Threatpost New Wrap Podcast For Oct. 5

Threatpost’s Lindsey O’Donnell and Tom Spring break down the highlights on the heels of a week filled with cybersecurity news. Included in the podcast week news wrap, ending Oct. 5, are the Bloomberg report alleging that a China government-affiliated group slipped tiny microchips into Super Micro...

Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem

MONTREAL — While troll farms, influence campaigns and Twitter bots that spread disinformation have all become high-profile and negative aspects of the social-media universe, new research shows that there is actually a rich and complex supply chain behind these efforts. “Social-media fraud is...

ThreatList: 83% of Routers Contain Vulnerable Code

A staggering 83 percent of home and office routers have vulnerabilities that could be exploited by attackers. Of those vulnerable, over a quarter harbor high-risk and critical vulnerabilities, according to a report released this week by American Consumer Institute on router safety PDF. The study...

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

MONTREAL – The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for...

Apple, Amazon Strongly Refute Server Infiltration Report

Apple and Amazon are strongly refuting a report claiming that Chinese spies infiltrated third-party motherboards used on servers by U.S. companies. If true, the incident would be the largest supply chain attack to have been launched against American corporations, say experts. According to a...

Virus Bulletin 2018: macOS Flaw Allows Attackers to Hijack Installed Apps

MONTREAL — A serious flaw in how macOS handles code signatures can lead to the compromise of multiple applications on Apple computers. Worse, the issue is largely unknown to most Mac users, and even most Mac administrators. “Because macOS checks code signatures very infrequently, it is easily...

Cloud, Containers, Orchestration Big Factors in BSIMM9

As software and applications increasingly head to the cloud, traditional enterprise software security initiatives are getting turned on their head. The push to the cloud, experts say, isn’t just taking applications and services off premises: It’s redefining how DevOps and traditional IT departmen...

Virus Bulletin 2018: Microsoft’s Lambert on How Cloud is Changing Security

MONTREAL – As businesses increasingly turn to the cloud and to software-as-a-service applications, they are finding themselves with new attack surfaces and new types of threats – specifically, hard-to-thwart supply-chain attacks that have the potential for large amounts of collateral damage. In a...

Facebook Breach Sparks Concerns Around Third-Party Apps, Website Security

Days after Facebook acknowledged a data breach of its platform – impacting 50 million accounts – the company said it has found no evidence that attackers accessed any apps using Facebook Login. But security experts are still on edge that the breach could have let attackers access third-party apps...

Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

Artificial intelligence is the new golden ring for cybersecurity developers, thanks to its potential to not just automate functions at scale but also to make contextual decisions based on what it learns over time. This can have big implications for security personnel—all too often, companies simp...

Pumping the Brakes on Artificial Intelligence

While the push-pull between defenders and attackers using artificial intelligence continues, there’s another security dimension to machine intelligence that should be of concern. Just as the rise of IoT devices has created an inadvertent new threat surface ripe for introducing vulnerabilities, so...

Foxit PDF Reader Fixes High-Severity Remote Code Execution Flaws

Foxit Software has patched over 100 vulnerabilities in its popular Foxit PDF Reader. Many of the bugs tackled by the company include a wide array of high severity remote code execution vulnerabilities. Foxit on Friday released fixes for Foxit Reader 9.3 and Foxit PhantomPDF 9.3, which addressed a...

NOKKI Malware Sports Mysterious Link to Reaper APT Group

The Reaper APT group, suspected of being affiliated with North Korea, turns out to have a link to the recently uncovered NOKKI malware family. Palo Alto’s Unit 42 recently observed NOKKI-laden attacks targeted Russian- and Cambodian-speaking individuals with political lures. NOKKI is a backdoor,...

Google Patches Critical Vulnerabilities in Android OS

Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...

Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration

UPDATE An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published...

Google Cracks Down on Malicious Chrome Extensions in Major Update

Google on Monday announced major changes to its Chrome Web Store as the company tries to ax the malicious extensions that have continuously popped up on its platform over the years. The array of security improvements include a stricter extension review process, new code-readability requirements...

ThreatList: Password Hygiene Remains Lackluster in Global Businesses

When it comes to password behaviors in the workplace, the average business is doing just an okay job, scoring a middling score in a credentials-security benchmarking analysis of organizations’ habits. Notably, the data also shows that password-sharing is still prevalent in the workplace – althoug...

Adobe Patches 47 Critical Flaws in Acrobat and DC

Adobe on Monday posted its regularly-scheduled October security update addressing 86 vulnerabilities – more than half of which were critical flaws – in Adobe Acrobat and Reader, its set of services to view, create, and manage PDF files. Up to 47 of the patches addressed critical vulnerabilities...

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

Lenovo is warning of nine vulnerabilities rated “high” and impacting 20 separate network attached storage NAS devices sold by the company, including its LenovoEMC, Iomega and its Lenovo-branded NAS devices. By exploiting one of several command-injection vulnerabilities in the devices’ operating...

California, U.S. Government Battle Over Net Neutrality State Law

The U.S. government and the state of California are butting heads over a newly-passed state law that enforces net neutrality regulations on internet service providers ISPs. And experts say that the outcome of the feud between federal and state law has long-standing implications for the future of...

Dark Web Azorult Generator Offers Free Binaries to Cybercrooks

A malicious build-it-yourself platform for the Azorult info-stealing malware has debuted on the Dark Web. The online builder, which its authors have named Gazorp, allows cybercriminals to generate their very own strains of Azorult, along with the apparatus to control it. And, it’s free. “Threat...

Facebook Data Breach Impacts Almost 50 Million Accounts

Facebook on Friday said that hackers have exploited a flaw in its platform that left the access tokens of almost 50 million Facebook accounts ripe for the taking. Access tokens are the digital keys that keep users logged into Facebook so they don’t need to re-enter their password every time they...

Another Linux Kernel Bug Surfaces, Allowing Root Access

A high-severity cache invalidation bug in the Linux kernel has been uncovered, which could allow an attacker to gain root privileges on the targeted system. This is the second kernel flaw in Linux to debut in the last week; a local-privilege escalation issue was also recently discovered. The flaw...

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos

A passcode bypass vulnerability in Apple’s new iOS version 12 could allow an attacker to access photos and contacts including phone numbers and emails on a locked iPhone XS and other devices. The hack allows someone with physical access to a vulnerable iPhone to sidestep the passcode authorizatio...

Android App Verification Issues Pave Way For Phishing Attacks

A design issue in the way some popular password manager tools verify legitimate Android apps could be harnessed to help attackers launch successful phishing attacks on users. Researchers with the University of Genoa and Eurecom inspected popular mobile password tools that sync with Android...

Perimeter Defenses are Dead, So Now What?

The castle walls, moat and drawbridge have been overrun. It is obvious to all of us – the use of perimeter defense as the key cyber strategy is dead. InfoSec Insider contributor Pravin Kothari Over time, the internet has added so many new entry points into the enterprise that they are unmanageabl...

Threatlist: Hackers Turn to Python as Attack Coding Language of Choice

Python was recently touted as on track to become the world’s most prevalent coding language, looking to swallow, as it were, the majority of the market share for developers. According to recent analysis, Python’s popularity also extends to black hats. Mirroring the findings around its use by code...

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

A local-privilege escalation vulnerability in the Linux kernel affects all current versions of Red Hat Enterprise Linux and CentOS, even in their default/minimal installations. It would allow an attacker to obtain full administrator privileges over the targeted system, and from there potentially...

Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info

Enterprises using Apple’s Device Enrollment Program DEP for mobile device management MDM enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks, according to researchers. MDM is a common enterprise technology offered by multipl...

2018 Has Been Open Season on Open Source Supply Chains

As the number of open source components used in software supply chains shoot up, hackers are going along for the ride. Increasingly threat actors are planting bad code in open-source repositories in the hopes to harvest the flaws later when used in larger banking, manufacturing and healthcare Dev...

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After reverse-engineering seven additional third-stage...

Google Vows Privacy Changes in Chrome Browser After User Backlash

Google took steps to quiet critics Wednesday after irking them earlier this week when data privacy issues tied to Chrome 69 came to light. On Sunday, Matthew Green, a cryptographer and professor at Johns Hopkins University, blasted Google for what he said were questionable privacy policies in...

Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks

Certain types of online ads that expand, contract and pop-open aren’t just annoying – they can sometimes be dangerous. The ads in question are called expandable ads, which use what is called iFrame Busters code. The ads, together with iFrame Buster code, are designed to break the limits of a...

Malware on SHEIN Servers Compromises Data of 6.4M Customers

Email addresses and encrypted passwords of over 6.4 million SHEIN customers were stolen over the summer after the women’s retailer said it suffered a “concerted criminal cyberattack” on its computer network. The data breach occurred between June and August 2018, the company said in a recent...

Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info

A zero-day vulnerability in the brand-new version of the Apple Mojave macOS has been uncovered, which would allow an attacker to access private and confidential information by using an unprivileged app. The flaw was found by Patrick Wardle, co-founder of Digita Security and creator of Objective-S...

Cybercriminals Target Kodi Media Player for Malware Distribution

The Kodi media player has emerged as a malware distribution platform for cybercriminals, recently becoming the target for a cryptomining campaign that compromised about 5,000 machines before being thwarted. Those victims are still at risk, researchers warned. Kodi is free and open-source, and can...

Adwind RAT Scurries By AV Software With New DDE Variant

A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool RAT – and using a fresh take on the Dynamic Data Exchange DDE code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE...

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

An update to Google Chrome’s sign-in mechanism could clear a path to compromising the privacy of users’ browser data, according to a researcher who stumbled across the change. Matthew Green, a cryptographer and professor at Johns Hopkins University, noticed his Gmail profile pic strangely and...

Assessing the Human Element in Cyber Risk Analysis

Seventeen percent of data breaches started as social engineering attacks, mostly from email, according to the most recent Verizon Data Breach Investigations Report. In general, employee errors, such as sending an email to the wrong person, also accounted for 17 percent of breaches. Here in lies t...

Tricky DoS Attack Crashes Mozilla Firefox

A newly released proof-of-concept attack using malicious JavaScript can crash or freeze Mozilla Firefox when an unsuspecting victim visits a specially crafted webpage on the browser. Researcher Sabri Haddouche, a security researcher with Wire, on Sunday released the source code for the attack,...

Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug

Almost a year after the BlueBorne flaws were disclosed in 2017, up to 2 billion IoT devices are still vulnerable to the Bluetooth driver spoofing vulnerability. Joe Lea, VP of product at Armis Security, talks to Threatpost about the challenges that exist in patching IoT devices, and why more and...

Critical Vulnerability Found in Cisco Video Surveillance Manager

A critical vulnerability in the Cisco Video Surveillance Manager software has been uncovered, which could allow an unauthenticated, remote attacker to log in and execute arbitrary commands as the root user. The issue is a simple one: Affected versions contain static user credentials for the root...

Twitter Flaw Exposed Direct Messages To External Developers

Twitter on Friday said that a recently-patched bug in its platform enabled software developers to read users’ private direct messages or protected tweets. The bug ran from May 2017 until it was discovered on September 10 – after which Twitter patched the glitch to prevent data from being...

Delphi Packer Looks for Human Behavior Before Deploying Payload

As bad actors continue to innovate in the area of sandbox evasion, the use of the Delphi programming language to pack malware code has become more and more prevalent. Researchers recently observed several spam campaigns using a specific packer written in Delphi that goes to great lengths to hunt...

Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

A Microsoft zero-day has been uncovered that could allow remote code-execution; and as of now, it remains unpatched. According to Trend Micro’s Zero Day Initiative ZDI, the flaw is an out-of-bounds OOB write in the Microsoft JET Database Engine, which underlies the Microsoft Access and Visual Bas...

Lucy Gang Debuts with Unusual Android MaaS Package

There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.” The offering is a malware-as-a-service MaaS bundle with two parts, consisting of a controlling web interface which...

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

UPDATE Cisco Systems has issued a second warning for a critical static credential bug in its IOS XE software, which allows an unauthenticated attacker to gain access to targeted systems. The security bulletin comes more than six months after the company initially reported the bug and provided a...

Magecart Strikes Again, Siphoning Payment Info from Newegg

The Magecart threat actor, which just made headlines with the British Airways breach, has been racking up conquests lately and shows no signs of slowing down. This week, it added a new feather to its compromise cap: The Newegg online retailer. Newegg is a top online merchant with tens of millions...

Thousands of Breached Websites Turn Up On MagBo Black Market

A newly-discovered underground marketplace has been peddling access to more than 3,000 breached websites, catering to hackers hungry for valuable data and the ability to launch a range of attacks on unsuspecting site visitors. Advertisements for the Russian-speaking marketplace called MagBo were...

Mirai Masterminds Helping FBI Snuff Out Cybercrime

The three masterminds behind Mirai – the infamous botnet known for taking down internet services in a 2016 DDoS attack – will work with the FBI in future cybercrime investigations as part of their sentencing for creating and operating the botnet. The three hackers, Paras Jha 22, of New Jersey,...