Adobe Addresses Critical Adobe Flash Player, Acrobat Reader Flaws

Adobe has issued patches for critical flaws across its Adobe Flash Player and Acrobat Reader products, which could enable arbitrary code execution. Overall, the company fixed 87 vulnerabilities across Acrobat and Reader, Flash Player and Adobe Media Encoder as part of its regularly-scheduled...

Linux Kernel Flaw Allows Remote Code-Execution

Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel. Kernel versions prior to 5.0.8 are affected by the vulnerability CVE-2019-11815, which exists in the rdstcpkillsock in net/rds/tcp.c. “There is a race condition leading to a use-after-free UAF,...

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks

UPDATE WhatsApp is urging users to update as soon as possible, after a zero-day vulnerability found in its messaging platform was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. First reported by the Financial Times, the popular messaging app...

Cynet: An Autonomous Security Platform for Any Size Organization

The Cynet security platform takes a different approach to traditional point security offerings, by providing a consolidated solution to all aspects of breach protection through a single interface. Unlike endpoint security solutions that only focus on particular types of threats targeting the...

Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices

Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...

Twitter Leaks Apple iOS Users' Location Data to Ad Partner

Twitter has disclosed a security bug in its platform that it said inadvertently leaked iOS users’ location data. The Twitter for iOS bug leaked location data at the ZIP code or city level, according to the social media company’s announcement on Monday. Twitter stressed that it has fixed the bug,...

ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks

The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in ...

ThreatList: Top 5 Most Dangerous Attachment Types

Researchers with F-Secure have tracked the top spam-related attachments and campaigns used so far in 2019. The verdict, ZIPs, PDF, and MS office files such as DOC and XLSM file attachments were more commonly used in huge spam campaigns than any other type attachment. In addition, researchers...

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

A recently patched, high-severity vulnerability in Microsoft SharePoint CVE-2019-0604 that allows remote code-execution is being increasingly exploited in the wild, according to researchers – possibly by the FIN7 group, among others. According to the Microsoft’s advisory, the vulnerability which...

News Wrap: Facebook Regulation, Verizon DBIR, Hidden Airbnb Cameras

From a massive data-breach report that showed surprising – and disturbing – cybercrime trends, to an op-ed in the New York Times that took aim at Facebook and CEO Mark Zuckerberg, Threatpost editors Lindsey O’Donnell and Tom Spring break down this week’s biggest news. This weeks topics include:...

The WannaCry Security Legacy and What’s to Come

May 12 will mark the second anniversary of the WannaCry ransomware cryptoworm attack. It was a troubling time: During the four-day long ordeal, the cryptoworm infected more than 300,000 endpoints among 200,000 separate victims throughout 150 countries. It propagated rapidly through the EternalBlu...

Nvidia Warns Windows Gamers on GPU Driver Flaws

Graphics chipmaker Nvidia has issued three patches for high-severity vulnerabilities in its GPU display driver, which could lead to information disclosure, escalation of privileges and denial of service DoS in impacted Windows gaming devices. Nvidia’s graphics driver for Windows is used in device...

ThreatList: Nigerian Cybercrime Surged 54 Percent in 2018

In 2018, Nigeria-based cybercrime jumped 54 percent over the previous year, as groups of scammers expanded their operations adding new tactics and reaching a wider breadth of targets. The increase, outlined in a report released Thursday by Palo Alto Network’s Unit 42, shows that Nigerian scammers...

'Unhackable' Biometric USB Offers Up Passwords in Plain Text

A USB stick dubbed eyeDisk that uses iris recognition to unlock the drive claims to be “unhackable” – only, it isn’t. In fact, a simple Wireshark analysis revealed the device’s password – in plain text. David Lodge of Pen Test Partners noticed the product on Kickstarter, where it amassed enough...

Chinese Hackers Behind 2015 Anthem Data Breach Indicted

Two Chinese nationals have been charged in the massive 2015 data breach of health insurer Anthem that impacted more than 78 million people. Fujie Wang, 32, and another Chinese man, who remains unnamed, were allegedly part of a China-based hacking group that was behind the breach of Indiana-based...

Hackers Take Over IoT Devices to 'Click' on Ads

By 2025 there will be 25 billion internet of things IoT connections, according to GSMA Intelligence. And if hackers have it their way, many of those IoT devices will be hijacked and recruited into online pay-per-click advertising scams. At the Security Analyst Summit 2019, Threatpost sat down wit...

Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked

For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8...

Serious Phar Flaw Allows Arbitrary Code Execution on Drupal

Multiple content management systems – including Drupal, Joomla and Typo3 – are open to a vulnerability that can lead to arbitrary code execution on some systems. The flaw CVE-2019-11831 exists in the phar stream wrapper component used in PHP-driven projects. A Phar archive is used to distribute a...

Researchers in the Dark on Powerful LightNeuron Malware for Years

LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers, has flown under the radar since at least 2014, despite being the malware linchpin at the center of several targeted campaigns. A fresh analysis of the recently uncovered code shows that it’s the first publicl...

Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera

An Airbnb “superhost” in China has been arrested after a guest staying in his house found a hidden camera recording her in the bedroom. The guest, an unnamed woman who was staying in the Airbnb in eastern China last week, said she discovered the camera after spotting a light that looked unusual i...

Google Patches Critical Remote Code-Execution Flaws in Android

Google patched four remote code-execution RCE flaws as part of its May Android Security Bulletin. Three of the critical bugs are tied to the System portion of the Android platform architecture, responsible for core apps such as the dialer, email and camera. A fourth critical RCE bug opens the doo...

Lax Telco Security Allows Mobile Phone Hijacking and Redirects

As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security...

Google Touts Android Q's New Security Update Process and Better Privacy Controls for Apps

Google said its next-generation mobile operating system, Android Q, revamps the way it delivers direct over-the-air updates and will bolster individual app privacy controls. Google detailed Android Q 10.0 at the Google I/O 2019 developer conference on Tuesday. There it touted almost 50 changes to...

Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise

Corporate espionage is on the rise as a motivation for cyberattacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months. However, financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealin...

Top 5 Configuration Mistakes That Create Field Days for Hackers

Sometimes it’s the little things that lead to big consequences. When it comes to cybersecurity, hacks more often than not stem from minor missteps – or even completely preventable, obvious mistakes. Common security mistakes and overlooked misconfigurations can open the door for attackers to drop...

Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats

Organizations that suspect an active threat or breach have two options: calling an external incident response provider to manage the investigation and response or trying to handle it internally with their own resources. Cynet is now introducing a free IR offering that caters to both scenarios – a...

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover

A critical vulnerability in the Cisco Elastic Services Controller could allow an unauthenticated, remote attacker to take full control of impacted systems – merely by sending a crafted request. Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to...

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Hacking tools allegedly developed by the National Security Agency NSA were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with t...

Ukrainian Charged With Launching 100 Million Malicious Ads

A Ukrainian national has been extradited to the U.S. for allegedly operating a five-year-long malvertising scheme – reaching victims with more than 100 million malicious ads worldwide. Oleksii Petrovich Ivanov, 31, appeared in Newark, N.J. federal court on Friday after being extradited to the U.S...

WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

A WordPress plugin vulnerability found in WP Live Chat could allow an attacker to upload arbitrary malicious files to vulnerable systems, according to researchers. WP Live Chat is a plugin for WordPress that equips websites with a small pop-up chat support window that site owners can use to...

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability CVE-2019-2725 is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto...

High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack

Cisco Systems has patched two high-severity vulnerabilities that can be exploited by remote unauthenticated adversaries to launch denial of service attacks. Impacted are Cisco’s TelePresence Video Communication Server and the company’s ASA 5500-X Series Firewalls. The vulnerability with the wides...

Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting

Marvel Studio’s long-awaited superhero juggernaut Avengers: Endgame, represents the second-largest worldwide box-office haul for any film, ever – raking in $2.2 billion in its first two weekends. With demand like that, perhaps it’s not surprising that enterprising scammers are already luring in...

High-Severity PrinterLogic Flaws Enable Remote Code Execution

A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent. PrinterLogic’s Print Management software allows businesses to deploy and use remote printers...

Tor Security Add-On Abruptly Killed by Mozilla Bug

Thanks to Mozilla letting an intermediate signing certificate expire, the Tor community was thrown into disarray over the weekend when the NoScript security add-on was suddenly killed for both Firefox and the Tor browser. A fix is available for Firefox, but the Tor issue continues. NoScript is a...

Extinguishing the IoT Insecurity Dumpster Fire

It’s no secret IoT security has been a dumpster fire. Last week, it was reported two million IP security cameras, baby monitors and smart doorbells have serious IoT flaws with no known patches. The list, of course, is added to a long list of IoT nightmares that have been reported over the past fi...

Amid Bug Bounty Hype, Sometimes Security is Left in the Dust

In January, the European Union kicked-off over a dozen new bug bounty programs targeting a bevy of popular open-source programs used by its members. The effort was supposed to be met with cheers. But instead, the launch sparked an unexpected backlash from the security community. The EU’s program...

Researchers Weigh in on Trump's Cyber Workforce Executive Order

Security researchers are reacting to a cybersecurity workforce executive order from the White House that came down Thursday, aimed at improving the level of cyber-expertise at federal agencies. While outlining no specific steps or actions, the order creates a directive to create “a superior...

News Wrap: Cartoon Network Hack, the Catholic Church and Jason Statham Scams

A slew of strange security news stories made headlines this week, from scams to hacks. The Threatpost team breaks down the top stories that made everyone scratch their heads, including: –Cartoon Network streaming websites being hacked to play Brazilian stripper videos. – A Catholic church in...

Retefe Banking Trojan Resurfaces, Says Goodbye to Tor

The Retefe banking trojan resurfaced in April after going dormant for months, with a makeover that includes a move away from Tor to secure its communications as well as the abuse of a legitimate shareware application. Retefe has always stood out from other banking trojans, with a consistent...

Multiple Sierra Wireless AirLink Routers Open to Remote Code Execution

Sierra Wireless is warning that additional AirLink router models, which are targeted toward IoT applications, are vulnerable to previously-disclosed critical flaws. The vulnerabilities are part of the 11 critical bugs disclosed on Sierra Wireless’ AirLink ES450 LTE router last week – only now,...

Critical Flaws Found in Eight Wireless Presentation Systems

Multiple wireless presentation systems have critical vulnerabilities – including a remote command-injection glitch and an unauthenticated remote stack buffer overflow flaw. Wireless presentation systems allow users to display their content directly from their laptop no network cable necessary by...

D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream

D-Link has only partially patched critical flaws affecting its consumer WiFi camera, which allow hackers to intercept and view recorded video. They also allow attackers to manipulate the device’s firmware, according to security researchers. The camera in question is D-Link’s DCS-2132L cloud camer...

Ladders, SkyMed Leak Employment, Medical Data for Millions

Cloud storage misconfigurations continue to plague the data-privacy space, as evidenced by the new discovery of employment and health information for millions exposed on the web, wide open to any internet passerby. Two misconfigured cloud databases inadvertently leaked personally identifiable...

Dell Security Support Tool Harbors High-Severity Flaws

Two high-severity flaws in Dell’s client support tool, SupportAssist Client, could enable remote code-execution RCE and cross-site request forgery CSRF attacks. SupportAssist helps users remove viruses or detect security issues on their PCs, and comes preinstalled on most new Dell devices. “Dell...

Cisco Warns of Critical Nexus 9000 Data Center Flaw

A critical vulnerability in Cisco’s software-defined networking SDN software could allow an unauthenticated, remote attacker to connect to a vulnerable data-center switch and take it over, with the privileges of the root user. The bug CVE-2019-1804, which has a CVSS severity rating of 9.8 out of...

Ad Server Patched to Stop Possible Malware Distribution

UPDATE The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites. Revive Adserver, formerly known as OpenX Source, is a free, open-source a...

Wipro Attackers Have Operated Under the Radar for Years

New details are emerging in the April attack on systems consulting behemoth Wipro, which saw its network hacked and used for mounting attacks on a dozen of its customers. In a fresh analysis of the indicators of compromise IOCs, Flashpoint analysts said that the cyberattackers have actually been...

DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws

A Department of Homeland Security DHS order now requires agencies to remediate critical vulnerabilities discovered on their systems in 15 days – cutting in half the previous deadline of 30 days. That’s according to a Tuesday binding directive, which is a compulsory order for federal, executive...

Cartoon Network Hacked Worldwide to Show Brazilian Stripper Videos

A famous Brazilian male stripper greeted Cartoon Network viewers worldwide when they tried to stream shows over the weekend – thanks to a pair of hackers that took aim at the cable network’s websites across 16 different regions. In the aftermath, entire Cartoon Network sites and video players hav...