What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-28 05:44:07 | Italy CERT Warns of a New Credential Stealing Android Malware (lien direct) | Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
Dubbed "Oscorp" by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen."
So named because of the title of the login |
Malware | ||
|
2021-01-28 02:26:43 | Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware (lien direct) | U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.
"We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom |
Ransomware Threat | ||
|
2021-01-28 01:41:53 | European Authorities Disrupt Emotet - World\'s Most Dangerous Malware (lien direct) | Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade.
The coordinated takedown of the botnet on Tuesday - dubbed "Operation Ladybird" - is the result of a joint effort between authorities in the Netherlands, Germany, the U.S. |
Ransomware Spam Malware | ||
|
2021-01-27 07:01:38 | New Docker Container Escape Bug Affects Microsoft Azure Functions (lien direct) | Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them.
The findings come as part of Intezer Lab's investigations into the Azure compute infrastructure.
Following disclosure to Microsoft, the Windows maker is said to have "determined that the |
Vulnerability | ||
|
2021-01-27 05:59:56 | Warning Issued Over Hackable ADT\'s LifeShield Home Security Cameras (lien direct) | Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams.
The vulnerabilities (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020.
LifeShield was acquired by |
|||
|
2021-01-27 04:58:55 | (Déjà vu) New Attack Could Let Remote Hackers Target Devices On Internal Networks (lien direct) | A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.
Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal |
|||
|
2021-01-27 03:09:50 | Top Cyber Attacks of 2020 (lien direct) | With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before.
"Zoombomb" became the new photobomb-hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. |
|||
|
2021-01-27 02:25:16 | Using the Manager Attribute in Active Directory (AD) for Password Resets (lien direct) | Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic.
With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts.
How can organizations bolster the |
|||
|
2021-01-26 21:50:09 | Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild (lien direct) | Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild.
Reported by an anonymous researcher, the three zero-day flaws - CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 - could have allowed an attacker to elevate privileges and achieve remote code execution.
The iPhone maker did not |
|||
|
2021-01-26 20:28:38 | In the Wake of the SolarWinds Hack, Here\'s How Businesses Should Respond (lien direct) | Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies.
And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021.
But at the end of the |
|||
|
2021-01-26 03:22:12 | Targeted Phishing Attacks Target High-Ranking Company Executives (lien direct) | An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information.
The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration |
|||
|
2021-01-26 03:03:20 | TikTok Bug Could Have Exposed Users\' Profile Data and Phone Numbers (lien direct) | Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity.
Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, successful exploitation of the |
|||
|
2021-01-26 03:00:15 | vCISO Shares Most Common Risks Faced by Companies With Small Security Teams (lien direct) | Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats.
Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security |
|||
|
2021-01-25 21:10:52 | N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches (lien direct) | Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development.
The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, Twitter, LinkedIn |
Vulnerability Threat | ||
|
2021-01-25 05:46:11 | Enhancing Email Security with MTA-STS and SMTP TLS Reporting (lien direct) | In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents.
Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted |
|||
|
2021-01-25 00:05:35 | Beware - A New Wormable Android Malware Spreading Through WhatsApp (lien direct) | A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign.
"This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said.
The link to the fake |
Malware | ||
|
2021-01-24 23:48:31 | Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges (lien direct) | Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed.
Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat |
|||
|
2021-01-23 03:00:46 | Experts Detail A Recent Remotely Exploitable Windows Vulnerability (lien direct) | More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month.
The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw |
Vulnerability | ||
|
2021-01-23 00:43:20 | Beware! Fully-Functional Released Online for SAP Solution Manager Flaw (lien direct) | Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software.
The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2
SAP SolMan is an application management and administration solution that offers end-to-end |
|||
|
2021-01-22 22:04:50 | Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product (lien direct) | SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems.
The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide |
|||
|
2021-01-22 02:40:32 | Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account (lien direct) | Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book.
Dubbed "KindleDrip," the exploit chain takes advantage of a feature called "Send to Kindle" to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary |
|||
|
2021-01-22 02:18:27 | Missing Link in a \'Zero Trust\' Security Model-The Device You\'re Connecting With! (lien direct) | Like it or not, 2020 was the year that proved that teams could work from literally anywhere.
While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that |
|||
|
2021-01-21 06:58:01 | MrbMiner Crypto-Mining Malware Links to Iranian Software Company (lien direct) | A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran.
The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the |
Malware | ||
|
2021-01-21 03:59:10 | Here\'s How SolarWinds Hackers Stayed Undetected for Long Enough (lien direct) | Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history.
Calling the threat actor "skillful and methodic operators who follow |
Hack Threat | ||
|
2021-01-21 03:09:23 | Importance of Application Security and Customer Data Protection to a Startup (lien direct) | When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources.
Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large |
|||
|
2021-01-21 03:04:00 | Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet (lien direct) | A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees.
The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point |
Threat | ||
|
2021-01-20 03:16:59 | Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps (lien direct) | In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call.
The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group |
Vulnerability | ||
|
2021-01-19 20:59:14 | SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm (lien direct) | Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.
The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications |
|||
|
2021-01-19 07:04:55 | Researchers Discover Raindrop - 4th Malware Linked to the SolarWinds Attack (lien direct) | Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that |
Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-19 04:01:02 | A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder (lien direct) | Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code.
The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in the |
|||
|
2021-01-19 03:05:29 | New Educational Video Series for CISOs with Small Security Teams (lien direct) | Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded.
Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities.
CISOs at SMEs are |
Threat | ||
|
2021-01-19 03:02:30 | FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities (lien direct) | An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.
The attacks involve a new malware variant called "FreakOut" that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and |
Malware | ||
|
2021-01-17 22:42:40 | (Déjà vu) Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security (lien direct) | Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls.
Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network |
|||
|
2021-01-16 04:38:49 | WhatsApp Delays Controversial \'Data-Sharing\' Privacy Policy Update By 3 Months (lien direct) | WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15.
Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of |
|||
|
2021-01-15 23:30:40 | NSA Suggests Enterprises Use \'Designated\' DNS-over-HTTPS\' Resolvers (lien direct) | The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) - if configured appropriately in enterprise environments - can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors.
"DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by |
Threat | ||
|
2021-01-15 21:35:26 | Joker\'s Stash, The Largest Carding Marketplace, Announces Shutdown (lien direct) | Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.
In a message board post on a Russian-language underground cybercrime forum, the operator of the site - who goes by the name "JokerStash" - said "it's time for us to leave forever" and that "we will never ever open again," |
|||
|
2021-01-15 03:31:43 | Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks (lien direct) | Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A |
Malware Threat Guideline | APT 41 | ★★★★★ |
|
2021-01-14 01:10:41 | Experts Uncover Malware Attacks Against Colombian Government and Companies (lien direct) | Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries.
In a report published by ESET on Tuesday, the Slovak internet security company said the attacks - dubbed "Operation Spalax" - began in 2020, with the modus operandi sharing some similarities to an APT |
Malware | ||
|
2021-01-13 02:07:16 | Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips (lien direct) | Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors.
The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU |
Ransomware | ||
|
2021-01-13 00:37:23 | Buyer\'s Guide for Securing Internal Environment with a Small Cybersecurity Team (lien direct) | Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches.
The "buyer's guide for securing the internal environment with a |
|||
|
2021-01-12 23:49:30 | Authorities Take Down World\'s Largest Illegal Dark Web Marketplace (lien direct) | Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI).
At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, |
|||
|
2021-01-12 21:59:24 | Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365 (lien direct) | Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange.
The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate |
Threat | ||
|
2021-01-12 21:01:20 | Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws (lien direct) | For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core |
Malware | ||
|
2021-01-12 06:10:14 | Warning - 5 New Trojanized Android Apps Spying On Users In Pakistan (lien direct) | Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.
Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance, |
|||
|
2021-01-12 03:07:27 | Experts Sound Alarm On New Android Malware Sold On Hacking Forums (lien direct) | Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the |
Malware Threat | ||
|
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 05:41:59 | Researchers Find Links Between Sunburst and Russian Kazuar Malware (lien direct) | Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain.
In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto |
Malware | Solardwinds Solardwinds | |
|
2021-01-10 23:11:27 | Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack (lien direct) | A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies.
Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online |
Hack | ||
|
2021-01-08 08:56:19 | New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys (lien direct) | Hardware security keys-such as those from Google and Yubico-are considered the most secure means to protect accounts from phishing and takeover attacks.
But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.
The vulnerability ( |
Vulnerability | ||
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 |
To see everything:
Our RSS (filtrered)
