You are here
Home > Posts tagged "Threatpost"

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Wordpress powers a lot of the web, 35% by some estimates. I've built a variety of sites on Wordpress, mostly as a 'get online quick' response with the ambition to migrate to something 'more professional' later on. It never happens (this site is still on WP). Wordpress is 'good enough' for most. I have personal experience of LearnPress and can tell you it's tricky to lock it down, but make it usable. I feel the pain of these educational establishments...: The flaws in LearnPr

Single Malicious GIF Opened Microsoft Teams to Nasty Attack

When I skimmed this I saw 'fixed' so was about to skip to the next story. Reading a little deeper you can see it's been 'fixed' by some DNS changes which mitigate against the exploit, but the underlying authentication mechanism is still there waiting for the next mis-configured DNS record...: Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could of allowed an inside attacker to weaponized a single GIF image and use it

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

"More security teams focus on their Patch Tuesday fixes than updating the devices they frequently expose directly to the internet.” Yep...: The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers, other botnets have attempted to do the same, but have so far failed. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found

Convincing Google Impersonation Opens Door to MiTM, Phishing

Would you (more importantly, your users) spot the difference?...: [...] As an example, this URL uses a homographic character as its first character: “ɢoogle.news.” That can be compared to the legitimate “google.news” font — there’s a barely discernable difference. Lumelsky noted that a few years ago someone bought the homographic-including “ɢoogle.com” to use it for phishing purposes. “I wondered to myself: There are new top-level-domains every year. Did the world lear

Google’s War on Android App Permissions, 60 Percent Successful

The default position for most developers has historically been "Grant me God-like powers" but that goes completely against the principles of "least privilege" and "privacy by default and design" from GDPR. Google has been reminding developers as has Apple...: [...] Meanwhile app permissions continue to be a point of controversy among end-users and developers. Earlier this week Apple took heat over the way it handles permissions tied to cut-and-paste data temporarily stored t

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

Authenticate/encrypt all communication paths. 'Zero trust' is a much hyped term, but it's a good idea...: [...] In Wi-Fi, whenever a device connects to an access point (AP), that’s called an association. When it disconnects (for instance when a person roams from one Wi-Fi AP to another, experiences signal interference or turns off Wi-Fi on the device) this is called a disassociation. KRACK vs. Kr00k. “KrØØk manifests itself after a disassociation,” ESET researchers e

RSAC 2020: Smart Baby Monitor Vulnerable to Remote Hackers

Don't buy this, or anything that can't satisfy the most basic of security requirements...: [...] The most severe flaw stems from an issue with the baby monitor’s implementation of the MQTT communication protocol, which is often used by IoT and machine-to-machine applications. Configuration issues with MQTT protocols have also plagued other IoT device makers. Over the past year, improper configuration of MQTT has opened the doors to various vulnerabilities including bugs in s

Iranian APT Targets Govs With New Malware

Fallback Image

Nation-state attacks have a habit of popping up as criminal activity.  Watch out for this one...: [...] The malicious document uses command prompt (cmd.exe) to execute a batch script, which then adds a key to the registry for persistence. Simultaneously, a PowerShell script is executed and uses rundll.32 (a Windows tool that runs program code in DLL files as if they were within the actual program; many viruses also use this name or similar ones) to execute the ForeLord malwa

Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data

The same feature/'vulnerability' exists in every operating system. Data on the clipboard is 'in the clear'. That's why you need to be careful about copy/paste of passwords wherever you use them...: [...] Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadshee

Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam

I live near this company and my mother-in-law lived in one of their properties so this is very much a local story for me...: A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise (BEC) campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. (outside of London) announced in a  recent website notice that £932,000 of the money paid into its coffers by tenant-owners was transferr

Top