What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-07 02:23:07 | Creating A Strong Password Policy With Specops and NIST Guidelines (lien direct) | End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts.
They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account password.
The National |
|||
|
2021-01-06 23:32:41 | SolarWinds Hackers Also Accessed U.S. Justice Department\'s Email Server (lien direct) | The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack.
"On December 24, 2020, the Department of Justice's Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected |
|||
|
2021-01-06 06:00:59 | Hackers Using Fake Trump\'s Scandal Video to Spread QNode Malware (lien direct) | Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.
The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT (QRAT) |
Malware | ||
|
2021-01-06 00:57:46 | WhatsApp Will Delete Your Account If You Don\'t Agree Sharing Data With Facebook (lien direct) | "Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind."
But come February 8, 2021, this opening statement will no longer find a place in the policy.
The Facebook-owned messaging service is alerting users in India of an update to its terms of service and |
|||
|
2021-01-05 23:17:23 | FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack (lien direct) | The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month.
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and |
Threat | ||
|
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2021-01-05 03:02:59 | Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20 (lien direct) | Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally.
According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry by cybercriminals when compared to an overall 22% increase in cyberattacks across all industry sectors |
|||
|
2021-01-05 02:40:32 | Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA (lien direct) | A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy.
Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2.
"The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API |
|||
|
2021-01-04 04:37:42 | British Court Rejects U.S. Request to Extradite WikiLeaks\' Julian Assange (lien direct) | A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security.
In a hearing at Westminster Magistrates' Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk and extradition to the |
|||
|
2021-01-02 06:28:05 | Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company (lien direct) | Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut [the company] off at the knees."
A subsidiary of Live Nation, the California-based ticket sales and distribution company used the stolen information to gain an advantage over CrowdSurge - which merged with Songkick |
|||
|
2021-01-01 05:49:30 | Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products (lien direct) | Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.
The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway ( |
Vulnerability | ||
|
2020-12-31 20:50:25 | (Déjà vu) Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code (lien direct) | Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.
The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.
"We detected |
Threat | ||
|
2020-12-29 03:21:53 | A Google Docs Bug Could Have Allowed Hackers See Your Private Documents (lien direct) | Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. | Tool Vulnerability | ||
|
2020-12-29 00:38:45 | AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users (lien direct) | Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020.
Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, |
Threat | ||
|
2020-12-26 22:24:48 | A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware (lien direct) | An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments.
According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could |
Malware Vulnerability | ||
|
2020-12-25 21:34:29 | Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data (lien direct) | 21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites.
The suspects used stolen personal credentials to commit further cyber and fraud offences, the NCA said.
Of the 21 arrested-all men aged between 18 and 38- nine have been |
|||
|
2020-12-25 02:26:11 | Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers (lien direct) | New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email.
The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal |
Threat | ||
|
2020-12-24 22:33:49 | Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks (lien direct) | Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets.
"An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to |
Guideline | ||
|
2020-12-24 01:01:19 | Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug (lien direct) | Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code.
Details of the flaw were revealed after Microsoft failed to patch it within 90 days of responsible disclosure on September 24.
Originally tracked as CVE-2020-0986, the flaw concerns an elevation |
Vulnerability | ||
|
2020-12-23 23:24:40 | North Korean Hackers Trying to Steal COVID-19 Vaccine Research (lien direct) | Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting |
Threat Medical | APT 38 APT 28 | |
|
2020-12-23 00:41:49 | How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis (lien direct) | As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further.
The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations.
According to Interpol's COVID-19 Cybercrime Analysis Report, based on the feedback of 194 |
Malware | ||
|
2020-12-22 23:49:44 | Law Enforcement Seizes Joker\'s Stash - Stolen Credit Card Marketplace (lien direct) | The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums.
The takedown happened last week on December 17.
The operators of Joker's Stash operate several versions of the platform, including |
|||
|
2020-12-22 22:51:43 | New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices (lien direct) | The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks.
The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of |
|||
|
2020-12-22 08:34:03 | Cybercriminals\' Favorite Bulletproof VPN Service Shuts Down In Global Action (lien direct) | Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity.
The three domains in question - insorg[.]org, safe-inet[.]com, and safe-inet[.]net - were shut down, and their |
|||
|
2020-12-22 01:50:07 | A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says (lien direct) | As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the |
Malware Threat | ||
|
2020-12-21 08:57:50 | Two Critical Flaws - CVSS Score 10 - Affect Dell Wyse Thin Client Devices (lien direct) | A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices.
The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS |
|||
|
2020-12-21 02:33:46 | Common Security Misconfigurations and Their Consequences (lien direct) | Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations.
The first one is development permissions that don't get changed when something goes live. For example, AWS S3 |
|||
|
2020-12-20 22:56:04 | iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit (lien direct) | Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign.
In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al |
|||
|
2020-12-17 20:56:04 | Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack (lien direct) | The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought.
News of Microsoft's compromise was first reported by Reuters, which also said the company's own products were then |
Hack | ||
|
2020-12-17 02:36:25 | How to Use Password Length to Set Best Password Expiration Policy (lien direct) | One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings.
Let's take a look at a few best practices that have changed in regards |
|||
|
2020-12-17 02:33:03 | Software Supply-Chain Attack Hits Vietnam Government Certification Authority (lien direct) | Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems.
Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website ("ca.gov.vn |
|||
|
2020-12-16 10:04:04 | New Evidence Suggests SolarWinds\' Codebase Was Hacked to Inject Backdoor (lien direct) | The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack.
A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed |
|||
|
2020-12-16 06:59:44 | New 5G Network Flaws Let Attackers Track Users\' Locations and Steal Data (lien direct) | As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic.
The findings form the basis of a new "5G Standalone core |
|||
|
2020-12-16 06:33:56 | Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy (lien direct) | Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research.
In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads |
Ransomware Malware | ||
|
2020-12-16 05:41:20 | What is Geocoding? - How to Find Coordinates of An Address (lien direct) | How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility?
Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data.
Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention |
Uber | ||
|
2020-12-15 22:47:24 | SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack (lien direct) | Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign.
In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to |
Vulnerability | ||
|
2020-12-15 03:18:55 | Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices (lien direct) | A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.
Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as |
Threat | ||
|
2020-12-15 03:03:31 | Download the Essential Guide to Response Automation (lien direct) | In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means."
It's freely used as a response to someone's misuse or misunderstanding of a word or phrase.
"Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the |
|||
|
2020-12-15 01:54:18 | Nearly 18,000 SolarWinds Customers Installed Backdoored Software (lien direct) | SolarWinds, the enterprise monitoring software provider who found itself at the epicenter of the most consequential supply chain attacks, said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products.
The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday.
The Texas-based |
|||
|
2020-12-14 23:58:12 | Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware) (lien direct) | A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.
Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses |
Malware | ||
|
2020-12-14 05:34:45 | SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online (lien direct) | Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.
"SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels |
Malware | ||
|
2020-12-13 21:44:40 | US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor (lien direct) | State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign.
The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the |
APT 29 | ||
|
2020-12-11 09:25:37 | Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers (lien direct) | A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software-as well as with ability for its affiliates to launch double extortion attacks.
The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing |
Ransomware | ||
|
2020-12-11 03:48:22 | Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers (lien direct) | Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.
"Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of |
Malware | Adrozek | |
|
2020-12-11 03:29:34 | Governance Considerations for Democratizing Your Organization\'s Data in 2021 (lien direct) | With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch out for.
While empowering non-technical users to run ad-hoc reports gives enterprises the ability to |
|||
|
2020-12-10 23:42:22 | Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam (lien direct) | Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.
Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for |
Hack Threat | APT 32 | |
|
2020-12-10 08:02:56 | Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software (lien direct) | Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks.
The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to execute arbitrary code on target systems by sending specially-crafted chat messages in group |
|||
|
2020-12-10 03:00:09 | Valve\'s Steam Server Bugs Could\'ve Let Hackers Hijack Online Games (lien direct) | Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers.
"An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point |
|||
|
2020-12-09 23:17:08 | AWS, Cisco, and CompTIA Exam Prep - Get 22 Courses for $4.50 Each (lien direct) | You don't need a college degree to get a well-paid job in IT. But technical recruiters do expect to see key certifications on your résumé.
If you would like to improve your chances of getting hired, "The 2021 All-In-One AWS, Cisco & CompTIA Super Certification Bundle" is worth your attention.
This mammoth collection of courses helps you prepare for a long list of certification exams, including |
|||
|
2020-12-09 23:16:50 | 48 U.S. States and FTC are suing Facebook for illegal monopolization (lien direct) | The US Federal Trade Commission and a coalition of 48 state attorneys general on Wednesday filed a pair of sweeping antitrust suits against Facebook, alleging that the company abused its power in the marketplace to neutralize competitors through its acquisitions of Instagram and WhatsApp and depriving users of better privacy-friendly alternatives.
"Facebook has engaged in a systematic strategy - |
To see everything:
Our RSS (filtrered)
