RSAC 2019: An Antidote for Tech Gone Wrong

SAN FRANCISCO – Tech innovation can move faster than its own good might dictate, often leaving the public interest as an afterthought. Take, for example, hot-button topics such as artificial intelligence, network neutrality and social network user privacy – and consider the ensuing debates. The...

Visitor Kiosk Access Systems Riddled with Bugs

Visitor-management systems protect business against physical threats such as unwanted and unidentified guests. But many of these lobby-based perimeter checkpoints are opening up companies to a bevy of cyber-threats. On Monday, IBM’s penetration testing team, X-Force Red, released a report that...

RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope

SAN FRANCISCO – An insidious reconnaissance campaign discovered in 2018, dubbed Operation Sharpshooter, is much more widespread than previously thought, researchers said. Operation Sharpshooter was first disclosed in December 2018, using a never-before-seen implant framework to infiltrate global...

How the Dark Web Data Bazaar Fuels Enterprise Attacks

It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privac...

Adobe Patches Critical ColdFusion Vulnerability With Active Exploit

Adobe has issued an emergency patch for a critical vulnerability in its ColdFusion service that is being exploited in the wild. The vulnerability, CVE-2019-7816, exists in Adobe’s commercial rapid web application development platform, ColdFusion. The ColdFusion vulnerability is a file upload...

Podcast: RSA Conference 2019 Preview

The RSA 2019 conference is right around the corner, kicking off next week in San Francisco. As they prepare to cover the show, Threatpost editors Lindsey O’Donnell, Tom Spring and Tara Seals break down the biggest news, stories and trends – from artificial intelligence and government security to...

Necurs Botnet Evolves to Hide in the Shadows, with New Payloads

Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a fresh hiding technique to avoid detection while quietly adding more bots to its web. According to research from Black Lotus Labs, which is telecom and ISP provider CenturyLink’s network...

Coinhive to Mine Its Last Monero in March

Coinhive, the company behind an eponymous browser-based cryptocurrency miner, is closing its doors. As of March 8, the 18-month-old company will discontinue its service, because, it announced, the model “isn’t economically viable anymore.” Coinhive bills itself as a legitimate service for website...

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code. The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco RV110W Wireless-N VPN...

Card-Skimming Scripts Hide Behind Google Analytics, Angular

A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice. According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS...

Ring Doorbell Flaw Opens Door to Spying

UPDATE A serious flaw in the popular Ring smart doorbell could allow an attacker on a shared WiFi network to spy on families’ video and audio footage, according to researchers. Ring Doorbell is a popular home security device acquired by Amazon. Researchers with BullGuard discovered a way to launc...

Cisco Patches High-Severity Webex Vulnerability For Third Time

Cisco Systems is hoping three times is a charm. The networking giant has issued a third patch for a stubborn high-severity flaw in its Webex Meetings platform after researchers once again discovered a way to bypass the previous fix. The privilege elevation vulnerability CVE-2019-1674 exists in th...

Thunderclap Flaws Shatter Peripheral Security

UPDATE A set of vulnerabilities collectively dubbed “Thunderclap” is putting computers at risk from weaponized peripheral devices think network cards, storage and graphics cards, and even chargers and video projectors. The flaws reside in the Thunderbolt hardware interface developed by Intel in...

RSAC 2019: Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks

The notorious Chinese-linked threat group, dubbed Bronze Union, has been spotted in a widespread 2018 campaign updating its arsenal of cyberweapons by breathing new life into old tools. The threat group was spotted in 2018 using updated source code to target data owned by political, technology,...

'Cloudborne' IaaS Attack Allows Persistent Backdoors in the Cloud

An attack scenario affecting various cloud providers could allow an attacker to implant persistent backdoors for data theft into bare-metal cloud servers, which would be able to remain intact as the cloud infrastructure moves from customer to customer. This opens the door to a wide array of attac...

High-Severity SHAREit App Flaws Open Files for the Taking

Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism – and ultimately download content and arbitrary files from the victim’s device, along with a raft of data such as Facebook tokens and cookies. SHAREit is ...

Critical WinRAR Flaw Found Actively Being Exploited

A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could...

The Dark Sides of Modern Cars: Hacking and Data Collection

Like an unstoppable incoming tide, connectivity has quietly inundated the automobiles we so love to drive. In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the sta...

Threatpost Data: Password Managers Are Worth the Risk, Readers Say

Despite a high-profile memory-related vulnerability in password managers capturing headlines last week, a recent Threatpost poll found that 84 percent of respondents use password managers – while only 10 percent said they don’t due to security risks. There have been vulnerabilities found before i...

ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers

Privacy-breaking flaws in the 4G and 5G mobile protocols could allow attackers to intercept calls, send fake amber alerts or other notifications, track location and more, according to a research team from Purdue University and the University of Iowa. In a paper presented at Mobile World Congress ...

Google Ditches Passwords in Latest Android Devices

Half of all Android users can now log into apps and websites on their devices – without having to remember a cumbersome password. On Monday, Google and the Fast IDentity Online FIDO Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users...

Phishing Scam Cloaks Malware With Fake Google reCAPTCHA

A recently-discovered phishing scam was found peddling malware, using a new technique to mask its malicious landing page: A fake Google reCAPTCHA system. The campaign targeted a Polish bank and its users with emails, said researchers with Sucuri. These emails contained a link to a malicious PHP...

Reddit Gold: Alice and Bob, Caught in a Web of Lies

Alice and Bob, the beloved or not-so-beloved, depending placeholder characters often used in cryptography examples, have been spotted in the middle of a web of deceit and intrigue by eagle-eyed Redditers. Think lies. Broken hearts. Even…murder. Yep, you heard that right. It all starts with the...

Video: HackerOne CEO on the Evolving Bug Bounty Landscape

The bug bounty landscape continues to change along with the concept and rules around vulnerability disclosure. Meanwhile, companies such as GitHub, Microsoft and others continue to keep pace, launching or expanding bounty programs. Even the European Commission is getting in on the action. On...

Data Breaches of the Week: Tales of PoS Malware, Latrine Status

The data-breach onslaught continued this week with casualties sprinkled across the globe. Victims included retailers, banks and one state-owned gas station. The theme this was the Indian subcontinent, with consumers in Pakistan and India feeling the main brunt of the proceedings. A point-of-sale...

Threatpost News Wrap Podcast For Feb. 22

Threatpost editors Lindsey O’Donnell and Tom Spring discuss the biggest news of the week ended Feb. 22, including a report about flaws in password managers, and a 19-year-old flaw found in WinRAR. The Threatpost team also discussed an upcoming webinar on Feb. 27 at 2 p.m. ET. Patrick Hevesi of...

Threatpost Poll: Are Password Managers Too Risky?

Do you use a password manager? Or do you think they pose too much of a risk, holding all the keys to the kingdom? Weigh in with our poll, below. A little background: There have been vulnerabilities found before in this kind of software, which is meant to take the headache out of remembering...

ThreatList: Porn-Focused Malware Triples, Dark Web Loves It

Credential-stealing malware targeting premium accounts on adult websites almost tripled in 2018, corresponding with a rise in the number of offers related to stolen porn credentials on Dark Web markets. That’s according to Thursday research from Kaspersky Lab, which found that the malware is...

Adobe Re-Patches Critical Acrobat Reader Flaw

A week after Adobe fixed a critical zero-day vulnerability in its Acrobat Reader, the company issued another patch after a researcher dug up a way to bypass the original fix. This previous vulnerability CVE-2019-7089 was fixed in Adobe’s regularly scheduled security update last week. But Adobe sa...

Highly Critical Drupal CMS Flaw Affects Millions of Websites

The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...

19-Year-Old WinRAR Flaw Plagues 500 Million Users

Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on...

Researcher: Not Hard for a Hacker to Capsize a Ship at Sea

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively low-skill enterpris...

Separ Malware Plucks Hundreds of Companies' Credentials in Ongoing Phish

An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials. Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the...

Apple's Shazam App Boots Facebook Ads and Other Third-Party SDKs

Shazam, the handy app that uses audio recognition to tell you what song is playing over any given set of speakers, has reportedly eliminated all third-party software developer kits SDKs in its iOS version except for one: HockeyApp. Apple, which bought the startup for $400 million last year, has...

Password Manager Firms Blast Back at ‘Leaky Password’ Revelations

Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research report that highlights how a local adversary can crack open and steal passwords stored by the utilities. The uproar began Tuesday when lead researcher, Adrian Bednarek with Independent Security Evaluators ISE,...

GitHub Increases Rewards, Scope For Bug Bounty Program

GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...

Microsoft: Russia's Fancy Bear Working to Influence EU Elections

As the May elections for European Parliament loom, Russia-linked APT groups are amping up their efforts to target journalists, think-tanks, non-governmental organizations and other members of civil society, according to Microsoft. The tech giant said on Tuesday that it has observed a recent serie...

Microsoft to Kill Updates for Legacy OS Using SHA-1

Microsoft is in the process of phasing out use of the Secure Hash Algorithm 1 SHA-1 code-signing encryption to deliver Windows OS updates – announcing that customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019. No SHA-2...

ThreatList: APT Adversaries Up the Ante on Speed, Target Telecom

Despite law-enforcement wins in the form of several high-profile arrests and indictments during 2018, nation-state adversaries have upped their games when it comes to speed. That’s according to CrowdStrike’s 2019 Global Threat Report, which found that when analyzing how long it takes to go from...

New GandCrab Decryptor Unlocks Files of Updated Ransomware

Yet another free decryptor is available for GandCrab ransomware victims. The tool, released Tuesday, is the third decryptor update in the past year that thwarts the prolific and fast-evolving GandCrab ransomware. Europol police announced availability of the update, which now unlocks data encrypte...

ATM Jackpotting Malware Hones Its Heist Tools

The WinPot ATM jackpotting malware is evolving, as its authors look to solve the obstacles that get in their way. The latest is an effort to help ATM hackers, a.k.a. jackpotters, better target their efforts in order to steal more cash in a lesser amount of time. Thieves infect ATMs through physic...

When Cyberattacks Pack a Physical Punch

More than one in 10 data breaches now involve “physical actions,” according to a recent report. These include leveraging physical devices to aid an attack, but also hacks that involve breaking into hardware and remote attacks on physical infrastructure. The stat underscores the realities of a...

Where's the Equifax Data? Does It Matter?

It’s been 17 months since the infamous 2017 Equifax data breach was revealed to have compromised the data of about 147.9 million people i.e., almost every adult in the U.S., with more than 45 percent of the population directly affected by the incident. But an investigative report from CNBC found...

Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps

In a week full of cyber-incidents and marked by the Valentine’s Day holiday, data breach news was surging. Equifax may have been hacked by spies, two huge credential spills on the Dark Web did their part to endanger people online and several companies admitted to data exposures, data breaches and...

Eight Cryptojacking Apps Booted From Microsoft Store

Microsoft booted eight malicious apps from its official desktop and mobile app store after researchers found the programs surreptitiously mined for Monero cryptocurrency. Researchers who discovered the apps said that an unspecified, but significant number, of users may have downloaded the rogue...

Tips on How to Fight Back Against DNS Spoofing Attacks

The Domain Name System DNS, known as the phone book for the internet, was recently retuned to improve performance as well as include new security provisions to protect against Distributed Denial of Service DDoS attacks. DNS Flag Day drew a line in the sand for noncompliant authoritative DNS serve...

Trickbot Malware Goes After Remote Desktop Credentials

The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...

Ultra-Sneaky Phishing Scam Swipes Facebook Credentials

A new phishing attack bent on stealing Facebook credentials has been spotted – and it’s turning researchers’ heads due to how well it hides its malicious intent. Researchers with password management company Myki on Thursday said that attack reproduces a social login prompt in a “very realistic...

Ever-Changing Emotet Evolves Again with Fresh Evasion Tactic

The Emotet trojan has seen a spike in activity in the last month, with a campaign that once again showcases its ability to evolve quickly: It’s now employing a different delivery mechanism than has previously been seen, in what appears to be an effective tactic for evasion. Emotet, which has beco...

Threatpost Poll: Over Half of Firms Asked Struggle with Mobile Security

A Threatpost survey of readers found over half of respondents don’t feel sufficiently prepared to prevent or handle a security incident stemming from mobile devices in their firm. The informal survey results should serve as harbinger for security professionals in light of the fact that 80 percent...