Saturday, January 19, 2019

Google Play Removes Malicious Malware-Ridden Apps

Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.

Fallout EK Retools for a Fresh New 2019 Look

The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

Threatpost News Wrap Podcast For Jan. 18

Threatpost editors break down the top headlines from the week ended Jan. 18.

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

A default configuration allows full admin access to unauthenticated attackers.

Twitter Android Glitch Exposed Private Tweets for Years

Twitter has fixed the issue, which has been ongoing since 2014.

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.

Apple CEO Demands Federal Data Privacy Legislation

Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.

Cyber-Jackpot: 773M Credentials Dumped on the Dark Web

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

Cryptomining Malware Uninstalls Cloud Security Products

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS

Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.

Millions of Oklahoma Gov Files Exposed by Wide-Open Server

The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.

U.S. Issues Multiple Charges For 2016 SEC Hack

The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.

Fortnite Hacked Via Insecure Single Sign-On

Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

Magecart Returns with Advertising Library Tactic

The threat group also has a new subsidiary, Magecart Group 12.

VOIPO Database Exposes Millions of Texts, Call Logs

VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.

IDenticard Zero-Days Allow Corporate Building Access, Location Recon

Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.

Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian

January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.

Judge: Law Enforcement Can’t Force Suspects to Unlock iPhones with FaceID

A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.

ThreatList: $1.7M is the Average Cost of a Cyber-Attack

Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.

Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims

He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms.
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more