2.3B Files Exposed in a Year: A New Record for Misconfigs

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday. A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data...

'5G is Coming,' But Can the Security Industry Keep Up?

THE HAGUE, Netherlands – With the advent of 5G, the tech community is bracing itself for new applications like self-driving cars and other IoT applications. But what does that mean for the security landscape? At the GSMA Mobile 360 Conference taking place this week in the Netherlands, experts she...

5G IoT: Literally a Matter of Life or Death

THE HAGUE, Netherlands – Mobile operators need to get security right as they deploy their 5G networks this year and next – because the ramifications for getting it wrong will include loss of life. That’s the consensus at GSMA’s Mobile360 Security for 5G conference, where speakers on Wednesday not...

WordPress Plugin Has Unpatched Privilege Escalation Flaw, Warn Researchers

A WordPress plugin, Slick Popup, has a serious privilege escalation flaw – and it has yet to be patched. WordPress plugin Slick Popup, which has 7,000 active installs and provides a tool for displaying the Contact Form 7 as a popup on WordPress websites. However, researchers with Wordfence said...

Top UK Official Derides Huawei Claiming it has ‘Bad Security’

THE HAGUE, Netherlands – A top official at the National Cyber Security Centre in the UK set his sights on Huawei, the telecom equipment giant, in an opening keynote session at the GSMA’s Mobile360 Security for 5G conference on Tuesday. Ian Levy, technical director at the agency, took the stage fo...

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u​ campaign named due to a text file...

200k Personal Records Exposed by Events Planning Firm

A database belonging to Australian event planning startup, Amazingco, was found leaking more than 200,000 records with personal details tied to children’s entertainment, wine tour events and more. Amazingco, which is based in Austrailia but offers services in New Zealand and the U.S., connects...

Gatekeeper Bug in MacOS Mojave Allows Malware to Execute

Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave 10.14.0. MacOS Gatekeeper is an Apple security feature that enforces code signing and verifies downloads and apps before...

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw CVE-2019-0708 was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. System administrators were urged to...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...

ThreatList: Top 8 Threat Actors Targeting Canada in 2019

Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019. In particular, campaigns are typically launched by...

Snapchat Privacy Blunder Piques Concerns About Insider Threats

Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. According to a Thursday Motherboard report...

Joomla and WordPress Found Harboring Malicious Redirect Code

Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites. On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access .htaccess injector found on...

Microsoft Beefs Up Wi-Fi Protection

Microsoft has begun pushing out its May 2019 Windows 10 update, which will flag Wi-Fi networks that are using the outdated and insecure Wired Equivalent Privacy WEP and Temporal Key Integrity Protocol TKIP authentication mechanisms. WEP was introduced in 1997 as part of the original 802.11 Wi-Fi...

News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?

The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...

Goodbye Passwords: Hello Identity Management

Keeping track of user names and passwords sounds easy, but it is not. In a world where protected network resources are accessed by employees on mobile devices, outside contractors, web applications and internet of things IoT devices – passwords just don’t cut it anymore. The stakes are high:...

Shade Ransomware Expands to U.S. Targets

Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...

Calibration Attack Drills Down on iPhone, Pixel Users

A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse acros...

SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day

On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning. On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation LPE, by importing legacy tasks from other...

Soaring Cryptocurrency Prices Draw Malicious Apps, Malware

The price of Bitcoin is steadily surging in May and hackers are looking to cash in on the uptick with fake cryptocurrency apps, malware and other related scams. In May 2019, Bitcoin prices climbed to their highest points this year, with the popular cryptocurrency being worth $8,300 its highest...

WannaCry-Infested Laptop Starts at $1.13M in Art Auction

Malware as high art? Stranger things have happened, but a Windows laptop infected with six high-profile pieces of malware think WannaCry and BlackEnergy is nonetheless looking to fetch more than $1 million in public art-auction bids. A project called “The Persistence of Chaos,” mounted by artist...

Critical Flaws in Khan Academy Opened Door to Account Takeovers

Two critical cross-site request forgery CSRF flaws in educational non-profit Khan Academy’s website may have affected some users by allowing account takeover. Khan Academy, a non-profit learning organization, produces short lessons in the form of videos that can be accessed online. The two critic...

Windows Zero-Day Drops on Twitter, Developer Promises 4 More

UPDATE A Windows zero-day exploit dropped by developer SandboxEscaper would allow local privilege-escalation LPE, by importing legacy tasks from other systems into the Task Scheduler utility. It’s the latest zero-day from SandboxEscaper, who said that she has four more in the hopper that she’d li...

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

Mozilla Tackles Two Critical Flaws with Firefox 67 Release

Mozilla patched several critical vulnerabilities with the release of its Firefox 67 browser on Tuesday. The worst of the bugs patched are two memory safety flaws that could allow attackers to exploit the vulnerabilities to take control of an affected system, according to a security bulletin issue...

Intel Fixes Critical, High-Severity Flaws Across Several Products

Intel has issued an updated advisory for more than 30 fixes addressing vulnerabilities across various products – including a critical flaw in Intel’s converged security and management engine CSME that could enable privilege-escalation. The bug CVE-2019-0153 exists in a subsystem of Intel CSME,...

Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter

With businesses continuing their digital migrations to cloud services and applications, IT is finding itself wrestling with how to keep companies’ data safe. The challenge? The cloud has created a next-generation, virtual perimeter. Businesses are using infrastructure-as-a-service IaaS, cloud...

Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable

Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio. The patches are the first in a planned series of firmware updates that will roll ou...

HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak

IT services provider HCL Technologies has inadvertently exposed passwords, sensitive project reports and other private data of thousands of customers and internal employees on various public HCL subdomains. HCL, an $8 billion conglomerate with more than 100,000 employees, specializes in...

Millions of Golfers Land in Privacy Hazard After Cloud Misconfig

Finding cloud databases with sensitive information left open to the internet has become par for the course these days – as a new exposure of millions of sensitive data points for the users of a golf app demonstrates. Millions of golfer records from the Game Golf app, including GPS details from...

Sharing Threat Intelligence: Time for an Overhaul

Most organizations don’t really have a good way of sharing threat-related data outside of their own industry verticals. Sure, there are Information Sharing and Analysis Centers ISACs; i.e. FS-ISACs for the financial-services industry. But the information still tends to stay in industry-specific...

Windows 10 Update Bricks PCs, Microsoft Offers Workarounds

Microsoft has acknowledged that a Windows 10 bug is causing some users’ systems to freeze after using their System Restore feature. The issue arose after users complained that when they updated Windows 10 and attempted to restart their system, they were met with a “Stop error” that blocked them...

Salesforce Woes Linger as Admins Clean Up After Service Outage

After a massive service outage on Friday, software-as-a-service giant Salesforce restored partial access to its affected customers over the weekend, while admins continued with cleanup into Monday. The outage was brought on by a scripting error that affected all Pardot marketing automation softwa...

Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws

There was a lot more to the name game behind choosing titles for ZombieLoad, Spectre and Meltdown than picking cool and edgy attack titles. If you have ever wondered why they were named what they were, Threatpost tracked down one of the researchers behind the naming convention and discovery and...

Slack Bug Allows Remote File Hijacking, Malware Injection

A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the...

ZombieLoad Pioneer: The Story Behind Intel’s Latest Side Channel Flaw

The release of a new speculative execution vulnerability called ZombieLoad last week follows a similar disclosure path as Meltdown and Spectre. Threatpost caught up with one of the researchers behind the discovery of ZombieLoad to find out how. ZombieLoad was discovered and reported by Michael...

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

For the second time this month a patch has been issued for the WordPress add-on called WP Live Chat Support Plugin. This time around it’s a cross-site scripting XSS vulnerability. The WP Live Chat Support is a popular WordPress plugin that allows users to install a pop-up “chat” plugin to their...

Ransomware 'Remediation' Firm Exposed; Researchers Weigh in on Paying

A company that claimed to use technology tools to help victims with ransomware cleanup was found to secretly be paying the ransom, while collecting a premium from their clients, according to an expose out this week. The situation brings the core dilemma of business-focused ransomware directly int...

How Decoding Network Traffic Can Save Your Data Bacon

The number of breaches impacting corporate networks has reached epidemic proportions. This year is currently on track to break all records for breaches. Already this year there have been 1,900 reported breaches in just the past three months, according to Risk Based Security. One of the troubling...

News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws

This week was filled with flaws, flaws and more flaws: From a zero-day under active exploit in the WhatsApp messaging app, to Patch Tuesday glitches addressed by Microsoft. Threatpost breaks down the top vulnerabilities of the week, including: A WhatsApp zero-day vulnerability being exploited in...

Mobile Risks Boom in a Post-Perimeter World

Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites...

Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

The payment card-siphoning Magecart group has struck again; this time injecting web-skimming scripts into the subscription website for the Forbes print magazine as well as a slew of others over the past week. Scroll down for our exclusive podcast on Magecart The script, which has since been...

Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution

Cisco is warning of critical remote code-execution RCE vulnerabilities in the Cisco Prime Infrastructure PI and Evolved Programmable Network EPN Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated...

Cybercrime Gang Behind GozNym Banking Malware Dismantled

The cybercrime network behind the GozNym malware, used to siphon $100 million out of its victims, has been dismantled in a massive international investigation, according to authorities. Europol said on Thursday that they are charging 10 members of the GozNym criminal network with spreading the...

Google Titan Security Key Recalled After Bluetooth Pairing Bug

Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device. Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security...

Intel ZombieLoad Side-Channel Attack: 10 Takeaways

Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling MDS, which impact all its modern CPUs. The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in...

Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide

When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...

Microsoft Patches Zero-Day Bug Under Active Attack

Microsoft has released a patch for an elevation-of-privileges vulnerability rated important, which is being exploited in the wild. The bug fix is part of Microsoft’s May Patch Tuesday Security Bulletin. It’s tied to the Windows Error Reporting feature and is being abused by attackers who have...

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More

Apple has rolled out 173 patches across in various products across its hardware portfolio, including for dangerous bugs in macOS for laptops and desktops, iPhone, Apple TV and Apple Watch. The update also includes a patch for the side-channel vulnerabilities in Intel chips disclosed on Tuesday,...

Intel CPUs Impacted By New Class of Spectre-Like Attacks

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling MDS, consist o...