15946 matches found
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader
Adobe released patches for seven flaws in an unscheduled update for its Acrobat Reader and DC product, which could lead to arbitrary code execution. The patches, released Wednesday, come one week after Adobe’s regularly-scheduled September update. The flaws addressed include one “critical”...
A Hybrid Solution to Taming SOC Alert Overload
The moving assembly line was one of the greatest innovations of the Industrial Revolution. Prior to 1913, when Henry Ford installed the first moving assembly line in his factory, cars were built by humans performing manual, mundane tasks. Imagine humans hand painting cars on the factory floor –...
XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
Researchers have discovered a new sophisticated malware family in the wild, which wrecks havoc on Windows and Linux systems with a combination of data destructive ransomware and malicious cryptomining. The malware, dubbed by Palo Alto Networks’ Unit 42 researchers who discovered it as Xbash, has...
ThreatList: Malware Samples Targeting IoT More Than Double in 2018
It’s no secret that connected devices are posing a security threat in the commercial, consumer and industrial worlds. A fresh report on this expanding threat landscape shows that attacks are accelerating, with MikroTik routers, Telnet password-cracking and the Mirai botnet dominating the...
State Government Online Payment Service Exposes 14M Customers
Details on more than 14 million customer records have been exposed thanks to a security oversight at GovPayNow.com, which as its name implies provides a platform for online payment systems for state and local governments. The company, which according to its website “handles more than 2.1 million...
Dangerous Pegasus Spyware Has Spread to 45 Countries
The infamous Pegasus spyware, which targets iPhones and Android devices, has allegedly infiltrated 45 different countries across the globe — and six of those countries have used surveillance malware in the past to abuse human rights, a group of researchers claimed Tuesday. Researchers from The...
Insiders Continue to be Data Theft’s Best Friend
Some of the most damaging attacks to hit organizations over the last several years weren’t caused by outside threat actors. They originated from within an organization’s corporate network. They were inside jobs. It’s not that outside attackers don’t pose a threat. Between adversaries looking to...
Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras
Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated...
Facebook Now Offers Bounties For Access Token Exposure
Facebook announced Monday it is expanding its bug bounty program to sniff out vulnerabilities related to access token exposure. The social media giant will offer at least $500 for vulnerabilities found in third-party apps and websites that involve improper exposure of Facebook user access tokens...
Old WordPress Plugin Being Exploited in RCE Attacks
Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins earlier than version 1.2.42 are vulnerable to the...
CSS Attack Causes iOS, macOS Devices to Crash
A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher disclosed over the weekend. On Saturday, researcher Sabri Haddouche, a security researcher at Wire, tweeted the source code of the proof-of-concept PoC attack that he said...
Researchers Heat Up Cold-Boot Attack That Works on All Laptops
A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...
E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content
As the E.U. continues to develop tactics to better combat terrorism, European authorities plan to propose strict rules about content policing by tech giants such as Google, Twitter and Facebook. European Commission President Jean-Claude Juncker said Wednesday that the proposed rules would specify...
Five Weakest Links in Cybersecurity That Target the Supply Chain
Matan Or-El, co-founder and CEO at Panorays Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The...
Magecart Threat Group Racks Up More Hack Victims
Days after Magecart adversaries were blamed for the British Airways breach, the threat group was also identified as behind hacking two additional victims this week – including customer engagement tool Feedify and boutique deal company Groopdealz. The hack of Feedify was disclosed after Twitter us...
OilRig APT Continues Its Ongoing Malware Evolution
OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an evolved variant of the BondUpdater trojan. The group, which is also called Cobalt Gypsy, Crambus, Helix Kitten or...
ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery
Attacks using malicious Microsoft macros, always a popular method for compromising target machines, are more virulent than ever, accounting for 45 percent of all delivery mechanisms analyzed in August. Top Malware Delivery Mechanisms in August Just behind this tried-and-true method lies the...
Experts Bemoan Shortcomings with IoT Security Bill
An internet of things IoT bill that would mandate unique passwords for connected devices has been approved by the California state legislature. It will be the first potential connected device regulation to come into effect in the United States if California Gov. Jerry Brown decides to sign it —...
PowerShell Obfuscation Ups the Ante on Antivirus
A new malware sample using a rare obfuscation technique has been spotted that uses the features of PowerShell, a tool that comes built in to Microsoft Windows. Analysis from Cylance shows that the tactic succeeds in bypassing most antivirus products. Cylance researchers stumbled across a malware...
Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw
A browser address bar spoofing flaw was found by researchers this week in Safari – and Apple has yet issue a patch for the flaw. Researcher Rafay Baloch on Monday disclosed two proof-of-concepts revealing how vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to...
Osiris Banking Trojan Displays Modern Malware Innovation
After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on the part of its authors, with an eye to broader malware trends. Osiris first appeared in July in three...
Threatlist: Email Attacks Surge, Targeting Execs
There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise BEC attempts, according to a new report. Several trends emerged in the analysis period, includi...
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
UPDATE Microsoft has patched an elevation-of-privilege vulnerability it said is actively being exploited by hackers. The fix was part of Microsoft’s scheduled September Patch Tuesday release, which also included fixes for two other bugs found being used in the wild, including the zero-day found i...
Bad Actors Sizing Up Systems Via Lightweight Recon Malware
Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, ...
Millions of Records Exposed in Veeam Misconfigured Server
UPDATE Hundreds of millions of records were exposed after a MongoDB server belonging to disaster-recovery firm Veeam was left misconfigured, researchers found. The open server contained a 200-gigabyte database with millions of records. Researcher Bob Diachenko, who discovered the misconfiguration...
Adobe Patches Six Critical Flaws in ColdFusion
Adobe has released patches fixing six critical vulnerabilities in its ColdFusion product that could lead to arbitrary code-execution. The flaws impact Adobe’s ColdFusion product, which is the company’s commercial web application development platform. Impacted are the 2016 Update 6 and earlier...
Magecart Group Pinned in Recent British Airways Breach
The recent British Airways breach of up to 380,000 payment cards, has been attributed to the infamous Magecart threat actor. Last week, British Airways revealed that the bank card data was compromised after a security breach occurred on the company’s website and mobile app in August. While...
ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation
UPDATE A pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients have been uncovered, which allow attackers to execute code as an administrator on targeted Microsoft Windows machines. In both cases CVE-2018-3952 NordVPN and CVE-2018-4010 ProntonVPN, the clients have the same design,...
Tor Brings Onion Browser to Android Devices
The Tor privacy-focused browser has launched an official app for the mobile web for the first time, with a trial version of a client now available for Android devices. In an alpha release, the onion network is offering what Tor said is “on par with Tor Browser for desktop” when it comes to user...
Apple Finally Boots Sneaky Adware Doctor App from Mac App Store
UPDATE Apple removed the top-rated app Adware Doctor from its official Mac App Store after researchers publicly exposed the privacy-busting app on Friday. The app was removed the same day. In addition to Adware Doctor, Apple also took action against a number of different macOS apps that also...
Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws
Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets – now targeting well-known vulnerabilities in Apache Struts and SonicWall. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a...
‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets
A mobile spyware campaign against mainly Iranian citizens has been spotted – with evidence that the Iranian government might be involved. The operation is dubbed Domestic Kitten by Check Point researchers — “kitten” to follow common APT nomenclature for Iranian groups and “domestic” because they...
Open .Git Directories Leave 390K Websites Vulnerable
A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that can expose a range of sensitive information. Researcher Vladimír Smitka at Lynt Services performed the scan, starting first in his native Czech...
British Airways Website, Mobile App Breach Compromises 380k
British Airways said approximately 380,000 card payments were compromised after a security breach occurred on the company’s website and mobile app in August. According to the airline, which notified customers on Thursday, the breach compromised the personal and financial details of customers –...
Threatpost News Wrap Podcast For Sept. 7
Threatpost editors Lindsey O’Donnell and Tom Spring break down the biggest news from the week ending September 7, including a feature story on vulnerability disclosure and new fixes in Chrome and Firefox. Download the podcast directly at http://traffic.libsyn.com/digitalunderground/WEEKWRAP.mp3...
Threat Actors Eyeing IQY Files To Peddle Malspam
More threat actors are pushing weaponized Excel web query IQY files to deliver malicious code – as seen in recent campaigns by several major malspam distributors. Researchers at IBM X-Force this week disclosed that both the Necurs Botnet, as well as DarkHydrus and the threat actor behind the Mara...
Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs
A top-grossing Apple App Store program called Adware Doctor is capable of sidestepping macOS security controls and surreptitiously copying a user’s entire browser history. It then sends it to a China-based domain. According to Patrick Wardle, chief research officer at Digita Security and founder ...
ThreatList: Attacks on Industrial Control Systems on the Rise
The systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors are increasingly in the crosshairs of cyber-attackers: A full 41.2 percent of industrial control system ICS were attacked by malicious software at least once in the first half of 201...
U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy
The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment SPE in 2014 – as well as the global WannaCry attack last year that caused millions of dollars of economic damage and also charged him with the costly 2016 SWIFT attack on the Bangladesh central ban...
Active Spy Campaign Exploits Unpatched Windows Zero-Day
The recently discovered Windows zero-day – which still doesn’t have a patch – has been used in the wild for the last week, with an active info-stealing campaign emerging just two days after its disclosure on Twitter. The flaw is a local privilege escalation vulnerability in the Windows Task...
Mozilla Patches Critical Code Execution Bug in Firefox 62
Mozilla released nine fixes in its Wednesday launch of Firefox 62 for Windows, Mac and Android – including one for a critical glitch that could enable attackers to run arbitrary code. Overall, the latest version of the Firefox browser included fixes for the critical issue, three high-severity...
High-Severity Flaws in Cisco Secure Internet Gateway Service Patched
Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine. The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure internet gateway that...
OilRig Sends an OopsIE to Mideast Government Targets
The OilRig group is back, using a reboot of the OopsIE trojan to pump information from its favorite resource: entities in the Middle East region. OilRig, which is also called Cobalt Gypsy, Crambus, Helix Kitten or PT34, is suspected of having ties to Iran. The group was identified in 2015 and is...
Google Rolls Out 40 Fixes with Chrome 69
Google has officially lifted the curtain on Chrome 69 for Windows, Mac and Linux this week. The tech giant’s latest browser version comes loaded with new security features and a slew of patches. Overall, the update included 40 security fixes. Several of those were rated “high,” including five...
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...
The Vulnerability Disclosure Process: Still Broken
Despite huge progress in the vulnerability disclosure process, things remain broken when it comes to vendor-researcher relationships. Case in point: Last year when Leigh-Anne Galloway a cybersecurity resilience lead at Positive Technologies found a gaping hole in the Myspace website, she reported...
Tiny Island Atoll’s Domain Used in Widespread Ad Fraud
A scam campaign involving “.tk” domains has been active since at least May 2018, redirecting unsuspecting users to fake blogger sites that are collectively bringing in close to $22,000 per month in advertising revenue. The same actors have also been spotted running a tech-support scam in tandem,...
Multiple Remote Code-Execution Flaws Patched in Opsview Monitor
A slew of vulnerabilities have been disclosed in Opsview Monitor a proprietary IT monitoring software for networks and applications, which could enable remote code-execution, command-execution and local privilege-escalation. A total of five flaws CVE-2018-16148, CVE-2018-16147, CVE-2018-16146,...
Thousands of MikroTik Routers Hijacked for Eavesdropping
A full 7,500+ MikroTik routers are forwarding their owners’ traffic to eavesdropping cybercriminals – while 239,000 more have had their Socks4 proxy enabled, maliciously and surreptitiously. This means the bad actors can gain access to any of the files or data being passed by the router to and fr...
ThreatList: 60% of BEC Attacks Fly Under the Radar
Up to 60 percent of business email compromise BEC attacks don’t involve a malicious link, making it more difficult for employees and email security systems to spot that something is amiss, a recent report found. Researchers at Barracuda, in a new study of 3,000 BEC attacks, found that most of the...