What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-15 13:20:00 | FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (lien direct) | The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony Palmer | Threat | ★★ | |
|
2022-12-15 11:32:00 | Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems (lien direct) | Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features of | Malware | ★★★ | |
|
2022-12-14 19:42:00 | New GoTrim Botnet Attempting to Break into WordPress Sites\' Admin Accounts (lien direct) | A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers | ★ | ||
|
2022-12-14 18:38:00 | Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems (lien direct) | Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is | Ransomware Malware | ★ | |
|
2022-12-14 18:00:00 | Why PCI DSS 4.0 Should Be on Your Radar in 2023 (lien direct) | Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard (PCI DSS), created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards, businesses can ensure that their customer's personal and financial information is secure. The PCI DSS | Guideline | ★★★ | |
|
2022-12-14 13:23:00 | December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More (lien direct) | Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month. | ★★ | ||
|
2022-12-14 10:10:00 | Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability (lien direct) | The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and | Vulnerability Threat | APT 5 | ★★★ |
|
2022-12-14 09:14:00 | New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (lien direct) | Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to | Vulnerability Guideline | ★★ | |
|
2022-12-13 23:52:00 | Google Launches Largest Distributed Database of Open Source Vulnerabilities (lien direct) | Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared | Vulnerability | ★★★★ | |
|
2022-12-13 19:28:00 | Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability (lien direct) | A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit | Vulnerability | ★★ | |
|
2022-12-13 14:38:00 | Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware (lien direct) | Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity company | Ransomware Malware | ★★★ | |
|
2022-12-13 12:30:00 | Malware Strains Targeting Python and JavaScript Developers Through Official Repositories (lien direct) | An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests, | Ransomware Malware | ★★★ | |
|
2022-12-13 09:04:00 | Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability (lien direct) | Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said | Vulnerability | ★★★★ | |
|
2022-12-12 22:58:00 | Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users (lien direct) | High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable," SafeBreach Labs | ★ | ||
|
2022-12-12 20:54:00 | Top 4 SaaS Security Threats for 2023 (lien direct) | With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta. With SaaS sprawl ever growing and becoming more | ★★ | ||
|
2022-12-12 19:54:00 | (Déjà vu) Google Adds Passkey Support to Chrome for Windows, macOS and Android (lien direct) | Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The | ★★★ | ||
|
2022-12-12 19:21:00 | Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware (lien direct) | A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. "The | Malware | ★★ | |
|
2022-12-12 17:21:00 | Keep Your Grinch at Bay: Here\'s How to Stay Safe Online this Holiday Season (lien direct) | As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of year is also the peak season for cybercriminals. In fact, cybercriminals often ramp up their efforts during the holidays, taking advantage of the influx of online shoppers and the general hustle and bustle | ★★ | ||
|
2022-12-12 13:27:00 | Royal Ransomware Threat Takes Aim at U.S. Healthcare System (lien direct) | The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity | Ransomware Threat | ★★★ | |
|
2022-12-10 17:16:00 | Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant (lien direct) | Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, | Malware | ★★★ | |
|
2022-12-10 11:48:00 | Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls (lien direct) | A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site | ★★★ | ||
|
2022-12-10 11:22:00 | Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware (lien direct) | Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and | ★★ | ||
|
2022-12-09 23:20:00 | Using XDR to Consolidate and Optimize Cybersecurity Technology (lien direct) | Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren't actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, often | ★★ | ||
|
2022-12-09 22:46:00 | New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (lien direct) | Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. " | Malware | ★★ | |
|
2022-12-09 19:18:00 | Why is Robust API Security Crucial in eCommerce? (lien direct) | API attacks are on the rise. One of their major targets is eCommerce firms like yours. APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world. ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose | ★★★ | ||
|
2022-12-09 16:55:00 | Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver (lien direct) | The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the | Malware | ★★ | |
|
2022-12-09 16:30:00 | What Stricter Data Privacy Laws Mean for Your Cybersecurity Policies (lien direct) | For today's businesses data privacy is already a big headache, and with modern privacy laws expanding to more of the world's population, regulatory compliance is on track to become a more complicated, high-stakes process touching on every aspect of an organization. In fact, Gartner predicts that by 2024, 75% of the Global Population will have its personal data covered under privacy regulations. | ★★ | ||
|
2022-12-09 13:13:00 | MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics (lien direct) | The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up. | ★★★ | ||
|
2022-12-08 21:46:00 | Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps (lien direct) | Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said, | Malware | ★★ | |
|
2022-12-08 17:09:00 | COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers (lien direct) | An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems. "The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research | ★★★★ | ||
|
2022-12-08 16:25:00 | Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections (lien direct) | Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts, | ★★ | ||
|
2022-12-08 16:00:00 | Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender (lien direct) | Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity! The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data. Cyber threats are constantly evolving and becoming more sophisticated, so it's important to stay on | ★★ | ||
|
2022-12-08 13:29:00 | Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers (lien direct) | An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is | Vulnerability Threat Cloud | APT 37 | ★★★ |
|
2022-12-08 13:26:00 | Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (lien direct) | An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022. Victims | Malware Threat | ★★★ | |
|
2022-12-07 20:04:00 | Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (lien direct) | The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an analysis of leak site data by Palo Alto Networks | Ransomware | ★★★ | |
|
2022-12-07 19:09:00 | How XDR Helps Protect Critical Infrastructure (lien direct) | Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the optimal operation of these critical infrastructures. Critical infrastructure is made up of digital | ★★★ | ||
|
2022-12-07 17:44:00 | Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities (lien direct) | The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include | ★★★ | ||
|
2022-12-07 17:28:00 | Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier (lien direct) | A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53, and is broadly known by the cybersecurity community as Callisto, | Threat | ★★★ | |
|
2022-12-07 14:52:00 | Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks (lien direct) | Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups | Threat Medical | APT 38 | ★★★ |
|
2022-12-07 09:33:00 | New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network (lien direct) | A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also | ★★★ | ||
|
2022-12-06 21:38:00 | Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (lien direct) | A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries | Threat | ★★★ | |
|
2022-12-06 21:22:00 | Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics (lien direct) | Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the | ★★ | ||
|
2022-12-06 18:08:00 | Darknet\'s Largest Mobile Malware Marketplace Threatens Users Worldwide (lien direct) | Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. " | Malware | ★★★ | |
|
2022-12-06 17:45:00 | Understanding NIST CSF to assess your organization\'s Ransomware readiness (lien direct) | Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 | Ransomware | ★★ | |
|
2022-12-06 16:30:00 | Telcom and BPO Companies Under Attack by SIM Swapping Hackers (lien direct) | A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week. The | ★★ | ||
|
2022-12-06 11:41:00 | Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (lien direct) | A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and | Ransomware Malware | ★★★ | |
|
2022-12-05 19:32:00 | New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers (lien direct) | Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking)," | Ransomware Guideline | ★★ | |
|
2022-12-05 17:54:00 | Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware (lien direct) | A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a | Ransomware Malware Medical | APT 38 | ★★★ |
|
2022-12-05 17:30:00 | When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker? (lien direct) | In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To keep up with business | ★★ | ||
|
2022-12-05 16:38:00 | SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars (lien direct) | Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a | Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
