What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-24 05:28:14 | Modified Version of WhatsApp for Android Spotted Installing Triada Trojan (lien direct) | A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.
"The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," |
|||
|
2021-08-24 05:13:19 | Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group (lien direct) | A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq |
|||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-24 02:58:38 | 38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations (lien direct) | More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure."
"The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, |
|||
|
2021-08-23 07:09:09 | Navigating Vendor Risk Management as IT Professionals (lien direct) | One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves.
In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for |
|||
|
2021-08-23 06:48:23 | Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group (lien direct) | ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed.
"Primarily operating on Raid Forums, the collective's moniker and motivation can partly be |
Data Breach | ||
|
2021-08-23 06:27:54 | Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems (lien direct) | Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top |
Hack Threat | ||
|
2021-08-22 02:51:51 | Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.
Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL |
Ransomware | ||
|
2021-08-20 09:02:51 | Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps (lien direct) | Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date.
The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million |
|||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-20 03:38:09 | Cybercrime Group Asking Insiders for Help in Planting Ransomware (lien direct) | A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the |
Ransomware Threat | ||
|
2021-08-20 01:15:08 | Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways (lien direct) | Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings.
"Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat |
|||
|
2021-08-19 23:47:08 | Critical Flaw Found in Older Cisco Small Business Routers Won\'t Be Fixed (lien direct) | A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.
Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart |
Vulnerability | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 08:48:40 | Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices (lien direct) | A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution.
Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw |
Vulnerability Guideline | ★★★ | |
|
2021-08-18 08:05:01 | BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices (lien direct) | A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment.
The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by |
Vulnerability | ||
|
2021-08-18 03:20:48 | Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks (lien direct) | IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients.
The attacks, which occurred in two waves in May and July 2021, have been linked |
Threat | ||
|
2021-08-18 03:10:37 | Does a VPN Protect You from Hackers? (lien direct) | A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more.
But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of |
|||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-17 20:41:47 | Unpatched Remote Hacking Flaw Disclosed in Fortinet\'s FortiWeb WAF (lien direct) | Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.
"An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands |
Vulnerability | ||
|
2021-08-17 04:55:37 | Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan (lien direct) | A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts.
The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir |
|||
|
2021-08-16 23:19:08 | Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices (lien direct) | Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors.
The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to |
|||
|
2021-08-16 08:18:15 | Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks (lien direct) | Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks, surpassing many of the existing UDP-based amplification factors to date.
Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security |
|||
|
2021-08-16 04:36:40 | Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients (lien direct) | Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials.
The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of |
|||
|
2021-08-16 00:29:29 | New AdLoad Variant Bypasses Apple\'s Security Defenses to Target macOS Systems (lien direct) | A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
"AdLoad," as the malware is known, is one of several |
Malware | ||
|
2021-08-14 05:34:23 | New Glowworm Attack Recovers Device\'s Sound from Its LED Power Indicator (lien direct) | A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters.
Dubbed the "Glowworm attack," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "an optical TEMPEST |
|||
|
2021-08-14 03:35:21 | Learn Ethical Hacking From Scratch - 18 Online Courses for Just $43 (lien direct) | If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career?
The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills.
Featuring 18 courses from top-rated instructors, The All-In-One 2021 Super-Sized Ethical Hacking |
|||
|
2021-08-14 03:20:34 | Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger (lien direct) | Facebook on Friday said it's extending end-to-end encryption (E2EE) for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs.
"The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's |
|||
|
2021-08-13 06:15:19 | Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection (lien direct) | Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials.
The phishing attacks take the form of invoice-themed lures mimicking financial-related |
|||
|
2021-08-13 05:54:59 | Why Is There A Surge In Ransomware Attacks? (lien direct) | The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions.
It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays |
Ransomware | ||
|
2021-08-13 02:46:09 | Hackers Actively Searching for Unpatched Microsoft Exchange Servers (lien direct) | Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
The remote code execution flaws have been collectively dubbed "ProxyShell." At least |
Threat | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-12 06:02:40 | How Companies Can Protect Themselves from Password Spraying Attacks (lien direct) | Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords.
The password spraying attack is a special kind of password attack that can prove effective in compromising your environment. Let's look closer |
|||
|
2021-08-12 00:26:50 | IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data (lien direct) | Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown.
"These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on |
Ransomware | ||
|
2021-08-11 22:23:20 | Microsoft Security Bulletin Warns of New Windows Print Spooler RCE Vulnerability (lien direct) | A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update.
Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the |
Vulnerability | ||
|
2021-08-11 04:57:32 | Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic (lien direct) | Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks.
"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari |
|||
|
2021-08-11 01:31:12 | Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network (lien direct) | Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches of exchanges Coincheck and Mt. Gox.
Poly Network, a cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin, Ethereum, |
|||
|
2021-08-10 23:53:06 | Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites (lien direct) | Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system.
The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 |
|||
|
2021-08-10 22:31:39 | Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability (lien direct) | Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.
The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft |
Vulnerability | ||
|
2021-08-10 06:19:00 | Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel (lien direct) | A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world |
Threat | ||
|
2021-08-10 02:27:54 | Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers (lien direct) | Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.
Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers |
Vulnerability Threat | ||
|
2021-08-09 06:43:39 | A Critical Random Number Generator Flaw Affects Billions of IoT Devices (lien direct) | A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks.
"It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox |
Vulnerability | ||
|
2021-08-09 06:28:41 | Users Can Be Just As Dangerous As Hackers (lien direct) | Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should-the insider threat.
But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching |
|||
|
2021-08-09 06:00:46 | Beware! New Android Malware Hacks Thousands of Facebook Accounts (lien direct) | A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces.
Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as |
Malware | ||
|
2021-08-09 02:00:09 | Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw (lien direct) | Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020.
"The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to |
Vulnerability | ||
|
2021-08-06 07:29:28 | Apple to Scan Every Device for Child Abuse Content - But Experts Fear for Privacy (lien direct) | Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S.
To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in |
|||
|
2021-08-06 03:34:12 | New Amazon Kindle Bug Could\'ve Let Attackers Hijack Your eBook Reader (lien direct) | Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book.
"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from |
Vulnerability Threat | ||
|
2021-08-06 01:00:08 | India\'s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks (lien direct) | Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform.
The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo's web application that allows malicious scripts to be |
Vulnerability | ||
|
2021-08-06 00:12:57 | VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products (lien direct) | VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information.
Tracked as CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7), the flaws affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and |
Vulnerability |
To see everything:
Our RSS (filtrered)
