What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-19 03:38:11 | Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely (lien direct) | The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any |
Hack | ||
|
2021-07-19 00:04:21 | Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability (lien direct) | Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination |
Vulnerability | ||
|
2021-07-18 23:29:33 | New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally (lien direct) | A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.
Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a |
|||
|
2021-07-17 06:39:39 | China\'s New Law Requires Researchers to Report All Zero-Day Bugs to Government (lien direct) | The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into |
Vulnerability | ||
|
2021-07-17 05:33:07 | Instagram Launches \'Security Checkup\' to Help Users Recover Hacked Accounts (lien direct) | Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users-whose accounts may have been compromised-to recover them.
In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or |
|||
|
2021-07-17 05:09:38 | CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks (lien direct) | Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness |
Vulnerability | ||
|
2021-07-16 04:13:36 | Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware (lien direct) | Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's |
Hack | ||
|
2021-07-16 02:15:28 | Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel (lien direct) | Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based |
Threat | ||
|
2021-07-15 22:08:47 | Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild (lien direct) | Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild.
The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine (CVE-2021-30563). The search giant credited an anonymous researcher for reporting |
|||
|
2021-07-15 21:40:27 | Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability (lien direct) | Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.
Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher |
Vulnerability | ||
|
2021-07-15 05:57:59 | China\'s Cyberspies Targeting Southeast Asian Government Entities (lien direct) | A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a |
Threat | ||
|
2021-07-15 03:50:45 | How to Access Mobile Carrier Authentication for Continuous, Zero Trust Security (lien direct) | Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data.
Before we show you how it |
|||
|
2021-07-15 03:21:33 | Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances (lien direct) | Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being |
Ransomware | ||
|
2021-07-15 01:25:21 | Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild (lien direct) | Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an |
Threat | ||
|
2021-07-14 05:58:27 | 16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain (lien direct) | Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe.
The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero ( |
|||
|
2021-07-14 04:01:50 | REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks (lien direct) | REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down.
Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained |
Ransomware Guideline | ||
|
2021-07-13 22:04:28 | Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days (lien direct) | Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.
Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, |
|||
|
2021-07-13 20:48:53 | Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms (lien direct) | Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322."
The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary |
Threat | ||
|
2021-07-13 08:42:09 | Critical Flaws Reported in Etherpad - a Popular Google Docs Alternative (lien direct) | Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents.
The two flaws - tracked as CVE-2021-34816 and CVE-2021-34817 - were discovered and reported on June 4 by researchers from SonarSource, following |
|||
|
2021-07-13 02:58:26 | Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East (lien direct) | A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS).
Enterprise security firm Proofpoint attributed the campaign - called "Operation SpoofedScholars" - to the |
Studies | ||
|
2021-07-13 00:06:59 | Trickbot Malware Returns with a new VNC Module to Spy on its Victims (lien direct) | Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement.
"The new capabilities discovered are used to monitor and gather intelligence on victims, using |
Malware | ||
|
2021-07-12 21:52:02 | Critical RCE Flaw in ForgeRock Access Manager Under Active Attack (lien direct) | Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely.
"The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," |
Malware Vulnerability | ★★★ | |
|
2021-07-12 20:58:35 | A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack (lien direct) | SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U product.
The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited |
Vulnerability | ||
|
2021-07-12 04:33:57 | Crafting a Custom Dictionary for Your Password Policy (lien direct) | Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment.
Using custom dictionaries, organizations can significantly improve their cybersecurity posture |
|||
|
2021-07-12 04:04:33 | Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites (lien direct) | Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims to attackers.
The attack |
Malware | ||
|
2021-07-11 21:37:09 | Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack (lien direct) | Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack.
Following the incident, the company had urged on-premise VSA customers to shut |
Ransomware | ||
|
2021-07-09 07:23:44 | Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration (lien direct) | Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.
"One tactic that some Magecart actors employ is the dumping of |
Malware | ||
|
2021-07-09 04:59:03 | New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021 (lien direct) | For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire.
Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications |
|||
|
2021-07-09 00:00:25 | Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems (lien direct) | Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system.
"Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install |
|||
|
2021-07-08 22:39:48 | Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files (lien direct) | While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain in the background, new findings indicate that macro security warnings can be disabled entirely without requiring any user interaction.
In yet another instance of malware authors continue to evolve their techniques to evade |
Malware | ||
|
2021-07-08 04:26:09 | Critical Flaws Reported in Sage X3 Enterprise Management Software (lien direct) | Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor |
|||
|
2021-07-08 02:58:54 | Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across |
Malware Threat | ||
|
2021-07-08 02:43:32 | Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix (lien direct) | Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour.
In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce.
Don't be fooled...
Businesses are investing more than ever into strengthening their employee security awareness |
|||
|
2021-07-08 02:32:24 | How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (lien direct) | This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality.
This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.
As we reported earlier, Microsoft already released a patch in June 2021, but it wasn't enough to stop |
Vulnerability | ||
|
2021-07-08 02:31:04 | SideCopy Hackers Target Indian Government Officials With New Malware (lien direct) | A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations."
Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file |
Malware | ||
|
2021-07-07 21:41:19 | Microsoft\'s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability (lien direct) | Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the patch for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary |
Vulnerability | ||
|
2021-07-07 06:18:33 | WildPressure APT Emerges With New Malware Targeting Windows and macOS (lien direct) | A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as |
Malware Threat | ||
|
2021-07-07 05:58:28 | Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform (lien direct) | An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
In light of the growing number of cyber incidents that target the software supply chain, there is an urgent |
Threat | ||
|
2021-07-07 05:53:11 | [Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe? (lien direct) | Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis (NTA) or network detection and response (NDR) tool or an endpoint detection and response (EDR) tool to supplement their existing stacks.
On the other hand, some organizations are getting the best of both options by switching |
Tool | ||
|
2021-07-06 20:38:13 | Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability (lien direct) | Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. |
Vulnerability Threat | ★★★★ | |
|
2021-07-06 01:41:59 | Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (lien direct) | Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, |
Malware Threat | ★★★ | |
|
2021-07-06 00:03:08 | Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly (lien direct) | U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware.
While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious |
Ransomware | ||
|
2021-07-05 05:44:29 | Getting Started with Security Testing: A Practical Guide for Startups (lien direct) | A common misconception among startup founders is that cybercriminals won't waste time on them, because they're not big or well known enough yet.
But just because you are small doesn't mean you're not in the firing line. The size of a startup does not exempt it from cyber-attacks – that's because hackers constantly scan the internet looking for flaws that they can exploit; one slip up, and your |
|||
|
2021-07-05 02:48:45 | TrickBot Botnet Found Deploying A New Ransomware Called Diavol (lien direct) | Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.
TrickBot, a banking Trojan first |
Ransomware Threat | ||
|
2021-07-04 23:42:47 | Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw (lien direct) | Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core.
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. |
Tool Vulnerability | ||
|
2021-07-04 22:22:23 | REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom (lien direct) | Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack.
The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities |
Ransomware Vulnerability | ||
|
2021-07-03 07:57:39 | Android Apps with 5.8 million Installs Caught Stealing Users\' Facebook Passwords (lien direct) | Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials.
"The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users |
|||
|
2021-07-03 01:00:30 | Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware (lien direct) | The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA |
Ransomware Threat | ||
|
2021-07-03 00:37:20 | Learn to Code - Get 2021 Master Bundle of 13 Online Courses @ 99% OFF (lien direct) | Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup.
Featuring 13 courses, The Master Learn to Code 2021 Certification Bundle is a great way to get |
|||
|
2021-07-02 06:01:32 | New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks (lien direct) | Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active |
Vulnerability |
To see everything:
Our RSS (filtrered)
