Search Results for “ThreatPost”


March 26, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Apple Issues Slew of Security Patches Across Its Product Lines, Some Fixed Flaws Give Attackers Remote Control

Apple has released security updates to address vulnerabilities its iOS and macOS operating systems, Safari browser, watchOS, tvOS, and iTunes product lines.  Some of the vulnerabilities allow an attacker to take control of an affected system, with the most severe flaw existing in the WebKit, and could enable remote code execution. Of the CVEs disclosed, 30 affected Apple’s iOS, 11 impacted Safari, and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1, and macOS Catalina 10.15.3.

March 28, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Hackers Are Hijacking Routers to Change DNS Settings and Redirect Victims to Info-Stealing Fake Coronavirus Information Apps

Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings to redirect victims to attacker-controlled sites promoting fake coronavirus information apps, which, when downloaded, infect victims with information-stealing Oski malware, researchers at Bitdefender report.  The Bitdefender researchers believe that this cyberattack has targeted at least 1,193 victims over just the past couple of days. Reports of the hacks began on March 18 and have since skyrocketed over the past week, with victims from the U.S., Germany, and France the most targeted.

March 10, 2020
Elizabeth Montalbano / Threatpost

Elizabeth Montalbano / Threatpost  
New Variant of Paradise Ransomware Leverages One of the Lesser Known Weaponizable Microsoft Office File Formats, IQY

A campaign that delivers a new variant of the Paradise ransomware leverages perhaps one of the less known of the weaponizable Microsoft Office file formats, known as IQY files, researchers at Lastline report. IQY, or Internet Query files, are simple text files read by Excel that download data from the Internet. The Paradise ransomware variant attempts to lure users into opening an IQY attachment that retrieves a malicious Excel formula from an attacker’s C2 server. Most organizations won’t have the type of security appliances in place to detect an attack by the new campaign because IQY files contain only URLs, not payloads. Therefore, most organizations will likely have to rely on a third-party URL reputation service to aid in response efforts.

March 18, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Adobe Issues Out-of-Band Patches to Fix 41 Vulnerabilities Across Its Products Including 22 Patches for Photoshop

Adobe released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which, if exploited, could allow arbitrary code execution. The company issued fixes for flaws tied to 41 CVEs across its products, 29 of which were critical in severity. Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical.

Related: Reddit – cybersecurity, GeekWire, Lifehacker, ZDNet Security, SC Magazine, Security Affairs, The Hacker News, SecurityWeek, Help Net Security, US-CERT Current Activity, Threatpost, Adobe

Tweets:@ryanaraine


May 19, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
DoS Attacks and Financially Motivated Cybercrimes Are on the Rise While Cyber-Espionage Attacks Are Dropping According to Verizon’s Latest Data Breach Investigations Report

Denial-of-service (DoS) attacks and financially motivated crimes are climbing. At the same time, cyber-espionage campaigns have spiraled downwards, according to Verizon’s 2020 Data Breach Investigations Report (DBIR), which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals. DoS attacks increased in number (13,000 events) and were also seen as a more significant part of cybercriminals’ toolboxes (DoS attacks made up 40 percent of security incidents reported), beating out crimeware and web applications. Financially motivated breaches continue not only to be more common than espionage campaigns by a wide margin (making up 86 percent of all breaches) but also increased over the past year, according to the DBIR.  Cyber-espionage attacks dropped from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

April 30, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Critical Severity Vulnerability Flaws Found in Three Popular WordPress Plugins Used Widely by Colleges and Universities

Critical-severity flaws in three popular WordPress plugins used widely by colleges and universities, LearnPress, LearnDash, and LifterLMS, could allow students to steal personal information, change their grades, cheat on tests and more, Check Point researchers discovered. The flawed plugins have been installed on more than 130,000 school websites, including ones used by the University of Florida, University of Michigan, and the University of Washington. LearnPress is used on LMS platforms to create courses with quizzes and lessons for students and has an install base of 80,000. LearnDash provides tools for selling online coursework and is used by more than 33,000 websites. And, LifterLMS provides sample course and quizzes and is used by more than 17,000 websites. All vulnerabilities have been reported and patched.

Related: ITProPortal, ZDNet Security, Reddit – cybersecurity, The Hacker News, ITProPortal, Dark Reading: Vulnerabilities / Threats, Jerusalem Post


April 27, 2020
Tom Spring / Threatpost

Tom Spring / Threatpost  
Microsoft Fixed a Teams Vulnerability That Allowed a Weaponized Image to Steal Data From Targeted Systems

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponized a single GIF image and use it to steal data from targeted systems and take over all of an organization’s Teams accounts. The vulnerability was exploitable by a malicious GIF image for it to work, researchers at CyberArk reported. The CyberArk team also created a proof-of-concept (PoC) of the attack. Microsoft addressed the threat on March 23, updating misconfigured DNS records.

Related: BetaNews, Thomas Brewster – Forbes, Security Affairs, The Hacker News, The Register – SecurityTechradar, TechNadu, ZDNet Security, SecurityWeek, BBC News, ARN, Bleeping Computer, Cyberark


April 15, 2020
Elizabeth Montalbano / Threatpost

Elizabeth Montalbano / Threatpost  
TikTok’s Use of HTTP to Speed Delivery of Video Content Allows Local Attackers to Hijack Any Video Content and Swap It Out for Their Own Potentially Misleading Videos

The use of insecure HTTP for video content to improve the speed in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user’s TikTok feed and swap it out with hacker-generated content, according to researchers Talal Haj Bakry and Tommy Mysk. The researchers created a proof-of-concept (PoC) hack using a technique called a man-in-the-middle (MiTM) attack against devices running the TikTok app. Video planted in user feeds appear to be legitimate content. Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic. The researchers urged TikTok to fix the problem as soon as possible.

Related: Gizchina.com, PhoneArena, Forbes, fossBytes, Naked Security, Reddit – cybersecurity, GBHackers, Vox, Mysk, Digital Trends, Dark Reading: Vulnerabilities / Threats, TelecomLive


May 7, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
China’s Naikon APT Group is Waging an Espionage Campaign Against Several Governments in the Asia-Pacific Region

Although seemingly silent since Kaspersky Lab discovered them in 20015, China’s state-backed hacking group, the Naikon APT group, is behind a five-year campaign against several governments in the Asia-Pacific region, researchers at Check Point said. The campaign, which accelerated in 20019 and during the first quarter of 2020, is targeting countries in the APAC region, including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei, in a quest to gather geopolitical intelligence. The attackers are using phishing emails with attachments that contain an invisible cyberattack tool called Aria-body, which had never been detected before and had alarming new capabilities. Naikon will continue to pose as a significant threat, Check Point said, as it uses new server infrastructure, ever-changing loader variants, in-memory fileless loading, and a new backdoor.

Related: CyberSecurity Help s.r.o., TechRepublic, Check Point Research, Engadget, The Hacker News, Reddit – cybersecurity, BleepingComputer.com, CNBC, New York Times, The Times of Israel, Mother Jones, BetaNews, 9News , News.com.au, PerthNow, Braidwood Times, The New Daily, News.com, The West

Tweets:@ronenbergman

CyberSecurity Help s.r.o.: Naikon APT silently spied on government entities in the APAC region for at least five years
TechRepublic: Report: Chinese-linked hacking group has been infiltrating APAC governments for years
Check Point Research: Naikon APT: Cyber Espionage Reloaded
Engadget: A Chinese hacking group is reportedly targeting governments across Asia
The Hacker News: This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years
Reddit – cybersecurity: Naikon APT Hid Five-Year Espionage Attack Under Radar
BleepingComputer.com: New ‘Aria-body’ backdoor gets advanced hackers ?back in the spy game
CNBC: New cybersecurity report says China-based group is hacking Asia-Pacific governments
New York Times: Naikon, Group Tied to China’s Military, Deploys Debilitating New Cyberattack Tool
The Times of Israel: Israeli firm says Chinese cyber-espionage tool used to spy on governments
Mother Jones: Amid Coronavirus Cyber Attacks, a New Report Sheds Light on a Major Chinese Hacking Group
BetaNews: Hacker group has targeted Asia Pacific governments in five-year campaign
9News : Top WA department in ‘China cyber attack’ – 9News
News.com.au: Premier hit by hackers with China link
PerthNow: WA Government ‘targeted’ by Chinese hackers with advanced cyberattack tool: report
Braidwood Times : McGowan office in ‘China cyber attack’ – Braidwood Times
The New Daily: WA Premier Mark McGowan’s office targeted in ‘China cyber attack’
News.com.au: Premier hit by hackers with China link
The West : Chinese hackers targeted Premier Mark McGowans office with advanced cyberattack tool, report claims

@ronenbergman: NEW- cyber group affiliated with Chinese intelligence,is using a new never-seen-before powerful hacking weapon, in a series of attacks on embassies,government offices and state owned technology and science companies in Asia and Australia W\ @stevenleemyers


May 8, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Cisco Pushes Out Nearly Thirty-Five Patches, Including Fixes for Twelve High-Security Flaws That Can Be Exploited by Remote Attackers

Cisco has issued fixes for twelve high-severity vulnerabilities across several network security products, which can be exploited by unauthenticated, remote attackers to launch an array of attacks, from denial of service (DoS) to sniffing out sensitive data. Of particular importance are the patches issued for Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network security and traffic management products, and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices. Altogether Cisco issued 34 patches on Wednesday, including 12 high severity flaws and 22 medium severity glitches.