Friday, July 31, 2015
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
Click-Fraud Malware Spreading via JavaScript Attachments The SANS Internet Storm Center reports a rash of malicious spam pushing Kovter click-fraud malware.
Critical Remotely Exploitable Bug Haunts BIND The maintainers of BIND have patched a critical remotely exploitable vulnerability in the DNS software that can be used in a denial-of-service attack. The vulnerability affects all versions of BIND from 9.1.0 through 9.9.7. The vulnerability is in the way that BIND handles certain queries related to transaction key records. The bug is fixed in […]
New Hammertoss Espionage Tool Tied to MiniDuke Gang Hammertoss, a backdoor uncovered by researchers at FireEye, combines many previous communication venues used by APT29, a espionage outfit linked to the Russian government.
Census Bureau Says Breach Didn’t Compromise Sensitive Data Officials at the United States Census Bureau say that the attackers who compromised one of the bureau’s databases last week did not get access to any confidential information, but only data such as names and phone numbers of organizations that submit information to the Federal Audit Clearinghouse. The data breach appears to have hit only […]

Latest News

Unusual Re-Do of US Wassenaar Rules Applauded

The U.S. Commerce Department this week agreed to rewrite the proposed U.S. implementation of the Wassenaar Arrangement, a decision lauded by security experts.

Threatpost News Wrap, July 31, 2015

Dennis Fisher and Mike Mimoso discuss the hacked sniper rifle, the huge Android bug in Stagefright, Samy Kamkar’s OwnStar device, and the joy and pain of next week’s Black Hat conference.

FBI Warns of Increase in DDoS Extortion Scams

Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar […]

Xen Patches VM Escape Flaw

The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem is related to the […]

Cisco Fixes DoS Vulnerability in ASR 1000 Routers

Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets. The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE […]

Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection

OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.

Moonpig Warns Customers of ‘Security Issue’

Moonpig has warned customers that some of their email addresses, passwords, and account balances have been published after what it calls a “security issue”. The company, which sells custom greeting cards, said in a message to users that attackers were not able to get any credit card information, as Moonpig does not store that data. […]

OwnStar Device Can Remotely Locate, Unlock, and Start GM Cars

Car hacking just jumped up a few levels. A security researcher has built a small device that can intercept the traffic from the OnStar RemoteLink mobile app and give him persistent access to a user’s vehicle to locate, unlock, and start it. The device is called OwnStar and it’s the creation of Samy Kamkar, a security researcher […]

Researchers Manipulate Rifle’s Precision Targeting System

At Black Hat next week, researchers Runa Sandvik and Michael Auger are expected to demonstrate how they were able to manipulate a Linux-powered, networked high-end rifle.