Category: threatpost

A fresh module aims to compromise remote desktop accounts to access corporate resources.   Advertise on IT Security News. Read the complete article: TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

Read more →

An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.   Advertise on IT Security News. Read the complete article: Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Read more →

Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemic’s effect.   Advertise on IT Security News. Read the complete article: Authorities Eye Using Mobile Phone…

Read more →

Researchers warn that a Magecart group has set up skimmers on the blender manufacturer’s website, in hopes of stealing customer payment-card data.   Advertise on IT Security News. Read the complete article: Magecart Cyberattack Targets NutriBullet Website

Read more →

COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.   Advertise on IT Security News. Read the complete article: A COVID-19 Cybersecurity Poll: Securing a Remote Workforce

Read more →

Stalkerware called Monitor Minor gives users the ability to creep on a target’s missives swapped via Instagram, Skype and Snapchat.   Advertise on IT Security News. Read the complete article: This Stalkerware Delivers Extra-Creepy Features

Read more →

The Pakistani-linked APT has been spotted infecting victims with data exfiltration malware.   Advertise on IT Security News. Read the complete article: APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT

Read more →

Rise and fall of a Nigerian cybercriminal called ‘Dton,’ who made hundreds of thousands of dollars in a 7-year campaign, outlined in new report.   Advertise on IT Security News. Read the complete article: Activities of a Nigerian Cybercriminal Uncovered

Read more →

Using homographic characters is an easy way to execute a convincing fake site.   Advertise on IT Security News. Read the complete article: Convincing Google Impersonation Opens Door to MiTM, Phishing

Read more →

An academic study found Microsoft’s Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.   Advertise on IT Security News. Read the complete article: Microsoft Edge Shares Privacy-Busting Telemetry,…

Read more →

The high-severity flaw allows malicious code injection into website pop-up windows.   Advertise on IT Security News. Read the complete article: WordPress Plugin Bug in Popup Builder Threatens 100K Websites

Read more →

Organizations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.   Advertise on IT Security News. Read the complete article: Working from…

Read more →

The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus – but they actually infect victims with a custom RAT.   Advertise on IT Security News. Read the complete article: Coronavirus-Themed APT Attack Spreads Malware

Read more →

Civil-liberties group wants more transparency about who the government is partnering with and how they are using the information gathered in biometric checks.   Advertise on IT Security News. Read the complete article: ACLU Sues Over U.S. Airport Facial-Recognition Technology

Read more →

While PXJ performs typical ransomware functions, it does not appear to share the same underlying code with most known ransomware families.   Advertise on IT Security News. Read the complete article: Researchers Warn of Novel PXJ Ransomware Strain

Read more →

Cookiethief steals cookies to infiltrate Facebook and other web service accounts.   Advertise on IT Security News. Read the complete article: Trojan Raids Android Users’ Cookie Jars

Read more →

A Dutch researcher claimed Google’s very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.   Advertise on IT Security News. Read the complete article: $100K Paid Out for Google Cloud Shell Root Compromise

Read more →

Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.   Advertise on IT Security News. Read the complete article: Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs

Read more →

Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.   Advertise on IT Security News. Read the complete article: Flaws Riddle Zyxel’s Network Management Software

Read more →

Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.   Advertise on IT Security News. Read the complete article: Phishing Attack Skirts Detection With YouTube

Read more →

CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday.   Advertise on IT Security News. Read the complete article: Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

Read more →

A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.   Advertise on IT Security News. Read the complete article: New TrickBot Variant Updates Anti-Analysis Tricks

Read more →

A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.   Advertise on IT Security News. Read the complete article: More Than Half of IoT Devices Vulnerable to Severe Attacks

Read more →

The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.   Advertise on…

Read more →

The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the world’s most prolific botnet used to distribute malware and infect victim computers.   Advertise on IT Security News. Read the complete article: Necurs Botnet…

Read more →

Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.   Advertise on IT Security News. Read the complete article: Critical Bugs in Rockwell, Johnson Controls ICS Gear

Read more →

March security updates include 115 CVEs patching everything from Windows, Office and Microsoft’s new Chromium-based Edge web browser.   Advertise on IT Security News. Read the complete article: Microsoft Patches 26 Critical Bugs in Big March Update

Read more →

The bug has been under active attack as a zero-day.   Advertise on IT Security News. Read the complete article: Popular ThemeREX WordPress Plugin Opens Websites to RCE

Read more →

Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.   Advertise on IT Security News. Read the complete article: Firefox Bug Opens iPhone AirPods to Third-Party Snooping

Read more →

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.   Advertise on IT Security News. Read the…

Read more →

Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.   Advertise on IT Security News. Read the complete article: Variant of Paradise Ransomware Targets Office IQY Files

Read more →

Attackers are purporting to send victims HIV test results – but in reality are convincing them to download the Koadic RAT.   Advertise on IT Security News. Read the complete article: Spear-Phishing Attack Lures Victims With ‘HIV Results’

Read more →

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.   Advertise on IT Security News. Read the complete article: Microsoft Exchange Server Flaw Exploited in APT Attacks

Read more →

New side-channel attacks have been disclosed in AMD CPUs, however AMD said that they are not new.   Advertise on IT Security News. Read the complete article: AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

Read more →

Ryuk, DoppelPaymer, Parinacota and other ransomware groups are getting more sophisticated, Microsoft warns.   Advertise on IT Security News. Read the complete article: Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns

Read more →

In cybersecurity circles, the Coronavirus is spurring anxiety over the virtual abuse of the deadly disease by scammers.   Advertise on IT Security News. Read the complete article: Spread of Coronavirus-Themed Cyberattacks Persists with New Attacks

Read more →

A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.   Advertise on IT Security News. Read the complete article: Critical Zoho Zero-Day Flaw Disclosed

Read more →

Meanwhile, breach incidents have hit Carnival Cruise Lines, T-Mobile and J. Crew customers.   Advertise on IT Security News. Read the complete article: Zynga Faces Lawsuit Over Massive Words with Friends Breach

Read more →

Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.   Advertise on IT Security News. Read the complete article: Chris Eng: Patch Management Challenges Drive ‘Security Debt’

Read more →

The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.   Advertise on IT Security News. Read the complete article: High-Severity Cisco Webex Flaws Fixed

Read more →

While 1.7 million of the certificates potentially affected by a CAA bug have already been replaced, around 1 million are still active.   Advertise on IT Security News. Read the complete article: Let’s Encrypt Pushes Back Deadline to Revoke Some…

Read more →

An analysis of spam subject lines and malicious domains shows that attackers have been betting on Trump and Sanders to snag public interest.   Advertise on IT Security News. Read the complete article: Trump, Sanders Are the Top Brands for…

Read more →

Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.   Advertise on IT Security News. Read the complete article: Critical Netgear Bug Impacts Flagship Nighthawk Router

Read more →

A recent phishing campaign used OneNote to distribute the Agent Tesla keylogger.   Advertise on IT Security News. Read the complete article: Microsoft OneNote Used To Sidestep Phishing Detection

Read more →

Around 600,000 of the supermarket’s 12 million loyalty program members have been warned about a cyberattack.   Advertise on IT Security News. Read the complete article: Loyalty Cards Targeted in Tesco Clubcard Attack

Read more →

Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks’ Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.   Advertise on IT Security News. Read the complete article: Cobalt Ulster Strikes Again…

Read more →

On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug.   Advertise on IT Security News. Read the complete article: Let’s Encrypt to Revoke Millions of TLS Certs

Read more →

An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.   Advertise on IT Security News. Read the complete article: MediaTek Bug Actively Exploited,…

Read more →

Troy Hunt said the popular HIBP will continue to be run as an independent service.   Advertise on IT Security News. Read the complete article: Have I Been Pwned No Longer For Sale

Read more →

Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.   Advertise on IT Security News. Read the complete article: DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

Read more →

A security error in the Walgreens mobile app may have leaked customers’ full names, prescriptions and shipping addresses.   Advertise on IT Security News. Read the complete article: Walgreens Mobile App Leaks Prescription Data

Read more →

The tricky trojan has evolved again, to stay a step ahead of defenders.   Advertise on IT Security News. Read the complete article: TrickBot Adds ActiveX Control, Hides Dropper in Images

Read more →

As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.   Advertise on IT Security News. Read the complete article: Forrester: Keeping Smart Cities Safe From Hacks

Read more →

The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.   Advertise on IT Security News. Read the complete article: NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs

Read more →

Several flaws found in Nvidia’s graphics drivers could enable denial of service, remote code execution and other malicious attacks.   Advertise on IT Security News. Read the complete article: Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver

Read more →

The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today’s world, said security technologist Bruce Schneier.   Advertise on IT Security News. Read the complete article: Bruce Schneier…

Read more →

The federal agency plans a slew of initiatives to address industrial control security this year.   Advertise on IT Security News. Read the complete article: RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

Read more →

Patrick Wardle talks about the biggest threats he’s seeing impacting Apple devices.   Advertise on IT Security News. Read the complete article: Patrick Wardle: Apple Devices Hit With Recycled macOS Malware

Read more →

An automated Google warning to Android app developers regarding mobile app permissions has cut the number of requests in half.   Advertise on IT Security News. Read the complete article: Google’s War on Android App Permissions, 60 Percent Successful

Read more →

CEO Mary T. Barra addressed the high stakes in rolling out self-driving cars and biometric-enhanced vehicles, where one cyber-event could derail plans for emerging automotive technologies.   Advertise on IT Security News. Read the complete article: RSAC 2020: GM’s Transportation…

Read more →

From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.   Advertise on IT Security News. Read the complete article: IoT Insecurity: When Your Vacuum Turns on You

Read more →

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.   Advertise on IT Security News. Read the complete article: Billions of Devices Open to Wi-Fi…

Read more →

A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage.   Advertise on IT Security News. Read the complete article: RSAC 2020: Smart Baby Monitor Vulnerable to Remote…

Read more →

When it comes to machine learning, research and cybercriminal activity is full speed ahead – but legal policy has not yet caught up.   Advertise on IT Security News. Read the complete article: RSAC 2020: Lack of Machine Learning Laws…

Read more →

Between ransomware attacks on healthcare devices, malware-laced “medical” apps, and fraud services available on the dark net, attackers are pushing the boundaries on targeting healthcare.   Advertise on IT Security News. Read the complete article: Hackers Cashing In On Healthcare…

Read more →

A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks.   Advertise on IT Security News. Read the complete article: Unpatched Security Flaws Open Connected Vacuum…

Read more →

A new campaign is targeting governments with the ForeLord malware, which steals credentials.   Advertise on IT Security News. Read the complete article: Iranian APT Targets Govs With New Malware

Read more →

Research puts the emerging mobile threat—which monitors the whereabouts and device activity of devices users as well as collects personal data—into clearer focus.   Advertise on IT Security News. Read the complete article: Stalkerware Attacks Increased 50 Percent Last Year,…

Read more →

The annual cryptographer’s panel took on issues of privacy and how new crypto-technologies apply to it in today’s digital world.   Advertise on IT Security News. Read the complete article: RSAC 2020: Blockchain is ‘Garbage In’, Voting Needs Paper Ballots

Read more →

Google patches zero-day bug tied to memory corruptions found inside the Chrome browser’s open-source JavaScript and Web Assembly engine, called V8.   Advertise on IT Security News. Read the complete article: Google Patches Chrome Browser Zero-Day Bug, Under Attack

Read more →

The reality of the cybersecurity industry is starkly different than what’s perceived by the rest of the world.   Advertise on IT Security News. Read the complete article: RSAC 2020 Keynote: Changing the World’s False Perception of Cybersecurity

Read more →

The Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.   Advertise on IT Security News. Read the complete article: Sen. Schumer Pushes for…

Read more →

The Ultimate Security Pros’ Checklist fully maps the core duties of common security positions, from the core technical security aspect to team management and executive reporting.   Advertise on IT Security News. Read the complete article: Free Download: The Ultimate…

Read more →

Software developer builds a malicious proof-of-concept iOS app that can read data temporarily saved to the device’s clipboard.   Advertise on IT Security News. Read the complete article: Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data

Read more →

A leak at the Defense Information Systems Agency exposed personal information of government employees, including social security numbers.   Advertise on IT Security News. Read the complete article: Data Breach Occurs at Agency in Charge of Secure White House Communications

Read more →

A new lawsuit alleges that Google’s G Suite for Education program covertly collects data from students, violating both COPPA and other data privacy regulations.   Advertise on IT Security News. Read the complete article: Lawsuit Claims Google Collects Minors’ Locations,…

Read more →

When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.   Advertise on IT Security News. Read the complete article: Active Attacks Target Popular Duplicator WordPress Plugin

Read more →

From data privacy to industrial IoT cybersecurity concerns, Threatpost editors discuss the top stories they expect to see at this year’s RSA Conference, which kicks off next week in San Francisco.   Advertise on IT Security News. Read the complete…

Read more →

Scammers are posing as event organizers in a sophisticated fraud effort.   Advertise on IT Security News. Read the complete article: Burning Man Tickets for $225? Yep, Too Good to Be True

Read more →

The incident cut off access to e-mail and shared IT services across customer sites of the multinational Denmark-based facility-management firm.   Advertise on IT Security News. Read the complete article: ISS World Hit with Malware Attack that Shuts Down Global…

Read more →

Eight apps – mostly camera utilities and children’s games – were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.   Advertise on IT Security News. Read the complete article: Haken Malware…

Read more →

The Google Play apps violated the tech behemoth’s disruptive advertising policies.   Advertise on IT Security News. Read the complete article: Google Bans 600 Android Apps for Obnoxious Ads

Read more →

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.   Advertise on IT Security News. Read the complete article: Critical Cisco Bug Opens Software Licencing…

Read more →

Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks.   Advertise on IT Security News. Read the complete article: Cybergang Favors G Suite and Physical Checks For BEC Attacks

Read more →

Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.   Advertise on IT Security News. Read the complete article: Critical Adobe Flaws Fixed in Out-of-Band Update

Read more →

This week a hacking forum posted data from the breach—which included personal and contact details for celebrities, tech CEOs, government officials and employees at large tech companies.   Advertise on IT Security News. Read the complete article: MGM Grand Breach…

Read more →

The attack took a gas compression facility offline for two days, disrupting the supply chain.   Advertise on IT Security News. Read the complete article: U.S. Pipeline Disrupted by Ransomware Attack

Read more →

More than 55 percent of medical imaging devices – including MRIs, XRays and ultrasound machines – are powered by outdated Windows versions, researchers warn.   Advertise on IT Security News. Read the complete article: BlueKeep Flaw Plagues Outdated Connected Medical…

Read more →

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.   Advertise on IT Security News. Read the complete article: SMS Attack Spreads Emotet, Steals Bank Credentials

Read more →

The third catfish attempt in three years from the Palestinian militant group adds a few technical advances to the mix.   Advertise on IT Security News. Read the complete article: Hamas Ensnares Israeli Soldiers with Pretty ‘Ladies’

Read more →

Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active.   Advertise on IT Security News. Read the complete article: Cynet Offers Free Threat Assessment for Mid-Sized and Large…

Read more →

Traditional e-mail based scams are also in the mix this year, one in particular that uses the legitimate app TeamViewer to take over victims’ systems.   Advertise on IT Security News. Read the complete article: Latest Tax Scams Target Apps…

Read more →

OurMine took over the Spanish powerhouse soccer team’s Twitter account.   Advertise on IT Security News. Read the complete article: FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter

Read more →

Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.   Advertise on IT Security News. Read the complete article: Ring Mandates 2FA After Rash of Hacks

Read more →

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.   Advertise on IT Security News. Read the complete article: Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

Read more →

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.   Advertise on IT Security News. Read the complete article: Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin

Read more →

Scam threatens to flood sites using Google’s banner-ad program with bot and junk traffic if owners don’t pay $5K in bitcoin.   Advertise on IT Security News. Read the complete article: Hacker Scheme Threatens AdSense Customers with Account Suspension

Read more →

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.   Advertise on IT Security News. Read the complete article: Lenovo, HP, Dell Peripherals Face…

Read more →

Security experts say that 5G supply chain concerns should be taken seriously – whether it’s in the context of Huawei or not.   Advertise on IT Security News. Read the complete article: Huawei Controversy Highlights 5G Security Implications

Read more →

The malicious Chrome extensions were secretly collecting users’ browser data and redirecting them to malware-laced websites.   Advertise on IT Security News. Read the complete article: 500 Malicious Chrome Extensions Impact Millions of Users

Read more →