What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-29 23:13:31 | Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers (lien direct) | An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are |
Ransomware Malware | ||
|
2021-07-29 08:18:26 | Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs (lien direct) | An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
The backdoor is distributed via a decoy document named "Manifest.docx" that |
Malware Threat | ||
|
2021-07-29 03:09:56 | New Ransomware Gangs - Haron and BlackMatter - Emerge on Cybercrime Forums (lien direct) | Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.
"The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the |
Ransomware Threat | ||
|
2021-07-29 02:17:30 | Best Practices to Thwart Business Email Compromise (BEC) Attacks (lien direct) | Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks.
In a recent study, 71% of organizations acknowledged they had seen a business email compromise (BEC) attack |
|||
|
2021-07-29 01:46:50 | New Android Malware Uses VNC to Spy and Steal Passwords from Victims (lien direct) | A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud.
Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was |
Malware | ||
|
2021-07-29 01:21:39 | Top 30 Critical Security Vulnerabilities Most Exploited by Hackers (lien direct) | Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly.
"Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, |
Threat | ||
|
2021-07-28 05:53:40 | UBEL is the New Oscorp - Android Credential Stealing Malware Active in the Wild (lien direct) | An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021.
Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing |
Malware | ||
|
2021-07-28 03:58:14 | Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers (lien direct) | A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems.
Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team |
Threat | ★★★★ | |
|
2021-07-28 03:06:58 | Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees (lien direct) | An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider |
Malware Threat | ||
|
2021-07-27 08:46:23 | New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email (lien direct) | Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
The flaws - tracked as CVE-2021-35208 and CVE-2021-35208 - were discovered and reported in |
|||
|
2021-07-27 06:01:51 | Several Bugs Found in 3 Open-Source Software Used by Several Businesses (lien direct) | Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects - EspoCRM, Pimcore, and Akaunting - that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks.
All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework |
|||
|
2021-07-27 05:39:47 | Hackers Turning to \'Exotic\' Programming Languages for Malware Development (lien direct) | Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of |
Malware Threat | ||
|
2021-07-27 00:28:48 | Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices (lien direct) | Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.
The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory |
Vulnerability | ||
|
2021-07-26 04:22:36 | BIMI: A Visual Take on Email Authentication and Security (lien direct) | There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security.
Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify |
|||
|
2021-07-26 04:21:00 | How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability (lien direct) | Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.
As we reported last week, the vulnerability - SeriousSAM - allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.
Attackers can exploit this vulnerability to obtain hashed passwords |
Vulnerability | ||
|
2021-07-26 03:13:56 | Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems (lien direct) | An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
"LemonDuck, an actively updated and robust malware that's primarily known |
Malware | ||
|
2021-07-26 00:16:13 | New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains (lien direct) | A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain.
The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared |
|||
|
2021-07-23 05:22:14 | Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software (lien direct) | A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."
XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual |
Malware | ||
|
2021-07-23 04:47:24 | Wake up! Identify API Vulnerabilities Proactively, From Code Back to Production (lien direct) | After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing.
APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no |
|||
|
2021-07-23 04:23:38 | Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring (lien direct) | Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
The apprehended suspects, a 24-year-old software engineer, and a 15-year-old boy, are said to have been |
Threat | ||
|
2021-07-22 21:40:56 | Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims (lien direct) | Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data.
"On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the |
Ransomware | ||
|
2021-07-22 03:38:52 | APT Hackers Distributed Android Trojan via Syrian e-Government Portal (lien direct) | An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu |
Malware Threat | ||
|
2021-07-22 03:12:39 | Reduce End-User Password Change Frustrations (lien direct) | Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.
This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.
One of the most common areas where security may cause challenges for |
|||
|
2021-07-22 01:21:09 | Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws (lien direct) | Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without |
Vulnerability | ||
|
2021-07-22 00:34:29 | Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam (lien direct) | A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts.
Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish |
Hack | ||
|
2021-07-21 06:38:39 | Malicious NPM Package Caught Stealing Users\' Saved Passwords From Browsers (lien direct) | A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.
The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent |
Tool Guideline | ||
|
2021-07-21 03:12:55 | XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems (lien direct) | Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.
The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download |
Malware | ★★★★ | |
|
2021-07-21 03:02:25 | Several New Critical Flaws Affect CODESYS Industrial Automation Software (lien direct) | Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely |
Threat | ||
|
2021-07-21 02:52:09 | [eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams (lien direct) | Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what can lean security teams look forward to?
Surprisingly, leaner teams have a much greater chance than |
|||
|
2021-07-20 23:50:33 | New Windows and Linux Flaws Give Attackers Highest System Privileges (lien direct) | Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.
"Starting with Windows 10 build 1809, non-administrative users are granted |
Vulnerability | ||
|
2021-07-20 04:47:36 | 16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers (lien direct) | Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of |
Vulnerability | ||
|
2021-07-20 01:48:34 | This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection (lien direct) | Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers |
Malware | ||
|
2021-07-19 23:57:02 | US and Global Allies Accuse China of Massive Microsoft Exchange Attack (lien direct) | The U.S. government and its key allies, including the European Union, the U.K, and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).
In a statement issued by the White House on Monday, the administration said, "with a high degree of |
|||
|
2021-07-19 06:11:04 | Researchers Warn of Linux Cryptojacking Attackers Operating from Romania (lien direct) | A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to |
Tool Threat | ||
|
2021-07-19 03:38:11 | Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely (lien direct) | The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any |
Hack | ||
|
2021-07-19 00:04:21 | Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability (lien direct) | Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination |
Vulnerability | ||
|
2021-07-18 23:29:33 | New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally (lien direct) | A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.
Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a |
|||
|
2021-07-17 06:39:39 | China\'s New Law Requires Researchers to Report All Zero-Day Bugs to Government (lien direct) | The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into |
Vulnerability | ||
|
2021-07-17 05:33:07 | Instagram Launches \'Security Checkup\' to Help Users Recover Hacked Accounts (lien direct) | Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users-whose accounts may have been compromised-to recover them.
In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or |
|||
|
2021-07-17 05:09:38 | CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks (lien direct) | Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness |
Vulnerability | ||
|
2021-07-16 04:13:36 | Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware (lien direct) | Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's |
Hack | ||
|
2021-07-16 02:15:28 | Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel (lien direct) | Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based |
Threat | ||
|
2021-07-15 22:08:47 | Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild (lien direct) | Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.
The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting |
|||
|
2021-07-15 21:40:27 | Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability (lien direct) | Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.
Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher |
Vulnerability | ||
|
2021-07-15 05:57:59 | China\'s Cyberspies Targeting Southeast Asian Government Entities (lien direct) | A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a |
Threat | ||
|
2021-07-15 03:50:45 | How to Access Mobile Carrier Authentication for Continuous, Zero Trust Security (lien direct) | Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data.
Before we show you how it |
|||
|
2021-07-15 03:21:33 | Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances (lien direct) | Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being |
Ransomware | ||
|
2021-07-15 01:25:21 | Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild (lien direct) | Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an |
Threat | ||
|
2021-07-14 05:58:27 | 16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain (lien direct) | Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe.
The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero ( |
|||
|
2021-07-14 04:01:50 | REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks (lien direct) | REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down.
Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained |
Ransomware Guideline |
To see everything:
Our RSS (filtrered)
