What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-07 06:20:37 | 6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS (lien direct) | As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction.
The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad |
|||
|
2021-05-07 04:49:31 | New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers (lien direct) | Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers.
The flaw, called 'TsuNAME,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '. |
Vulnerability | ||
|
2021-05-07 01:58:18 | New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations (lien direct) | An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for |
Malware Threat | ||
|
2021-05-06 07:56:25 | CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site (lien direct) | InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee.
The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around |
Guideline | ||
|
2021-05-06 05:30:46 | Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software (lien direct) | Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information.
In a series of advisories published on May 5, the company said there are no workarounds that remediate |
|||
|
2021-05-06 04:04:04 | New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices (lien direct) | Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected.
"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and |
Vulnerability | ||
|
2021-05-06 03:46:36 | New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers (lien direct) | When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks.
Indeed, it's been more than three years, and there is no end to Spectre in sight.
A team of |
|||
|
2021-05-05 06:51:24 | New Study Warns of Security Threats Linked to Recycled Phone Numbers (lien direct) | A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services.
Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners |
Spam | ||
|
2021-05-05 03:13:01 | BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide (lien direct) | PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition.
The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on |
|||
|
2021-05-05 00:56:37 | ALERT - New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking (lien direct) | The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges.
Collectively named '21Nails,' the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be exploited remotely. The |
|||
|
2021-05-04 06:02:35 | New Pingback Malware Using ICMP Tunneling to Evade C&C Detection (lien direct) | Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.
Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback |
Malware | ||
|
2021-05-04 05:39:40 | How Should the Service Desk Reset Passwords? (lien direct) | Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. Sure, helpdesk technicians do plenty of other things too, but in many organizations, a disproportionate number of helpdesk calls are tied to password resets.
On the surface, having a helpdesk technician reset a user's password probably doesn't seem like a big deal. After |
|||
|
2021-05-04 00:52:50 | Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack (lien direct) | Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.
Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to |
Vulnerability Threat | ||
|
2021-05-03 23:38:56 | Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks (lien direct) | Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.
The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target |
Vulnerability | ||
|
2021-05-03 09:28:34 | Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys (lien direct) | Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn't always the case.
To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called BeVigil where individuals can search and check app security ratings and other security |
|||
|
2021-05-03 06:03:10 | A New Buer Malware Variant Has Been Written In Rust Programming (lien direct) | Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called 'Buer' written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis.
Dubbed "RustyBuer," the malware is distributed via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 |
Malware | ||
|
2021-05-03 02:12:48 | Researchers Uncover Iranian State-Sponsored Ransomware Operation (lien direct) | Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis.
"Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint said in its findings summarizing three |
Ransomware | ||
|
2021-05-03 00:43:49 | New Chinese Malware Targeted Russia\'s Largest Nuclear Submarine Designer (lien direct) | A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) |
Malware Threat | ||
|
2021-04-30 06:01:07 | Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks (lien direct) | An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that |
Ransomware Threat | ||
|
2021-04-30 02:49:59 | Microsoft Finds \'BadAlloc\' Flaws Affecting Wide-Range of IoT and OT Devices (lien direct) | Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash.
"These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and |
|||
|
2021-04-30 01:08:00 | Here\'s A New Forum for Cybersecurity Leaders Outside of the Fortune 2000 (lien direct) | Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island.
It's even more challenging for |
Guideline | ||
|
2021-04-30 00:24:38 | Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach (lien direct) | Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
"We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an |
Data Breach Threat | ||
|
2021-04-29 08:27:33 | A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks (lien direct) | The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack.
Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix was |
Vulnerability | ||
|
2021-04-29 07:46:57 | LuckyMouse Hackers Target Banks, Companies and Governments in 2020 (lien direct) | An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East.
The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical |
Threat | ||
|
2021-04-29 03:31:38 | How to Conduct Vulnerability Assessments: An Essential Guide for 2021 (lien direct) | Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment.
Read this guide to learn how to perform vulnerability |
Vulnerability | ★★★★★ | |
|
2021-04-29 03:19:09 | Chinese Hackers Attacking Military Organizations With New Backdoor (lien direct) | Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia.
Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing |
Threat | APT 30 | |
|
2021-04-29 02:02:21 | Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years (lien direct) | A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems.
Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate |
Malware Threat | ||
|
2021-04-28 06:43:39 | Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware (lien direct) | Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.
The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.
"The biggest risk for the targeted |
Malware Threat | ||
|
2021-04-28 06:00:43 | F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability (lien direct) | Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services.
"The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," |
Vulnerability | ||
|
2021-04-28 00:59:10 | Attention! FluBot Android Banking Malware Spreads Quickly Across Europe (lien direct) | Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been |
Malware Threat | ||
|
2021-04-27 04:59:11 | Hackers Threaten to Leak D.C. Police Informants\' Info If Ransom Is Not Paid (lien direct) | The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack.
The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders |
Ransomware | ||
|
2021-04-27 04:26:34 | Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results (lien direct) | The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry.
The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks.
However, for the uninitiated, the results can be |
Guideline | ||
|
2021-04-27 03:29:01 | Hackers Exploit 0-Day Gatekeeper Flaw to Attack MacOS Computers (lien direct) | Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs.
The macOS flaw, identified as CVE-2021-30657, was discovered and reported to Apple by security engineer Cedric Owens |
Vulnerability | ||
|
2021-04-27 02:14:23 | FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures (TTPs) adopted by the Russian Foreign Intelligence Service (SVR) in its attacks targeting the U.S and foreign entities.
By |
|||
|
2021-04-26 05:57:29 | Minnesota University Apologizes for Contributing Malicious Code to the Linux Project (lien direct) | Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future.
"While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a |
|||
|
2021-04-26 04:03:22 | Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby (lien direct) | New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt, |
|||
|
2021-04-26 03:38:20 | How to Test and Improve Your Domain\'s Email Security? (lien direct) | No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers.
Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, |
Tool | ||
|
2021-04-26 02:50:01 | Emotet Malware Destroys Itself From All Infected Computers (lien direct) | Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware |
Ransomware Spam Malware | ||
|
2021-04-26 01:49:35 | 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails (lien direct) | A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords.
In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the |
|||
|
2021-04-24 12:18:26 | Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux (lien direct) | A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed.
The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a |
Vulnerability | ||
|
2021-04-24 01:09:49 | Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs (lien direct) | Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack.
The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers.
The breach is said to have occurred |
Malware | ||
|
2021-04-23 07:43:43 | New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It! (lien direct) | A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.
First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.
In response to the |
Ransomware | ||
|
2021-04-23 00:42:28 | Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers (lien direct) | Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.
"Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm |
Malware | ||
|
2021-04-22 22:52:36 | Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.
"The threat actor connected to the entity's network via a Pulse Secure virtual private network ( |
Malware Threat | ||
|
2021-04-22 06:18:25 | Researchers Find Additional Infrastructure Used By SolarWinds Hackers (lien direct) | The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, |
Threat | ||
|
2021-04-22 05:41:28 | Cost of Account Unlocks, and Password Resets Add Up (lien direct) | There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords.
Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the COVID-19 pandemic.
Causes of account lockouts and password resets
End-user password policies, such as |
|||
|
2021-04-22 03:00:15 | Cybercriminals Using Telegram Messenger to Control ToxicEye Malware (lien direct) | Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.
"Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity |
Malware | ||
|
2021-04-21 23:42:45 | Facebook Busts Palestinian Hackers\' Operation Spreading Mobile Spyware (lien direct) | Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware.
The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor is known as |
Threat | ||
|
2021-04-21 06:17:02 | Improve Your Cyber Security Posture by Combining State of the Art Security Tools (lien direct) | Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective.
This means that you won't be able to do the right mitigations to improve your security posture. Here are examples |
|||
|
2021-04-21 05:47:27 | Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn\'t paid (lien direct) | Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks |
Ransomware Threat |
To see everything:
Our RSS (filtrered)
