The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week. ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions. Siemens, the German...

LizardStresser, a distributed denial of service botnet, has found new life leveraging hundreds of internet-based webcams in attacks against Brazilian-based banks, government agencies as well as a handful of U.S.-based gaming companies. Researchers at the Arbor’s Security Engineering and Response Team (ASERT) say publicly released source code of the LizardStresser botnet in 2015, by the...

Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product. The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressing vulnerabilities in builds 7.3.4.311 and earlier of the...

Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps are increasingly being targeted by hacker seeking to steal patient medical records from hospitals. Attackers consider the devices soft digital targets, seldom guarded with same security as client PCs and servers within hospitals. In a report by security firm TrapX Labs, researchers found...

A hacker selling upwards to 655,000 healthcare records on the dark web allegedly obtained them after exploiting a vulnerability in how companies implement remote desktop protocol, or RDP, functionality. The hacker, who goes by the handle “thedarkoverlord,” allegedly penetrated three healthcare organizations and made off with a database from each, according to Deep Dot Web, who...

Crooks behind the fast spreading CryptXXX ransomware updated the latest variant with better encryption technology and new methods to evade detection by researchers. This latest version of CryptXXX was spotted by researchers at SetinelOne that say the new updated sample has already earned ransomers approximately $50,000 in bitcoin payouts in the last 17 days. The...

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations (PDF),” offers a fascinating look behind the privacy curtains at hospitals. The study, sponsored by the University of Pennsylvania, Dartmouth College and the...

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: Threatpost_News_Wrap_June_24_2016.mp3 Music by Chris Gonsalves

An anime site popular in Mexico and South America has been infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigger kits, Angler and Nuclear, have apparently...

The notorious Necurs botnet is back in business, after mysteriously going dark for nearly a month. Researchers report the Necurs has returned to spewing massive volumes of email containing an improved version of the potent Locky ransomware and the Dridex banking Trojan. According to Proofpoint which has been tracking Necurs, criminals behind the botnet began...