Coffee Meets Bagel Dating App Warns Users of Breach

Popular dating app Coffee Meets Bagel has sent its users an email notifying them that their data may have been “acquired by an unauthorized party.” The news comes days after a massive database containing the information of around 6.2 million Coffee Meets Bagel users showed up on the Dark Web. Use...

Google Play Cracks Down on Malicious Apps

Google Play is ramping up its offensive against malicious apps, which have continued to plague the official app store for Android devices over the years. In a Wednesday post, Andrew Ahn, product manager at Google Play, said that the number of app submissions that were rejected on the app...

Critical OkCupid Flaw Exposed Daters to App Takeovers

A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...

Lenovo Watch X Riddled with Security Vulnerabilities

Researchers are raking the Lenovo Watch X over the security coals in a report that blasts the device for shipping with a half dozen “disturbing” privacy and security vulnerabilities. The budget $50 smartwatch was introduced in June 2018 and was initially praised for its design, features and...

ThreatList: Banking Trojans Are Still The Top Big Bad for Email

While APT activity and a raft of malware types continue to capture the notice of researchers and journalists, it turns out that trusty old banking trojans remain the top email-borne threat out there. According to Proofpoint’s latest quarterly report, analyzing trends for the fourth quarter of 201...

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

Unpatched Apple macOS Hole Exposes Safari Browsing History

A design flaw in Apple’s macOS could allow a malicious application to steal victims’ Safari web browsing history. The security hole exists in every version of the Mac’s Mojave operating system, including macOS Mojave 10.14.3 Supplemental Update recently released on Feb. 7. That’s according to Mac...

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management DRM solution that affects the SICAM 230 process control system. SICAM 230 is used for a broad range of industrial contr...

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...

Microsoft Patches Zero Day Browser Bug Under Active Attack

It’s a busy Patch Tuesday for Microsoft with a total of 20 critical vulnerabilities addressed in this February’s monthly security bulletin. Four bugs, rated important, were previously publicly known. Worse, Microsoft said a zero-day bug tied to its Internet Explorer browser, also rated important,...

Critical WordPress Plugin Flaw Allows Complete Website Takeover

A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...

Attackers Completely Destroy VFEmail's Secure Mail Infrastructure

A catastrophic, smash-and-destroy cyberattack has eliminated the U.S. infrastructure for secure email service VFEmail. It’s a rare example of a purely destructive offensive, apparently unmotivated by financial gain or espionage goals. An attacker wiped out the company’s U.S. servers on Monday...

Major Container Security Flaw Threatens Cascading Attacks

runc, a building-block project for the container technologies used by many enterprises as well as public cloud providers, has patched a vulnerability that would allow root-level code-execution, container escape and access to the host filesystem. Discovered by researchers Adam Iwaniuk and Borys...

Xiaomi M365 Electric Scooter Hacked and Remotely Controlled

A serious design flaw in a popular electric scooter has allowed researchers to hack into it when they were up to 100 meters away – and ultimately force it to brake or speed up. Researchers at Zimperium on Tuesday released a proof-of-concept PoC for the attack, which impacts Xiaomi M365 scooters...

Adobe Fixes 43 Critical Acrobat and Reader Flaws

Adobe issued patches for 43 critical vulnerabilities in Acrobat and Reader – including a fix for a zero-day flaw that researchers at 0patch temporarily fixed on Monday. That bug could enable bad actors to steal victims’ hashed password values. Overall, Adobe patched 75 important and critical...

Threatpost Poll: Is It Impossible to Secure Mobile Devices?

Between applications and operating systems, a slew of mobile threats continue to pop up – and when it comes to security, it’s getting harder and harder for enterprises to keep up. Just in the past week, Apple patched a massive flaw in its FaceTime allowing a bad actor to eavesdrop on victims; whi...

U.S. Senators Urge VPN Ban for Federal Workers Over Spying

UPDATE Two U.S. senators are taking bipartisan aim at foreign-owned virtual private networks VPNs, which they say are often headquartered “in countries that do not share American interests or values” – specifically, China and Russia. Sens. Ron Wyden D-Ore. and Marco Rubio R-Fla. have signed a joi...

Temporary Patch Released For Adobe Reader Zero-Day

A temporary patch has been released to address a zero-day vulnerability in Adobe Reader that could enable bad actors to steal victims’ hashed password values, known as “NTLM hashes.” 0patch on Monday released a micropatch for the flaw, found in Adobe Reader DC. The vulnerability, which has no...

Exposed: Instagram, OKCupid, Mumsnet All Face Data Concerns

It has once again been busy on the data privacy/exposure front as the week kicks off, with Instagram, dating site OKCupid and the UK’s powerhouse discussion site, Mumsnet, all making recent news. A report on GDPR breach notifications rounds out the latest. First up, Instagram users are apparently...

First 'Clipper' Malware Discovered on Google Play

A malicious app designed to steal cryptocurrency from victims by replacing a wallet address in the phone’s clipboard has been discovered harboring the first “clipper” malware discovered on Google Play, the official Android app store. Usually cryptocurrency-stealers are found on unsanctioned Andro...

Managing Enterprise Security After the Data Supernova

As the amount of data continues to grow and expand outside of the enterprise, security leaders need to develop a plan to quickly secure it. The big promise of cloud computing was that it would simplify security. Organizations would no longer have to worry about securing their infrastructure becau...

Google Boosts Encryption For Low-End Android Devices

Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption. The new encryption offering, Adiantum, aims to solve a big issue that has plagued...

Theory: 'Simple Hack' Behind Bezos’ Alleged Compromising Images

Researchers are shooing away theories of an elaborate “deep state” hacking plot against Jeff Bezos tied to the alleged tawdry images of him and girlfriend Lauren Sanchez. They say, alleged images that Bezos claims that the National Enquirer is threatening to release were likely obtained via a...

FireOS Flaw Allowed Limited Content Injection in Amazon Tablets

A vulnerability in the operating system of Amazon’s Fire Tablets could allow a hacker to inject malicious content into Settings, Legal and Compliance, Terms of Use and Privacy sections of the device. The bug could also allow an adversary to capture the serial number of the tablet. The Fire Tablet...

Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update

Apple has patched a major flaw in its Group FaceTime feature that allowed callers to eavesdrop on people they called even if they never picked up. It also said it would pay a reward to the teen that identified the bug. The update comes along with a slew of other fixes in its release of iOS 12.1.4...

ThreatList: Latest DDoS Trends by the Numbers

Fresh statistics reveal a mix bag of good news and bad when it comes to distributed denial-of-service attacks in Q4 2018. According to the latest numbers available, the sheer number of attacks are down, but the length of time those attacks last have reached record lengths. The numbers come from...

Flaw in Multiple Airline Systems Exposes Passenger Data

Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at...

MacOS Zero-Day Exposes Apple Keychain Passwords

A researcher claims to have found a new Apple zero-day impacting macOS that could allow an attacker to extract passwords from a targeted Mac’s keychain password management system. However, the researcher refuses to disclose the alleged vulnerability citing Apple’s lack of macOS bug bounty program...

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

UPDATE Recently-discovered phishing emails scoop up victims’ Facebook and Google credentials and hides its malicious landing page via a novel method – Google Translate. The phishing campaign uses a two-stage attack to target both Google and Facebook usernames and passwords, according to researche...

What are Data Manipulation Attacks, and How to Mitigate Against Them

Conventional wisdom says that once an attacker is in the system, moving laterally from network to network, the damage is already done. The adversary has found a way in and more than likely identified the data they’re after. They simply need to exfiltrate it, the last step of the kill chain, to la...

Microsoft Confirms Serious 'PrivExchange' Vulnerability

Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges. Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed...

Modern Cybercrime: It Takes a Village

LAS VEGAS – Contrary to the pop-culture image of the hoodie-clad lone hacker with mad keyboard “skillz” siphoning off funds and making people’s lives miserable with a few lines of brilliant code, increasingly cybercrime “takes a village”. The true face of cybercrime today is a more democratic one...

IoT Scale Flaws Enable Denial of Service, Privacy Issues

Here is an internet of things flaw that can tip the scales to a hacker’s advantage. Researchers have discovered a bevy of flaws in a consumer smart scale that could allow hackers to launch a variety of attacks, from man-in-the-middle to denial of service attacks. Checkmarx researchers reported th...

Google Patches Critical .PNG Image Bug

Google has patched a critical vulnerability in its current and legacy versions of its Android operating system, which allow an attacker to send a specially crafted Portable Network Graphics .PNG image file to a targeted device and execute arbitrary code. In its February Android Security Bulletin,...

EU Recalls Children's Smartwatch That Leaks Location Data

UPDATE The European Commission has issued a recall for a popular smartwatch for children, citing “serious” privacy issues that could allow a bad actor to track or communicate with kids remotely. The issues exist in Safe-KID-One, an IoT watch made by German company Enox Group that allows parents t...

Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws

UPDATE LAS VEGAS — Multiple critical vulnerabilities in the commonly used Remote Desktop Protocol RDP would allow a malicious actor to achieve remote code-execution over a client’s computer. According to Check Point research released Tuesday at the CPX360 event in Las Vegas, both open-source and...

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

What’s in a name? When it comes to advanced persistent threat groups, it is often quite a bit. While their monikers’ may seem whimsical – Fancy Bear, Nomadic Octopus, Ocean Lotus and Darkhotel – the reality is these are not arbitrary names. In fact, many are similar to schoolyard nicknames or a...

Spy Campaign Spams Pro-Tibet Group With ExileRAT

A cyber-espionage campaign has been spotted targeting recipients of a mailing list run by the Central Tibetan Administration CTA. India’s CTA is an organization officially representing the Tibetan government-in-exile. The territory of Tibet is administered by the People’s Republic of China – but...

"Collection #1" Data Dump Hacker Identified

UPDATE Researchers say they have identified the threat actor behind the massive “Collection 1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the monikor “C0rpz” has claimed as early...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...

Houzz Urges Password Resets After Data Breach

Interior decorating website Houzz on Friday issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.” Houzz connects consumers to varying home-goods departments or professionals for purchasing furniture. The Palo Alto,...

Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware

UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service BITS mechanism over HTTP. Meanwhile th...

Threatpost News Wrap Podcast For Feb. 1

Data privacy dominated the week of news ending Feb. 1. News headlines included both Facebook and Google finding themselves in hot water over distributing data-sucking apps on iOS devices. A severe flaw was also found in kid-tracking IoT smartwatches that could expose sensitive information for...

Cybercriminals Aim for the Super Bowl Goal Posts

Ah, the Super Bowl. For some, this Sunday’s show down between the Los Angeles Rams and the New England Patriots will be about gathering family and friends around for a great American pastime: The Super Bowl party. Some are just in it for the commercials. Some see a gambling opportunity; and for...

Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation

Facebook has booted hundreds of Iran-linked pages, groups and accounts from its social media platform that it claimed were promoting misinformation. According to Facebook, it removed 783 pages, groups and accounts that engaged in “coordinated inauthentic behavior” that were misleading users about...

TheMoon Rises Again, With a Botnet-as-a-Service Threat

TheMoon, an IoT botnet targeting home routers and modems, is entering a new phase, as it were: It has added a previously undocumented module that allows it to be sold as-a-service to other malicious actors. This has already had significant real-world consequences, according to CenturyLink Threat...

Prepare to Defend Your Network Against Swarm-as-a-Service

The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, has arisen due to dramatic advances in swarm-based...

2019 Already Marred By Slew of Data Breach Incidents

It has been a busy year for data breaches already, and January isn’t even officially over. This past week has been no exception. In past seven days, in addition to the Airbus news that we previously reported, Discover Financial, IT management giant Rubrik, the City of St. John in New Brunswick,...

Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web

French airplane and military aircraft behemoth Airbus SE has become the latest victim of a cyberattack leading to a data breach, with an incident detected on its “commercial aircraft business” information systems. It is only the latest high-profile data exposure to come to light in recent days, a...

U.S. Government Goes After North Korea's Joanap Botnet

The U.S. Justice Department is looking to retaliate against North Korea-linked hackers who have built up a massive global network of infected computers. The department announced on Wednesday that it would seek to map out the Joanap botnet, which has been built and controlled by North Korea-linked...