Cisco Warns of Critical Flaws in Data Center Network Manager

Cisco Systems has released emergency patches for two critical vulnerabilities in its Data Center Network Manager, which could allow attackers to take control of impacted systems. The Data Center Network Manager DCNM is Cisco’s network management platform for switches running on its network...

Iran-linked APT33 Shakes Up Cyberespionage Tactics

Following a recent report detailing APT33’s infrastructure and tactics, the Iranian state-sponsored threat actor shook up its cyberespionage efforts by adopting new tools and reassigning key domain infrastructure. The infrastructure overhaul stems from a March 2019 Symantec report exposing the...

EA Games Patches Account-Hijacking Bug

Researchers chained together two vulnerabilities in the Electronic Arts EA gaming platform and developed a proof-of-concept attack that allowed for possible account takeovers. A successful attack could allow a malicious actor to gain access to a user’s account and steal credit card information or...

Second Florida City Pays Hackers $500k Post-Ransomware Attack

UPDATE A city in Florida has paid hackers almost $500,000 after suffering a ransomware attack that locked down its email systems and servers – only the latest municipality to be hit by ransomware and pay the ransom. The Florida municipality, Lake City, has a population of 12,046 and is located in...

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

UPDATE Search engine optimization and analytics firm SEMrush patched a remote code execution vulnerability that allowed an attacker to send a malicious image to its service and generate a reverse shell, a typical first stage in a cyberattack. Public disclosure of the vulnerability was Monday when...

Newly-Discovered Malware Targets Unpatched MacOS Flaw

Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS...

Malspam Emails Blanket LokiBot, NanoCore Malware With ISO Files

An ongoing spam campaign has been spotted using ISO disk image file attachments to disguise various information-stealing trojans, including LokiBot and NanoCore. Researchers said that they first spotted the malware-laced spam emails being distributed in April 2019. Spam sent to victims claim to b...

Facebook Faces Lawsuit Over Massive 2018 Data Breach

Facebook lost a key court ruling last week and now must face a lawsuit tied to a data breach of its platform disclosed in 2018, which impacted nearly 30 million of its users. The data breach, first disclosed by Facebook in September 2018, directly impacted the access tokens of 30 million accounts...

Iran Targeting U.S. With Destructive Wipers, Warns DHS

The Department of Homeland Security is warning that Iranian hackers are targeting U.S. agencies with destructive “wiper” malware. The statement comes as tensions continue to build between the U.S. and Iran. Christopher Krebs, the director of the Department of Homeland Security DHS Cybersecurity a...

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...

MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash

A powerful money-siphoning malware known as MobOk has been found hiding in seemingly legitimate photo editing apps available on the Google Play store. The Pink Camera and Pink Camera 2 apps, now removed, had been installed around 10,000 times, according to researchers at Kaspersky. They included...

Microsoft Outlook for Android Open to XSS Attacks

Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting XSS attacks. The software giant said that CVE-2019-1105, rated “important,” is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses...

Podcast: Dating App Privacy and NASA Cyberattack

Beyond the regular drumbeat of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the most interesting stories of the week, including: A ransomware webinar hosted by Threatpost editor Tara Seals, whi...

Mozilla Fixes Second Actively-Exploited Firefox Flaw

UPDATE Mozilla has fixed a high-severity vulnerability in its Firefox browser being actively exploited in the wild. The vulnerability CVE-2019-11708 is separate from a critical flaw under active attack that was patched earlier this week CVE-2019-11707. However, both vulnerabilities were discovere...

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability CVE-2019-12280 stems from a component in...

Match, Tinder Swipe Right For Privacy Red Flags, Say Experts

Over 70 percent of subscribers across Match.com express concern about the amount of data they share with the platform, according to a ProPrivacy.com survey. But despite those concerns, users of the service do it anyway and also remain unaware of just how much data the company collects and how the...

Post-Ransomware Attack, Florida City Pays $600K

A Florida city, hit by a ransomware attack that crippled its computer systems for three weeks, voted this week to pay the attackers the requested ransom of $600,000. Riviera Beach, a city in Florida populated by 35,000, was hit by the ransomware attack May 29 after a city employee clicked on a...

LoudMiner Cryptominer Uses Linux Image and Virtual Machines

An unusual cryptocurrency miner, dubbed LoudMiner, is spreading via pirated copies of Virtual Studio Technology. It uses virtualization software to mine Monero on a Tiny Core Linux virtual machine – a unique approach, according to researchers. Virtual Studio Technology VST is an audio plug-in...

DanaBot Adds Ransomware to its Arsenal

A new sample of the DanaBot trojan spotted in a recent campaign reveals that operators behind the malware have now included a ransomware component into its code, along with new string encryption and communications protocols. The update, wrote Check Point researchers on Thursday, represents a...

Tor Browser Issues Update for Critical System Takeover Flaw

Tor Browser has updated to version 8.5.2, to address a critical security flaw in Mozilla’s Firefox browser that is under active exploit in the wild. The critical flaw CVE-2019-11707 is a type confusion vulnerability in the Array.pop, which is an array method that is used in JavaScript objects in...

Cisco DNA Center Critical Flaw Opens Access to Internal Services

Cisco is urging customers to update after discovering a critical vulnerability in its Digital Network Architecture DNA Center, which could allow an unauthenticated attacker to access critical internal services. Overall, Cisco issued fixes for 25 vulnerabilities across its various products: Two...

Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data

NASA’s Jet Propulsion Laboratory JPL may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT...

Google Releases Open Source Tool For Computational Privacy

Google is releasing a new open-source cryptographic tool aimed at boosting privacy around sensitive data sets. The tool, called Private Join and Compute, is designed to help companies who are working together with confidential data sets. Private Join and Compute, allows companies to share data in...

Oracle Warns of New Actively-Exploited WebLogic Flaw

Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild. The remote code execution flaw CVE-2019-2729 impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability...

Mozilla Patches Firefox Critical Flaw Under Active Attack

UPDATE Mozilla has released updates for the Firefox browser addressing a critical vulnerability that is being actively exploited in targeted attacks against Coinbase employees – and potentially other cryptocurrency organizations. The critical flaw CVE-2019-11707 is a type confusion vulnerability ...

Consumers Urged to Junk Insecure IoT Devices

More than 2 million connected security cameras, baby monitors and other IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response. Security researcher Paul Marrapese, who disclosed the flaws...

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

Multiple TCP-based remote denial-of-service vulnerabilities have been uncovered in the FreeBSD and Linux kernels by Netflix researchers. Exploitation would interrupt TCP connections and therefore streaming content flows to vulnerable Linux-based PCs putting a crimp in binge-watching, for instance...

Microsoft Management Console Bugs Allow Windows Takeover

A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine. The bugs are grouped under one umbrella CVE-2019-0948...

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

Irked Researcher Discloses Facebook WordPress Plugin Flaws

UPDATE A WordPress security researcher claims he has found two WordPress plugins developed by Facebook called Facebook for WooCommerce and Messenger Customer Chat. The researcher claims both have cross-site request forgery flaws. The researcher published the bugs on the Plugin Vulnerabilities...

5,000 Twitter Accounts Linked to Disinformation Campaigns

Twitter has removed six sets of accounts that the site has deemed to be devoted to coordinated, state-backed propaganda activities – totaling about 5,000 accounts in all. “We believe that people and organizations with the advantages of institutional power and which consciously abuse our service a...

A Spate of University Breaches Highlight Email Threats in Higher Ed

Oregon State University announced Friday that hackers potentially made off with 636 student records and family records of students containing personally identifiable information PII, after a successful email attack in early May. This comes on the heels of email-based breaches at Graceland...

Microsoft Pushes Azure Users to Patch Linux Systems

Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...

Ransomware: A Persistent Scourge Requiring Corporate Action Now

A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and...

ThreatList: Ransomware Trojans Picking Up Steam in 2019

With the number of unique cyberincidents continuing to grow, ransomware-based attacks in particular are on the rise in 2019, researchers said. Ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019, said Positive...

News Wrap: Amazon Privacy and Telegram DDoS Attack

Beyond Patch Tuesday, this week was crammed with privacy and security related news. In this week’s Threatpost podcast, editors Tara Seals and Lindsey O’Donnell discussed the top news from the week. That includes: A federal lawsuit alleging that Amazon is recording children who use its Alexa...

TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies

XENOTIME, the APT group behind the TRISIS industrial control system ICS event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations in the U.S. and elsewhere – perhaps a precurso...

Amazon Alexa Secretly Records Children, Lawsuits Allege

A federal lawsuit is alleging that Amazon is recording children who use its Alexa devices, without their consent or knowledge. Alexa is the built-in voice assistant shipped with devices like Amazon Echo, Amazon Dot, Fire TV and some third-party gadgets. “Alexa routinely records and voiceprints...

Millions of Linux Servers Under Worm Attack Via Exim Flaw

A widespread campaign is exploiting a vulnerability in the Exim mail transport agent MTA to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit. Specifically under...

Hackers Favor Weekdays for Attacks, Share Resources Often

Do threat actors carry out phases of their attack on different days of the week? Do threats use the same infrastructure for exploitation and control? These may not be the sort of questions that cybersecurity professional usually think about, but their implications can actually have an important...

Evernote Critical Flaw Opened Personal Data of Millions to Attack

UPDATE A critical flaw in the popular note-taking Evernote extension could have allowed attackers to steal personal data – including emails and financial transactions – of millions. Specifically impacted was the Evernote Web Clipper extension for the Chrome browser, which lets users capture...

Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk

Researchers have disclosed two separate vulnerabilities within the Becton Dickinson Alaris Gateway Workstation for medical infusion pumps in hospitals, one carrying a critical rating of 10 out of 10 on the CVSS v.3 severity scale. Alaris Gateway Workstations power, monitor and control infusion...

Telegram CEO Fingers China State Actors for DDoS Attack

The chief executive of secure messaging app Telegram is pointing the finger squarely at China as the culprit responsible for the distributed denial of service DDoS attack that it suffered on Wednesday. The company announced the attack on Twitter, warning that users may be experiencing connection...

High-Severity Cisco Flaw in IOS XE Enables Device Takeover

Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System IOS, is software for Cisco routers and...

Fishwrap Campaign Sways Social Media Users with Old News

An influence operation that recycles old news about terror incidents and re-publishes them as if they were new is making the rounds on social media, according to Recorded Future analysis. The technique, which the researchers have dubbed Fishwrap since it repurposes old news, is also using a speci...

Data Breach Disclosed by Online Invitation Firm Evite

Online invitation and stationary company Evite has notified customers of a data breach that stemmed from an “inactive data storage file” associated with user accounts. The company over the weekend said that during April 2019, it became aware of a “security incident involving potential unauthorize...

RAMBleed Side-Channel Attack Exposes Privileged Memory

A team of academic researchers has discovered a follow-on to the Rowhammer class of attacks that allows attackers to read memory data on a target Windows computer, without actually accessing the memory itself. The method is dubbed RAMBleed. Andrew Kwong and Daniel Genkin at the University of...

Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC short for Next Unit of Computing, a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight...

New FormBook Dropper Harbors Obfuscation, Persistence

Researchers are warning that a future data-theft attack may be brewing after discovering a new sample of the FormBook malware, with a never-before-seen dropper — i.e. a malicious file that is used in the initial infection stage and installs malware on the system. FormBook, a browser form-stealer...

Full Insight into the Internal Environment with Cynet Free Visibility

Organizational IT security teams have the enormous job of protecting their assets while monitoring and eliminating exposed attack surfaces. Achieving real-time visibility and doing so quickly and efficiently is integral to this, unfortunately though, it eats into resources, frequently requiring...