What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-20 02:23:24 | Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor (lien direct) | The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a | Vulnerability Medical | APT 38 | |
|
2022-05-19 22:30:01 | Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware (lien direct) | Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware | Malware Guideline | ||
|
2022-05-19 19:40:42 | QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks (lien direct) | Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team. "QNAP urges all NAS users to check and update QTS to the latest version as | Ransomware | ||
|
2022-05-19 19:08:09 | New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars (lien direct) | A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. | Hack Vulnerability | ||
|
2022-05-19 05:16:30 | 7 Key Findings from the 2022 SaaS Security Survey Report (lien direct) | The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves. Demographics The | |||
|
2022-05-19 02:05:10 | High-Severity Bug Reported in Google\'s OAuth Client Library for Java (lien direct) | Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature. | Vulnerability | ||
|
2022-05-18 22:34:57 | Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit (lien direct) | A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 million pages from the top 100 websites, and found that as many as 1,844 websites allowed trackers to | |||
|
2022-05-18 21:48:33 | VMware Releases Patches for New Vulnerabilities Affecting Multiple Products (lien direct) | VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior | |||
|
2022-05-18 06:24:30 | How to Protect Your Data When Ransomware Strikes (lien direct) | Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite | Ransomware Malware | ★★ | |
|
2022-05-18 04:22:22 | Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang (lien direct) | The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new report shared with The | Tool | ||
|
2022-05-18 02:23:56 | [eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery (lien direct) | To cash in on a thriving market, a managed security service provider (MSSP) must navigate unprecedented competition and complex challenges. The good news is that demand is through the roof. 69% of organizations plan to boost spending on cybersecurity in 2022. The bad news is that everyone wants a piece of the pie. MSSPs must outshine each other while fending off encroachments by traditional IT | |||
|
2022-05-18 02:18:54 | Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility (lien direct) | Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility "sqlps.exe," the tech giant said in a series of tweets. The ultimate goals of the | |||
|
2022-05-18 01:07:06 | U.S. Warns Against North Korean Hackers Posing as IT Freelancers (lien direct) | Highly skilled software and mobile app developers from the Democratic People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in hopes of landing freelance employment in an attempt to enable the regime's malicious cyber intrusions. That's according to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI) | |||
|
2022-05-18 00:31:24 | Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets (lien direct) | Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet. "Cryware are information stealers that | Malware Threat | ||
|
2022-05-17 22:32:45 | Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government (lien direct) | The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website. "We have our insiders in your government. We are also | Ransomware | ||
|
2022-05-17 05:38:40 | UpdateAgent Returns with New macOS Malware Dropper Written in Swift (lien direct) | A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat | Malware | ||
|
2022-05-17 05:25:09 | Are You Investing in Securing Your Data in the Cloud? (lien direct) | Traditional businesses migrating to the cloud need robust information security mechanisms. Gartner predicts that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered more secure, not all | |||
|
2022-05-17 01:50:51 | U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware (lien direct) | The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the | Ransomware Tool | ||
|
2022-05-17 01:37:49 | New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners (lien direct) | Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the | |||
|
2022-05-17 01:09:21 | Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer (lien direct) | More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information. "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a | |||
|
2022-05-16 19:24:22 | Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability (lien direct) | Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw | Vulnerability | ||
|
2022-05-16 03:21:59 | Fake Clickjacking Bug Bounty Reports: The Key Facts (lien direct) | Are you aware of fake clickjacking bug bounty reports? If not, you should be. This article will get you up to speed and help you to stay alert. What are clickjacking bug bounty reports? If we start by breaking up the term into its component parts, a bug bounty is a program offered by an organization, in which individuals are rewarded for finding and reporting software bugs. These programs are | |||
|
2022-05-16 02:58:57 | Researchers Find Way to Run Malware on iPhone Even When It\'s OFF (lien direct) | A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate | Malware | ||
|
2022-05-16 01:55:30 | Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram (lien direct) | An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the | Malware Threat | ||
|
2022-05-15 19:42:00 | Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity (lien direct) | The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2" (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp sets ground rules, requiring | |||
|
2022-05-15 19:12:21 | Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers (lien direct) | A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev, who pleaded guilty to his offenses earlier this February, was arrested in Poland in October 2020, before being extradited to the U.S. in September | Guideline | ||
|
2022-05-13 23:45:10 | Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off (lien direct) | Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, with five | |||
|
2022-05-13 21:39:11 | SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (lien direct) | SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282 (CVSS score: 8.2) - Unauthenticated Access | |||
|
2022-05-13 21:17:11 | (Déjà vu) Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K. (lien direct) | A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly | Malware | ||
|
2022-05-13 21:16:51 | (Déjà vu) Google Created \'Open Source Maintenance Crew\' to Help Secure Critical Projects (lien direct) | Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers | Tool Vulnerability | ||
|
2022-05-13 05:26:14 | Google Created \'Open-Source Maintenance Crew\' to Help Secure Critical Projects (lien direct) | Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers | Tool Vulnerability | ||
|
2022-05-13 02:32:11 | New Saitama backdoor Targeted Official from Jordan\'s Foreign Ministry (lien direct) | A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a | Threat | APT 34 | ★★ |
|
2022-05-12 23:24:37 | Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability (lien direct) | Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory | Vulnerability | ★★★ | |
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-05-12 06:37:57 | E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse (lien direct) | The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE). To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as | ★★ | ||
|
2022-05-12 03:09:08 | Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (lien direct) | Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue - malicious JavaScript had been injected within their website's files and the database, including | ★★★★ | ||
|
2022-05-12 01:35:09 | Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones (lien direct) | Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick | ★★★★ | ||
|
2022-05-12 00:27:14 | Everything We Learned From the LAPSUS$ Attacks (lien direct) | In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While | Ransomware | ★★★★ | |
|
2022-05-11 23:43:59 | Government Agencies Warn of Increase in Cyberattacks Targeting MSPs (lien direct) | Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts that access customer | ★★ | ||
|
2022-05-11 22:36:36 | Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers (lien direct) | Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as | ★★★ | ||
|
2022-05-11 21:42:42 | CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. The flaw, assigned the identifier CVE-2022-1388 (CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to | Vulnerability | ★★★ | |
|
2022-05-11 05:43:48 | [White Paper] Social Engineering: What You Need to Know to Stay Resilient (lien direct) | Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that | |||
|
2022-05-11 05:37:26 | Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia (lien direct) | An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) | Threat | ||
|
2022-05-11 03:27:50 | Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K (lien direct) | A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly | Malware | ★★★ | |
|
2022-05-11 02:08:21 | Malicious NPM Packages Target German Companies in Supply Chain Attack (lien direct) | Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the | Malware | ★★★ | |
|
2022-05-11 00:37:16 | E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat (lien direct) | The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication (SATCOM) provider that had "spillover" effects across Europe. The cyber offensive, which took place one hour before the Kremlin's military invasion of Ukraine on February | ★★★ | ||
|
2022-05-10 22:29:11 | Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates (lien direct) | Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of | ★★★★ | ||
|
2022-05-10 06:31:44 | 5 Benefits of Detection-as-Code (lien direct) | TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business | Threat | ★★★ | |
|
2022-05-10 06:02:32 | New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity (lien direct) | The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a | Ransomware Threat | ★★★ | |
|
2022-05-10 05:44:36 | Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families (lien direct) | Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and | Malware | ★★ |
To see everything:
Our RSS (filtrered)
