What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-07 19:37:09 | Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse (lien direct) | Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows | Malware Vulnerability Threat | ||
|
2022-02-07 05:34:15 | New CapraRAT Android Malware Targets Indian Government and Military Personnel (lien direct) | A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth | Malware Threat | ||
|
2022-02-06 23:15:33 | Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor (lien direct) | A Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a "persistent campaign" that lasted for at least 18 months. The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published | Threat | ||
|
2022-02-04 01:01:31 | Russian Gamaredon Hackers Targeted \'Western Government Entity\' in Ukraine (lien direct) | The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of | Threat | ||
|
2022-02-03 21:51:28 | Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (lien direct) | A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the | Vulnerability Threat | ||
|
2022-02-03 02:49:41 | New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software (lien direct) | An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to | Malware Threat | ||
|
2022-02-03 01:24:44 | New Variant of UpdateAgent Malware Infects Mac Computers with Adware (lien direct) | Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones | Malware Threat | ||
|
2022-02-02 04:09:19 | New Malware Used by SolarWinds Attackers Went Undetected for Years (lien direct) | The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted | Malware Threat | ||
|
2022-02-02 03:36:43 | Cynet\'s Keys to Extend Threat Visibility (lien direct) | We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 | Data Breach Threat | ||
|
2022-02-01 05:30:16 | Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems (lien direct) | In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted | Malware Threat | ||
|
2022-02-01 02:28:30 | Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks (lien direct) | An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's | Malware Threat Conference | APT 35 APT 35 | |
|
2022-01-31 23:13:54 | Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users (lien direct) | Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat (APT) group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target's enterprise," | Malware Threat | ||
|
2022-01-26 22:59:24 | Hackers Using New Evasive Technique to Deliver AsyncRAT Malware (lien direct) | A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted | Malware Threat | ||
|
2022-01-26 05:40:48 | Webinar: How to See More, But Respond Less with Enhanced Threat Visibility (lien direct) | The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets | Threat | ||
|
2022-01-22 02:57:39 | Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure (lien direct) | An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information | Malware Threat | ||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2022-01-20 00:28:40 | A Trip to the Dark Site - Leak Sites Analyzed (lien direct) | Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can | Ransomware Threat | ||
|
2022-01-19 23:54:23 | DoNot Hacking Team Targeting Government and Military Entities in South Asia (lien direct) | A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a | Malware Threat | ||
|
2022-01-19 20:57:47 | Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks (lien direct) | Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that | Vulnerability Threat | ||
|
2022-01-19 07:04:52 | Cyber Threat Protection - It All Starts with Visibility (lien direct) | Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just | Threat | ||
|
2022-01-18 00:02:51 | Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors (lien direct) | An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, | Threat | ||
|
2022-01-10 23:09:00 | Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data (lien direct) | Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and | Vulnerability Threat | ||
|
2022-01-07 23:04:51 | NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon (lien direct) | The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming | Threat | ||
|
2022-01-05 22:30:43 | VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products (lien direct) | VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability - tracked as CVE-2021-22045 (CVSS score: 7.7) - that, if successfully exploited, results in the execution of arbitrary code. The company credited | Vulnerability Threat | ||
|
2022-01-04 21:13:47 | Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities (lien direct) | Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance | Malware Threat | ||
|
2022-01-03 22:59:15 | Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware (lien direct) | Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of | Malware Threat | ||
|
2021-12-29 06:27:53 | Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics (lien direct) | An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from | Malware Threat | ||
|
2021-12-28 21:00:00 | New Apache Log4j Update Released to Patch Newly Discovered Vulnerability (lien direct) | The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and | Tool Vulnerability Threat | ||
|
2021-12-24 05:07:16 | Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (lien direct) | Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates | Malware Vulnerability Threat | ||
|
2021-12-23 04:09:24 | CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities (lien direct) | Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated cyber threat actors | Threat | ||
|
2021-12-15 22:24:49 | Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (lien direct) | Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. "This vulnerability is actively being exploited and | Vulnerability Threat | ||
|
2021-12-15 06:31:34 | Cynet\'s MDR Offers Organizations Continuous Security Oversight (lien direct) | Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any | Threat | ||
|
2021-12-13 04:33:16 | Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group (lien direct) | A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021. The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture's | Threat | ||
|
2021-12-13 00:10:11 | Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan (lien direct) | Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize | Malware Threat | ||
|
2021-12-08 05:10:03 | Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers (lien direct) | Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the | Threat | ||
|
2021-12-08 02:55:50 | [eBook] Guide to Achieving 24x7 Threat Monitoring and Response for Lean IT Security Teams (lien direct) | If there is one thing the past few years have taught the world, it's that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it's also not entirely feasible for many. Attackers are better than ever at slipping in undetected, and threats are constantly evolving. Teams can't | Threat | ||
|
2021-12-07 03:07:15 | SolarWinds Hackers Targeting Government and Business Entities Worldwide (lien direct) | Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are being tracked by Mandiant under two | Threat | ||
|
2021-12-03 05:54:05 | Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments (lien direct) | A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is | Threat | ||
|
2021-12-03 00:06:17 | New Payment Data Sealing Malware Hides in Nginx Process on Linux Servers (lien direct) | E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report. "The parasite is used to steal data from | Malware Threat | ||
|
2021-12-01 02:59:48 | Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (lien direct) | Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to | Malware Threat | ||
|
2021-11-30 00:31:27 | WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East (lien direct) | Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the | Malware Threat | ||
|
2021-11-29 05:14:10 | New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists (lien direct) | North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper | Threat Cloud | APT 37 APT 37 | |
|
2021-11-26 05:20:56 | Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware (lien direct) | An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with the likely goal of | Malware Threat | ||
|
2021-11-26 00:08:34 | CronRAT: A New Linux Malware That\'s Scheduled to Run on February 31st (lien direct) | Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said | Malware Threat | ||
|
2021-11-25 03:57:05 | This New Stealthy JavaScript Loader Infecting Computers with Malware (lien direct) | Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware | Malware Threat | ||
|
2021-11-25 03:33:42 | Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (lien direct) | A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities - in only ~150 lines, it provides the | Malware Threat | ||
|
2021-11-24 04:25:16 | Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally (lien direct) | Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese | Threat | ||
|
2021-11-24 00:49:24 | APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users (lien direct) | A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try | Threat | ||
|
2021-11-23 02:58:04 | More Stealthier Version of BrazKing Android Malware Spotted in the Wild (lien direct) | Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the | Malware Threat | ||
|
2021-11-22 04:10:31 | New Golang-based Linux Malware Targeting eCommerce Websites (lien direct) | Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a | Malware Threat |
To see everything:
Our RSS (filtrered)
