Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts. Advertise on IT Security News. Read the complete article: Mobile Carrier Customer Service Ushers in SIM-Swap…
Category: threatpost
Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?
Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors? Advertise on IT Security News. Read the complete article: Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?
News Wrap: PoC Exploits, Cable Haunt and Joker Malware
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap. Advertise on IT Security News. Read the complete article: News…
FBI Plans to Inform States of Election Breaches
The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure. Advertise on IT Security News. Read the complete article: FBI Plans…
Critical Cisco Flaws Now Have PoC Exploit
The flaws affect a key tool for managing its network platform and switches. Advertise on IT Security News. Read the complete article: Critical Cisco Flaws Now Have PoC Exploit
Google Account Security Keys Launch for iPhone
iPhone users can now use Bluetooth to secure their Google accounts. Advertise on IT Security News. Read the complete article: Google Account Security Keys Launch for iPhone
Satan Ransomware Reborn to Torment Businesses
A hellish mix of features shows the 5ss5c ransomware to be the son of Satan. Advertise on IT Security News. Read the complete article: Satan Ransomware Reborn to Torment Businesses
PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability. Advertise on IT Security News. Read the complete article: PoC Exploits Published For Microsoft Crypto Bug
‘Fleeceware’ Apps Downloaded 600M Times from Google Play
New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store. Advertise on IT Security News. Read the complete article: ‘Fleeceware’ Apps Downloaded 600M Times from Google Play
A Practical Guide to Zero-Trust Security
There are five different pillars to implement when moving to a modern, zero-trust security model. Advertise on IT Security News. Read the complete article: A Practical Guide to Zero-Trust Security
Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack. Advertise on IT Security News. Read the complete article: Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted. Advertise on IT Security News. Read the complete article: Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
U.N. Weathers Storm of Emotet-TrickBot Malware
A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure. Advertise on IT Security News. Read the complete article: U.N. Weathers Storm of Emotet-TrickBot Malware
Equifax Settles Class-Action Breach Lawsuit for $380.5M
Class members have until Jan. 22, next week, to claim benefits. Advertise on IT Security News. Read the complete article: Equifax Settles Class-Action Breach Lawsuit for $380.5M
Trump Slams Apple for Refusing to Unlock Suspected Shooter’s iPhones
Legal battle pitting Feds against the tech giant over data privacy and device security in criminal cases seems inevitable. Advertise on IT Security News. Read the complete article: Trump Slams Apple for Refusing to Unlock Suspected Shooter’s iPhones
Oski Data-Stealing Malware Emerges to Target North America, China
The malware is new and in the early stages of its development — but packs a sophisticated punch. Advertise on IT Security News. Read the complete article: Oski Data-Stealing Malware Emerges to Target North America, China
Oracle Ties Previous All-Time Patch High with January Updates
The software giant patched 300+ bugs in its quarterly update. Advertise on IT Security News. Read the complete article: Oracle Ties Previous All-Time Patch High with January Updates
Card Skimmer Hits Australian Bushfire Donation Site
Magecart groups using automated infection scans infected the site, which was running outdated Magento software. Advertise on IT Security News. Read the complete article: Card Skimmer Hits Australian Bushfire Donation Site
Intel Fixes High-Severity Flaw in Performance Analysis Tool
The flaw, in Intel VTune Profiler, could enable privilege escalation. Advertise on IT Security News. Read the complete article: Intel Fixes High-Severity Flaw in Performance Analysis Tool
Microsoft Patches Major Crypto Spoofing Bug
January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches. Advertise on IT Security News. Read the complete article: Microsoft Patches Major Crypto Spoofing Bug
Google to Nix Chrome Support for Third-Party Cookies by 2022
Google says it has a two-year timeline for phasing out support for third-party cookies in its Chrome web browser. Advertise on IT Security News. Read the complete article: Google to Nix Chrome Support for Third-Party Cookies by 2022
Public Bug Bounty Takes Aim at Kubernetes Container Project
The cloud-focused program will pay out $10,000 as its top reward. Advertise on IT Security News. Read the complete article: Public Bug Bounty Takes Aim at Kubernetes Container Project
Adobe Patches Five Critical Illustrator CC Flaws
Overall Adobe patched nine flaws in Illustrator CC and Experience Manager. Advertise on IT Security News. Read the complete article: Adobe Patches Five Critical Illustrator CC Flaws
Apple Denies FBI Request to Unlock Shooter’s iPhone—Again
Refusal to unlock the phones of a Florida shooter could set up another legal battle between Apple and the Feds over data privacy in the case of criminal investigations. Advertise on IT Security News. Read the complete article: Apple…
Scammers Dupe Texas School District Out of $2.3M
The wide-scale phishing scam reportedly started in early November and continued through December, before it was discovered by the Texas school district. Advertise on IT Security News. Read the complete article: Scammers Dupe Texas School District Out of $2.3M
Joker Android Malware Snowballs on Google Play
Google has removed 17,000 Joker-infested apps from the Play store to date. Advertise on IT Security News. Read the complete article: Joker Android Malware Snowballs on Google Play
CES Surveillance Hype Worries Privacy Advocates
CES wiz-bang surveillance tech gives privacy advocates the willies. Advertise on IT Security News. Read the complete article: CES Surveillance Hype Worries Privacy Advocates
‘Cable Haunt’ Bug Plagues Millions of Home Modems
The issue lies in underlying reference software used by multiple cable-modem manufacturers to create device firmware. Advertise on IT Security News. Read the complete article: ‘Cable Haunt’ Bug Plagues Millions of Home Modems
Unpatched Citrix Flaw Now Has PoC Exploits
Over 25,000 servers globally are vulnerable to the critical Citrix remote code execution vulnerability. Advertise on IT Security News. Read the complete article: Unpatched Citrix Flaw Now Has PoC Exploits
Lifeline Assistance Phone Users Targeted with ‘Uninstallable’ Adware
A Virgin Mobile-branded phone distributed by Assurance Wireless to low-income U.S. citizens has a trojan pre-installed that can download additional malware. Advertise on IT Security News. Read the complete article: Lifeline Assistance Phone Users Targeted with ‘Uninstallable’ Adware
Cisco Webex Bug Allows Remote Code Execution
Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products. Advertise on IT Security News. Read the complete article: Cisco Webex Bug Allows Remote Code Execution
Oil-and-Gas APT Pivots to U.S. Power Plants
Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well. Advertise on IT Security News. Read the complete article: Oil-and-Gas APT Pivots to U.S. Power Plants
Oil-and-Gas Specialist APT Pivots to U.S. Power Plants
Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well. Advertise on IT Security News. Read the complete article: Oil-and-Gas Specialist APT Pivots to U.S. Power Plants
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out. Advertise on IT Security News. Read the complete article: Exploit Fully Breaks SHA-1, Lowers the Attack Bar
4 Ring Employees Fired For Spying on Customers
Ring said that four employees were fired because they for inappropriate access to customers’ connected video feeds. Advertise on IT Security News. Read the complete article: 4 Ring Employees Fired For Spying on Customers
California’s Tough New Privacy Law and Its Biggest Challenges
The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is. Advertise on IT Security News. Read the complete article: California’s Tough New Privacy Law and…
TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection. Advertise on IT Security News. Read the complete article: TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
Drake Lyrics Used as Calling Card in Malware Attack
A hacker who apparently likes the musician Drake leaves lyrics from the artist’s song In My Feelings behind in an attack that delivers malware Lokibot or Azorult. Advertise on IT Security News. Read the complete article: Drake Lyrics Used…
Man Sentenced in ATM Skimming Conspiracy
A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme. Advertise on IT Security News. Read the complete article: Man Sentenced in ATM Skimming Conspiracy
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then. Advertise on IT Security News. Read the complete article: Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
Mozilla Releases Firefox 72: High-Severity Bugs Patched, Fingerpinting Nixed
Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature . Advertise on IT Security News. Read the complete article: Mozilla Releases Firefox 72: High-Severity Bugs…
Liverpool Voyeur Used IM-RAT to Video Women at Home
The case highlights the rising issue of stalkerware, which has reached epidemic proportions. Advertise on IT Security News. Read the complete article: Liverpool Voyeur Used IM-RAT to Video Women at Home
TikTok Riddled With Security Flaws
The video sharing app has fixed several flaws allowing partial account takeover and information exposure. Advertise on IT Security News. Read the complete article: TikTok Riddled With Security Flaws
Google Fixes Critical Android RCE Flaw
Google’s first security update of 2020 addressed seven high and critical severity Android flaws. Advertise on IT Security News. Read the complete article: Google Fixes Critical Android RCE Flaw
Sodinokibi Ransomware Behind Travelex Fiasco: Report
Researchers suspect the cybercriminals attacked using an unpatched critical vulnerability in the company’s seven Pulse Secure VPN servers. Advertise on IT Security News. Read the complete article: Sodinokibi Ransomware Behind Travelex Fiasco: Report
FBI Taps Apple to Unlock Pensacola Shooter’s iPhone
It’s unclear yet whether the Cupertino giant will assist, given past history of court battles over such incidents. Advertise on IT Security News. Read the complete article: FBI Taps Apple to Unlock Pensacola Shooter’s iPhone
Facebook Cracks Down on Deepfake Videos
Despite the difficulties of identifying deepfakes, social media sites are recognizing the need to crack down on the manipulated, misleading videos. Advertise on IT Security News. Read the complete article: Facebook Cracks Down on Deepfake Videos
Magecart Hits Parents and Students via Blue Bear Attack
The latest attack takes aim at a vertical-specific e-commerce platform. Advertise on IT Security News. Read the complete article: Magecart Hits Parents and Students via Blue Bear Attack
ToTok Returned to Google Play Despite ‘Spy Tool’ Claims
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool. Advertise on IT Security News. Read the complete article: ToTok Returned to Google Play Despite ‘Spy Tool’ Claims
DeathRansom Campaign Linked to Malware Cornucopia
One threat actor appears to be behind several ongoing, related campaigns. Advertise on IT Security News. Read the complete article: DeathRansom Campaign Linked to Malware Cornucopia
Hackers Deface U.S. Gov Website With Pro-Iran Messages
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump. Advertise on IT Security News. Read the complete article: Hackers Deface U.S. Gov Website With Pro-Iran Messages
3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS. Advertise on IT Security News. Read the complete article: 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was “temporarily suspending operations.” Advertise on IT Security News. Read the complete article: Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline
Gas stations will become liable for card-skimming at their pay-at-the-pump mechanisms starting in October. Advertise on IT Security News. Read the complete article: Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline
Travelex Knocked Offline by System-Wide Malware Attack
The foreign-currency-exchange giant said that it has been hit by a virus, affecting retail customers and banking partners alike. Advertise on IT Security News. Read the complete article: Travelex Knocked Offline by System-Wide Malware Attack
Google Boots Security Camera Maker From Nest Hub After Private Images Go Public
The issue came to light after a Reddit user claimed being able to see strangers on his Xiaomi Mijia smart camera. Advertise on IT Security News. Read the complete article: Google Boots Security Camera Maker From Nest Hub After…
Data Breach Affects 63 Landry’s Restaurants
Landry’s announced that more than 60 of its restaurants may be affected by payment processing system malware. Advertise on IT Security News. Read the complete article: Data Breach Affects 63 Landry’s Restaurants
California Adopts Strictest Privacy Law in U.S.
On Wednesday California adopted the strictest privacy law in the United States. Advertise on IT Security News. Read the complete article: California Adopts Strictest Privacy Law in U.S.
TikTok Banned By U.S. Army Over China Security Concerns
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform’s relationship with China grows. Advertise on IT Security News. Read the complete article: TikTok Banned By U.S. Army Over China Security Concerns