Black Hat 2018: Cortana Flaw Allowed Takeover of Locked Windows 10 Device

LAS VEGAS – Researchers sounded the security alarm here at Black Hat over issues tied to voice control – specifically with the Windows Cortana service. On Wednesday they outlined a flaw patched in June by Microsoft dubbed “Open Sesame” that allowed an adversary to bypass a Windows 10 lock screen...

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

LAS VEGAS – Prolific Google bug hunter Ian Beer ripped into Apple on Wednesday, urging the iPhone maker to change its culture when it comes to iOS security. He said the company suffers from an all-too-common affliction of patching an iOS bug, but not fixing the systemic roots that contribute to t...

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

LAS VEGAS – Mixed signal circuits – in which chips isolate digital and analog components – are opening chips up to novel side-channel attacks, researchers said at Black Hat 2018 today. As chip manufacturers search for smaller and cheaper microelectronics components, they have adopted a mixed-sign...

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

LAS VEGAS – The complexity of the cybersecurity landscape is at an all-time high, with security researchers, vendors, third-party ecosystems and even governments all trying to come to a consensus for making the cyber-world a safer place. For security experts, navigating these choppy and crowded...

‘Chaff Bug’ Defense Rolls Out Shiny Objects for Attackers to Find

Camouflage and distraction have long been hallmarks of warfare, and it’s no different when it comes to the cyber-front. A group of researchers from New York University are taking the idea further than it’s gone before with the idea of introducing decoy bugs into code – ultimately non-exploitable...

Threatlist: Manufacturing, a Top Target for Espionage

When it comes to cyberattack-related reconnaissance and lateral movement activity, the manufacturing industry exhibits higher than normal rates. That’s according to Vectra’s 2018 Spotlight Report on Manufacturing, which crunched data from more than 4 million devices and workloads from customer...

Black Hat 2018: Patrick Wardle on Breaking and Bypassing MacOS Firewalls

LAS VEGAS – Taking aim at the status-quo of macOS firewalls, researcher Patrick Wardle has made his case for Apple and third-party security firms to beef up their protections. At a session here at Black Hat 2018, Wardle, chief research officer at Digita Security and founder of Mac security compan...

Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

LAS VEGAS – Researchers said they found buffer overflow flaws in the firmware for ASRock and ASUS, potentially enabling bad actors to remotely launch man-in-the-middle MITM attacks. The findings, which will be presented Wednesday at Black Hat USA this week by researchers from Eclypsium, show that...

Podcast: enSilo CEO on Black Hat USA 2018 Trends

Las Vegas – Threatpost’s Lindsey O’Donnell sits down with enSilo CEO Roy Katmor to talk about the top trends that we are seeing this week at Black Hat USA 2018 – from machine learning to connected-car security. Download here:...

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Legacy WiFi just became a little less safe, according to Jens Steube, the developer of the password-cracking tool known as Hashcat. He has found a faster, easier way to crack some WPA/WPA2-protected WiFi networks. Hackers have compromised the WPA/WPA2 encryption protocols in the past, but it’s an...

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Whether you’re just starting off in the cybersecurity field or are already working as a security professional, there are many certifications for you to consider across various specializations and difficulty levels. Not to mention certifications covering a range of disciplines and emerging securit...

Microsoft Adds Direct Trust for Let’s Encrypt

Microsoft has added direct trust for Let’s Encrypt certificates, meaning that all major browsers and operating systems, including Apple, Blackberry, Google, Microsoft, Mozilla and Oracle, now all directly trust the Let’s Encrypt root, ISRG Root X1. Let’s Encrypt provides free digital certificates...

Pentagon Bans Soldiers from Using GPS Apps and Devices

After fitness apps have been shown to reveal the locations of U.S. military personnel in hot zones around the world, the Pentagon is mandating that armed service members must switch off any device using GPS functionality if they are deployed in “operational areas.” “Effective immediately, Defense...

ThreatList: Financial Services Firms Lag in Patching Habits

Almost half 45 percent of financial services firms in a recent survey have reported a data breach in the last two years – with many of those attacks being completely avoidable if known vulnerabilities were patched. In a Ponemon Institute survey of nearly 3,000 cybersecurity professionals at...

Black Hat USA 2018 Preview

Threatpost editors Tom Spring, Lindsey O’Donnell and Tara Seals break down the biggest trends to watch out for at Black Hat USA and DEF CON 2018, which both kick off this week in Las Vegas. There is much to watch out for, including a keynote from Google’s Director of Engineering Parisa Tabriz, as...

Fortnite Skips Google Play For Android Apps, Irking Security Experts

Security experts are dismayed after the makers of extremely popular video game Fortnite said its Android version of the game will only be available for download via the company’s website, shirking the Google Play store. Last week, Fortnite creator Epic Games confirmed that it will directly...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

Top iPhone Supplier Battles WannaCry Infection

A top iPhone supplier, Taiwan Semiconductor Manufacturing Co. TSMC, has recovered from a WannaCry ransomware infection that impacted the majority of its fabrication tools. The incident could delay mobile phone shipments during the pre-holiday Fall rush, and reduce revenue for Taiwan’s largest...

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

A group of well-known genetic testing providers have partnered with the Future of Privacy Forum FPF to establish privacy guidelines for handling information about what is arguably the most personal private information there is: DNA. Consumer-grade DNA testing – i.e., services that allow folks at...

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Cloud behemoth Salesforce.com is warning customers about an API error that may have leaked data for some users of its Marketing Cloud offering. The issue was in play between June 4 to July 18, according to an alert that Salesforce.com sent out to customers Thursday. The issue potentially affected...

ThreatList: SMB Security Challenges Grow with the Cloud

Firewall and network security is the No. 1 concern when it comes to small- and medium-sized business SMB security, according to research, particularly as they begin to move more and more of their mission-critical infrastructure to the cloud. However, preparing for increasing security threats...

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Spam click-rates are up in 2018. Last year, 13.4 percent of spam messages that made it into inboxes were clicked on. So far, in 2018 that percentage has jumped to 14.2 percent. The numbers come from F-Secure, which reported Wednesday on the sorry state of users’ better judgment when it comes to...

Phishing Campaign Steals Money From Industrial Companies

Industrial production companies are the targets in a large-scale spear-phishing email campaign aimed at installing legitimate remote administration software on victims’ systems. Researchers with Kaspersky Lab said that emails purporting to be commercial offers were the conduit to enabling attacke...

Podcast: Breaking Down the COSCO Ransomware Attack

Last week, shipping giant COSCO China Ocean Shipping Company announced it was hit with a ransomware attack that crippled its U.S. operations. The company’s phone and email for its U.S. branch were down for five days, and have now been restored. Threatpost talks to Matt Tyrer with Commvault about...

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

UPDATE A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability. As of Thursday morning, Censys.io has reported more than 170,000 active MikroTik devices infected with the...

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Three suspected members of the FIN7 cybercrime group have been arrested in Europe and accused of hacking more than 120 U.S.-based companies with the intent of stealing bank cards. In total, U.S. Department of Justice authorities said the FIN7 group — associated with the Carbanak crime gang — is...

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

Researchers have found up to 145 Android apps on the Google Play store infected by malicious Microsoft Windows executable files capable of planting key-loggers on Windows systems. Researchers at Palo Alto Networks’ Unit 42 said Monday that they suspect that the Android app developers involved wer...

Reddit Breach Stems from SMS Two-Factor Authentication Breakdown

Reddit confirmed Wednesday that a hacker broke into its systems and has accessed user data – including email addresses and passwords for accounts. The company said in a post today that the compromise occurred between June 14 and June 18, and it detected the incident on June 19. “We learned that a...

Amnesty International Targeted by Nation-State Spyware

Human rights stalwart Amnesty International says that it has been targeted in a nation-state led cyberespionage attack. The group said that a staff member in June received a malicious WhatsApp message in Arabic, purporting to contain a link to information about an alleged protest outside the Saud...

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

The popular Steam online gaming platform has pulled a simple, 2D game from its library, after it was found to be consuming an unusual amount of processing power on gamers’ machines. Steam owner Valve booted the game, “Abstractism,” after players lodged complaints about the game chewing up process...

Facebook Removes 17 Profiles Involved in Political Meddling

Facebook Tuesday said that it has removed 32 pages from its platform involved in “coordinated inauthentic behavior.” The action comes months before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against potential campaigns attempting to sway...

ThreatList: Business Email Compromises Way Up for Q2

Attacks targeting business email accounts continued to climb in the second quarter, according to data released today by specialist insurer Beazley. Hardest hit were organizations using Office 365, the popular cloud-based productivity solution. The July edition of Beazley Breach Insights shows tha...

Complex Malvertising Scheme Impacts Multiple Levels of Web Economy

UPDATE A sprawling malvertising campaign that leverages the AdsTerra legitimate online advertising company has been uncovered, involving at least 10,000 compromised websites and driving legions of web visitors around the world to exploit kits. AdsTerra, one of the largest ad networks out there,...

HP Offers Up to $10,000 Rewards for Printer Bugs

HP launched a bug bounty program for printers Tuesday, with a max payout of $10,000 a vulnerability. The company, which has partnered with Bugcrowd to offer between $500 and $10,000 for bug discoveries, said that it marks the first-ever bug bounty program for printers. “HP has offered a way for...

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

On this week’s Threatpost Podcast show, we sit down with Ronen Rabinovich from Cyberbit to discuss bitcoin mining on operational technology and critical infrastructure networks. Rabinovich talks about why the massive amount of computing power and lack of security and monitoring tools make...

Updated AZORult Spyware Comes with Sophisticated New Techniques

An updated version of the AZORult spyware has been sighted as the payload in a large spam campaign – just one day after debuting on the Dark Web. AZORult steals information and can download additional malware; it’s been around since at least 2016, when Proofpoint researchers identified it as part...

Connected Car Apps Open Privacy Hole For Used Car Owners

When we think about hacking connected cars, most of the research has been around difficult-to-exploit vulnerabilities that would allow someone besides the owner to do things such as control the infotainment system, unlock the car remotely or even take control of the steering mechanism. But it tur...

Jailhouse Tablets Allow Inmates to Steal Thousands of Dollars in Credits

Officials at the Idaho Department of Correction say that inmates from five different facilities across the state collected nearly a quarter million dollars in credits after hacking their tablets. Up to 364 inmates exploited a vulnerability in JPay tablets – which were given to prisoners for email...

DMARC Compliance Lacking in 28 Percent of .Gov Agencies

As phishing ploys continue to take their toll on businesses, federal agencies have yet to fully protect themselves against such attacks with basic defenses like DMARC. With only months to go before the federal Binding Operational Directive BOD 18-01 deadline of October 2018, which mandates DMARC...

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

After a few months of absence, the FELIXROOT backdoor malware has been spotted in a fresh malspam campaign. The campaign uses weaponized lure documents claiming to contain seminar information on environmental protection efforts. This backdoor has a range of functions, including the ability to...

Security Glitch in IoT Camera Enabled Remote Monitoring

Swann has patched a flaw in its connected cameras that would allow a remote attacker to access their video feeds. A research team, consisting of Andrew Tierney, Chris Wade and Ken Munro from Pen Test Partners, as well as security researchers Alan Woodward, Scott Helme and Vangelis Stykas, develop...

Threatpost News Wrap Podcast For July 27

Threatpost’s Tom Spring and Lindsey O’Donnell sit down to discuss the top breaking news from the week. Stories of importance include shipping giant COSCO being hit with a ransomware attack, a Senator requesting a government mandate to stop using Adobe Flash by August 2019, and Facebook’s outgoing...

Highly Sophisticated Parasite RAT Emerges on the Dark Web

Researchers are tracking a remote access trojan RAT on underground markets that, so far, has only been attributed to one small malicious email campaign. However, the RAT, dubbed Parasite HTTP by the Proofpoint researchers that discovered it, has an impressive list of sophisticated features –...

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack

Researchers found 20 vulnerabilities in Samsung’s SmartThings Hub, allowing attackers to control smart locks, remotely monitor the home via connected cameras and perform other alarming functions. Cisco Talos researchers, who published a technical breakdown of the vulnerabilities on Thursday, said...

COSCO’s American Operations Hit With Crippling Ransomware Attack

Shipping giant China Ocean Shipping Company COSCO has been hit with a ransomware attack that has crippled its U.S. operations. “Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment. For safety precautions, we have shut dow...

Sen. Wyden Urges Government Ban on Adobe Flash

Citing security concerns, Sen. Ron Wyden is urging the government to create a plan to transition away from Adobe Flash before the vendor stops supporting it in 2020. To that end, the Oregon Democrat delivered a formal request to the National Security Agency and the National Institute of Standards...

Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist

A regional Virginia bank, the National Bank of Blacksburg, has lost $2.4 million in a cyber-heist that affected the STAR ATM and debit network, following a successful phishing attack that compromised the institution’s internal networks. The bank is now suing its insurance carrier for not covering...

Skills That a ‘Next-Level’ Pentester Should Have

The field of penetration testing has grown rapidly since the United States Department of Defense’s Tiger Teams first emerged on the computer scene. With that growth, we’ve seen different skill-sets, approaches and quality levels emerge among penetration-testing professionals. Moshe Zioni is the...

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

A buggy Mozilla Firefox browser extension for sharing links to Pinterest has automatically injected malformed code into at least 5,000 websites. The code injection in this instance was not malicious, but researchers at Sucuri, which discovered and reported the problem on Tuesday, said the inciden...

Facebook Security Exec Calls for Tightened Data Privacy

Facebook’s outgoing chief information security officer Alex Stamos has urged the social media company to rethink its approach to data privacy. The executive, whose exit has been widely reported on for months, wrote an internal note to staff that called for changes in how Facebook approaches data...