Tag: Threatpost

The scam uses a range of themes, including tech-support scares and slot machines.   Advertise on IT Security News. Read the complete article: Apple iPhone Users Targeted with Bogus Dating App for Valentine’s Day

Read more →

Customers of RBC, HSBC, TD, Meridian, BNC and Chase are targeted in latest attack.   Advertise on IT Security News. Read the complete article: SMS Phishing Campaign Targets Mobile Bank App Users in North America

Read more →

Top stories of this week include a new Emotet Wi-Fi hack and Robbinhood ransomware operators using a “bring your own bug” technique.   Advertise on IT Security News. Read the complete article: News Wrap: Valentine’s Day Scams and Emotet’s Wi-Fi…

Read more →

Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.   Advertise on IT Security News. Read the complete article: Hackers Can…

Read more →

Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible.   Advertise on IT Security News. Read the complete article: Critical WordPress Plugin Bug Afflicts 700K Sites

Read more →

A new Data Protection Agency would overhaul federal regulation efforts around data privacy – but experts are skeptical that the U.S. government can get it right.   Advertise on IT Security News. Read the complete article: Privacy Experts Skeptical of…

Read more →

A recent phishing scam targeted Puerto Rico’s Industrial Development Company.   Advertise on IT Security News. Read the complete article: Puerto Rico Gov Hit By $2.6M Phishing Scam

Read more →

The tech giant acknowledged some achievements in efforts to bolster mobile app security but recognized more needs to be done.   Advertise on IT Security News. Read the complete article: Google: Efforts Against Bad Android Apps on Play Store Are…

Read more →

The release of Firefox 73 fixed high-severity memory safety bugs that could cause arbitrary code execution and missing bounds check that could enable memory corruption.   Advertise on IT Security News. Read the complete article: Mozilla Firefox 73 Browser Update…

Read more →

Among other issues, the music platform didn’t limit the number of login attempts someone could make.   Advertise on IT Security News. Read the complete article: SoundCloud Tackles DoS, Account Takeover Issues

Read more →

Katie Moussouris sounds off on the challenges behind creating successful bug bounty programs.   Advertise on IT Security News. Read the complete article: Katie Moussouris: The Bug Bounty Conflict of Interest

Read more →

The IR Management and Reporting Template attempt to assist the CISO – not only perform a top edge response to cyberattacks but also ensure that this professional and critical work is understood and acknowledged.   Advertise on IT Security News.…

Read more →

Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work.   Advertise on IT Security News. Read the complete article: FBI: $3.5B Lost in 2019 to Known Cyberscams,…

Read more →

There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.   Advertise on IT Security News. Read the complete article: Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches

Read more →

The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.   Advertise on IT Security News. Read the complete article: Intel Patches High-Severity Flaw in Security Engine

Read more →

Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.   Advertise on IT Security News. Read the complete article: Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

Read more →

Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.   Advertise on IT Security News. Read the complete article: Adobe Addresses Critical Flash, Framemaker Flaws

Read more →

The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs.   Advertise on IT Security News. Read the complete article: Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution

Read more →

The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products.   Advertise on IT Security News. Read the complete article: BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver

Read more →

Phishing emails have been uncovered that request a full rundown of personal data – even asking for photos of passports.   Advertise on IT Security News. Read the complete article: Active PayPal Phishing Scam Targets SSNs, Passport Photos

Read more →

Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach.   Advertise on IT Security News. Read the complete article: Equifax Breach: Four Members of Chinese Military Charged with Hacking

Read more →

Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.”   Advertise on IT Security News. Read the complete article: Docker Registries Expose Hundreds of Orgs to Malware, Data Theft

Read more →

The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops.   Advertise on IT Security News. Read the complete article: Emotet Now Hacks Nearby Wi-Fi Networks…

Read more →

Wacom stated that its data collection is done only in aggregate — but that doesn’t fix the issues, according to security experts.   Advertise on IT Security News. Read the complete article: Wacom Tablet Data Exfiltration Raises Security Concerns

Read more →

The flaw was recently patched in Android’s February Security Bulletin.   Advertise on IT Security News. Read the complete article: Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed

Read more →

File downloads like images or executables may not be delivered over HTTPS – even if they are available from an HTTPS website.   Advertise on IT Security News. Read the complete article: Google Chrome To Bar HTTP File Downloads

Read more →

RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.   Advertise on IT Security News. Read the complete article: Critical Citrix RCE Flaw Still Threatens 1,000s of…

Read more →

New attacks discovered by Cofense can perform keylogging, steal data and completely hijack a mobile device.   Advertise on IT Security News. Read the complete article: Phishing Campaign Targets 250 Android Apps with Anubis Malware

Read more →

A recent slew of skimming attacks have been linked back to Magecart Group 12.   Advertise on IT Security News. Read the complete article: Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

Read more →

The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger.   Advertise on IT Security News. Read the complete article: Metamorfo Returns with Keylogger Trick to Target Financial Firms

Read more →

The powerful Minebridge backdoor gives cyberattackers full run of a victim’s machine.   Advertise on IT Security News. Read the complete article: U.S. Finance Sector Hit with Targeted Backdoor Campaign

Read more →

What’s trending in cybersecurity? This year’s session submissions tell us.   Advertise on IT Security News. Read the complete article: The RSAC 2020 Trend Report

Read more →

APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.   Advertise on IT Security News. Read the complete article: Charming Kitten Uses Fake Interview Requests to Target Public Figures

Read more →

The file-sharing service also disclosed details of past notable bugs for the first time.   Advertise on IT Security News. Read the complete article: Dropbox Passes $1M Milestone for Bug-Bounty Payouts

Read more →

The malware is back in targeted attacks against Brazilian banking customers, this time using a new technique that involves mobile app authorization.   Advertise on IT Security News. Read the complete article: CamuBot Banking Trojan Returns In Targeted Attacks

Read more →

Malware campaign targets global manufacturers that are still dependent on Windows 7 subsystems to run fleets of IoT endpoints.   Advertise on IT Security News. Read the complete article: New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Read more →

A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages.   Advertise on IT Security News. Read the complete article: WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

Read more →

Cisco has released patches to address the five vulnerabilities, which could lead to remote code-execution and denial of service.   Advertise on IT Security News. Read the complete article: Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation

Read more →

The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities.   Advertise on IT Security News. Read the complete article: Critical Cisco ‘CDPwn’ Protocol Flaws…

Read more →

The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been…

Read more →

Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were the cause.   Advertise on IT Security News. Read the complete article: Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam

Read more →

Customers took to Twitter to air their grievances after some of the transportation giant’s operations were downed.   Advertise on IT Security News. Read the complete article: Ransomware Attack Hinders Toll Group Operations

Read more →

As part of its February bug fixes, Google is patching a critical severity remote code execution vulnerability and an information disclosure bug.   Advertise on IT Security News. Read the complete article: Two Critical Android Bugs Get Patched in February…

Read more →

The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019.   Advertise on IT Security News. Read the complete article: Medtronic Patches Implanted Device, CareLink Programmer Bugs

Read more →

State-sponsored actors may have been behind the social media abuse, said Twitter.   Advertise on IT Security News. Read the complete article: Twitter API Abused to Uncover User Identities

Read more →

Popular trojan is sneaking its way onto PCs via malspam campaign that uses three levels of encryption to sneak past cyber defenses.   Advertise on IT Security News. Read the complete article: AZORult Campaign Adopts Novel Triple-Encryption Technique

Read more →

Researchers were able to fool popular autopilot systems into perceiving projected images as real – causing the cars to brake or veer into oncoming traffic lanes.   Advertise on IT Security News. Read the complete article: Tesla Autopilot Duped By…

Read more →

A new extortion attack has targeted hundreds of users affected by the Ashley Madison breach over the past week.   Advertise on IT Security News. Read the complete article: Ashley Madison Breach Extortion Scam Targets Hundreds

Read more →

The tricky trojan evolves yet again, remaining one of the most advanced vehicles for delivering malware.   Advertise on IT Security News. Read the complete article: TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection

Read more →

Agent Tesla and LokiBot are common payloads in the botnet-driven spam effort.   Advertise on IT Security News. Read the complete article: Advanced Obfuscation Marks Widespread Info-Stealing Campaign

Read more →

Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware.   Advertise on IT Security News. Read the complete article: Evil Corp Returns With New Malware Infection Tactic

Read more →

APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments.   Advertise on IT Security News. Read the complete article: Iranian Hackers Target…

Read more →

Microsoft OS flaws, out-of-bounds reads, ICS gear and a record number of high-severity bugs marked 2019 for the ZDI program.   Advertise on IT Security News. Read the complete article: Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

Read more →

Larger winnings for underground skills competitions are attracting sophisticated crime groups.   Advertise on IT Security News. Read the complete article: Sodinokibi Ransomware Group Sponsors Hacking Contest

Read more →

Program is the latest the tech giant has launched that pay users and security researchers to find vulnerabilities in its numerous products.   Advertise on IT Security News. Read the complete article: Microsoft Offers Rewards of Up to $20,000 in…

Read more →

Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw.   Advertise on IT Security News. Read the complete article: 200K WordPress Sites Vulnerable to Plugin Flaw

Read more →

The ongoing global spread of the disease precipitates malware infections.   Advertise on IT Security News. Read the complete article: Coronavirus Campaigns Spread Emotet, Malware

Read more →

Vulnerabilities allow unauthenticated remote attackers to access sensitive device information and launch denial of service attacks.   Advertise on IT Security News. Read the complete article: Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup

Read more →

The recently disclosed Jeff Bezos phone hack and other incidents show that mobile devices are being increasingly targeted by sophisticated nation-state attackers.   Advertise on IT Security News. Read the complete article: Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication

Read more →

Reportedly, the bug wasn’t patched, leading to a data breach in July.   Advertise on IT Security News. Read the complete article: U.N. Hack Stemmed From Microsoft SharePoint Flaw

Read more →

The settlement in a case over the social network’s Tag Suggestions feature is the latest financial blow the company has taken over its handling of user privacy.   Advertise on IT Security News. Read the complete article: Facebook to Pay…

Read more →

The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.   Advertise on IT Security News. Read the complete article: Dell, HP Memory-Access Bugs Open…

Read more →

Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking.   Advertise on IT Security News. Read the complete article: Apple Security Updates Tackle iOS Device Tracking, RCE Flaws

Read more →

Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking.   Advertise on IT Security News. Read the complete article: Apple Security Updates Tackle iOS Device Tracking

Read more →

After a year of big changes, white hats reaped more from Google’s programs than ever before.   Advertise on IT Security News. Read the complete article: Google Sets Record High in Bug-Bounty Payouts

Read more →

Maya Horowitz with Check Point Research discussed recently-disclosed Zoom vulnerabilities that could have opened up web conferencing meetings to hackers.   Advertise on IT Security News. Read the complete article: Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats

Read more →

Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.   Advertise on IT Security News. Read the complete article: Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Read more →

Hefty collection of U.S. and international payment cards from the incident revealed in December found up for sale on dark-web marketplace Joker’s Stash.   Advertise on IT Security News. Read the complete article: Wawa Breach May Have Affected More Than…

Read more →

Researchers have release a new proof-of-concept attack targeting a new Intel Speculative-type bug called CacheOut present in most Intel CPUs.   Advertise on IT Security News. Read the complete article: New ‘CacheOut’ Attack Targets Intel CPUs

Read more →

Threat actors leveraging social media for hacks and misinformation are growing more coordinated.   Advertise on IT Security News. Read the complete article: Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

Read more →

The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users.   Advertise on IT Security News. Read the complete article: Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

Read more →

While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor.   Advertise on IT Security News. Read the complete article: MTTD and MTTR: Two Metrics to Improve Your Cybersecurity

Read more →

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.   Advertise on IT Security News. Read the complete article: LoRaWAN…

Read more →

Zoom has patched a flaw that could have allowed attackers to guess a meeting ID and enter a meeting.   Advertise on IT Security News. Read the complete article: Zoom Fixes Flaw Opening Meetings to Hackers

Read more →

After discovering a wide pattern of potentially malicious behavior in browser extensions, the two search giants are cracking down.   Advertise on IT Security News. Read the complete article: Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

Read more →

Researchers wonder if a recent “amateur spam” campaign by the once-prevalant malware distribution botnet is a sign of trojans looking to other infection paths.   Advertise on IT Security News. Read the complete article: As Necurs Botnet Falls from Grace,…

Read more →

State senators have issued proposals they say would encourage municipalities to upgrade their cyber-postures.   Advertise on IT Security News. Read the complete article: N.Y. Could Ban Cities from Paying Ransomware Attackers

Read more →

The new U.K. law mandates that manufacturers apply several security controls to their connected devices.   Advertise on IT Security News. Read the complete article: Mandatory IoT Security in the Offing with U.K. Proposal

Read more →

Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.   Advertise on IT Security News. Read the complete article: ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates

Read more →

The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.   Advertise on IT Security News. Read the complete article: Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

Read more →

The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans.   Advertise on IT Security News. Read the complete article: New Bill Proposes NSA Surveillance Reforms

Read more →

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.   Advertise on IT Security News. Read the complete article: Fake Smart Factory Honeypot Highlights New Attack Threats

Read more →

The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.   Advertise on IT Security News. Read the complete article: Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices

Read more →

The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.   Advertise on IT Security News. Read the complete article: U.S. Gov Agency Targeted With Malware-Laced Emails

Read more →

The malware uses thousands of partner websites to spread malvertising code.   Advertise on IT Security News. Read the complete article: Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia

Read more →

The critical flaw exists in Cisco’s administrative management tool, used with network security solutions like firewalls.   Advertise on IT Security News. Read the complete article: Cisco Warns of Critical Network Security Tool Flaw

Read more →

New research outlines vulnerabilities in Safari’s Intelligent Tracking Protection that can reveal user browsing behavior to third parties.   Advertise on IT Security News. Read the complete article: Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking

Read more →

The competition targets the systems that run critical infrastructure and more.   Advertise on IT Security News. Read the complete article: Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment

Read more →

A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn’t going away anytime soon.   Advertise on IT Security News. Read the complete article: Vivin Nets Thousands of Dollars…

Read more →

The newest version of the sLoad malware dropper comes equipped with infection tracking capabilities and an anti-analysis trick.   Advertise on IT Security News. Read the complete article: sLoad Malware Revamped as Powerful ‘StarsLord’ Loader

Read more →

The trove of information is potentially a scammer’s bonanza.   Advertise on IT Security News. Read the complete article: Microsoft Leaves 250M Customer Service Records Open to the Web

Read more →

Palo Alto Networks’ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication.   Advertise on IT Security News. Read the complete article: New Muhstik Botnet Attacks Target Tomato Routers

Read more →

More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.   Advertise on IT Security News. Read the complete article: PoC Exploits Do More Good…

Read more →

A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.   Advertise on IT Security News. Read the complete article: 16Shop Phishing Gang Goes After PayPal Users

Read more →

Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.   Advertise on IT Security News. Read the complete article: Citrix Accelerates Patch Rollout…

Read more →

CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.   Advertise on IT Security News. Read the complete article: Microsoft Zero-Day Actively Exploited, Patch Forthcoming

Read more →

New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.   Advertise on IT Security News. Read the complete article: FTCODE Ransomware Now Steals Chrome, Firefox Credentials

Read more →

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.   Advertise on IT Security News. Read the complete article: Hacker Leaks More Than 500K Telnet Credentials for IoT…

Read more →

Researchers say that JhoneRAT has various anti-detection techniques – including making use of Google Drive, Google Forms and Twitter.   Advertise on IT Security News. Read the complete article: New JhoneRAT Malware Targets Middle East

Read more →

The WeLeakInfo “data breach notification” domain is no more.   Advertise on IT Security News. Read the complete article: Feds Cut Off Access to Billions of Breached Records with Site Takedown

Read more →