What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-14 14:21:00 | Researchers Detail OriginLogger RAT - Successor to Agent Tesla Malware (lien direct) | Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted | Malware Threat | ||
|
2022-09-14 10:12:00 | Microsoft\'s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day (lien direct) | Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its | |||
|
2022-09-14 07:21:00 | Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability (lien direct) | A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence | Vulnerability | ||
|
2022-09-13 18:37:00 | How GRC protects the value of organizations - A simple guide to data quality and integrity (lien direct) | Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a challenge, | |||
|
2022-09-13 16:04:00 | (Déjà vu) Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks (lien direct) | Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as | Malware | ||
|
2022-09-13 14:55:00 | Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research (lien direct) | Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers | Threat | ||
|
2022-09-13 09:06:00 | Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw (lien direct) | Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may | |||
|
2022-09-12 19:09:00 | China Accuses NSA\'s TAO Unit of Hacking its Military Research University (lien direct) | China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at the USA's | |||
|
2022-09-12 16:48:00 | Palestinian Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel (lien direct) | A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were | |||
|
2022-09-12 16:34:00 | Why Vulnerability Scanning is Critical for SOC 2 (lien direct) | SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operation to third parties like | Vulnerability | ||
|
2022-09-12 12:36:00 | High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices (lien direct) | A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted | |||
|
2022-09-11 09:51:00 | Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents (lien direct) | A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps ( | Threat | APT 42 | |
|
2022-09-10 15:13:00 | U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania (lien direct) | The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector | |||
|
2022-09-09 19:00:00 | 6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged (lien direct) | Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on | Data Breach | ||
|
2022-09-09 17:06:00 | U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers (lien direct) | More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and | Threat Medical | APT 38 | |
|
2022-09-09 13:49:00 | Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (lien direct) | A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the | Vulnerability | ||
|
2022-09-08 23:25:00 | New Vulnerabilities Reported in Baxter\'s Internet-Connected Infusion Pumps (lien direct) | Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in | |||
|
2022-09-08 17:50:00 | North Korean Lazarus Hackers Targeting Energy Providers Around the World (lien direct) | A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state,” Cisco Talos said in a report shared | Medical | APT 38 | |
|
2022-09-08 16:32:00 | Chinese Hackers Target Government Officials in Europe, South America and Middle East (lien direct) | A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is | Malware | ||
|
2022-09-08 16:00:00 | Shopify Fails to Prevent Known Breached Passwords (lien direct) | A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space. According to the report, Specops researchers analyzed a list of a billion passwords | |||
|
2022-09-08 12:08:00 | Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries (lien direct) | Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point | |||
|
2022-09-08 11:08:00 | Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (lien direct) | Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and | Ransomware Threat Conference | APT 35 | |
|
2022-09-08 09:18:00 | Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products (lien direct) | Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service ( | Vulnerability | ||
|
2022-09-07 20:12:00 | Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks (lien direct) | Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat | Threat | ||
|
2022-09-07 18:26:00 | Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards (lien direct) | An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and " | |||
|
2022-09-07 18:08:00 | New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices (lien direct) | A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a | Malware | ||
|
2022-09-07 17:40:00 | North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (lien direct) | The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being | Malware Medical | APT 38 | |
|
2022-09-07 17:30:00 | 4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar (lien direct) | Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey, 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – | |||
|
2022-09-07 12:27:00 | Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities (lien direct) | A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42 said in a | |||
|
2022-09-07 10:58:00 | Critical RCE Vulnerability Affects Zyxel NAS Devices - Firmware Patch Released (lien direct) | Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a | Vulnerability | ||
|
2022-09-06 17:59:00 | Worok Hackers Target High-Profile Asian Companies and Governments (lien direct) | High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET | |||
|
2022-09-06 15:27:00 | TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks (lien direct) | Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order | Malware Threat | ||
|
2022-09-06 14:27:00 | Integrating Live Patching in SecDevOps Workflows (lien direct) | SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the | Patching | ||
|
2022-09-06 12:17:00 | New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security (lien direct) | A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday | Threat | ||
|
2022-09-06 10:48:00 | Researchers Find New Android Spyware Campaign Targeting Uyghur Community (lien direct) | A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the | Malware Guideline | ||
|
2022-09-06 08:41:00 | QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw (lien direct) | QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo | Ransomware | ||
|
2022-09-05 20:29:00 | TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users\' Information (lien direct) | Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows | Data Breach | ||
|
2022-09-05 19:59:00 | What Is Your Security Team Profile? Prevention, Detection, or Risk Management (lien direct) | Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or | |||
|
2022-09-05 17:56:00 | Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus (lien direct) | A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, | Ransomware | ||
|
2022-09-05 12:40:00 | Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan (lien direct) | The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the | |||
|
2022-09-03 09:47:00 | Samsung Admits Data Breach that Exposed Details of Some U.S. Customers (lien direct) | South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined | Data Breach | ★★ | |
|
2022-09-03 09:26:00 | Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability (lien direct) | Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An | Vulnerability | ||
|
2022-09-02 20:04:00 | Prynt Stealer Contains a Backdoor to Steal Victims\' Data Stolen by Other Cybercriminals (lien direct) | Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat | |||
|
2022-09-02 16:27:00 | JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users (lien direct) | More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger, cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early | Threat | ||
|
2022-09-02 16:13:00 | The Ultimate Security Blind Spot You Don\'t Know You Have (lien direct) | How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The disappointing part is that many of these | |||
|
2022-09-02 15:51:00 | Warning: PyPI Feature Executes Code Automatically After Python Package Download (lien direct) | In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a | |||
|
2022-09-02 12:30:00 | New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers (lien direct) | Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson | Malware | ||
|
2022-09-02 11:25:00 | (Déjà vu) Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content (lien direct) | A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson. While the | |||
|
2022-09-01 19:35:00 | Stop Worrying About Passwords Forever (lien direct) | So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications, | |||
|
2022-09-01 18:25:00 | Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (lien direct) | The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in | Ransomware | ★★★★★ |
To see everything:
Our RSS (filtrered)
