What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-21 00:15:57 | South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (lien direct) | Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by | Threat | ||
|
2022-03-18 09:20:26 | Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (lien direct) | A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker | Threat | ||
|
2022-03-18 05:28:40 | Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (lien direct) | An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel | Ransomware | ||
|
2022-03-18 00:31:53 | Google Uncovers \'Initial Access Broker\' Working with Conti Ransomware Gang (lien direct) | Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of | Ransomware Threat | ||
|
2022-03-17 21:52:58 | New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers (lien direct) | ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that | Malware | ||
|
2022-03-17 06:25:49 | Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion (lien direct) | In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP | |||
|
2022-03-17 05:59:15 | DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (lien direct) | The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm | Malware | ||
|
2022-03-17 05:34:41 | The Golden Hour of Incident Response (lien direct) | As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully | |||
|
2022-03-17 03:05:39 | TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers (lien direct) | Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds | Malware | ||
|
2022-03-17 01:46:43 | Ukraine Secret Service Arrests Hacker Helping Russian Invaders (lien direct) | The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of | |||
|
2022-03-17 00:37:22 | New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers (lien direct) | A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike | Vulnerability | Uber | |
|
2022-03-16 07:18:21 | New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (lien direct) | A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." | |||
|
2022-03-16 06:52:51 | New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers (lien direct) | The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw | Guideline | ||
|
2022-03-16 06:29:45 | FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [ | Threat | ★★★ | |
|
2022-03-16 06:14:32 | Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters (lien direct) | Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it | Vulnerability Guideline | ||
|
2022-03-16 01:54:40 | Build Your 2022 Cybersecurity Plan With This Free PPT Template (lien direct) | The end of the year is coming, and it's time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an | |||
|
2022-03-16 01:20:57 | German Government Warns Against Using Russia\'s Kaspersky Antivirus Software (lien direct) | Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security (BSI) against using the company's security solutions in the country over "doubts about the reliability of the manufacturer." Calling that the decision was made on "political grounds," the company said it will "continue to assure our partners and customers of the | |||
|
2022-03-16 00:53:39 | Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data (lien direct) | Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication, but can be triggered by any user with read permissions," Uriya Yavnieli and Or Peles, researchers | Guideline | ||
|
2022-03-15 23:35:25 | Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018 (lien direct) | The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily | |||
|
2022-03-15 06:03:58 | Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021 (lien direct) | As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the | Ransomware | ||
|
2022-03-15 02:38:46 | CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks (lien direct) | Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" | Malware | ||
|
2022-03-15 00:26:56 | Massive DDoS Attack Knocked Israeli Government Websites Offline (lien direct) | A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate (INCD) said in a tweet. "As a result, access to several websites, among them | |||
|
2022-03-14 20:44:11 | \'Dirty Pipe\' Linux Flaw Affects a Wide Range of QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company | Vulnerability | ||
|
2022-03-14 06:26:26 | Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords (lien direct) | French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services | |||
|
2022-03-14 06:19:43 | Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools (lien direct) | As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing | Threat | ||
|
2022-03-14 05:48:01 | Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups (lien direct) | A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of | Ransomware Guideline | ||
|
2022-03-14 04:05:29 | New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (lien direct) | A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter | Vulnerability | ||
|
2022-03-14 02:17:59 | Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (lien direct) | New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is | Malware | ||
|
2022-03-11 05:11:13 | Multiple Security Flaws Discovered in Popular Software Package Managers (lien direct) | Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected | |||
|
2022-03-11 02:06:47 | Russian Pushing New State-run TLS Certificate Authority to Deal With Sanctions (lien direct) | The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic | |||
|
2022-03-10 23:54:04 | Here\'s How to Find If WhatsApp Web Code on Your Browser Has Been Hacked (lien direct) | Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook said | |||
|
2022-03-10 07:12:52 | Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (lien direct) | The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive | Ransomware Malware Threat | ||
|
2022-03-10 06:29:37 | New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs (lien direct) | Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique | |||
|
2022-03-10 00:01:20 | Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States (lien direct) | Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ) to file charges of | Ransomware Malware | ★★ | |
|
2022-03-09 23:36:53 | Emotet Botnet\'s Latest Resurgence Spreads to Over 100,000 Computers (lien direct) | The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130,000 unique bots | |||
|
2022-03-09 05:26:18 | Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times (lien direct) | Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial | |||
|
2022-03-09 03:48:34 | Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart UPS Devices (lien direct) | Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks," Ben Seri and Barak Hadad, | |||
|
2022-03-09 02:04:37 | Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (lien direct) | APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in | Vulnerability Threat Guideline | APT 41 | |
|
2022-03-09 01:48:57 | Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (lien direct) | Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an | Guideline | ||
|
2022-03-08 21:44:56 | Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms (lien direct) | Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known | |||
|
2022-03-08 10:08:03 | New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale | |||
|
2022-03-08 06:10:46 | Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (lien direct) | A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military | Threat | APT 28 | |
|
2022-03-08 04:25:20 | Google Buys Cybersecurity Firm Mandiant for $5.4 Billion (lien direct) | Google is officially buying cybersecurity company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise, VirusTotal, | |||
|
2022-03-08 04:11:29 | Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code (lien direct) | Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees," the electronics giant told Bloomberg. | Data Breach | ||
|
2022-03-08 02:23:14 | Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices (lien direct) | As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk. | |||
|
2022-03-07 23:54:47 | The Continuing Threat of Unpatched Security Vulnerabilities (lien direct) | Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries | Threat | ||
|
2022-03-07 23:43:22 | Researchers Warn of Linux Kernel \'Dirty Pipe\' Arbitrary File Overwrite Vulnerability (lien direct) | Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation | Vulnerability Guideline | ||
|
2022-03-07 22:44:24 | Microsoft Azure \'AutoWarp\' Bug Could Have Let Attackers Access Customers\' Accounts (lien direct) | Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer," Orca Security researcher Yanir | Vulnerability | ||
|
2022-03-07 08:42:23 | Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking (lien direct) | Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP | |||
|
2022-03-07 05:45:23 | Understanding How Hackers Recon (lien direct) | Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line |
To see everything:
Our RSS (filtrered)
