What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-27 21:20:36 | Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers (lien direct) | Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 | |||
|
2022-01-27 20:58:02 | QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices (lien direct) | Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest | Ransomware | ||
|
2022-01-27 04:50:56 | Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (lien direct) | There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer | |||
|
2022-01-27 04:37:34 | Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions (lien direct) | A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest | Malware | ||
|
2022-01-27 02:15:12 | Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices (lien direct) | Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " | Malware | ||
|
2022-01-26 22:59:24 | Hackers Using New Evasive Technique to Deliver AsyncRAT Malware (lien direct) | A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted | Malware Threat | ||
|
2022-01-26 21:05:03 | Apple Releases iOS and iPadOS Updates to Patch Actively Exploited 0-Day Vulnerability (lien direct) | Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to | Vulnerability | ||
|
2022-01-26 05:40:48 | Webinar: How to See More, But Respond Less with Enhanced Threat Visibility (lien direct) | The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets | Threat | ||
|
2022-01-26 05:33:05 | Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers (lien direct) | An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a | Vulnerability | ||
|
2022-01-25 23:55:13 | Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads (lien direct) | Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of | |||
|
2022-01-25 21:39:33 | 12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access (lien direct) | A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's | Vulnerability | ||
|
2022-01-25 06:04:56 | Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets (lien direct) | Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix, | ★★★★★ | ||
|
2022-01-25 05:42:03 | TrickBot Malware Using New Techniques to Evade Web Injection Attacks (lien direct) | The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these | Malware | ★★★★★ | |
|
2022-01-25 04:32:25 | Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (lien direct) | A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar | Malware | ★★★★ | |
|
2022-01-25 03:51:50 | Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities (lien direct) | The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in | Malware | ★★★★★ | |
|
2022-01-24 22:47:00 | Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection (lien direct) | A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint | Malware | ||
|
2022-01-24 06:52:03 | ZTNAs Address Requirements VPNs Cannot. Here\'s Why. (lien direct) | I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, | |||
|
2022-01-24 03:09:03 | Hackers Creating Fraudulent Crypto Tokens as Part of \'Rug Pull\' Scams (lien direct) | Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the | |||
|
2022-01-23 23:10:39 | Emotet Now Using Unconventional IP Address Formats to Evade Detection (lien direct) | Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted | Malware | ||
|
2022-01-23 22:53:04 | High-Severity Rust Programming Bug Could Lead to File, Directory Deletion (lien direct) | The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete, | Vulnerability | ||
|
2022-01-22 06:47:43 | Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine (lien direct) | Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, | Malware | NotPetya NotPetya | |
|
2022-01-22 02:57:39 | Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure (lien direct) | An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information | Malware Threat | ||
|
2022-01-21 23:39:04 | Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (lien direct) | In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based | |||
|
2022-01-21 20:04:16 | Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (lien direct) | Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on | |||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2022-01-21 01:40:08 | U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine (lien direct) | The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to | |||
|
2022-01-20 22:20:56 | Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (lien direct) | Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled | Vulnerability | ||
|
2022-01-20 05:18:05 | Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (lien direct) | An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both | |||
|
2022-01-20 02:20:27 | Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang (lien direct) | A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with | |||
|
2022-01-20 00:28:40 | A Trip to the Dark Site - Leak Sites Analyzed (lien direct) | Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can | Ransomware Threat | ||
|
2022-01-19 23:54:23 | DoNot Hacking Team Targeting Government and Military Entities in South Asia (lien direct) | A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a | Malware Threat | ||
|
2022-01-19 21:26:42 | New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (lien direct) | A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the | Malware | ||
|
2022-01-19 20:57:47 | Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks (lien direct) | Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that | Vulnerability Threat | ||
|
2022-01-19 07:04:52 | Cyber Threat Protection - It All Starts with Visibility (lien direct) | Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just | Threat | ||
|
2022-01-19 06:39:32 | Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (lien direct) | Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of | Malware Tool | ||
|
2022-01-19 04:29:31 | FIN8 Hackers Spotted Using New \'White Rabbit\' Ransomware in Recent Attacks (lien direct) | The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February | Ransomware | ||
|
2022-01-18 23:32:41 | DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms (lien direct) | An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader | Malware | ★★★★★ | |
|
2022-01-18 22:56:23 | Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (lien direct) | The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the | Malware | ||
|
2022-01-18 06:40:59 | Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts (lien direct) | Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said | |||
|
2022-01-18 05:23:32 | Europol Shuts Down VPNLab, Cybercriminals\' Favourite VPN Service (lien direct) | VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the | Ransomware | ||
|
2022-01-18 05:10:20 | Don\'t Use Public Wi-Fi Without DNS Filtering (lien direct) | Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet, | |||
|
2022-01-18 00:02:51 | Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors (lien direct) | An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, | Threat | ||
|
2022-01-17 21:13:47 | Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central (lien direct) | Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip | Vulnerability | ||
|
2022-01-17 05:36:50 | Chrome Limits Websites\' Direct Access to Private Networks for Security Reasons (lien direct) | Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called | |||
|
2022-01-17 00:08:53 | Dark Web\'s Largest Marketplace for Stolen Credit Cards is Shutting Down (lien direct) | UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to | |||
|
2022-01-16 21:18:12 | High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites (lien direct) | Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a | Vulnerability | ||
|
2022-01-16 20:29:32 | Ukrainian Government Officially Accuses Russia of Recent Cyberattacks (lien direct) | The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the | |||
|
2022-01-16 06:31:14 | New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking (lien direct) | A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB | |||
|
2022-01-16 01:28:50 | A New Destructive Malware Targeting Ukrainian Government and Business Entities (lien direct) | Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," | Ransomware Malware | ||
|
2022-01-15 01:38:55 | Get Lifetime Access to Cybersecurity Certification Prep Courses (lien direct) | You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities - including six-figure roles. There is just a small matter of some exams to pass. To help |
To see everything:
Our RSS (filtrered)
