Google Play Boots Italian Spyware Apps That Infected Hundreds

Google has removed more than a dozen malicious apps harboring Android spyware from its Google Play marketplace. The spyware appears to have been developed by an Italian firm, which is now under investigation for its development. Researchers allege that the apps have infected several hundred – up ...

Medical Weed Dispensary Exposes Health Data for Thousands

A data breach at a medical marijuana dispensary company operating in Canada has sent the personal health privacy of about 34,000 patients up in smoke. An electronic medical record system used by Natural Health Services – a self-described “cannabinoid medical clinic that specializes in cannabis...

Intel VISA Tech Can Be Abused, Researchers Allege

UPDATE Researchers allege that a technology in Intel microchips could potentially be activated and abused by bad actors – giving them complete access to all data across an affected device. The Intel technology is called Visualization of Internal Signals Architecture VISA, and is used for...

Critical RCE Bug in Cisco WebEx Browser Extensions Faces 'Ongoing Exploitation'

A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution RCE on targeted machines is being actively exploited in the wild. The news comes just days after Cisco issued a flurry of 24 different patches for its IOS XE operating system and warn...

Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento patched 37 vulnerabilities on Thursday, including a host of critical flaws in the e-commerce platform that could have let attackers perform a range of malicious activities, such as take over a site and create new admin accounts. The most serious of the bugs is a remote code-execution RCE...

Zero-Day Bug Lays Open TP-Link Smart Home Router

A zero-day bug has been uncovered in the TP-Link SR20 smart hub and home router, which would allow a local adversary to execute arbitrary commands on the device without authentication and establish a persistent backdoor for remote access. The SR20 is an all-in-one router that can also work as an...

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

A critical denial-of-service DoS vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 drive component...

Lazarus Group Widens Tactics in Cryptocurrency Attacks

North Korea-linked APT Lazarus Group has been spotted targeting the cryptocurrency business again, adding Apple users to the mix by using PowerShell scripts to control macOS malware, and honing its Windows strategy. The campaign has been active since at least November 2018, according to an analys...

Gamers Urged to Patch Critical Bugs in GOG Galaxy

GOG Galaxy Games, a popular video game digital distribution platform that enables users to purchase new games and launch them from their desktop, is riddled with vulnerabilities, according to researchers at Cisco Talos. The researchers assert that the GOG Galaxy video game launcher contains six...

Cisco Releases Flood of Patches for IOS XE, But Leaves Some Routers Open to Attack

UDPATE Cisco Systems issued 24 patches Wednesday tied to vulnerabilities in its IOS XE operating system and warned customers that two small business routers RV320 and RV325 are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated high severity by...

FTC Demands Broadband Providers Reveal Data Handling Practices

The Federal Trade Commission FTC is putting pressure on internet broadband providers to reveal exactly what data they’re collecting – and how they are using it. The FTC on Tuesday issued orders to seven U.S. ISPs requesting that they detail how they collect, retain, use and disclose information...

Grindr Poses National Security Risk, U.S. Gov Says

UPDATE The Committee on Foreign Investment in the United States CFIUS has named the ownership of popular gay dating app Grindr a national security risk, according to a report. Grindr describes itself as “the world’s largest social networking app for gay, bisexual, transgender and queer people.” A...

Gamers Beware: Nvidia Fixes High-Severity GeForce Experience Bug

Nvidia, a maker of gaming-friendly graphics processing units GPU, has patched a high-severity vulnerability in its GeForce Experience software, which could lead to code execution or denial-of-service of products if exploited. The vulnerability CVE‑2019‑5674 has a CVSS score of 8.8, making it high...

Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns

A recently discovered vulnerability in the WinRAR file archival utility has been exploited in a slew of new campaigns, including one with a never-before-seen payload. The flurry of activity shows no sign of waning as cybercriminals continue to find success exploiting the bug. The campaigns take...

Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities

LockerGoga, the malware that took down Norsk Hydro last week, has taken the industrial world by storm, as researchers race to uncover more about the mysterious ransomware that crippled several of the aluminum maker’s plants. Questions still remain about how the malware first infects the system it...

ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs

ASUS has expedited a patch for a major bug impacting thousands of PCs that allowed an advanced persistent threat group to launch a supply-chain attack dubbed “Operation ShadowHammer.” The vulnerability targeted a range of new ASUS PCs with a backdoor injection technique tied to the PC-maker’s...

Apple iOS 12.2 Patches 51 Serious Flaws

Apple patched 51 vulnerabilities rated serious with its iOS 12.2 update. One of the most serious bugs could allow apps to secretly listen to end users. Apple’s iOS security updates, announced Monday during its March product announcement event, are for the iPhone 5s and later, iPad Air and later a...

ThreatList: Remote Workers Threaten 1 in 3 Organizations

While IT leaders see the benefits of remote working and understand that millennial-friendly telecommuting is unlikely to go anywhere anytime soon, many still fear that the potential of employees to access corporate resources via public Wi-fi and the use of personal devices opens their organizatio...

Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs. Affected Products According t...

Malware Payloads Hide in Images: Steganography Gets a Reboot

One of the challenges of cybersecurity is that overfocusing on one threat trend means that another one can sneak up on you. This is especially problematic as our networks and the attack surface expands. Beyond threat vectors, though, we also need to pay attention to the entire spectrum of threat...

Some ASUS Updates Drop Backdoors on PCs in 'Operation ShadowHammer'

A supply-chain attack dubbed “Operation ShadowHammer” has been uncovered, targeting users of the ASUS Live Update Utility with a backdoor injection. The China-backed BARIUM APT is suspected to be at the helm of the project. According to Kaspersky Lab, the campaign ran from June to at least Novemb...

FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors

The Federal Emergency Management Agency exposed the personal identifiable information of 2.3 million survivors of hurricanes Harvey, Irma and Maria and the California wildfires in 2017, by oversharing survivor data with a contractor when it wasn’t necessary. Worse, the contractor’s networks has...

Spycams Secretly Live-Streamed 1,600 Motel Guests

Four people have been arrested for taking secret videos of guests at motels and live-streaming them to paying audiences. According to Seoul police, the perps filmed about 1,600 motel guests in the past year in various states of undress and having sex. They did so with tiny wireless spy cameras se...

Firefox and Edge Fall to Hackers on Day Two of Pwn2Own

Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pwn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had anothe...

Google Play Touts Certs in Quest For Enterprise Security

Google is now touting three new security certifications for Managed Google Play, which the company hopes will serve as a badge of security honor for companies thinking about using its enterprise-focused app marketplace. The move comes as Google continues to try to amp up efforts around the securi...

Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project

A critical denial-of-service DoS vulnerability in Facebook’s open-source implementation of the transport layer security TLS 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it. Kevin Backhouse, a researcher at Semmle, discovered the bug in the project...

Drones are Quickly Becoming a Cybersecurity Nightmare

Drones are a growing threat for law enforcement and business security officers. In the run-up to Christmas 2018, rogue drones grounded planes at London Gatwick, the UK’s second-busiest airport. But, increasingly it’s not just the air traffic controllers sounding the alarms over drones, it’s also...

Medtronic Defibrillators Have Critical Flaws, Warns DHS

The Department of Homeland Security has issued an emergency alert warning of critical flaws allowing attackers to tamper with several Medtronic medical devices, including defibrillators. The two vulnerabilities – comprised of a medium and critical-severity flaw – exist in 20 products made by the...

Wordpress Plugin Patched After Zero Day Discovered

UPDATE A popular WordPress plugin is urging users to update as soon as possible after it patched a vulnerability that was being exploited in the wild. If users cannot update, developers recommended they disable the plugin. The plugin, Social Warfare, lets users add social media sharing buttons to...

Hackers Take Down Safari, VMware and Oracle at Pwn2Own

Hackers took down Apple Safari, VMware Workstation, and Oracle VirtualBox on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver. Contestants with the team of Fluoroacetate Amat Cama and Richard Zhu were the first to hit p...

Facebook Stored Passwords in Plain Text For Years

Hundreds of millions of Facebook user passwords have been stored in plain text for years, the social media giant acknowledged on Thursday. KrebsOnSecurity, which first reported the news, said that specifically between 200 and 600 million passwords were stored in plain text as early as 2012, and...

MyPillow and Amerisleep Targeted in Magecart Group Attacks

The Magecart threat group continues its offensive with two newly disclosed breaches targeting bedding retailers MyPillow and Amerisleep. The group attacked the two companies with online payment credit card skimming attacks, researchers with RiskIQ said on Wednesday. While MyPillow removed a skimm...

Cisco Patches High-Severity Flaws in IP Phones

Cisco Systems is urging customers to update several models of their IP phones after issuing patches for five high-severity flaws found in its popular business-focused IP phones. Impacted are Cisco’s IP Phone 8800 series, which are business desk phones that have HD video included and its IP Phone...

Mac-Focused Malvertising Campaign Abuses Google Firebase DBs

A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...

Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats

In the era of the cloud, enterprises house sensitive corporate data outside of the traditional perimeter; employees can access this from any endpoint, including mobile devices, and from any network. This presents a host of new challenges for companies looking to protect their sensitive informatio...

Years-Long Phishing Campaign Targets Saudi Gov Agencies

An ongoing three-year-old phishing campaign has been targeting the credentials of Saudi Arabian government agencies — with a financially motivated actor the likely culprit. The campaign, code-named “Bad Tidings,” has siphoned victims’ credentials by pretending to be the Kingdom’s Ministry of...

Fin7 Ramps Up Campaigns With Two Fresh Malware Samples

Despite the arrest of several Fin7 members in 2018, the cybercrime group has ramped up its efforts in a series of widespread campaigns hitting businesses with two never-before-seen malware samples. Researchers with Flashpoint said Wednesday that they have discovered a new administrative panel and...

Uber Deployed 'Surfcam Spyware' in Australia to Crush the Competition – Report

A rogue employee at rideshare behemoth Uber created and deployed a piece of information-gathering software in order to help his company get a leg up on the local competition in Australia, according to a report. The so-called “secret spyware program” was dubbed Surfcam, and was developed by the...

Cardinal RAT Resurrected to Target FinTech Firms

A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...

Host of Flaws Found in CUJO Smart Firewall

Multiple vulnerabilities have been uncovered in the CUJO Smart Firewall, which is a security hardware device aimed at protecting home networks against malware, phishing websites and hacking attempts. CUJO is widely available, including on Amazon where it has racked up 1,000+ customer reviews. The...

Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack

Norway-based Norsk Hydro announced on Tuesday morning it was victim to a ransomware attack, which forced the global aluminum producer to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning. The cyberattack, first detected by the company’...

Old Tech Spills Digital Dirt on Past Owners

In a test of how well businesses wipe data on old devices, Rapid7 researcher Josh Frantz purchased 85 old gadgets from businesses. In total, he paid $600 for an aging collection of old computers, flash drives, phones and hard drives. What he discovered was that despite decades of the infosec...

Researcher Says NSA's Ghidra Tool Can Be Used for RCE

Ghidra, a free, open-source software reverse-engineering tool that was released by the National Security Agency at RSA, has been found to be a potential conduit to remote code-execution. Ghidra is a disassembler written in Java; software that breaks down executable files into assembly code that c...

Norsk Hydro Calls Ransomware Attack 'Severe'

Aluminum giant Norsk Hydro has fallen victim to a serious ransomware attack that has forced it to shut down or isolate several plants and send several more into manual mode, the company said on Tuesday morning. Oslo, Norway-based Norsk Hydro, one of the world’s largest makers of aluminum, employs...

ThreatList: DDoS Attack Sizes Drop 85 Percent Post FBI Crackdown

The average size of distributed denial of service DDoS attacks decreased significantly, dropping by 85 percent in the fourth quarter of 2018. Researchers with NexusGuard said in a Tuesday report shared with Threatpost, that the number of DDoS attacks also dipped significantly, sinking by almost 1...

Fourth Major Credential Spill in a Month Hits DreamMarket

The hacker behind more than 840 million account records appearing for sale on the Dark Web in February in dumps collectively known as Collections 1-3 is back with 26.42 more records from six companies. The adversary, who goes by the handle Gnosticplayers, is asking just 1.2431 in Bitcoin roughly...

Mirai Variant Goes After Enterprise Systems

Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January. Palo Alto Network’s Unit 42 researchers said that the newest variant of Mirai is notably...

Google Gives Users More Choice with Location-Tracking Apps

Anyone who uses a mobile app knows how convenient the features that use location data can be, from getting turn-by-turn directions and finding nearby restaurants to fitness-tracking and weather integration. But these rich mobile “experiences” – as app developers call them – can be a double-edged...

Privacy Regulations Needed for Next-Gen Cars

Driverless automobiles, long-haul trucks and military transport vehicles are on a fast track for wide deployment over the next five to 10 years. That much is clear. Vehicle manufacturers are all in, and innovation is racing forward. Meanwhile, captains of industry and political leaders are eager ...

Lenovo Patches Intel Firmware Flaws in Multiple Product Lines

Lenovo has patched several several high-severity vulnerabilities tied to Intel flaws that could enable escalation of privilege, information disclosure, or even denial of service. Overall the device maker patched flaws tied to 16 high-severity CVEs on Thursday. Those include five related to Intel...