What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-03 06:54:33 | Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (lien direct) | An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report. | Tool Threat | ||
|
2022-06-03 02:58:38 | Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (lien direct) | The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was documented in | Malware | ★★★ | |
|
2022-06-03 01:19:30 | Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies (lien direct) | Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive | Threat | ||
|
2022-06-02 19:57:46 | Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability (lien direct) | Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as CVE-2022-26134. "Atlassian has been made aware of current active exploitation of a | Vulnerability | ||
|
2022-06-02 11:10:45 | Threat Detection Software: A Deep Dive (lien direct) | As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat | Threat | ||
|
2022-06-02 05:13:36 | Conti Leaks Reveal Ransomware Gang\'s Interest in Firmware-based Attacks (lien direct) | An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," | Ransomware | ||
|
2022-06-02 04:01:03 | Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks (lien direct) | As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [ | Ransomware | ||
|
2022-06-02 03:43:44 | ExpressVPN Removes Servers in India After Refusing to Comply with Government Order (lien direct) | Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located | |||
|
2022-06-02 02:09:08 | Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones (lien direct) | A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The | Vulnerability | ||
|
2022-06-02 01:38:51 | SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (lien direct) | The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity | Malware Tool Threat | APT-C-17 | |
|
2022-06-01 22:39:19 | DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services (lien direct) | The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service (DDoS) attacks for hire. This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the former of which allowed its users to traffic hacked personal data and offered a searchable database | |||
|
2022-06-01 06:56:56 | New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (lien direct) | A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared | Vulnerability | ||
|
2022-06-01 05:36:29 | FluBot Android Spyware Taken Down by Global Law Enforcement Operation (lien direct) | An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement. The "complex | Malware Threat | ||
|
2022-06-01 05:15:09 | YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites (lien direct) | As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the | Tool | ||
|
2022-06-01 02:16:04 | New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (lien direct) | An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company | Malware | ||
|
2022-05-31 22:02:54 | Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability (lien direct) | An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in | Vulnerability Threat | ||
|
2022-05-31 04:42:50 | Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise (lien direct) | An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most | Malware Threat | ||
|
2022-05-31 00:30:39 | SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years (lien direct) | An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their | Threat | APT-C-17 | |
|
2022-05-30 23:29:20 | Learn Raspberry Pi and Arduino with 9 Online Developer Training Courses (lien direct) | This is an exciting time for the Internet of Things. According to Deloitte research, the average U.S. household now has 25 connected devices - and new products are being launched every day. This rush of demand means that many tech companies are looking for developers with IoT knowledge. And even if you don't want to specialize in this field, the programming skills are transferable. Featuring | Deloitte Deloitte | ||
|
2022-05-30 22:59:21 | Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks (lien direct) | Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans (RATs) such as Agent Tesla to facilitate malware-enabled cyber fraud. "The men are thought to have used the RAT to reroute financial transactions, stealing confidential online connection details from corporate organizations, including oil and gas companies in South East Asia, the | |||
|
2022-05-30 21:12:31 | Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation (lien direct) | Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and | Vulnerability | ||
|
2022-05-30 04:39:38 | Is 3rd Party App Access the New Executable File? (lien direct) | It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc. Simple actions that users | |||
|
2022-05-30 02:30:19 | EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities (lien direct) | A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services | Malware | ||
|
2022-05-30 01:40:43 | Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild (lien direct) | Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in Belarus. "It uses Word's | Vulnerability | ||
|
2022-05-29 22:14:26 | New \'GoodWill\' Ransomware Forces Victims to Donate Money and Clothes to the Poor (lien direct) | Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in | Ransomware | ||
|
2022-05-29 21:50:12 | FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks (lien direct) | Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S. | Guideline | ||
|
2022-05-28 06:14:11 | New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme (lien direct) | A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for | Guideline | ||
|
2022-05-28 00:37:42 | Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices (lien direct) | Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As | Threat | ||
|
2022-05-27 08:21:18 | Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel (lien direct) | Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The | Vulnerability | ||
|
2022-05-27 07:36:15 | Nearly 100,000 NPM Users\' Credentials Stolen in GitHub OAuth Breach (lien direct) | Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure | |||
|
2022-05-27 05:28:57 | The Myths of Ransomware Attacks and How To Mitigate Risk (lien direct) | Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks - a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware. To help you | Ransomware Threat Guideline | ||
|
2022-05-27 04:24:37 | Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely (lien direct) | Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper. The core | |||
|
2022-05-26 23:28:02 | Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices (lien direct) | Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's | Vulnerability | ||
|
2022-05-26 05:18:32 | Critical \'Pantsdown\' BMC Vulnerability Affects QCT Servers Used in Data Centers (lien direct) | Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further | Vulnerability | ||
|
2022-05-26 03:24:57 | Experts Warn of Rise in ChromeLoader Malware Hijacking Users\' Browsers (lien direct) | A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically | Malware Threat | ||
|
2022-05-26 02:49:25 | Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities (lien direct) | Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the | Threat | ||
|
2022-05-26 02:49:22 | The Added Dangers Privileged Accounts Pose to Your Active Directory (lien direct) | In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do. The actions vary based on the nature of the account but can include anything from setting up new user accounts to shutting down mission-critical systems. | |||
|
2022-05-26 01:08:55 | Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched (lien direct) | The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the project said in an | |||
|
2022-05-26 00:03:44 | Twitter Fined $150 Million for Misusing Users\' Data for Advertising Without Consent (lien direct) | Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for "misrepresenting its privacy and security practices," the company has been banned from | |||
|
2022-05-25 06:06:44 | Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks (lien direct) | A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. "The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said in a statement. | |||
|
2022-05-25 05:46:08 | Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room (lien direct) | A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to pinpoint such rogue devices without much of a hassle. The system, dubbed Lumos, is designed with this | |||
|
2022-05-25 04:21:00 | How Secrets Lurking in Source Code Lead to Major Breaches (lien direct) | If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds, | |||
|
2022-05-25 04:19:54 | Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them (lien direct) | Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," new research has found. The attack takes aim at the account creation process that's ubiquitous in websites and other online platforms, enabling an adversary to perform a set of actions before an unsuspecting victim creates an account in a target service. The study was led | |||
|
2022-05-25 02:39:51 | Researchers Find New Malware Attacks Targeting Russian Government Entities (lien direct) | An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a | Malware Threat | ||
|
2022-05-25 02:12:48 | [Template] Incident Response for Management Presentation (lien direct) | Security incidents occur. It's not a matter of "if," but of "when." That's why you implemented security products and procedures to optimize the incident response (IR) process. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Feels familiar? In many organizations, | |||
|
2022-05-24 20:59:02 | New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message (lien direct) | Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google | Hack | ||
|
2022-05-24 07:32:03 | Popular PyPI Package \'ctx\' and PHP Library \'phpass\' Hijacked to Steal AWS Keys (lien direct) | Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update. "In both cases the attacker appears to have | |||
|
2022-05-24 04:02:38 | SIM-based Authentication Aims to Transform Device Binding Security to End Phishing (lien direct) | Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing, and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach. To deliver additional security, therefore, | Vulnerability | ||
|
2022-05-24 04:01:56 | New Chaos Ransomware Builder Variant "Yashma" Discovered in the Wild (lien direct) | Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that emerged in | Ransomware | ||
|
2022-05-24 03:06:47 | Malware Analysis: Trickbot (lien direct) | In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to | Malware |
To see everything:
Our RSS (filtrered)
