business applications that use the ubiquitous Internet Communication Manager ICM: the component that gives SAP products the HTTPS web server they need to connect to the internet or talk to each other. The vulnerabilities,...
PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE
Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. One of the bugs allows any authenticated user of any level – even subscribers and customers – to execute code that can completely take over a sit...
Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware
A Windows living-off-the-land binary LOLBin known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade...
3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I
Be forewarned—I’m about to lay down some harsh truths here. First, ransomware is prevalent, and there is no way to completely eliminate the threat. Second, at this point, you should operate under the assumption that hackers are already in your systems or could easily access them at any moment. It...
MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said. Researchers from Proofpoint sai...
Ex-Gumshoe Nabs Cybercrooks with FBI Tactics
Crooks are crooks, right? Whatever motivates serial violent offenders doesn’t switch off when they stop mugging people and instead pick up a keyboard to transform into cyber actors who craft cyber threats. At least, that was the thinking behind the 2012 creation of the FBI’s Cyber Behavioral...
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical. For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web...
China Suspected of News Corp Cyberespionage Attack
The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China’s interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. Reports on...
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...
Medusa Malware Joins Flubot’s Android Distribution Network
Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot,...
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
ForcedEntry – the exploit of a zero-click iMessage zero day that circumvented Apple’s then-brand-new BlastDoor security feature starting a year ago – was picked apart not just by NSO Group with its Pegasus spyware but also by a newly uncovered, smaller smartphone-hacking toolmaker named QuaDream...
Roaming Mantis Expands Android Backdoor to Europe
The Roaming Mantis Android malware campaign has buzzed into Europe, quickly infesting France in particular, where there have been 66,789 downloads of the group’s specific remote access trojan RAT as of January. The campaign pushes the Android RAT known as Wroba aka Moqhao or XLoader onto victim...
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency CISA, stated in a public news interview that the now-infamous Log4j flaw is the “the most serious vulnerability that she has seen in her career.” It’s not a stretch to say the whole security industry would agree...
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in...
Attackers Target Intuit Users by Threatening to Cancel Tax Accounts
Just in time for tax season, Intuit is warning customers of a phishing campaign that threatens to close user accounts if they don’t click on a malicious link. The attacks on the accounting-software specialist that many people use for filing U.S. income tax forms comes as phishers overall are...
Kronos Still Dragging Itself Back From Ransomware Hell
Remember when Kronos, the workforce-management workhorse, got whacked by ransomware in December, right in time to gum up end-of-year HR busywork such as bonuses and vacation tracking? Could take days to crawl back, Ultimate Kronos Group UKG said at the time. Or, then again, could take up to sever...
Low-Detection Phishing Kits Increasingly Bypass MFA
More and more phishing kits are focusing on bypassing multi-factor authentication MFA methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle MiTM attack. As MFA continues to see widespread consumer and business adoption – a full 78 percent of...
Critical Cisco Bugs Open VPN Routers to Cyberattacks
UPDATE Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution RCE with root privileges on the devices and more. The RV series is a set of affordable VPN appliances that enable remote workers to connect to a company...
Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist
Wormhole – a web-based blockchain “bridge” that enables users to convert cryptocurrencies – said on Thursday that “all funds are safe” after attackers abused a vulnerability to shake it down for 120,000 Ethereum approximately $314 million. In a postmortem shared with Threatpost on Thursday,...
PowerPoint Files Abused to Take Over Computers
Attackers are using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings to take over an end user’s computer, researchers have found. It’s one of a number of stealthy ways threat actors recently have been targeting desktop users through trust...
KP Snacks Left with Crumbs After Ransomware Attack
KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British company also the purveyor of deeply English treats such as Skips prawn cocktail...
Supply Chain Security Is Not a Problem…It’s a Predicament
In the late 19th century, many large cities faced an unpleasant predicament due to too much horse manure piling up in the streets. Aside from the direct impact of the odors and unsightly excrement, it indirectly poisoned the water supply and accelerated the spread of disease. There were some ways...
Thousands of Malicious npm Packages Threaten Web Apps
More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases how npm has become a launchpad for a range of nefarious activities. New research from open-source...
Charming Kitten Sharpens Its Claws with PowerShell Backdoor
The Iranian advanced persistent threat APT Charming Kitten is sharpening its claws with a new set of tools, including a novel PowerShell backdoor and related stealth tactics, that show the group evolving yet again. The new tools may signal that it’s getting ready to pounce on new victims,...
FBI: Use a Burner Phone at the Olympics
Use a burner phone if you’re traveling to the Olympics, the FBI warned on Tuesday, lest you come home with a nasty case of malware and/or snatched personal data. The FBI didn’t mention specific threats, per se, but its alert warned those traveling to the February 2022 Beijing Winter Olympics and...
Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft
Telehealth care is on the rise as medical service providers cope with the strain of a pandemic and rising costs. But the rush to roll out remote healthcare has also unleashed a universe of wearable medical devices to collect sensitive data, which researchers say are widely vulnerable to attack...
The Account Takeover Cat-and-Mouse Game
In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million. Highlighting the fact that attacke...
Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers. Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform...
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities
Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...
Public Exploit Released for Windows 10 Bug
Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...
NSO Group Pegasus Spyware Aims at Finnish Diplomats
The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highl...
Lazarus APT Uses Windows Update to Spew Malware
Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control C2 server, researchers have found. On Thursday, the Malwarebytes Threat Intelligence team reported that they discovered the North Korean state advanced persistent threat APT group’s latest...
Zerodium Spikes Payout for Outlook Zero-Days
Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a zero-click, remote code-execution RCE exploit. “Zero-click” means that targets neither have to read a malicious email message no...
Conti, DeadBolt Target Delta, QNAP
Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta Electronics, an electronics company that provides products for Apple, Tesla...
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
Adware strains Shlayer and Bundlore are the most common malware in macOS – although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked the...
2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
After remaining available for more than two weeks, a malicious two-factor authentication 2FA application has been removed from Google Play — but not before it was downloaded more than 10,000 times. The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer...
BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices
The BotenaGo botnet source code has been leaked to GitHub, putting millions of routers and internet-of-things IoT devices at risk, researchers said. In a Wednesday report, AT&T Alien Labs – which first discovered the difficult-to-detect malware in November – said it expects that the ready...
Shipment-Delivery Scams Become the Favored Way to Spread Malware
Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...
How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution
Whether it’s Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that all the apps have proper security settings and are configured correctly falls on the security team. The challenge...
TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade
Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a...
Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild
Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild. The first zero-day CVE-2022-22587 is a memory-corruption issue that could be exploited...