What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-11 22:36:36 | Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers (lien direct) | Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as | ★★★ | ||
|
2022-05-11 21:42:42 | CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. The flaw, assigned the identifier CVE-2022-1388 (CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to | Vulnerability | ★★★ | |
|
2022-05-11 05:43:48 | [White Paper] Social Engineering: What You Need to Know to Stay Resilient (lien direct) | Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that | |||
|
2022-05-11 05:37:26 | Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia (lien direct) | An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) | Threat | ||
|
2022-05-11 03:27:50 | Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K (lien direct) | A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly | Malware | ★★★ | |
|
2022-05-11 02:08:21 | Malicious NPM Packages Target German Companies in Supply Chain Attack (lien direct) | Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the | Malware | ★★★ | |
|
2022-05-11 00:37:16 | E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat (lien direct) | The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication (SATCOM) provider that had "spillover" effects across Europe. The cyber offensive, which took place one hour before the Kremlin's military invasion of Ukraine on February | ★★★ | ||
|
2022-05-10 22:29:11 | Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates (lien direct) | Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of | ★★★★ | ||
|
2022-05-10 06:31:44 | 5 Benefits of Detection-as-Code (lien direct) | TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business | Threat | ★★★ | |
|
2022-05-10 06:02:32 | New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity (lien direct) | The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a | Ransomware Threat | ★★★ | |
|
2022-05-10 05:44:36 | Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families (lien direct) | Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and | Malware | ★★ | |
|
2022-05-10 02:48:16 | Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory (lien direct) | Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. "The vulnerability was specific to | Vulnerability | ★★★★ | |
|
2022-05-10 01:40:08 | (Déjà vu) U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack (lien direct) | The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management ( | Ransomware | ★★★ | |
|
2022-05-09 22:53:56 | Critical Gems Takeover Bug Reported in RubyGems Package Manager (lien direct) | The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory | ★★★ | ||
|
2022-05-09 05:40:09 | SHIELDS UP in bite sized chunks (lien direct) | Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's | Threat | ★★★ | |
|
2022-05-09 05:27:01 | Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums (lien direct) | Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of | Malware Threat | ★★★★ | |
|
2022-05-09 03:38:34 | Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store (lien direct) | A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information. | Malware | ||
|
2022-05-09 01:55:28 | Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which | Malware Guideline | ||
|
2022-05-08 20:28:43 | U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack. | Ransomware Guideline | ||
|
2022-05-08 20:06:57 | Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability (lien direct) | Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked CVE-2022-1388 (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing | Vulnerability Guideline | ||
|
2022-05-06 21:23:05 | U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions (lien direct) | The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, | Hack Medical | APT 38 APT 28 | ★★★ |
|
2022-05-06 21:03:52 | This New Fileless Malware Hides Shellcode in Windows Event Logs (lien direct) | A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published this week. The stealthy infection process, not attributed to a known actor, is believed | Malware | ★★★★ | |
|
2022-05-06 20:20:36 | QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices (lien direct) | QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory. "If exploited, this vulnerability allows remote attackers to run arbitrary | Vulnerability | ★★★★ | |
|
2022-05-06 04:07:04 | Researchers Warn of \'Raspberry Robin\' Malware Spreading via External Drives (lien direct) | Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL." The earliest signs of the activity are said to | Malware | ★★★★ | |
|
2022-05-06 02:26:10 | Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware (lien direct) | A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan ( | Malware | ||
|
2022-05-06 00:17:17 | Experts Uncover New Espionage Attacks by Chinese \'Mustang Panda\' Hackers (lien direct) | The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing | Malware Threat | ||
|
2022-05-05 22:13:54 | Google Releases Android Update to Patch Actively Exploited Vulnerability (lien direct) | Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service. The | Vulnerability | ||
|
2022-05-05 07:21:43 | NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks (lien direct) | The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector. "It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components - which may have been developed elsewhere | |||
|
2022-05-05 06:43:33 | Google to Add Passwordless Authentication Support to Android and Chrome (lien direct) | Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said. Apple and Microsoft are | |||
|
2022-05-05 04:14:16 | The Importance of Defining Secure Code (lien direct) | The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to (profitably) function, without competitive applications and programs, or without 24-hour access to their websites and other infrastructure. And yet, these very same touchpoints are also often the gateway that | |||
|
2022-05-05 04:02:45 | Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus (lien direct) | Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," | |||
|
2022-05-05 03:58:33 | Heroku Forces User Password Resets Following GitHub OAuth Token Theft (lien direct) | Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification, revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts." As a consequence, Salesforce | |||
|
2022-05-05 03:31:01 | Thousands of Borrowers\' Data Exposed from ENCollect Debt Collection Service (lien direct) | An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those records included personal information like name, | |||
|
2022-05-04 20:13:27 | Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software (lien direct) | Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine, | |||
|
2022-05-04 19:38:14 | F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability (lien direct) | Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of | Vulnerability | ||
|
2022-05-04 06:46:47 | SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds (lien direct) | The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating | |||
|
2022-05-04 06:04:06 | Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies (lien direct) | An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included technology and | Threat | APT 41 | |
|
2022-05-04 05:05:34 | Critical RCE Bug Reported in dotCMS Content Management Software (lien direct) | A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an | Vulnerability | ||
|
2022-05-04 01:34:17 | Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers (lien direct) | A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open | Malware Threat | ||
|
2022-05-03 07:14:13 | Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches (lien direct) | Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an | |||
|
2022-05-03 05:01:53 | Experts Analyze Conti and Hive Ransomware Gangs Chats With Their Victims (lien direct) | An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a | Ransomware | ★★★ | |
|
2022-05-02 22:50:32 | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection (lien direct) | Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend | Ransomware | ||
|
2022-05-02 22:32:30 | Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (lien direct) | A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot). "PlugX and | Malware Threat | ||
|
2022-05-02 21:58:25 | Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems. uClibc is known to be used by major | Vulnerability | ||
|
2022-05-02 21:17:31 | New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions (lien direct) | A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are | Threat | ||
|
2022-05-02 20:49:13 | GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted" (lien direct) | Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an | |||
|
2022-05-02 07:00:53 | Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload (lien direct) | According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don't work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010, | Vulnerability Patching | ||
|
2022-05-02 06:39:38 | Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (lien direct) | A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week. "The target of this attack is currently unknown but with high | APT 30 | ||
|
2022-05-02 04:40:01 | Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia (lien direct) | A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium ( | Threat | APT 29 | |
|
2022-05-01 23:06:07 | Google Releases First Developer Preview of Privacy Sandbox on Android 13 (lien direct) | Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview. A "multi-year effort," |
To see everything:
Our RSS (filtrered)
