Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection

UPDATE Fujitsu is stopping sales for its popular wireless keyboard after a researcher discovered it is vulnerable to keystroke injection attacks that could allow an adversary to take control of a victim’s system. Researchers with Germany-based SySS reported on Friday that the high-severity...

Threatlist: IMAP-Based Attacks Compromising Accounts at 'Unprecedented Scale'

Attackers mounting password-spraying campaigns are turning to the legacy Internet Message Access Protocol IMAP to avoid multi-factor authentication obstacles – thus more easily compromising cloud-based accounts. That’s according to researchers with Proofpoint, who found that in the past half year...

Zero-Days in Counter-Strike Client Used to Build Major Botnet

A proprietor of a Counter-Strike gaming server promotion service has used multiple zero-days in the Counter-Strike client to create a large botnet. The network is made up of fake game servers for the popular online multiplayer game. The attacker has had quite a bit of success. In a recent analysi...

Cisco Patches Critical ‘Default Password’ Bug

Cisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating systems and hardware. The disclosure is part of a Cisco...

GlitchPOS Malware Appears to Steal Credit-Card Numbers

A new insidious malware bent on siphoning credit-card numbers from point-of-sale PoS systems has recently been spotted on a crimeware forum. Researchers at Cisco Talos said in a Wednesday analysis that they discovered the malware, dubbed “GlitchPOS,” being peddled on the Dark Web for $250. The...

Insider Threats Get Mean, Nasty and Very Personal

SAN FRANCISCO – Companies keep watchful eyes on disgruntled employees who are insider threat risks. But Code42’s CISO Jadee Hanson said distraught employees, that are particularly vulnerable to outside ploys, should be equally scrutinized. Hanson said factors such as terminal illnesses, divorce o...

Purveyor of Cracked Netflix, Hulu, Spotify Accounts Arrested

A Sydney man has been arrested after allegedly selling hundreds of thousands of compromised account details for subscription streaming services, including for Netflix, Hulu and music streaming service Spotify – raking in about $212,000 $300,000 AUD in profit in the process. The Australian Federal...

Intel Windows 10 Graphics Drivers Riddled With Flaws

Intel has patched 19 vulnerabilities across its popular graphics drivers for Windows 10, including two high-severity flaws. CVE-2018-12216 and CVE-2018-12214 could both allow a privileged user to execute arbitrary code via local access, according to an Intel advisory. “Multiple potential security...

MAGA 'Safe Space' App Developer Threatens Security Researcher

UPDATE A newly released 63red Safe mobile app that aims to help wary Trump supporters find “safe” and conservative-friendly places to wear Make America Great Again MAGA gear turns out to have a host of security issues, according to one researcher. Meanwhile, Scott Wallace, the Oklahoma-based mobi...

Three Ways DNS is Weaponized and How to Mitigate the Risk

In the early stages of the “Net” each computer system participating in this network could only be contacted by knowing it’s unique 32bit IP address. As the Net grew into the Internet that we know today, some changes had to be made to allow this system of interconnected computers to communicate wi...

Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw

A newly-patched Microsoft Win32k vulnerability is being exploited in the wild by at least two threat actors, including a recently discovered advanced persistent threat APT group dubbed SandCat. The exploited vulnerability CVE-2019-0797, rated important, was patched on Tuesday as part of Microsoft...

Federal Focus on Cyber Plays Out in President's Budget, IoT Legislation

The federal government is stepping up its game this week on the cybersecurity front, with both proposed budget line items that would requisition nearly $11 billion for cyber, and the introduction of the Internet of Things IoT Cybersecurity Improvement Act of 2019, which would require that devices...

Microsoft Patches Two Win32k Bugs Under Active Attack

Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way...

ThreatList: Phishing Attacks Doubled in 2018

Phishing attempts more than doubled in 2018, as bad actors sought to trick victims into handing over their credentials. They used both old tricks – such as scams tied to current events – as well as other stealthy, fresher tactics. Researchers with Kaspersky Lab said in a Tuesday report that durin...

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in...

Adobe Patches Critical Photoshop, Digital Edition Flaws

Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...

Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix

A researcher has attributed a recently publicized attack on Citrix’ internal network to the Iranian-linked group known as IRIDIUM – and said that the data heist involved 6 terabytes of sensitive data. Resecurity posted a blog on Friday indicating that it detected a targeted attack and data breach...

Google Patches Critical Bluetooth RCE Bug

Eleven critical Android bugs were patched as part of Google’s March Security Update. Three of them were tied to Android’s media framework and core system, while the others were related to faulty Qualcomm chip components. Out of those critical bugs, Google patched three critical remote...

Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks

SAN FRANCISCO – Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at...

Facebook Alleges Two Ukrainians Scraped Data From 63K Profiles

Facebook has sued two Ukrainian men that it says used quiz apps and malicious browser extensions to scoop up private data from 63,000 platform users, and then use that data for advertising purposes. A lawsuit filed Friday by Facebook alleged that the two men, Gleb Sluchevsky and Andrey Gorbachov,...

RSA Conference 2019: The Expanding Automation Platform Attack Surface

SAN FRANCISCO – Automation platforms are increasingly being used to chain multiple IoT devices together to create user-friendly smart applications – but that’s also creating unpredictable attack surfaces that can be hard to manage. A Trend Micro report released at RSA Conference 2019 warns that...

RSA Conference 2019: Operational Technology Widens Supply Chain Attack Surfaces

SAN FRANCISCO – Today’s supply chain has evolved, with operational technology OT used in factories increasingly becoming connected and converging with IT systems — introducing new attack vectors. This new reality is vital for companies to understand in the context of risk, according to Dawn...

Citrix Falls Prey to Password-Spraying Attack

Citrix is warning that its internal network has been hit by international cybercriminals. The digital workspace and enterprise networks vendor said in a website notice that the FBI contacted it on Wednesday, saying that there was evidence of a successful cyberattack on its network. While details...

RSA Conference 2019: Emotet Takes Aim at Latin America

SAN FRANCISCO – Remote access trojans RATs can be a scourge for corporate systems, giving backdoor access to cybercriminals that are looking to carry out espionage activities, do recon for future phishing efforts, or lift data to sell on the underground. They often serve as a key pivot point to...

RSAC 2019: The Dark Side of Machine Learning

SAN FRANCISCO – The same machine-learning algorithms that made self-driving cars and voice assistants possible can be hacked to turn a cat into guacamole or Bach symphonies into audio-based attacks against a smartphone. These are examples of “adversarial attacks” against machine learning systems...

RSA Conference 2019 Recap

SAN FRANCISCO – The RSA Conference 2019 is wrapping up, and Threatpost has been on the show floor this week covering the barrage of security news from the conference – including the annual cryptographers’ panel, big tech companies’ thoughts on privacy, and new vulnerabilities and patches that wer...

RSA Conference 2019: Firms Continue to Fail at IoT Security

SAN FRANCISCO – Low prices and firms racing products to market are two of the biggest factors when it comes to why Internet of Things devices are not getting the type of security do diligence they deserve. According to Checkmarx researcher Erez Yalon, despite years of the infosec community soundi...

RSA Conference 2019: Ultrasound Hacked in Two Clicks

SAN FRANCISCO – Researchers have highlighted the endemic insecurity of the hospital environment by executing a proof-of-concept attack on an ultrasound machine. In doing so, they were able to gain access to the machine’s entire database of patient ultrasound images. Check Point Research worked wi...

RSAC 2019: For Domestic Abuse, IoT Devices Pose New Threat

SAN FRANCISCO – The influx of connected products in the home – from smart thermometers to connected locks – presents a disturbing new threat surface for victims of domestic abuse. That’s what Lisa Green, senior director of operations at Independent Security Evaluators, is warning conference-goers...

RSA Conference 2019: NIST's Privacy Framework Starts to Take Shape

Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus. The National Institute of Standards and Technology has plans to help companies address data privacy with the...

RSA Conference 2019: BleedingBit Flaws Continue to Plague Firms

UPDATE SAN FRANCISCO – Mobile key platform UniKey has patched vulnerabilities related to the infamous BleedingBit attack in its platform. BleedingBit is an issue in Bluetooth Low-Energy chips made by Texas Instruments and used in millions of wireless access points, which was disclosed in November...

RSA Conference 2019: The Sky's the Limit For Satellite Hacks

SAN FRANCISCO – The satellites orbiting the world are rife with vulnerabilities – and as more satellites go up, and antenna equipment becomes cheaper, they are becoming a lucrative target for threat actors back on earth, according to researchers. William Malik, vice president of infrastructure...

RSA Conference 2019: How to Defend Against an AI vs AI Flash War

SAN FRANCISCO – As perimeter cyber defenses adopt new strategies such artificial intelligence and machine learning, security experts predict adversaries will adopt similar techniques when it comes to an attack chain. Derek Manky, chief of security insights at Fortinet, said that “black-hat...

RSA Conference 2019: Cryptographers' Panel Decries Adi Shamir's Visa Issues

SAN FRANCISCO – This year’s RSA Conference Cryptographers’ Panel started on a sour note when it was announced that longtime participant Adi Shamir, one of the inventors of the RSA algorithm, would be absent because of visa issues with the U.S. Department of State. Shamir, who addressed the...

RSA Conference 2019: Data-Wiping Cyberattacks Plague Financial Firms

Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts ...

RSA Conference 2019: Microsoft, Google, Twitter on Federal Privacy Regs

SAN FRANCISCO – With the advent of General Data Protection Regulation in Europe and state measures like the California Consumer Privacy Act CCPA of 2018 talk about a comprehensive U.S. privacy law has grown louder. However, some privacy advocates fear that any such federal legislation will be a...

RSAC 2019: TLS Markets Flourish on the Dark Web

SAN FRANCISCO – Thriving marketplaces for TLS certificates have emerged on the Dark Web, which are hawking the certs both as individual goods and packaged with an array of malware and other ancillary services. The research, from Venafi, the University of Surrey and the Evidence-based Cybersecurit...

RSA Conference 2019: BEC Scammer Gang Takes Aim at Boy Scouts, Other Nonprofts

SAN FRANCISCO – A Nigeria-based scammer gang dubbed “Scarlet Widow” has been launching email fraud attacks against thousands of targets – including universities, the Salvation Army, and Boy Scouts of America. Researchers with Agari detailed the attack during an RSA Conference session on Tuesday...

RSA Conference 2019: How to Be Better, on Trust, AI and IoT

SAN FRANCISCO – The slogan of this year’s RSA Conference is “Better” – and accordingly, Tuesday morning’s keynotes zeroed in on reversing some of the disturbing sociological trends that have been festering of late. That includes “information warfare,” meant to undermine citizens’ trust in media a...

RSAC 2019: Joomla! Flaw Exploited to Create Mass Phishing Infrastructure

SECOND UPDATE Editor’s Note: It has come to our attention that Check Point’s findings are being questioned by Joomla! and others in the open-source ecosystem. Our story accurately reflects Check Point’s report — but it’s clear that the news isn’t about Jmail or the vulnerability which is at least...

RSAC 2019: Most Consumers Say ‘No’ to Cumbersome Data Privacy Practices

Despite high-profile headlines about companies such as Facebook and Google abusing consumers’ personal information, it turns out that the average American is still not implementing a full cadre of best practices for keeping data safe. According to survey findings from research released at the RSA...

RSA Conference 2019: Picking Apart the Foreshadow Attack

SAN FRANCISCO – Starting off with a bang with Spectre and Meltdown, 2018 was the year of speculative execution vulnerabilities in CPUs, which wreaked havoc in the IT industry. One of these attacks, dubbed Foreshadow, could allow unauthorized disclosure of information. Foreshadow impacts the Intel...

RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase

SAN FRANCISCO: Business emails laced with malicious URLs in the message body have spiked by more than 125 percent in Q4 2018 in comparison with the quarter before. According to Mimecast’s latest Email Security Risk Assessment ESRA report, released at the RSA Conference 2019 in San Francisco this...

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes

SAN FRANCISCO – A previously unknown bug in Microsoft Office has been spotted being actively exploited in the wild; it can be used to bypass security solutions and sandboxes, according to findings released at the RSA Conference 2019. The bug exists in the OLE file format and the way it’s handled ...

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...

Argentinian Teen Becomes First to Earn $1M in Bug Bounties with HackerOne

A 19-year-old that goes by the handle “@trytohack” became the first white hat hacker to surpass $1 million in bounty awards on the HackerOne platform. The Argentinian researcher, whose real name is Santiago Lopez, started reporting security weaknesses to companies in 2015 on HackerOne, when he wa...

Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data

Researchers have found a slew of vulnerabilities in a pair of smart headphones designed to fit under ski helmets. The flaws could allow a bad actor to view victims’ personal information, track them and even listen to their private conversations via the headphones’ walkie-talkie function, which us...

Project Zero Discloses High-Severity Apple macOS Flaw

Researchers have disclosed what they say is a high-severity security flaw in Apple’s MacOS operating system – which has not yet been patched. The flaw gives an attacker privileges to perform malicious actions on a mounted filesystem – without the victim knowing. The Google Project Zero team...

RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions

SAN FRANCISCO – Much has been made of the cybersecurity workforce gap, and it appears to be a persistent issue: A full 69 percent of respondents in a recent survey said that they have cybersecurity teams that are understaffed. According to ISACA’s State of Cybersecurity 2019 survey, released at t...

RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel

Researchers at CyberArk have created a proof-of-concept attack that allows adversaries to bypass container security, escape the container and compromise an entire host system. However, the attack scenario is limited, in that a successful attack depends on unpatched vulnerabilities to be present i...