The Danger and Opportunity in 5G Connectivity and IoT

There is a lot of buzz building over fifth-generation mobile networks 5G and how they will revolutionize the fast-growing numbers of internet-connected devices — but what about security? What makes 5G so closely tied to billions of Internet of Things IoT devices is its speed 5G is expected to be ...

Obamacare Sign-Up Channel Breach Affects 75K Consumers

A hack of the government’s Affordable Care Act-mandated healthcare exchanges has exposed the files of 75,000 individuals. According to the Centers for Medicare and Medicaid Services CMS, its staff detected “anomalous activity” in the Direct Enrollment pathway on Oct. 13 – with a breach declared...

Critical RCE Bug Impacts Streaming Server Libraries: VLC, MPLayer Not Impacted

A critical remote code-execution bug has been found in the popular Live Networks LIVE555’s streaming media RTSPServer. The vulnerability could allow an attacker to send a specially crafted packet to vulnerable systems and trigger a stack-based buffer overflow, according to researchers at Cisco...

Critical RCE Bugs Patched in Drupal 7 and 8

Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...

Trivial Post-Intrusion Attack Exploits Windows RID

An novel post-intrusion attack technique allows hackers to hijack a Windows system component called RID, allowing the adversaries to assign administrative privileges to “guest” and other low-level accounts. The technique is simple and does not require a lot of sophistication, security researcher...

New APT Could Signal Reemergence of Notorious Comment Crew

A recently observed APT campaign, dubbed Operation Oceansalt, could herald the return of the infamous China-linked hacking group known as Comment Crew or APT1. Attacks are cunning and are defined by their their deep targeting and use of an innovative multi-wave attack methodology. Operation...

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Tumblr on Wednesday disclosed it had fixed a vulnerability that could have exposed sensitive account information including usernames/passwords and individual IP addresses. However, the company stressed there’s no evidence that any data was exposed. The bug existed in the “Recommended Blogs” featu...

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

A new APT group, dubbed GreyEnergy by researchers, has emerged as a successor to the infamous BlackEnergy APT group, which was behind the electric grid cyberattack and resulting power outage in the Ukraine in December 2015. However, GreyEnergy’s focus and targeting revolve around cyber-espionage...

Oracle Fixes 301 Flaws in October Critical Patch Update

Oracle has released a critical patch update addressing more than 300 vulnerabilities across several of its products – including one flaw with a CVSS 3.0 score of 10 that could allow the takeover of the company’s software package, Oracle GoldenGate. Of the 301 security flaws that were fixed in thi...

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

The libssh open-source project has issued an update to address an authentication bypass vulnerability in the server code — to say that it’s trivial to exploit is an understatement. The flaw CVE-2018-10933 exists in libssh versions 0.6 and above being used in server mode – and it allows anyone to...

Podcast: A Utility Ransomware Attack, Post-Hurricane

A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority ONWASA said in a Monday release that a “sophisticated ransomware attack… has left the utili...

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers, which are portable computer systems used to manage implanted cardiac devices in clinical settings, would have allowed remote code implantation over Medtronic’s dedicated Software Deployment Network SDN. The programmers are...

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Almost 62 percent of all websites are still running PHP version 5 – even as version 5.6 of the server-side scripting language inches toward an ominous end-of-life. Hypertext Preprocessor PHP, a programming language designed for use in web-based applications with HTML content, supports a wide...

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority ONWASA said in a Monday release that a “sophisticated ransomwa...

ThreatList: Half of Execs Feel Unprepared to Respond to a Cyber-Incident

Nearly half 46 percent of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year — and that they’re still no closer to being ready for the next event. The survey, of more than 3,150 professionals taken during a Deloitte Dbriefs webcast o...

Facebook Expands Efforts to Squash Voter Suppression

Facebook plans to expand its content-policing on its site, aiming to crack down on profiles and pages that it deems are aimed at voter suppression ahead of the 2018 U.S. midterm elections. Specifically, social-media giant will penalize those that spread disinformation about voting requirements wi...

Privacy Regulation Could Be a Test for States’ Rights

When the California Consumer Privacy Act CCPA passed in June, security experts applauded the state legislation as a win for consumers. The ruling gave residents certain rights around how their personal data can be stored, accessed, sold and deleted. But months later in September, the U.S. Chamber...

Up to 35 Million 2018 Voter Records For Sale on Hacking Forum

Up to 35 million voter records have been found up for sale on a popular hacking forum from 19 states, researchers discovered. Researchers at Anomali Labs and Intel 471 on Monday said that they discovered Dark Web communications offering a large quantity of voter databases for sale – including...

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid

The massive NotPetya ransomware outbreak that crippled organizations around the world last year turns out to have links to the Industroyer backdoor, which targets industrial control systems ICS and took down the Ukrainian power grid in Kiev in 2016. In fact, the same threat actor – dubbed TeleBot...

Facebook Offers Details on ‘View As’ Breach, Revises Numbers

The data breach first disclosed by Facebook in September has directly impacted the access tokens of 30 million accounts, the social media giant confirmed Friday. Facebook recently admitted that hackers exploited a flaw in its “View As” feature, which lets users see what their profiles look like...

ICS Security Plagued with Basic, Avoidable Mistakes

At least 33 percent of the security issues found in industrial control systems ICS are rated as being of high or critical risk. FireEye iSIGHT Intelligence compiled data from dozens of ICS security health assessment engagements performed by its Mandiant division, and found that these issues inclu...

Threatpost News Wrap Podcast For Oct. 12

Threatpost editors Lindsey O’Donnell and Tara Seals discuss the top news of the week ended Oct. 12. The week started with a bang with a report that Google did not disclose a potential data breach in Google+, likely contributing to the tech giant’s decision to shut down the social networking...

Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm

UPDATE Microsoft patched a zero-day in its JET Database Engine this week – but the patch was incomplete, according to researchers at 0patch. The company has developed a micropatch that corrects that hole, it said Friday. The memory corruption vulnerability CVE-2018-8423 could allow remote...

Shining a Light on a New Technique for Stealth Persistence

Red teamers like myself and my team are driven by a desire to out-innovate the bad guys – to help the good guys. We study their methods, strive to think like they do, work to better understand attacker techniques and test our mettle against the spectrum of technologies in use today to find new wa...

Facebook Bans More Than 800 Accounts in Disinformation Purge

Facebook on Thursday announced it has removed hundreds of pages and accounts as the company cracks down on spam. The move comes at a time when Facebook is under intense scrutiny about how it handles misinformation, particularly as the U.S. midterm elections draw near. The company said it has...

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

FitMetrix, which makes performance-tracking software that gym owners can brand and offer to their customers, has exposed millions of customers’​ records, because they were maintaining completely open cloud servers. To boot, the records were accessed by cybercriminals prior to the public access...

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called PerlBot or Shellbot. Researchers a...

ThreatList: Credential Theft Spikes by Triple Digits in U.S.

Credential theft was substantially up in the United States during the third quarter – even as declines were charted in Europe and Asia. What credentials go for on the Dark Web. Periodic analysis from Blueliv shows a whopping 141 percent increase in compromised credentials from North American...

Adaptable, All-in-One Android Trojan Shows the Future of Malware

A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...

Fake Adobe Flash Updates Hide Malicious Crypto Miners

While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems. To the average user, the newly discovered samples, which have been active as early as August, seem...

Calif. Law Takes Aim at Weak IoT Passwords

In a first of its kind law, California Governor Jerry Brown signed a bill that bans the use of default “admin” passwords on internet-connected devices sold in the state and requires manufacturers use strong passwords instead. California has been taking aggressive legislative action in 2018 to...

FruityArmor Apt Exploits Yet Another Windows Graphics Kernel Flaw

A just-patched zero-day vulnerability in win32k.sys – the Windows graphics kernel component – is at the heart of a probable sighting of the FruityArmor APT group – an under-the-radar cyberespionage gang active in the Middle East. A recent campaign uncovered by Kaspersky Lab led researchers to the...

Innovative Phishing Tactic Makes Inroads Using Azure Blob

A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, video or tex...

Four Critical Flaws Patched in Adobe Digital Edition

Adobe on Tuesday issued patches for 16 vulnerabilities spanning several of its products. The most serious of those flaws, four critical glitches in Adobe Digital Edition, could enable arbitrary code-execution. Adobe Digital Editions is an reader software program used for acquiring, managing and...

Podcast: Key Takeaways For DevOps in BSIMM9

Synopsys released its ninth annual Building Security in Maturity Model report BSIMM9 last week. The report tracked 120 firms to look at 116 unique activities among 415,000 developers. Gary McGraw, vice president of security technology at Synopsys, talked to the Threatpost about an emerging new...

Microsoft Patches Zero-Day Under Active Attack by APT

Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day CVE-2018-8453, found by Kaspersky Lab,...

New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants

Intel’s new ninth-generation CPUs come packed with hardware-based protections against two variants of the infamous Meltdown and Spectre speculative execution attacks. The ninth-generation desktop Core processors are dubbed Coffee Lake, and became available for preorder on Tuesday. they’re built t...

Slideshow: Intel from Virus Bulletin 2018

This year’s Virus Bulletin 2018, held in Montreal Oct. 3-5, featured a keynote from Microsoft’s John Lambert and a range of threat intelligence research from BAE Systems, Check Point, Cisco Talos, Citizens Lab, Digita Security, ESET, GoSecure, Kaspersky Lab, Malwarebytes, Sophos Security and more...

How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate

The transformation from racks of physical hardware hosting sites and services to cloud computing has provided organizations with better flexibility and reduced costs. Attackers have seen the benefits to this model and are also taking advantage of cloud computing to make more money, evade detectio...

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape

In the wake of Google shutting down its Google+ social networking platform after a privacy snafu, questions remain about the responsibility of tech giants when it comes to consumer data and its handling. A software bug in an API for the social site was discovered by Google’s own internal security...

ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume

Internet Information Services IIS, an extensible web server originally created by Microsoft for use with the Windows NT family, saw a whopping 782x increase in cyberattacks during the second quarter, according to analysis. According to eSentire’s latest threat report based on data gathered from...

Magecart Group Targets Shopper Approved, Customers in Latest Attack

The notorious Magecart threat group has struck again, this time attacking Shopper Approved – a piece of third-party software that provides rating seals for online stores. The attack consequently put payment data from multiple online stores at risk. It’s only the most recent attack for Magecart, a...

PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and...

Sony Smart TV Bug Allows Remote Access, Root Privileges

As the number of smart TVs grows, so does the number of vulnerabilities inside of them. On Thursday, security researchers revealed that eight Sony Bravia smart TV models are vulnerable to three separate bugs, one rated critical. The flaws – a stack buffer overflow, a directory traversal and a...

Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat

MONTREAL – This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members i.e., journalists, social justice activists,...

D-Link Patches RCE Bugs in Wireless Access Point Gear

Four vulnerabilities were disclosed in D-Link’s software controller tool used in its enterprise-class wireless network access points. The disclosure, made on Thursday, also included two vulnerabilities that enabled attackers to remotely execute code with system permissions. The flaws were...