threatpost (21)

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Voter registration data belonging to the entirety of Chicago's electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.

It's Not Exactly Open Season on the iOS Secure Enclave

Despite yesterday's leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.

Threatpost News Wrap, August 18, 2017

Mike Mimoso and Tom Spring discuss this week's security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe's decision to end-of-life Flash Player.

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor.

Cisco Patches Privilege Escalation Bugs in APIC

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller that could allow an attacker to elevate privileges on the host machine.

Drupal Patches Critical Access Bypass in Core Engine

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Rowhammer Attacks Come to MLC NAND Flash Memory

IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory.

Locky Ransomware Variant Slips Past Some Defenses

Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.

Flash's Final Countdown Has Begun

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack

A.P. Moller -Maersk said June's NotPetya wiper malware attacks would cost the world's largest shipping container company $300M USD in lost revenue.

Google Removes Chrome Extension Used in Banking Fraud

Google has removed the Interface Online Chrome extension from the Chrome Web Store. The plugin was used by criminals in Brazil to target corporate users with the aim of stealing banking credentials.

Seven More Chrome Extensions Compromised

The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims' browsers grows.

Attackers Backdoor Another Software Update Mechanism

Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad.

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Researchers at My Online Security and the SANS Internet Storm Center have analyzed spam campaigns utilizing plausible imitations of legitimate banking domains to spread the Trickbot banking malware.

Blizzard Entertainment Hit With Weekend DDoS Attack

Blizzard Entertainment was hit with a crippling DDoS attack over the weekend that followed similar attacks last week that knocked gamers offline.

Windows Search Bug Worth Watching, and Squashing

Patches are available—and should be applied—that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren't so ready to do that.

Smart Locks Bricked by Bad Update

LockState's CEO says he is deeply sorry' about an erroneous wireless update that bricked hundreds of smart locks.

Researchers Find Phishing Site Encrypted with AES

A phishing site seeking Apple credentials and victim payment card information is encrypted with AES, researchers at Ring 0 Labs said.

APT28 Using EternalBlue to Attack Hotels in Europe, Middle East

Researchers believe attacks against wi-fi systems in hotels across Europe and the Middle East track back to Russian-speaking hackers known as APT28.

Many Factors Conspire in ICS/SCADA Attacks

A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support.

Apps Infected With SonicSpy Spyware Removed From Google Play

A spyware family called SonicSpy was found on three apps available on the Google Play store as well as on more than 1,000 apps available on third-party app stores.