What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-11 00:01:09 | New Cyber Espionage Group Targeting Ministries of Foreign Affairs (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017.
Dubbed "BackdoorDiplomacy," the campaign involves targeting weak points in internet-exposed devices such as web servers to perform a panoply of cyber |
|||
|
2021-06-10 21:51:37 | U.S. Authorities Shut Down Slilpp-Largest Marketplace for Stolen Logins (lien direct) | The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of an underground marketplace known as "Slilpp" that specialized in trading stolen login credentials as part of an international law enforcement operation.
Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint |
|||
|
2021-06-10 03:51:05 | Emerging Ransomware Targets Dozens of Businesses Worldwide (lien direct) | An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate.
First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle |
Ransomware Threat | ||
|
2021-06-10 02:52:44 | Using Breached Password Detection Services to Prevent Cyberattack (lien direct) | Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and financially impactful.
Unfortunately, account compromise is a very successful attack method and |
|||
|
2021-06-09 22:46:05 | Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack (lien direct) | Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month.
"In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated," |
Ransomware | ||
|
2021-06-09 21:14:21 | New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP! (lien direct) | Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today.
Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.
Tracked as |
|||
|
2021-06-09 09:39:33 | New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites (lien direct) | Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
The attacks have been dubbed ALPACA, short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in |
|||
|
2021-06-09 04:01:03 | Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances (lien direct) | Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers.
The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine |
Uber | ||
|
2021-06-09 03:17:22 | EBook – Creating a Large Company Security Stack on a Lean Company Budget (lien direct) | The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity.
Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex-a new eBook from XDR provider Cynet (read it here). |
Threat | ||
|
2021-06-08 23:07:06 | Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs (lien direct) | Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack.
The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, |
|||
|
2021-06-08 09:02:15 | Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals (lien direct) | In a huge sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an "encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally.
Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and |
|||
|
2021-06-08 03:37:24 | New UAF Vulnerability Affecting Microsoft Office to be Patched Today (lien direct) | Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents.
"Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers |
Vulnerability | ||
|
2021-06-08 03:08:52 | Top 10 Privacy and Security Features Apple Announced at WWDC 2021 (lien direct) | Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference.
Here is a quick look at some of the big-ticket changes that are expected to debut later this fall:
1 - Just Patches, Not Entire OS Update Every Time: As rumored before, users now have a choice between two software update versions |
|||
|
2021-06-08 00:56:59 | U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers (lien direct) | In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California.
The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to |
Ransomware | ||
|
2021-06-07 08:35:34 | Shifting the focus from reactive to proactive, with human-led secure coding (lien direct) | The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction.
The following discusses insights derived from a study conducted by Secure |
|||
|
2021-06-07 07:52:27 | Researchers Discover First Known Malware Targeting Windows Containers (lien direct) | Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments.
"Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in |
Malware | Uber | |
|
2021-06-07 03:41:42 | Hackers Breached Colonial Pipeline Using Compromised VPN Password (lien direct) | The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed.
The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through |
Ransomware | ||
|
2021-06-07 00:00:58 | (Déjà vu) Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware (lien direct) | The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware.
The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated |
Malware | ||
|
2021-06-05 06:56:02 | GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks (lien direct) | Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service.
"We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said. "We understand that many security |
Malware | ||
|
2021-06-05 05:21:51 | Break Into Ethical Hacking With 18 Training Courses For Just $42.99 (lien direct) | It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired.
The most important thing is to have the skills and certifications. The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects |
|||
|
2021-06-05 04:29:29 | TikTok Quietly Updated Its Privacy Policy to Collect Users\' Biometric Data (lien direct) | Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform.
The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, |
|||
|
2021-06-05 03:58:37 | ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack (lien direct) | Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month.
The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by security researcher Kevin Beaumont. "Mass scanning activity detected from 104.40.252.159 checking for |
|||
|
2021-06-04 09:10:55 | Google to Let Android Users Opt-Out to Stop Ads From Tracking Them (lien direct) | Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021.
The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times.
Once the |
|||
|
2021-06-04 06:03:37 | 10 Critical Flaws Found in CODESYS Industrial Automation Software (lien direct) | Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs).
"To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive |
|||
|
2021-06-03 23:01:25 | Google Chrome to Help Users Identify Untrusted Extensions Before Installation (lien direct) | Google on Thursday said it's rolling new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago.
To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered "trusted." |
|||
|
2021-06-03 10:01:42 | Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities (lien direct) | New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection.
"Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the |
Malware | ||
|
2021-06-03 07:19:08 | The Vulnerabilities of the Past Are the Vulnerabilities of the Future (lien direct) | Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical.
May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, |
|||
|
2021-06-03 04:55:49 | Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module (lien direct) | A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.
"Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers |
Guideline | ||
|
2021-06-03 04:35:20 | Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia (lien direct) | An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years.
"In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on |
|||
|
2021-06-02 05:55:31 | Researchers Uncover Hacking Operations Targeting Government Entities in South Korea (lien direct) | A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea |
Threat | ||
|
2021-06-02 05:45:43 | Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks (lien direct) | A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks.
The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and |
|||
|
2021-06-02 04:27:29 | The Incident Response Plan - Preparing for a Rainy Day (lien direct) | The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.
Just as it wasn't raining when Noah built the ark, companies must face the fact |
Ransomware | ||
|
2021-06-02 02:55:03 | Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites (lien direct) | Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has |
Malware Vulnerability Threat | ||
|
2021-06-01 23:29:25 | US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks (lien direct) | Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign.
The court-authorized domain seizure 1m took place on May |
Malware | ||
|
2021-06-01 08:06:28 | Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions (lien direct) | Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.
The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed |
Ransomware Malware | ||
|
2021-06-01 01:41:52 | Report: Danish Secret Service Helped NSA Spy On European Politicians (lien direct) | The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014.
Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based |
|||
|
2021-05-31 05:16:35 | Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors (lien direct) | Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors-unless you choose to opt out.
Amazon intends to register its family of hardware devices that are operational in the U.S.-including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring |
|||
|
2021-05-31 05:13:16 | Can Your Business Email Be Spoofed? Check Your Domain Security Now! (lien direct) | Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't.
Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing |
|||
|
2021-05-31 00:52:33 | A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely (lien direct) | Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail."
The memory protection bypass |
Vulnerability | ||
|
2021-05-29 01:34:47 | Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents (lien direct) | Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature.
"The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents |
|||
|
2021-05-28 08:31:21 | Researchers Warn of Facefish Backdoor Spreading Linux Rootkits (lien direct) | Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems.
The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the |
Malware | ||
|
2021-05-28 04:24:39 | SolarWinds Hackers Target Think Tanks With New Backdoor (lien direct) | Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.
"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's |
Threat | ||
|
2021-05-28 00:29:08 | Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices (lien direct) | Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat |
Threat | ||
|
2021-05-27 07:34:23 | Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer (lien direct) | Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages.
The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable |
|||
|
2021-05-27 03:03:35 | Hackers Using Fake Foundations to Target Uyghur Minority in China (lien direct) | The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems.
"Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related |
|||
|
2021-05-26 23:35:44 | Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks (lien direct) | Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE).
The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks.
Some |
|||
|
2021-05-26 08:30:57 | Data Wiper Malware Disguised As Ransomware Targets Israeli Entities (lien direct) | Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions.
Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius."
"An analysis of what at first |
Ransomware Malware | ||
|
2021-05-26 01:56:31 | WhatsApp Sues Indian Government Over New Privacy Threatening Internet Law (lien direct) | WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections.
"Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would |
|||
|
2021-05-25 23:58:03 | Google Researchers Discover A New Variant of Rowhammer Attack (lien direct) | A team of security researchers from Google has demonstrated yet another variant of the Rowhammer attack that bypasses all current defenses to tamper with data stored in memory.
Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed.
"Unlike TRRespass, which exploits the blind spots |
|||
|
2021-05-25 22:54:02 | Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020 (lien direct) | Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016.
The "blistering growth" in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020.
"Further buoying Hydra's growth is its ability-or its good |
To see everything:
Our RSS (filtrered)
