What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-13 21:52:47 | U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (lien direct) | The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, compromise, and control | Malware | ||
|
2022-04-13 21:51:58 | Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild (lien direct) | A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The | Vulnerability Threat | ||
|
2022-04-13 07:35:00 | Webinar: How The Right XDR Can Be a Game-Changer for Lean Security Teams (lien direct) | Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it's even the right solution for their organization. But | |||
|
2022-04-13 06:07:21 | Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (lien direct) | The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks | Malware Threat | ||
|
2022-04-13 03:57:21 | Russian Hackers Tried Attacking Ukraine\'s Power Grid with Industroyer2 Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated | Malware | ||
|
2022-04-13 00:39:14 | FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin (lien direct) | An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the arrest of the forum's | |||
|
2022-04-12 20:22:09 | Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (lien direct) | Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws | |||
|
2022-04-12 19:50:33 | Cross-Regional Disaster Recovery with Elasticsearch (lien direct) | Unsurprisingly, here at Rewind, we've got a lot of data to protect (over 2 petabytes worth). One of the databases we use is called Elasticsearch (ES or Opensearch, as it is currently known in AWS). To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is essential when customers are looking for a particular file or item that they need to restore using | |||
|
2022-04-12 06:08:56 | Critical LFI Vulnerability Reported in Hashnode Blogging Platform (lien direct) | Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download | Vulnerability | ||
|
2022-04-12 03:35:27 | Finding Attack Paths in Cloud Environments (lien direct) | The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to match this new tantalizing target landscape. With threat actors' high reactivity and adaptability, it | Threat | ||
|
2022-04-12 03:26:44 | EU Officials Reportedly Targeted with Israeli Pegasus Spyware (lien direct) | Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the | |||
|
2022-04-12 02:19:14 | NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation (lien direct) | The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks said in an advisory | |||
|
2022-04-12 02:01:58 | Google Sues Scammer for Running \'Puppy Fraud Scheme\' Website (lien direct) | Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies - with alluring photos and fake customer testimonials - in order to take advantage of people during the | |||
|
2022-04-11 20:37:10 | Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (lien direct) | A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report | Malware | ||
|
2022-04-11 03:41:27 | Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild (lien direct) | Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz | |||
|
2022-04-10 22:19:20 | Microsoft\'s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date (lien direct) | Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior product marketing manager at Microsoft, in a post last week. "The second Tuesday of every month will be | |||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-08 09:59:55 | Chinese Hacker Groups Continue to Target Indian Power Grid Assets (lien direct) | China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been dubbed a "masterpiece | |||
|
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-08 02:49:42 | Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States (lien direct) | A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual's criminal work as a "high-level hacker" in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. | |||
|
2022-04-08 00:04:32 | Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine (lien direct) | Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable | APT 28 | ||
|
2022-04-07 23:51:59 | New Octo Banking Trojan Spreading via Fake Apps on Google Play Store (lien direct) | A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm | Malware | ||
|
2022-04-07 08:29:56 | First Malware Targeting AWS Lambda Serverless Platform Discovered (lien direct) | A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said | Malware | ||
|
2022-04-07 07:13:09 | Hamas-linked Hackers Targeting High-Ranking Israelis Using \'Catfish\' Lures (lien direct) | A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and | Threat | ||
|
2022-04-07 06:00:00 | Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 (lien direct) | During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on | |||
|
2022-04-07 04:33:24 | SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps (lien direct) | As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it | Malware | ||
|
2022-04-07 03:34:26 | Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (lien direct) | Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an | Malware | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Malware Threat | ★★★★ | |
|
2022-04-06 22:49:08 | VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products (lien direct) | VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager | |||
|
2022-04-06 06:34:17 | Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users (lien direct) | Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News. The copycat | |||
|
2022-04-06 02:01:34 | Block Admits Data Breach Involving Cash App Data Accessed by Former Employee (lien direct) | Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after | Data Breach | ||
|
2022-04-06 00:55:06 | U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace (lien direct) | The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal | |||
|
2022-04-05 08:05:03 | Battling Cybersecurity Risk: How to Start Somewhere, Right Now (lien direct) | Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of | |||
|
2022-04-05 07:50:30 | FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks (lien direct) | The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various | Ransomware | ||
|
2022-04-05 04:58:03 | Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin (lien direct) | Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace. "[543] Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. The agency attributed the shutdown of | |||
|
2022-04-05 03:19:49 | Is API Security on Your Radar? (lien direct) | With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate revenue by allowing customers access to the functionality of a website or computer | |||
|
2022-04-05 03:11:07 | Researchers Trace Widespread Espionage Attacks Back to Chinese \'Cicada\' Hackers (lien direct) | A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied | Threat | APT 10 | |
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-05 00:31:37 | CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring | Vulnerability | ★★★★★ | |
|
2022-04-04 06:44:44 | Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers (lien direct) | An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app - that has the package name "com.remote.app" - establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the | |||
|
2022-04-04 03:41:30 | Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles (lien direct) | A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed "Brokenwire," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the | Hack | ||
|
2022-04-04 00:38:17 | Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (lien direct) | A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani | Malware | ||
|
2022-04-04 00:09:13 | Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers (lien direct) | A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said. "Five new exploits were | |||
|
2022-04-01 22:49:06 | 15-Year-Old Bug in PEAR PHP Repository Could\'ve Enabled Supply Chain Attacks (lien direct) | A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker | Vulnerability | ||
|
2022-04-01 21:16:41 | British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group (lien direct) | The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. "Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false | |||
|
2022-04-01 21:03:58 | GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts (lien direct) | DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an | Vulnerability | ||
|
2022-04-01 06:50:55 | Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems (lien direct) | The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against | Malware | ||
|
2022-04-01 05:31:18 | Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code (lien direct) | Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner | ★★★★ | ||
|
2022-04-01 03:55:18 | Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition (lien direct) | Threat actor groups like Wizard Spider and Sandworm have been wreaking havoc over the past few years – developing and deploying cybercrime tools like Conti, Trickbot, and Ryuk ransomware. Most recently, Sandworm (suspected to be a Russian cyber-military unit) unleashed cyberattacks against Ukranian infrastructure targets. To ensure cybersecurity providers are battle ready, MITRE Engenuity uses | |||
|
2022-04-01 03:41:53 | Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit (lien direct) | A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates," said | Threat | APT 19 |
To see everything:
Our RSS (filtrered)
