‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank. The malware goes so far as to include bank logos that look and feel as if they’re part of a real security application. In so...

APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security

Researchers claim that APT10, a likely China-based threat actor, is believed directly connected to the Chinese Ministry of State Security’s MSS Tianjin bureau. The allegations come from CrowdStrike which released a report Friday that claims it has found firm ties that link APT10 or Stone Panda wi...

MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites

UPDATED A whopping 7,339 and counting individual e-commerce sites have been infested with the MagentoCore.net payment-card skimmer in the last six months, making the malicious script one of the most successful credit-card threats out there. The infections are part of a single effort, all tied bac...

Threatpost News Wrap Podcast For Aug. 31

The Threatpost team breaks down the biggest news for the week ending on August 31. Topics covered are a Microsoft Windows zero-day, Yahoo’s recent acknowledgement that it scans emails to target ads to a report that mobile app SDKs capture private data when an Android or iOS app crashes. Download...

Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox

Web tracking has long been in the cross-hairs of privacy advocates, who say that marketers know entirely too much about individuals’ online activities. And to add insult to injury, the ubiquitous cookie system used to enable tracking also presents potential security threats, including cross-site...

ThreatList: Security Pros Confident They Could Compromise Their Own Orgs

Cyber-threats that come from within an organization – carried out by employees, former employees, contractors or business associates – represent a very real and growing concern for organizations. Risky behavior can be intentional, a la Edward Snowden, or inadvertent, as is the case with almost al...

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...

Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

The infamous financial cybercrime gang known as Cobalt Group has been spotted actively pushing a fresh campaign that uses a peculiar tactic: Double infection points and two command-and-control C2 servers. The Cobalt Group, a known financial cybercrime ring since 2016, has been suspected in attack...

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

Two previously undocumented, critical vulnerabilities in widely deployed medical devices have sparked patient-safety and data-privacy concerns. Flaws in the Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson BD Alaris TIVA Syringe Pump have been acknowledged by the vendors...

Travel Breaches Hit Air Canada and Asia-Pac Hotelier

It’s been a busy week on the data breach front. First, Air Canada said that a breach of around 20,000 mobile app users had exposed passport information. At the same time, millions have been affected by an information heist targeting a Chinese hotel group with 3,500 properties across the...

BusyGasper Malware Packs a Simple but Potent Punch

A small malware campaign is leveraging spyware called BusyGasper, which is highly effective at collecting data on Android phones and exfiltrating it. The malware is unsophisticated, but loaded with 100 uniquely implemented features ranging from device sensor listeners, motion detectors and the...

Yahoo Persists in Scanning Emails for In-Depth Ad-Targeting

While the rest of the U.S. tech industry is taking steps to assuage consumer concerns over privacy and data-harvesting, Yahoo is selling off the ability to scan more than 200 million Yahoo Mail inboxes for rich user data that might be used for marketing purposes. Verizon’s Oath unit, which owns...

High-Severity Flaws Patched in Schneider Electric Products

Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...

The 4 Building Blocks of Digital Threat Hunting Every Business Needs to Know

There was a time when no one could predict the weather – the only way you knew if a blizzard or heat wave was coming was by observing the snowflakes start to fall or the heat inch towards the unbearable. That changed when technology was developed to help people anticipate and prepare for extreme...

Podcast: Plugging Leaky Data in the Cloud

Securing data in the cloud is a growing concern for enterprises and SMBs. As more sensitive information is stored in the cloud, users may lack awareness of where their sensitive information is going – and whether that data has been accidentally exposed. Threatpost talked to Scott Ellis, product...

Researchers Shine Light on Smart-Bulb Data Theft

Lightbulbs were invented to do one thing: illuminate a room or a space. Cybercriminals, however, may find that these glass miracles can be used to shed light in a more metaphorical sense – to spy on users’ private data and preferences. The light emitted by modern smart bulbs can be used in two...

Crashing Mobile Apps Capture Screens, Leak Private Data

Several mobile software developer kits SDKs can capture sensitive user data when a mobile app crashes, exposing private data to an outside third party. Researchers at Appthority singled out SDKs offered by AppSee and TestFairy in a report published Monday. They warned that mobile users whose apps...

Facebook Flaw Allowed Remote Commands

A vulnerability in a Facebook server that could have led to information disclosure and command execution has been patched by the social network. At issue was a Sentry service, which is an open-source error tracking application that helps developers monitor and fix crashes in real time. It’s writt...

Microsoft Windows Zero-Day Found in Task Scheduler

A zero-day flaw recently disclosed in Microsoft’s Windows task scheduler could enable a bad actor to gain elevated privileges. The flaw, which was disclosed Monday on Twitter, does not yet have a patch. The issue exists in the Advanced Local Procedure Call ALPC interface of Microsoft Windows task...

ThreatList: Ransomware Attacks Down, Fileless Malware Up in 2018

The use of fileless malware in attacks continues to grow and now represents 42 out of 1,000 endpoint attacks, according to an analysis of 2018 data by one security firm. The uptick represents a 94 percent increase in the use of fileless-based attacks between January and June 2018. The study,...

Adobe Pushes Out Unscheduled Creative Cloud Application Fix

Adobe released a second unscheduled fix this month, this time for a flaw in its Creative Cloud desktop application that could lead to privilege escalation. While the vulnerability CVE-2018-12829 was rated “important,” Adobe acknowledged on Tuesday that it is aware of a publicly available...

Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images

A stealthy side-channel tactic for digital surveillance has been uncovered, which allows an attacker to “hear” on-screen images. According to a team of academic researchers from Columbia University, the University of Michigan, University of Pennsylvania and Tel Aviv University, inaudible acoustic...

AT Command Hitch Leaves Android Phones Open to Attack

Attackers can use AT commands to launch several malicious functions on an array of Android devices, including extracting data, rewriting the smartphone firmware and bypassing Android security measures. All they need, according to researchers who developed a proof-of-concept PoC attack, is the...

Newsmaker Interview: Derek Manky on ‘Self-Organizing Botnet Swarms’

For over five years Derek Manky, global security strategist at Fortinet and FortiGuard Labs, has been helping the private and public sector identify and fight cybercrime. His job also includes working with noted groups: Computer Emergency Response, NATO NICP, INTERPOL Expert Working Group and the...

Fortnite Android App Falls Victim to Man-in-the-Disk Flaw

Epic Games has patched a critical man-in-the-disk MiTD flaw for the Android version of the wildly popular Fortnite game – although controversy has swirled after Google decided to ignore a 90-day disclosure request from the gaming company. The issue exists in the Fortnite Installer, which download...

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework. The vulnerability CVE-2018-11776, identified earlier this week, could allow an adversary to execute remote code on targeted...

Following Facebook and Twitter, Google Targets Iranian Influence Operation

In the wake of influence-campaign takedowns by Facebook and Twitter, Google has issued a report detailing its own efforts to root out foreign influence operatives allegedly tied to an Iranian state-run media broadcaster. The news comes as President Donald Trump appeared to tweet in opposition to...

Mirai Variant Cross-Compiles Attack Code with Aboriginal Linux

Criminals behind a Mirai botnet have been spotted using an unusual technique: Leveraging an open-source project called Aboriginal Linux to create a compiled binary, with versions of the malware tailored to each targeted platform. The malware authors are leveraging Aboriginal – a legitimate tool f...

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Wireless carrier T-Mobile notified its 2.3 million subscribers via text message earlier this week that their personal account information may have been exposed. The warnings accompanied a customer advisory posted to the T-Mobile website alerting all its 77 million customers of the breach. Affecte...

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Researchers have found a cross-site scripting XSS flaw in Apache ActiveMQ that could enable a remote attacker with no privileges to launch an array of attacks against visitors to compromised websites. The vulnerability CVE-2018-8006 was disclosed today and impacts ActiveMQ versions earlier than...

Cheddar’s Restaurants Bitten By Credit-Card Breach

Fast-casual stalwart Cheddar’s Scratch Kitchen has become the latest restaurant to suffer a payment-card breach. Cheddar’s, known for its reasonably priced country-fried chicken, pot pies, ribs and other comfort food, has hundreds of locations across the Midwest and the South. It said that it...

ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day

Every 60 seconds, $1.1 million is lost to cyberattacks. That staggering stat comes to us by way of RiskIQ, which compiled proprietary and third-party research to crunch numbers around malicious activity. The resulting report, the appropriately named “Evil Internet Minute,” paints a stark picture ...

AdvisorsBot Downloader Emerges in Raft of Malware Campaigns

A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot due to early...

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

A critical remote code-execution vulnerability in Apache Struts 2, the popular open-source framework for developing web applications in the Java programming language, is threatening a wide range of applications, even when no additional plugins have been enabled. Successful exploitation could lead...

Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes

Facebook was hit with a double privacy punch regarding data privacy on Wednesday. First, Facebook acknowledged in a public post that one of the apps on its platform, myPersonality, inappropriately shared 4 million users’ data with researchers. Also on Wednesday, The Wall Street Journal reported...

Security and Artificial Intelligence: Hype vs. Reality

While artificial intelligence and machine learning are far from new, many in security suddenly believe these technologies will transform their business and enable them to detect every cyber threat that comes their way. But instead, the hype may create more problems than it solves. Recently,...

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

A day after the Democratic National Committee riled up security researchers and the press, it’s walking back an assertion that there was an attempt to compromise its voter database. Though it seemed like the event was the latest in a series of malicious efforts designed to harvest credentials...

DNC Becomes Latest Target in Series of Election-Season Attacks

UPDATE The Democratic National Committee said Wednesday that it reportedly disrupted an attempt to compromise its voter database – apparently the latest in a series of malicious efforts designed to harvest credentials belonging political targets or influence the electorate ahead of the November...

Ghostscript Flaws Allow Remote Takeover of Systems

UPDATE Researchers have uncovered vulnerabilities in the widely deployed Ghostscript package that allows bad actors to remotely take control of vulnerable systems. As of August 24, 2018, all reported problems have been fixed and will be part of the next Ghostscript release in late September, a...

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

In an exhaustive study of critical Linux vulnerabilities, a team of academic and government-backed researchers claim to have proven that almost all flaws could be mitigated to less than critical severity – and that 40 percent could be completely eliminated – with an OS design based on a verified...

Triout Malware Carries Out Extensive, Targeted Android Surveillance

A mobile spyware for Android was disclosed today, with extensive, advanced surveillance capabilities that suggest that a sophisticated actor is pulling the strings. Using a recently discovered malware dubbed Triout, bad actors are tapping into the proliferating footprint of Android-based...

Podcast: Bad Packets Report Founder on Rising Cryptojacking Attacks

Security researcher Troy Mursch of the Bad Packets Report joins the Threatpost Podcast to discuss recent cryptojacking campaigns, and why these types of malicious cryptomining attacks are on the rise. Criminals have been harnessing devices – from mobile devices to servers – to mine cryptocurrenci...

Adobe Patches Critical Photoshop Flaws in Unscheduled Update

Adobe hurried out unscheduled patches today for two critical flaws that could enable remote code-execution in Photoshop CC. The patches impact two memory corruption vulnerabilities in Adobe Photoshop products, including Photoshop CC 2018 v 19.1.6 and Photoshop CC 2017 v 18.1.6, both for Windows a...

Ryuk Ransomware Emerges in Highly Targeted, Highly Lucrative Campaign

A targeted new ransomware has burst on the scene, attacking well-chosen, targeted organizations worldwide with a highly sophisticated operation that may be linked to a well-known APT actor. Over the past two weeks, the Ryuk ransomware has encrypted hundreds of PCs, storage and data centers in eac...

Dark Tequila: A Distilled Threat for Mexican Targets

Researchers have been tracking an ongoing malicious campaign targeting victims in Mexico, with a highly crafted tool built to steal financial information and login credentials for popular websites. Researchers at Kaspersky Lab said today that the campaign, dubbed Dark Tequila, and its supporting...

Airmail 3 Exploit Instantly Steals Info from Apple Users

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavemen...

Video: Bishop Fox on Device Threats and Layered Security

Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month...

Google Faces Legal Turmoil After Location Tracking Debacle

Google is under fire from both legal teams and activists after reports emerged that the technology giant tracked customers’ movements, even when they opt out. The company has been slapped by a lawsuit, filed in the federal court last week out of California, alleging that Google is violating both...