TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids

UPDATE A popular smartwatch that allows parents to track their children’s whereabouts, TicTocTrack, has been discovered to be riddled with security issues that could allow hackers to track and call children. Researchers at Pen Test Partners revealed vulnerabilities in the watch sold in Australia ...

Fake Instagram Apps on Google Play Harvest User Logins

Three apps on Google Play claiming to help Instagram users amass followers have been found stealing usernames and passwords for the social photo service. The fake apps were uncovered by Malwarebytes, and are still available, according to Nathan Collier, a security researcher with the firm. “As th...

Authentication Bypass Bug Hits Top Enterprise VPNs

UPDATE VPN apps built by four vendors — Cisco, F5 Networks, Palo Alto Networks and Pulse Secure — improperly store authentication tokens and session cookies without encryption on a user’s computer, according to an alert from the U.S. government’s Cybersecurity and Infrastructure Security Agency...

Microsoft Outlook Breach Widens in Scope, Impacting MSN And Hotmail – Report

UPDATE A recently-disclosed Microsoft email-platform breach is reportedly much worse than previously thought, now impacting a large number of Outlook accounts as well as MSN and Hotmail email accounts. On Friday, a slew of Outlook users reported receiving notifications from Microsoft. The...

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...

Romanian Duo Convicted of Malware Scheme Infecting 400,000 Computers

A Romanian duo has been convicted for infecting hundreds of thousands of computers with malware that scooped up credentials and financial information, and scamming victims out of millions of dollars. The two, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted by a federal jury in Ohio on...

North Korea's Hidden Cobra Strikes U.S. Targets with HOPLIGHT

A never-before-seen spyware variant called HOPLIGHT is targeting U.S. companies and government agencies in active attacks, according to the U.S. Department of Homeland Security. In an advisory this week, the United States Computer Emergency Readiness Team US-CERT said that there are nine differen...

Wordpress Yellow Pencil Plugin Flaws Actively Exploited

The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several other recent plugin attacks the...

ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps

Tax Day in the U.S. is looming on Monday, and as people rush to do their last-minute filing, scammers are out in full force, targeting consumers and businesses alike. According to RiskIQ numbers, the internet is awash in crafty schemes and dangerous threat campaigns that exploit the convenience o...

Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited

UPDATE Users of the popular Yuzo Related Posts plugin are being urged to uninstall the plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk. Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is...

SAS 2019: Fake News Peddlers Adopt Clever New Trick to Fool Facebook, Twitter

Fake news peddlers have devised a cunning new way to stump Facebook, Twitter and others cracking down on lies and half-truths spreading on social media. Instead of linking to fake news, bad actors are now linking to posts promoting older news articles that may no longer be accurate – but won’t be...

Amazon Auditors Listen to Echo Recordings, Report Says

Amazon is under fire after a bombshell report revealed the company employs thousands of auditors to listen to Echo users’ voice recordings. The team exists to help improve Amazon Alexa’s comprehension of human speech, so the voice command device responds better to commands, according to a Wednesd...

SAS 2019: Joe FitzPatrick Warns of the '$5 Supply Chain Attack'

SINGAPORE – At the Security Analyst Summit this year in Singapore, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, who led a session during the conference titled “A Measured Response to a Grain of Rice: An Implant in the Shell.” After a 2018...

Yahoo Offers $117.5M Settlement in Data Breach Lawsuit

Yahoo is offering to cough up $117.5 million to settle a lawsuit regarding its massive data breaches that compromised the personal information of three billion users. The new $117.5 million settlement, filed Tuesday in the U.S. District Court in San Jose, comes after the internet company’s first...

The Anatomy of Threat Hunting: What You Need to Know and Why

No big surprise here: cybercrime will keep causing a major slowdown in the years to come as the business world proceed with digitalization. Despite implementing all traditional measures to stay protected, organizations keep falling prey to impersonation, phishing, and malware. Scary enough? What’...

SAS 2019: Triton ICS Malware Hits A Second Victim

SINGAPORE – The group behind the Triton malware, which first came to light after a disruptive critical-infrastructure attack on Saudi oil giant Petro Rabigh in 2017, has found a second victim. According to researchers at FireEye, the cybercriminals behind Triton, also called Trisis, have once aga...

SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort

SINGAPORE — Around 240 high-profile victims in 39 countries worldwide have become victims of an APT cyber-espionage attack, led by an organization dubbed the Gaza Cybergang that comprises several groups of varying sophistication. The victims, who were all targeted last year, include political,...

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

Intel Patches High-Severity Flaws in Media SDK, Mini PC

Intel has released security updates addressing two high-severity vulnerabilities in its Intel Media Software Development Kit SDK and Intel NUC mini PC. Overall, the chip giant on Tuesday patched four flaws across its products; the most severe of these vulnerabilities exist in Intel’s Media Softwa...

Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player

Adobe has fixed 24 critical arbitrary code execution vulnerabilities across multiple products, including Acrobat Reader, Adobe Flash, and Adobe Shockwave Player. Overall, Adobe issued fixes for 43 different CVE numbers across eight different products, Tuesday, as part of a regularly-scheduled...

Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print

A Samsung Galaxy S10 user said he was able to successfully bypass the phone’s fingerprint sensors using a 3D print of his own fingerprint. The Samsung user posted on Imgur this weekend under the alias, “darkshark” saying he was able to fool the Galaxy S10’s fingerprint using a simple technique – ...

Shadow App Development: Insider Threat or Opportunity?

The demand for software within an enterprise is relentless. The typical enterprise is running hundreds of applications—perhaps thousands if it’s a global organization. And with the rapid digitalization of business processes underway, the amount of software in use in the typical business is only...

Verizon Router Command Injection Flaw Impacts Millions

UPDATE Three vulnerabilities have been discovered in the Verizon Fios Quantum Gateway which, when exploited together, could give an attacker complete control of a victim’s network. The device is used by millions of Verizon home customers and functions as a home’s wireless router and digital...

SAS 2019: 4 Stuxnet-Related APTs Form Gossip Girl, an 'Apex Threat Actor'

SINGAPORE – The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger and far busier than previously known...

SAS 2019: Genesis Marketplace Peddles 60K Stolen Digital Identities

SINGAPORE – A newly-discovered underground marketplace, dubbed Genesis, is peddling tens of thousands of stolen digital “masks” — i.e., identities — which equip cybercriminals with the tools they need to get away with online fraud. Researchers at Kaspersky Lab’s Security Analyst Summit 2019, whic...

TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack

Two models of TP-Link’s budget routers are vulnerable to zero-day flaws that allow attackers to take control of both. The routers in question are models TP-Link WR940N and TL-WR941ND, according IBM Security, which found the bugs and posted a technical analysis on its discoveries on Monday. “In th...

New Mirai Samples Grow the Number of Processor Targets

New samples of the Mirai malware have been identified, targeting an array of embedded processors and architectures within connected devices. Researchers said that they discovered new Mirai samples in February 2019, capable of infecting IoT devices running Altera Nios II, OpenRISC, Tensilica Xtens...

Spam Campaigns Spread Trickbot Malware with Tax Lure

Hackers pushing the TrickBot banking trojan are exploiting tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. Researchers said that they discovered the malware in three different campaigns since Jan. 27, 2019. These campaigns target victims with emails...

SAS 2019: Exodus Spyware Found Targeting Apple iOS Users

SINGAPORE— The Exodus spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem. The surveillance package can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier this...

Podcast: Chris Vickery on UpGuard's Discovery of Millions of Facebook Records

Data collection and security was thrust to the forefront this week after researchers with UpGuard disclosed that hundreds of millions of Facebook records were found in two separate publicly-exposed app datasets. The two publicly-exposed datasets included one controlled by Mexican media company...

Cisco Finally Patches Router Bugs As New Unpatched Flaws Surface

After a botched first attempt at patching two high-severity bugs affecting its RV320 and RV325 routers, Cisco Systems is out with fresh new fixes for both devices. However, Cisco isn’t out of the woods yet. On Thursday, it also reported two new medium-severity router bugs impacting the same route...

Facebook Boots 74 Cybercrime Groups From Platform

Facebook has booted more than 70 cybercrime groups off its platform that were peddling illicit services – from email spamming tools to stolen credentials and payment information sales – in plain sight. Researchers said a simple search on Facebook for keywords like “spam,” “CVV” or more returned...

Hackers Abuse Google Cloud Platform to Attack D-Link Routers

Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers. A researcher said that he has seen the Google Cloud Platform being abused to carry out three separate waves of DNS hijacking attacks over the past...

LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files

A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages include malicious .zipx attachment hidden inside a .PNG file that can slip past some email security gateways. According to Trustwave SpiderLabs, tha...

Preinstalled Mobile Security App on Xiaomi Handsets Delivered Vulnerabilities, Not Protection

Preinstalled apps on mobile phones can be just as annoying as crapware found on new PCs. Now a report from security experts at Check Point Research suggest those preinstalled mobile apps may be more than just annoying – they can also be a security risk. Check Point found that a security app calle...

Facebook Exposed Dataset Debacle: Who's Really To Blame?

UPDATE The discovery of millions of Facebook records leaked from publicly-exposed AWS storage buckets has left researchers wondering where the responsibility lies. The two separate datasets, disclosed Wednesday by researchers at Upguard, were held by two app developers, Cultura Colectiva and At t...

Free Cynet Threat Assessment for Mid-sized and Large Organizations

If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...

BEC Scam Gang London Blue Evolves Tactics, Targets

Prolific business email compromise group London Blue has been spotted in a recent campaign that demonstrates the group’s evolved tactics and improved targeting via an updated database. London Blue has been around since 2011 – but researchers spotted the business email compromise BEC group again i...

SAS 2019 to Tackle APTs, Supply Chains and More

Kaspersky Lab’s Security Analyst Summit kicks off in Singapore next week, where elite researchers, top cybersecurity firms and global law-enforcement agencies will discuss today’s biggest cybersecurity threats and how best to squash them. This year marks the first time the global security...

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

Nvidia has released fixes for eight high-severity vulnerabilities in its Linux for Tegra driver packages. The worst of these flaws could allow information disclosure, denial of service and code execution on impacted systems. Overall, the chipmaker on Tuesday released patches for 13 flaws that...

Facebook Data of Millions Exposed in Leaky Datasets

UPDATE Hundreds of millions of Facebook records – including account names, personal data, and more – have been found in two separate publicly-exposed app datasets. The first publicly-exposed dataset originates from a Mexico-based media company, Cultura Colectiva, and contains over 540 million...

How to Maximize the Value of Your Cybersecurity Investment

When it comes to developing a successful cybersecurity program in 2019, simply purchasing and deploying cybersecurity technology is only the first step in deriving value from the investment. Maximizing value and capitalizing on these efforts requires a series of defined processes and no shortage ...

OceanLotus APT Uses Steganography to Shroud Payloads

The advanced persistent threat APT group OceanLotus has switched up its tactics to use steganography to cloak encrypted payloads within .png image files. Researchers said that they discovered the OceanLotus APT group – a Vietnam-linked cyber-espionage group also known as APT32 – using the tactic ...

ThreatList: Half of All Attacks Aim at Supply Chain

Increasingly sophisticated attacks that target supply chains, counter-incident response and lateral movement within a network are quickly becoming the new normal in the corporate security threat landscape. That’s according to Carbon Black’s latest quarterly Global Incident Response Threat Report,...

Mobile-First Phishing Kit Targets Verizon Customers

As people increasingly go mobile-first in their work and personal lives, cybercrime is keeping up: The latest is a phishing kit that specifically targets Verizon Wireless customers in the U.S. According to Jeremy Richards, a researcher at Lookout Security, the kit pushes phishing links to users v...

Google's April Android Security Bulletin Warns of 3 Critical Bugs

Google has fixed three critical remote code execution bugs in its Android operating system, which could allow a remote attacker to hijack a vulnerable system simply by sending a malicious file. The flaws are part of Google’s April Android Security Bulletin, which includes patches for three critic...

Financial Apps are Ripe for Exploit via Reverse Engineering

A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface API keys and use them to attack the vendor’s...

March Madness Scams Give Attackers Fast Break

With the 2019 NCAA tournament’s Final Four around the corner, researchers are urging viewers to be wary of a slew of March Madness-related phishing attacks, adware installers and other security threats. While security concerns regarding popular sporting events – from the World Cup to the Super Bo...

Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps

Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications PHAs on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and...

ThreatList: Game of Thrones, a Top Malware Conduit for Cybercriminals

As Game of Thrones’ eighth season approaches, fans are getting ready for the ultimate clash of living vs. dead, fire vs. ice, human vs. monster. But they should be careful where they get their Jon Snow fix from; fresh analysis has concluded that the fantasy series is cybercriminals’ favorite targ...