What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-25 03:33:42 | Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (lien direct) | A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities - in only ~150 lines, it provides the | Malware Threat | ||
|
2021-11-25 01:24:46 | If You\'re Not Using Antivirus Software, You\'re Not Paying Attention (lien direct) | Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy. Need help | Malware | ||
|
2021-11-25 00:10:45 | Warning - Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild (lien direct) | Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this | Malware Vulnerability | ||
|
2021-11-24 21:09:55 | VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client (lien direct) | VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, | Vulnerability | ||
|
2021-11-24 04:25:16 | Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally (lien direct) | Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese | Threat | ||
|
2021-11-24 00:49:24 | APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users (lien direct) | A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try | Threat | ||
|
2021-11-23 23:40:13 | Over 9 Million Android Phones Running Malware Apps from Huawei\'s AppGallery (lien direct) | At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the | Malware | ||
|
2021-11-23 21:32:20 | Apple Sues Israel\'s NSO Group for Spying on iPhone Users With Pegasus Spyware (lien direct) | Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as "notorious hackers - amoral 21st century mercenaries who have created highly sophisticated | |||
|
2021-11-23 04:26:58 | What Avengers Movies Can Teach Us About Cybersecurity (lien direct) | Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals.If we choose to go with this fun analogy, is there anything useful we can learn from those movies? World-ending baddies | |||
|
2021-11-23 04:06:22 | Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox (lien direct) | A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads. "Successful attacks of | Vulnerability | ||
|
2021-11-23 02:58:04 | More Stealthier Version of BrazKing Android Malware Spotted in the Wild (lien direct) | Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the | Malware Threat | ||
|
2021-11-23 02:34:19 | The Importance of IT Security in Your Merger Acquisition (lien direct) | In the business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships. Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity. In the modern business world before and after | |||
|
2021-11-22 23:39:14 | GoDaddy Data Breach Exposes Over 1 Million WordPress Customers\' Data (lien direct) | Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain | Data Breach | ||
|
2021-11-22 04:10:31 | New Golang-based Linux Malware Targeting eCommerce Websites (lien direct) | Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a | Malware Threat | ||
|
2021-11-22 03:47:12 | Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns (lien direct) | Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a | Spam Malware | ||
|
2021-11-21 23:30:46 | Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023 (lien direct) | Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services | |||
|
2021-11-20 07:54:06 | RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools (lien direct) | A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass | Threat | ||
|
2021-11-20 07:26:20 | North Korean Hackers Found Behind a Range of Credential Theft Campaigns (lien direct) | A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the | Malware Threat | ||
|
2021-11-19 05:14:08 | 11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells (lien direct) | Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible | |||
|
2021-11-19 04:54:36 | U.S. Charged 2 Iranians Hackers for Threatening Voters During 2020 Presidential Election (lien direct) | The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question - Seyyed Mohammad Hosein Musa Kazemi, 24, and | Threat | ||
|
2021-11-19 01:27:29 | FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug (lien direct) | The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had | Threat | ||
|
2021-11-19 00:53:26 | A Simple 5-Step Framework to Minimize the Risk of a Data Breach (lien direct) | Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months, | Data Breach | ||
|
2021-11-18 22:50:24 | Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims (lien direct) | The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their | Ransomware | ||
|
2021-11-18 21:38:10 | New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks (lien direct) | Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers | |||
|
2021-11-18 04:59:17 | Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models (lien direct) | Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead | Vulnerability Guideline | ||
|
2021-11-18 04:43:56 | How to Build a Security Awareness Training Program that Yields Measurable Results (lien direct) | Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the | |||
|
2021-11-17 23:59:00 | Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware (lien direct) | Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their | Ransomware Threat | ||
|
2021-11-17 07:44:03 | U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws (lien direct) | Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple | Threat | ||
|
2021-11-17 07:13:06 | Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities (lien direct) | A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which was observed in September 2021, deployed Cobalt Strike payloads as a stepping stone for launching | |||
|
2021-11-17 03:10:39 | Israel\'s Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East (lien direct) | Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets in the U.K., Yemen, and Saudi Arabia, as well as to Hezbollah; to government institutions in Iran ( | |||
|
2021-11-17 02:48:50 | On-Demand Webinar: Into the Cryptoverse (lien direct) | In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream. This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more | |||
|
2021-11-16 22:40:27 | Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform (lien direct) | Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to | Threat | ||
|
2021-11-16 08:48:41 | New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses (lien direct) | Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique - dubbed "Blacksmith" (CVE-2021-42114, CVSS score: 9.0) - is designed to trigger bit flips on target refresh rate-enabled DRAM | |||
|
2021-11-16 04:41:42 | Researchers Demonstrate New Way to Detect MITM Phishing Kits in the Wild (lien direct) | No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, | |||
|
2021-11-16 01:22:15 | Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware (lien direct) | The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously | Malware | ||
|
2021-11-15 22:52:38 | New \'Moses Staff\' Hacker Group Targets Israeli Companies With Destructive Attacks (lien direct) | A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to | |||
|
2021-11-15 21:38:51 | SharkBot - A New Android Trojan Stealing Banking and Cryptocurrency Accounts (lien direct) | Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets - counting 22 unnamed international banks in Italy and the U.K. as well as five | Malware | ||
|
2021-11-15 07:30:01 | Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic (lien direct) | A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate ( | Threat | ||
|
2021-11-15 02:21:24 | (Déjà vu) North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro (lien direct) | Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets. IDA Pro is an Interactive Disassembler that's | APT 38 | ||
|
2021-11-15 01:53:34 | How to Tackle SaaS Security Misconfigurations (lien direct) | Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is - each app has tens or hundreds of security settings to configure, in | |||
|
2021-11-14 21:28:16 | FBI\'s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line "Urgent: Threat actor in systems" | Threat | ||
|
2021-11-12 07:32:30 | Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks (lien direct) | Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the | Ransomware Malware Threat | ★★★ | |
|
2021-11-12 07:15:52 | Abcbot - A New Evolving Wormable Botnet Malware Targeting Linux (lien direct) | Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 | Malware | ||
|
2021-11-11 21:43:11 | Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant (lien direct) | Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a | Hack Threat | ||
|
2021-11-11 09:52:12 | Researchers Uncover Hacker-for-Hire Group That\'s Active Since 2015 (lien direct) | A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain while lurking in the shadows. Named after a many-headed dragon from Romanian folklore, the adversary | |||
|
2021-11-11 03:50:08 | TrickBot Operators Partner with Shatak Attackers for Conti Ransomware (lien direct) | The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a | Ransomware Threat Guideline | ||
|
2021-11-11 01:30:00 | Navigating The Threat Landscape 2021 – From Ransomware to Botnets (lien direct) | Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with | Ransomware Threat | ||
|
2021-11-11 00:00:26 | Iran\'s Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa (lien direct) | A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred | Threat | ★★★★★ | |
|
2021-11-10 22:35:59 | Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN (lien direct) | A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Massachusetts-based cybersecurity firm Randori | Vulnerability | ||
|
2021-11-10 06:04:42 | Researchers Discover PhoneSpy Malware Spying on South Korean Citizens (lien direct) | An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices.
"With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium |
Malware |
To see everything:
Our RSS (filtrered)
