What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-10 22:01:14 | Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform - Patch ASAP! (lien direct) | Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks.
The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and |
|||
|
2021-03-10 08:31:56 | Researchers Unveil New Linux Malware Linked to Chinese Hackers (lien direct) | Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, |
Malware Threat | APT 17 | |
|
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 21:43:00 | Microsoft Issues Security Patches for 82 Flaws - IE 0-Day Under Active Attacks (lien direct) | Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.
Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly |
|||
|
2021-03-09 03:13:45 | 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware (lien direct) | Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices.
"This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect |
Malware | ||
|
2021-03-09 02:42:07 | Cybersecurity Webinar - SolarWinds Sunburst: The Big Picture (lien direct) | The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020.
As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the long-term ramifications of this type of supply chain vulnerabilities continue to be actively |
Vulnerability | Solardwinds Solardwinds | |
|
2021-03-09 01:58:23 | SolarWinds Hack - New Evidence Suggests Potential Links to Chinese Hackers (lien direct) | A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second |
Hack Threat | ★★★★★ | |
|
2021-03-09 00:05:01 | Microsoft Exchange Hackers Also Breached European Banking Authority (lien direct) | The European Banking Authority (EBA) on Monday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to take its email systems offline as a precautionary measure temporarily.
"As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based |
Vulnerability | ||
|
2021-03-08 22:51:24 | Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices (lien direct) | Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability |
Vulnerability Threat | ||
|
2021-03-08 04:15:40 | Iranian Hackers Using Remote Utilities Software to Spy On Its Targets (lien direct) | Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft.
Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research published by Anomali last month, which found evidence of malicious activity aimed at UAE and Kuwait |
|||
|
2021-03-08 03:08:11 | Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks (lien direct) | A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel in Intel Coffee Lake and Skylake processors.
Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.
While information leakage attacks |
|||
|
2021-03-05 08:36:49 | Bug in Apple\'s Find My Feature Could\'ve Exposed Users\' Location Histories (lien direct) | Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users.
The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link ( |
Guideline | ||
|
2021-03-05 02:22:04 | Google Cloud Certifications - Get Prep Courses and Practice Tests at 95% Discount (lien direct) | As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions.
However, relatively few engineers know this platform well.
This leaves the door open for aspiring IT professionals who take the official exams.
The Google Cloud Certifications Practice Tests + Courses Bundle helps you get certified faster, with 43 hours of video content and |
|||
|
2021-03-05 02:14:04 | Mazafaka - Elite Hacking and Cybercrime Forum - Got Hacked! (lien direct) | In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year.
The intrusion is said to have occurred on March 3, with information about the forum members - including usernames, email addresses, and hashed passwords - publicly |
|||
|
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-04 05:54:04 | Google Will Use \'FLoC\' for Ad Targeting Once 3rd-Party Cookies Are Dead (lien direct) | Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022.
"Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while |
|||
|
2021-03-04 01:49:19 | (Déjà vu) Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit (lien direct) | Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.
As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared |
Data Breach | ||
|
2021-03-04 00:50:30 | CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws (lien direct) | Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of "active exploitation" of the vulnerabilities.
The alert comes on the heels of Microsoft's disclosure that China-based hackers were |
|||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-03 02:34:25 | Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams (lien direct) | The attack surface is virtually expanding before our eyes. Protecting assets across multiple locations, with multiple solutions from different vendors, has become a daily concern for CISOs globally.
In a new e-book recently published (download here), CISOs with small security teams talk about the drivers for replacing their EDR/NGAV solutions with an Autonomous XDR solution and why they believe |
|||
|
2021-03-03 02:17:44 | A $50,000 Bug Could\'ve Allowed Hackers Access Any Microsoft Account (lien direct) | Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users' accounts without their knowledge.
Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit security code that's sent to a user's email address or mobile number to corroborate his (or her) |
Vulnerability | ||
|
2021-03-02 23:56:35 | URGENT - 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange (lien direct) | Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access |
Threat | ||
|
2021-03-02 22:03:13 | New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! (lien direct) | Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild.
Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an " |
Vulnerability | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-03-02 01:37:31 | New \'unc0ver\' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 (lien direct) | A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.
The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its |
Tool Vulnerability Guideline | ||
|
2021-03-01 06:18:35 | Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites (lien direct) | A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years |
Ransomware Malware | ||
|
2021-03-01 02:18:42 | Why do companies fail to stop breaches despite soaring IT security investment? (lien direct) | Let's first take a look back at 2020!
Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data.
A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.3 |
|||
|
2021-03-01 02:11:36 | Chinese Hackers Targeted India\'s Power Grid Amid Geopolitical Tensions (lien direct) | Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups.
The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and |
|||
|
2021-03-01 01:27:47 | SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020 (lien direct) | As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.
The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the |
|||
|
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2021-02-26 01:03:59 | ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process (lien direct) | Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information.
The findings were presented on Wednesday at the Network and Distributed System Security |
|||
|
2021-02-26 00:11:21 | Cisco Releases Security Patches for Critical Flaws Affecting its Products (lien direct) | Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices.
"An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful |
Vulnerability | ||
|
2021-02-25 05:59:56 | Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations (lien direct) | Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.
"Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said |
|||
|
2021-02-25 03:18:23 | The Top Free Tools for Sysadmins in 2021 (lien direct) | It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools.
If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software |
|||
|
2021-02-25 01:13:03 | Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack (lien direct) | Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
"The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most |
Malware | ||
|
2021-02-24 08:04:41 | Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (lien direct) | With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without |
Threat | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-24 04:32:23 | Everything You Need to Know About Evolving Threat of Ransomware (lien direct) | The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal-most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.
Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and |
Ransomware Threat | ||
|
2021-02-23 23:58:05 | Critical RCE Flaws Affect VMware ESXi and vSphere Client - Patch Now (lien direct) | VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
"A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying |
|||
|
2021-02-23 05:37:56 | Experts Find a Way to Learn What You\'re Typing During Video Calls (lien direct) | A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.
The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack |
|||
|
2021-02-23 03:01:03 | 5 Security Lessons for Small Security Teams for the Post COVID19 Era (lien direct) | A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about.
Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working |
|||
|
2021-02-23 02:46:13 | Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs (lien direct) | Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain |
|||
|
2021-02-22 23:18:33 | Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks (lien direct) | Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546.
The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named |
|||
|
2021-02-22 03:21:15 | How to Fight Business Email Compromise (BEC) with Email Authentication? (lien direct) | An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.
Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.
It is a common misconception that cybercriminals usually lay their focus on MNCs and |
Guideline | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-21 23:47:09 | New \'Silver Sparrow\' Malware Infected Nearly 30,000 Apple Macs (lien direct) | Days after the first malware targeting Apple M1 chips were discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that has already infected 29,139 Macs running Intel x86_64 and the iPhone maker's M1 processors.
However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload |
Malware | ||
|
2021-02-20 08:16:13 | Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users (lien direct) | Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.
The bug was addressed in a hotfix release (V1.20.108) made available yesterday.
Brave ships with a built-in feature called "Private Window with Tor" that integrates the Tor anonymity |
|||
|
2021-02-19 07:28:53 | New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card (lien direct) | Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card.
The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage |
Hack | ||
|
2021-02-19 01:18:55 | Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials (lien direct) | A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a .NET-based malware with capabilities to hinder static analysis - |
Malware | ||
|
2021-02-18 23:27:29 | SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune (lien direct) | Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data.
The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to |
To see everything:
Our RSS (filtrered)
