15946 matches found
Chrome 76 Dumps Default Adobe Flash Player Support
Google has launched the latest iteration of the Chrome browser for Windows, Mac and Linux, which blocks Adobe Flash Player default support and comes with more than 40 security fixes. Though plans to deprecate Adobe Flash in Chrome have been brewing for years, Chrome 76 takes an official first ste...
Trivial Bug Turns Home Security Cameras Into Listening Posts
A vulnerability in the consumer-grade Amcrest IP2M-841B IP home security video camera would allow an attacker to remotely listen to the camera’s audio over the internet, without authentication. “Essentially, if this thing is connected directly to the internet, it’s anyone’s listening device,”...
Black Hat USA 2019 Preview
Las Vegas – Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. The Threatpost team, which will be on the frontlines of next week’s shows, discuss wh...
DHS Warning: Small Aircraft are Ripe for Hacking
The Department of Homeland Security issued an alert Tuesday warning that small aircraft are vulnerable to hackers that can gain physical access to a plane. It warned that a hacker can easily manipulate aircraft telemetry data, which can result in loss of control of the airplane. The bulletin was...
Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages
Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has...
Android Ransomware Spreads Via 'Sex Simulation Game' Links on Reddit, SMS
Researchers are warning of a new Android ransomware being spread via links in online forums and SMS messages. The malicious links purport to connect back to a sex simulation game, but in reality lead to ransomware that encrypts victims’ files. The Android ransomware, dubbed Android/Filecoder.C, h...
Nation-State Actors Go All-In on Mobile Malware
APTs, including a range of nation-state groups operating in China, North Korea, Pakistan and Russia, are shifting their malware development focus to target mobile users for intelligence gathering, financial gain and disruption of national rivals. That’s according to CrowdStrike’s Mobile Threat...
Former AWS Engineer Arrested as Capital One Admits Massive Data Breach
A massive breach of Capital One customer data has hit more than 100 million people in the U.S. and 6 million in Canada. Thanks to a cloud misconfiguration, a hacker was able to access to credit applications, Social Security numbers and bank account numbers in one of the biggest data breaches to...
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
About 80 percent of company web domains don’t have standard email authentication protections in place. That’s according to 250ok’s Global DMARC Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal, financial services, SaaS and nonprofit sectors, as well as the...
Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD
With the increasing popularity of bring-your-own-device BYOD policies and public cloud offerings, enterprises are moving from on-premises applications to cloud apps – but they still lack faith in cloud security. A recent July Bitglass study found that 67 percent of respondents believe cloud apps...
'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks
UPDATE A cadre of 11 vulnerabilities, six of them critical remote code-execution RCE bugs, have been uncovered that affect millions of critical infrastructure systems, such as SCADA gear at utilities, elevator and industrial controllers, patient monitors and MRI machines, programmable logic...
Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep
The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with Threatpost about how...
‘WannaCry Hero’ Avoids Jail Time in Kronos Malware Charges
Marcus Hutchins, the researcher hailed for squashing the WannaCry ransomware outbreak in May 2017, has been spared jail time over the creation of the infamous Kronos banking malware. The 25-year-old British researcher was sentenced on Friday to time served and one year of supervised release over...
Louisiana Gov Declares Emergency After Rampant Cyberattacks Plague Schools
After a rash of public schools were hit with ransomware, Louisiana’s governor has declared a statewide state of emergency. School districts in the northern part of the state – including Monroe City, Morehouse Parish and Sabine Parish – have been affected. Monroe City, on its website, noted that i...
Rare Steganography Hack Can Compromise Fully Patched Websites
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...
Gamers Are Easy Prey for Credential Thieves
Gamers are soft targets for credential-thieving hackers who see them as young, naive and playing it fast and loose with security. “A 14-year-old kid’s gaming credentials are worth more than you think,” said Mike Wilson, CTO at Enzoic. He said credentials tied to Fortnite, Minecraft and RuneScape...
'Google' Sites Are the Latest Ploy by Card-Skimming Thieves
Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. According to analysts at Sucuri, cybercriminals are using typosquatting the practice of changing one letter in a trusted site name to use as a malicious URL to...
Streamlining Patch Management: Expert Advice
Patch management has been a song of constant sorrows for system administrator. There have been improvements. But still, 80 percent of enterprise systems feature unpatched CVE vulnerabilities, according CA Veracode’s State of Software Security. The good news is, software patching has gotten better...
New Loader Variant Behind Widespread Malware Attacks
Behind a recent wave of cyberattacks, pelting PCs with FormBook, LokiBot, SmokeLoader malware, is an updated version of a malware-loading technique called TxHollower. It is described as a new “significant threat”, according to researchers, who added, attacks using TxHollower have “spread like...
Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns
Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email gateways that are designed to block spam messages with malicious URLs. Researchers have observed an uptick in attacks targeting banking, power and media industries using this technique. The hack...
ThreatList: Human Error is Behind One Quarter of Data Breaches
One quarter of all data breaches last year were caused by human error. The average cost of all breach in the same time period was $3.92 million, a 1.5 percent increase from the year before. Click to enlarge. That’s according to the 14th annual Cost of a Data Breach report from the Ponemon Institu...
Unique Monokle Android Spyware Self-Signs Certificates
A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan RAT for Android called Monokle, has been spotted using novel techniques to exfiltrate data. According to the Lookout researchers who discovered Monokle in the wild, the malware has the ability to self-sign...
Protecting Against Ransomware Attacks: A Checklist
Sometimes all it takes is a malicious email to infect an entire municipality with ransomware, freezing important city systems from water utilities or websites. That was the case with the Florida city of Riviera Beach, which paid hackers $600,000 after being hit by a ransomware attack that downed...
Citrix Confirms Password-Spraying Heist of Reams of Internal IP
UPDATE Digital workspace and enterprise networks vendor Citrix has concluded its investigation into a 6TB data heist in March, which it said was the work of international cybercriminals who exploited weak passwords on an internal network. The attackers intermittently accessed Citrix’ infrastrucur...
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign
A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with t...
Malware Loader ‘Brushaloader’ Grows More Menacing
The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. First identified in June 2018, the Brushaloader malware is now more pervasive, stealthy and growing in popularity faster than ever before. New...
Popular Samsung, LG Android Phones Open to 'Spearphone' Eavesdropping
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers motion sensors to infer speech from the devices’ speakers. An acronym for “Speech privacy exploit via accelerometer-sensed...
Update: VLC Media Player Plagued By Unpatched Critical RCE Flaw
UPDATE After a German security agency reported a critical vulnerability existed in VLC open-source media player that could enable remote code execution and other malicious actions, the developers of VLC said that the media player is not vulnerable. The VLC media player, developed by the VideoLAN...
Critical RCE Flaw in Palo Alto Gateways Hits Uber
A remote code-execution RCE vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companie...
Tackling the Collaboration Conundrum
It’s 8 a.m. and you’ve just polished off a full cup of dark-roast coffee to jump-start your day. After booting up your PC, you instinctively open up Outlook, along with Slack or Teams or TeamViewer. While chatting with a co-worker, you recall that you need to send administrative credentials to he...
Large-Scale Government Hacks Hit Russia, Bulgaria
A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russia’s main security agency FSB that represents the largest data heist ever experienced there. In Bulgaria, cybercriminals were able to infiltrate...
Amazon Alexa, Google Home Are On a Collision Course With Regulation
Voice assistants are growing rapidly in popularity — but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo and Google Home are peaking too. Earlier in July, Amazon came under fire after acknowledging that it retains the voice recording...
Equifax to Pay $700 Million in 2017 Data Breach Settlement
Equifax will pay as much as $700 million to settle federal and state investigations on the heels of its infamous 2017 breach, which exposed the data of almost 150 million customers. The consumer credit reporting agency on Monday said it will dish out $300 million to cover free credit monitoring...
Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From...
Adult Sites Lack Privacy, Open the Door for Harassment and Tracking
An analysis of 22,500 porn sites found that third-party tracking of users is rampant, privacy policies are difficult to understand and a majority fail to implement basic HTTPS encryption. In all, it’s a recipe for enabling sexual violence and shaming, according to an academic paper released this...
Bug in NVIDIA’s Tegra Chipset Opens Door to Malicious Code Execution
A flaw impacting millions of mobile and internet of things IoT devices running NVIDIA’s Tegra processor opens the door for a variety of attacks, including device hijacking or siphoning of data. The warning comes from researcher Triszka Balázs, who discovered the flaw and asserts that the bug...
Security Watch: Elon Musk's NeuraLink Links Brains to iPhones via Bluetooth
Technologist Elon Musk has unveiled a plan for embedding Bluetooth-enabled implants into a human brain, to enable disabled persons to regain motor and cognitive function. IT experts however noted that along with FDA approval, the idea faces hurdles in the form of significant scrutiny on the...
Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises
The infamous Mirai internet of things botnet is spiking in growth while changing up its tactics, techniques and procedures so far in 2019, to target more and more enterprise-level hardware, It’s a state of affairs that presents a greater concern than ever before given the ongong migration to the...
Slack Initiates Mass Password Reset
Popular workspace collaboration platform Slack is in the middle of asking tens of thousands of users to reset their passwords after a security breach. The move is actually in response to new information that has come to light regarding a 2015 compromise, when hackers infiltrated Slack’s networks ...
Google Triples Some Bug Bounty Payouts
Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...
Ke3chang APT Linked to Previously Undocumented Backdoor
The Ke3chang cyberespionage group, a.k.a. APT15, Mirage, Playful Dragon or Vixen Panda, has been tied to a backdoor called Okrum that has been used to target diplomatic missions throughout Europe and Latin America. The attribution widens the scope of known Ke3chang activity, an APT believed to be...
Wormable BlueKeep Bug Still Threatens Legions of Windows Systems
For the past two months, security researchers have been sounding the alarm about BlueKeep, a critical remote code-execution vulnerability in Microsoft Windows that researchers said could lead to a “mega-worm” global infection. As of July 2, approximately 805,665 systems remain online that are...
Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted
Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation. The bugs are tied to Gigabyte motherboards used ...
Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices
Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University. An academic team at BU uncovered the flaws, which exi...
Massive Malvertising Campaign Reaches 100M Ads, Manipulates Supply Chain
A Hong Kong-based advertiser has mounted a snowballing campaign, compromising more than 100 million ads to date by forming relationships with legitimate ad platforms to gain access to premium audiences. From there, it often pushes malware onto victim machines. The malvertiser, operating under the...
StrongPity APT Returns with Retooled Spyware
UPDATE The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples first...
LenovoEMC Storage Gear Leaks Sensitive Financial Data
Researchers are warning of a vulnerability in LenovoEMC storage hardware and legacy Iomega-branded network attached storage NAS appliances that could lead to a breach of data stored on the devices. The bug, disclosed Tuesday by Lenovo, is rated high-severity and can be triggered via specially...
The Future is Female: A Key to the Cybersecurity Workforce Challenge
By 2022, 2 million cybersecurity positions globally are projected to be open, even as the threat landscape accelerates and becomes more complex. To meet this growing workforce shortage, women are a crucial, largely untapped reservoir of talent that businesses should be courting. In this Threatpos...
WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files
Though WhatsApp and Telegram tout themselves as secure messaging services, faulty developer coding that allows cyberattackers to intercept media files sent on the Android versions of the services like photos and videos, documents and voice memos undercuts that claim. The security weakness, dubbed...
JetBlue Bomb Scare Set Off with Apple AirDrop
The feature in Apple mobile devices that allows people to send photos to nearby phones via Bluetooth is at the heart of a terrorism scare on a JetBlue flight over the weekend. According to the New York Daily News, a prankster sent a photo of a suicide vest to everyone who had an Apple device on t...