Judge: Law Enforcement Can't Force Suspects to Unlock iPhones with FaceID

A U.S. federal judge has ruled that law enforcement can’t force people to unlock their iPhones using the phone’s biometric capabilities – like FaceID or TouchID. The ruling comes from a Jan. 10 filing, for which police were seeking a search warrant as part of a cyber-extortion case. The victim wa...

ThreatList: $1.7M is the Average Cost of a Cyber-Attack

The average cost estimate for cleaning up a cyberattack comes in at around $1.1 million, according to a recent survey. But this is actually a rosy view: For those organizations that actually calculate versus estimate the real cost of an attack, that number increases significantly to $1.67 million...

Popular Web-Hosting Platform Bluehost Riddled with Flaws

UPDATE A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform. These would allow cybercriminals to easily carry out complete account takeover, according to the analysis. Bluehost has acknowledged the issue, and told Threatpost, “We ar...

Threatpost Poll: Can We Fix 2FA?

In the wake of the release of a penetration testing tool called Modlishka that shows how easy it is to bypass login protections for accounts protected by mainstream two-factor authentication 2FA, the tool’s author in his write-up asked, “is 2FA broken?” It’s a provocative question, so we asked...

Hack Allows Escape of Play-with-Docker Containers

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...

Ryuk Hauls in $3.7M in 'Earnings,' Adds TrickBot to the Attack Mix

The Ryuk ransomware has raked in $3.7 million in bitcoin payments since it first appeared last August, researchers say – and has emerged as the calling card for a crime organization called Grim Spider a.k.a. MixMaster. It turns out that Grim Spider could share a link with other crime syndicates,...

Mozilla Kills Default Support for Adobe Flash in Firefox 69

Mozilla is disabling default support for Adobe’s Flash Player plugin in the latest upcoming version of its FireFox browser, marking the latest step in end-of-life for the infamous plugin. The disabled default support means that Firefox users will now be required to manually enable Adobe Flash in...

Data Exposed in OXO, Amazon and MongoDB Leaks

2019 has so far been making good on security experts’ predictions that there will be no ebb in data exposures for the new year: In the first half of January, several data breaches and leaks have already come to light, including three notable incidents at well-known firms in just the past week. Ov...

Podcast: Emotet Grows With Fast-Evolving Tactics

The Emotet banking trojan has been popping up in the news for years: It has a long history, starting with widespread malspam infections of banking German targets in 2014, all the way up to the crippling ransomware attack that hit the Onslow Water and Sewer Authority in October. And while the...

Pre-Installed Android App Impacts Millions with Slew of Malicious Activity

A pre-installed Android application on Alcatel smartphones has been found surreptitiously siphoning off geolocation data, email addresses and phone identification numbers and sending the data to a server in China. Analysts with Upstream’s Secure-D platform said that the app, Weather Forecast—Worl...

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...

U.S. Government Shutdown Leaves Dozens of .Gov Websites Vulnerable

As the U.S. federal shutdown continues, dozens of U.S. government websites have been rendered either insecure or inaccessible due to expired transport layer security TLS certificates that have not been renewed. In fact, .gov websites are using more than 80 TLS certificates that have expired,...

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication 2FA. In his write-up on the tool, which is dubbed Modlishka, meaning “mantis” in English, he asked, “is 2FA broken?” It’s a question...

At CES, Focus is On ‘Cool Factor’ Not IoT Security

With the Consumer Electronics Show CES afoot this week, headlines are crammed with the offbeat connected products from the show – including everything from a smart belt all the way down to a connected toilet. But one important topic seems to be missing from the troves of CES news and even from th...

'Unprecedented' DNS Hijacking Attacks Linked to Iran

A wave of DNS hijacking attacks targeting victims in North America, Europe, Middle East and North Africa have been linked to Iran. The attacks, which have been ongoing over the past two years, have had “a high degree of success” harvesting targets’ credentials, according to researchers. Researche...

Google Search Results Spoofed to Create Fake News

UPDATE A spoofing technique that creates fake Google search results has been uncovered, which could be used in political influence campaigns or for other nefarious purposes. In this age of fake news, people are more wary than ever of efforts to sway public opinion using disinformation – this has...

Critical Flaw in Cisco's Email Security Appliance Enables 'Permanent DoS'

Cisco has patched two serious vulnerabilities – one critical and one high-severity – in its email security appliance tool. Both bugs ultimately lead to a denial of service DoS on impacted devices – and can be exploited by an attacker who simply sends an email. Overall, the company on Wednesday...

ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse

A strain of malware that spreads on the web via advertising platforms has mounted a large-scale, mass data harvesting campaign, opening up thousands of Android users to follow-on attacks. Researchers said it’s likely there’s an organized crime ring operating behind the scenes. Named ICEPick‐3PC b...

Google Play Boots 85 Malicious Adware Apps

At least 85 fake apps harboring adware, disguised as game, TV, and remote control simulator apps have been removed from the Google Play app store. Researchers with Trend Micro said Tuesday that they found an active adware family in fake apps on the Google Play store that had been downloaded a...

ThreatList: WordPress Vulnerabilities Up 30 Percent in 2018

UPDATE Vulnerabilities in popular content management system CMS WordPress are growing at a rapid rate, up 30 percent in 2018, according to new web application bug research released Wednesday. Researchers at Imperva said that in 2018, they continued to see a trend of increasing web application...

Biometrics in 2019: Increased Security or New Attack Vector

This year thousands of consumers unwrapped new smartphones and laptops which come with biometric sensors that are intended to protect their data and identities through strong authentication. Apple continues to gain popularity with its iPhone X facial recognition feature while more laptops and...

The Promise and Peril of 5G

The next generation of mobile cellular technology known as fifth-generation wireless 5G is hitting a peak in the hype cycle, emerging as a major theme/5G.aspx at the Consumer Electronics Show CES this week. Wireless carriers are investing billions of dollars into the technology, which requires a...

Intel Patches High-Severity Privilege-Escalation Bugs

Intel on Tuesday patched three high-severity vulnerabilities that could allow the escalation of privileges across an array of products. Overall, the chip giant fixed five bugs – three rated high-severity, and two medium-severity. The most concerning of these bugs is an escalation-of-privilege...

Shipping Firms Speared with Targeted 'Whaling' Attacks

Scammers are honing in on the shipping industry, using “whaling,” a.k.a. business email compromise BEC attacks, to scoop up credentials, or worse, compromise critical systems. Hackers are launching whaling attacks to target various types of employees with some serious online and sometimes...

Microsoft Issues Multiple Critical Patches for Edge Browser

Microsoft patched a bevy of critical bugs impacting its Edge browser that could allow an attacker to hijack a targeted PC simply by steering a victim to a rigged website harboring specially crafted exploit code. In all, Microsoft tackled four critical Edge vulnerabilities, part of the company’s...

Malvertising Campaign Delivers Double Whammy of Ransomware and Info-Stealing

A multi-payload and ongoing malvertising campaign is distributing a newly discovered info-stealer as well as the GandCrab ransomware. The info-stealer is named Vidar, after the Norse god Víðarr, who was the son of Odin in mythology. According to researcher Fumik0, who discovered it in December,...

Adobe Patches Important Bugs in Connect and Digital Edition

Adobe released patches for two bugs rated “important” in its Adobe Digital Edition and Adobe Connect products. The two important vulnerabilities, patched Tuesday, include an information disclosure bug in Adobe’s ebook reader software program, Digital Edition; as well as a session token exposure b...

Hackers Infiltrate Early Warning Network System to Send Spam

Hackers were able to access the Early Warning Network, a large-scale emergency warning system in Australia, and then send alarming spam messages to subscribers. According to the Early Warning Network EWN, a hacker accessed its system over the weekend and then sent “nuisance messages” via text,...

Zerodium Raises Zero-Day Payout Ceiling to $2M

Exploit acquisition vendor Zerodium said Monday that it is upping its payouts for full, working exploits across its entire program. It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution RCE and a half-million for Google Chrome RCEs. T...

ThreatList: Container Security Lags Amidst DevOps Enthusiasm

The high-velocity application- and process-development practices collectively known as DevOps has become a core goal for many enterprises, as they look to respond to market forces more dynamically. This embrace is pushing container deployments forward as necessary tools for executing the vision o...

Snowden’s Attorney Urges Canada to Take in Whistleblower Helpers (Part Two)

In our second part of Threatpost’s interview of lawyer Robert Tibbo, who represented former N.S.A. contractor-turned-whistleblower Edward Snowden, Tibbo describes the present day systematic harassment of families that sheltered Snowden while he was in Hong Kong in 2013. Tibbo also describes how h...

unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy

unCAPTCHA, an artificial intelligence-based automated system designed at the University of Maryland, has been updated to break Google’s latest audio-based reCAPTCHA challenges with an accuracy rate of 90 percent. Google has been working on refining and strengthening reCAPTCHA for years, a Turing...

Skype Glitch Allowed Android Authentication Bypass

A Skype vulnerability could have allowed hackers to bypass authentication methods and access personal data on an Android device – simply by answering a Skype call to that device. The glitch, which was disclosed by security researcher Florian Kunushevci last week, was patched earlier in December b...

Podcast: Beware These Top Security Threats in 2019

While 2018 was a whirlwind of serious threats, newly-evolving malware and high-profile data breaches, 2019 has already started with a bang. Between two newly disclosed data breaches and a hack of hundreds of German politicians‘ personal information exploding to the forefront last week, the securi...

Weather Channel App in a Deluge of Legal Trouble for Data Misuse

A lawsuit filed Thursday alleges that the popular Weather Channel App misled its users about how it would use the personal – and extremely precise – location data that it collects. IBM subsidiary The Weather Channel TWC markets its free app as the world’s most downloaded weather app, touting 45...

Marriott Revises Breach Scope to 383M Records

Marriott has revised downward its estimate on the number of guests whose passport numbers and payment card data were impacted in its recent data breach. After the hospitality giant confirmed in November that there had been unauthorized access to its Starwood guest reservations database from 2014 ...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

Wide-Ranging German Doxxing Incident Hits Hundreds of Politicians

Hundreds of German politicians, including Chancellor Angela Merkel, have been doxxed in a puzzling incident, with their private information and political documents dumped online. At least one local reporter is claiming the information is explosive. According to a report from German public...

Adobe Fixes Two Critical Acrobat and Reader Flaws

Adobe on Thursday released unscheduled security updates for Adobe Acrobat and Reader for Windows and MacOS. The updates fix two critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725. Successful exploitation of the flaws could lead to arbitrary code execution in the context of the current...

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant o...

Dual Data Leaks of Blur, Town of Salem Impact Millions

The new year has started off with the disclosure of two high-profile data breaches exposing the personal and password data of millions of people. Popular role-playing game Town of Salem saw the email addresses and passwords of more than 7.6 million players hacked; while a separate database issue...

MobSTSPY Info-Stealing Trojan Goes Global Via Google Play

An Android spyware dubbed MobSTSPY has managed to ride trojanized apps to a widespread, global distribution, mainly via Google Play. The malware masquerades as a legitimate application purporting to be things like flashlights, games and work productivity tools. While it’s not uncommon to come...

Snowden’s Attorney Talks Govt Harrassment of Whistleblower Helpers (Part One)

Human rights lawyer Robert Tibbo represented former N.S.A. contractor-turned-whistleblower Edward Snowden when he fled the United States to Hong Kong in 2013. Less publicized has been Tibbo’s work representing several families from the Hong Kong refugee community that welcomed Snowden into their...

Hackers Hijack Smart TVs to Promote PewDiePie

UPDATE Hackers are taking advantage of vulnerable Chromecast and Google Home devices to display messages on consumer TVs promoting well-known YouTube star PewDiePie. Click to Expand Once hacked, the TVs display a message saying: “Public Service Announcement PewDiePie, the number 1 subscribed...

Newsmaker Interview: Bruce Schneier on Physical Cyber Threats

Attacks on physical devices and infrastructure offer a new target for cyber crime, a new opportunity for espionage and even a few front in cyber war. Rather than exploit computers and their applications, the Internet of Things allows malicious actors to go after a whole new category of devices,...

EU Offers Bug Bounties For 14 Open Source Projects

The European Commission in January is funding 14 bug bounty programs in hopes of sniffing out vulnerabilities in the free open source projects that EU institutions rely on. The bug bounty programs span 14 open source software projects and offers a total of almost $1 million for all bounties...

Chrome in Android Leaks Device Fingerprinting Info

Google has issued a partial fix for an Android issue dating back to 2015 – after originally rejecting the bug report on the grounds of the mobile OS “working as intended.” The issue – which still doesn’t have a CVE designation despite being partially addressed as a problem – has to do with how...

Threatlist: Dark Web Markets See an Evolution in Q3

In the wake of Hansa and AlphaBay being dismantled on the Dark Web, Dream Markets and Wall Street Market have become the largest marketplaces in the criminal underground, according to Q3 analysis from McAfee. Meanwhile, vulnerabilities and stolen credentials continue to dominate the cybercriminal...

2019 Malware Trends to Watch

Malware authors continue to innovate, find new infection vectors and better obfuscate their wares. Heading into 2019, you can bet that cybercriminals will do everything in their power to become even more effective and virulent. Here are 10 top malware trends to watch for in the New Year. Wipers...

Malware Attack Crippled Production of Major U.S. Newspapers

A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. this weekend – including the Los Angeles Times and Wall Street Journal. The virus impacted computer systems of Tribune Publishing Co., which publishes an array of maj...