What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-26 00:08:34 | CronRAT: A New Linux Malware That\'s Scheduled to Run on February 31st (lien direct) | Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said | Malware Threat | ||
|
2021-11-25 03:57:05 | This New Stealthy JavaScript Loader Infecting Computers with Malware (lien direct) | Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware | Malware Threat | ||
|
2021-11-25 03:33:42 | Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (lien direct) | A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities - in only ~150 lines, it provides the | Malware Threat | ||
|
2021-11-24 04:25:16 | Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally (lien direct) | Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese | Threat | ||
|
2021-11-24 00:49:24 | APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users (lien direct) | A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try | Threat | ||
|
2021-11-23 02:58:04 | More Stealthier Version of BrazKing Android Malware Spotted in the Wild (lien direct) | Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the | Malware Threat | ||
|
2021-11-22 04:10:31 | New Golang-based Linux Malware Targeting eCommerce Websites (lien direct) | Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a | Malware Threat | ||
|
2021-11-20 07:54:06 | RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools (lien direct) | A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass | Threat | ||
|
2021-11-20 07:26:20 | North Korean Hackers Found Behind a Range of Credential Theft Campaigns (lien direct) | A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the | Malware Threat | ||
|
2021-11-19 04:54:36 | U.S. Charged 2 Iranians Hackers for Threatening Voters During 2020 Presidential Election (lien direct) | The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question - Seyyed Mohammad Hosein Musa Kazemi, 24, and | Threat | ||
|
2021-11-19 01:27:29 | FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug (lien direct) | The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had | Threat | ||
|
2021-11-17 23:59:00 | Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware (lien direct) | Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their | Ransomware Threat | ||
|
2021-11-17 07:44:03 | U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws (lien direct) | Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple | Threat | ||
|
2021-11-16 22:40:27 | Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform (lien direct) | Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to | Threat | ||
|
2021-11-15 07:30:01 | Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic (lien direct) | A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate ( | Threat | ||
|
2021-11-14 21:28:16 | FBI\'s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line "Urgent: Threat actor in systems" | Threat | ||
|
2021-11-12 07:32:30 | Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks (lien direct) | Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the | Ransomware Malware Threat | ★★★ | |
|
2021-11-11 21:43:11 | Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant (lien direct) | Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a | Hack Threat | ||
|
2021-11-11 03:50:08 | TrickBot Operators Partner with Shatak Attackers for Conti Ransomware (lien direct) | The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a | Ransomware Threat Guideline | ||
|
2021-11-11 01:30:00 | Navigating The Threat Landscape 2021 – From Ransomware to Botnets (lien direct) | Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with | Ransomware Threat | ||
|
2021-11-11 00:00:26 | Iran\'s Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa (lien direct) | A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred | Threat | ★★★★★ | |
|
2021-11-09 00:44:10 | Robinhood Trading App Suffers Data Breach Exposing 7 Million Users\' Information (lien direct) | Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.
The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users. |
Data Breach Threat | ||
|
2021-11-08 06:39:11 | Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit (lien direct) | At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution.
The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of |
Threat | ||
|
2021-11-08 06:10:37 | BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups (lien direct) | A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns.
BlackBerry's research and intelligence team dubbed the entity "Zebra2104," with the group responsible for offering a means of a digital approach to ransomware syndicates |
Ransomware Threat | ||
|
2021-11-08 05:12:48 | Critical Flaws in Philips TASY EMR Could Expose Patient Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive patient data from patient databases.
"Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from |
Threat | ||
|
2021-11-03 08:24:34 | BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released (lien direct) | An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period.
No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a |
Ransomware Threat | ||
|
2021-11-01 04:25:57 | New \'Trojan Source\' Technique Lets Hackers Hide Vulnerabilities in Source Code (lien direct) | A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.
Dubbed "Trojan Source attacks," the technique "exploits subtleties in text-encoding standards such as Unicode to produce source |
Malware Threat | ||
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-10-25 01:19:44 | Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware (lien direct) | Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully |
Ransomware Vulnerability Threat | ||
|
2021-10-23 09:25:31 | Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks (lien direct) | Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in |
Tool Threat | ||
|
2021-10-22 08:01:26 | \'Lone Wolf\' Hacker Group Targeting Afghanistan and India with Commodity RATs (lien direct) | A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints.
Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse |
Malware Threat | ||
|
2021-10-21 00:03:14 | Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts (lien direct) | Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting |
Threat | ||
|
2021-10-18 23:11:57 | Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia (lien direct) | A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.
Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka |
Malware Threat | ||
|
2021-10-18 01:21:01 | Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting (lien direct) | Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."
"From malign operations against local health providers that endanger patient care, to |
Ransomware Threat | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-14 09:30:34 | Google: We\'re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries (lien direct) | Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an |
Malware Threat | ||
|
2021-10-11 23:32:49 | Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms (lien direct) | An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East.
Microsoft is tracking the hacking crew under the |
Threat | ||
|
2021-10-11 07:20:37 | Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack (lien direct) | Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks.
Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot. There are many different types of social engineering |
Threat | ||
|
2021-10-11 02:21:02 | Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo (lien direct) | A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa.
Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team" (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also |
Threat | ||
|
2021-10-08 06:41:27 | Ransomware Group FIN12 Aggressively Going After Healthcare Targets (lien direct) | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Cybersecurity firm Mandiant attributed the intrusions to a |
Ransomware Threat | ||
|
2021-10-05 09:58:29 | Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (lien direct) | Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the |
Threat | ||
|
2021-10-04 05:48:16 | A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (lien direct) | A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.
Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang - referring to their |
Threat | ★★★★ | |
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat | ||
|
2021-10-01 00:21:43 | Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware (lien direct) | In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks |
Malware Threat | ||
|
2021-09-30 06:49:19 | New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
"This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's |
Vulnerability Threat | ||
|
2021-09-30 06:32:43 | Incentivizing Developers is the Key to Better Security Practices (lien direct) | Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow.
The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win |
Threat | ||
|
2021-09-30 00:40:22 | (Déjà vu) New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack (lien direct) | Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools.
Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another |
Malware Threat | ||
|
2021-09-28 08:31:06 | Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns (lien direct) | Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that |
Vulnerability Threat | ||
|
2021-09-28 01:32:38 | New BloodyStealer Trojan Steals Gamers\' Epic Games and Steam Accounts (lien direct) | A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in |
Malware Tool Threat | ||
|
2021-09-27 23:15:52 | Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers (lien direct) | Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers.
The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked |
Malware Threat |
To see everything:
Our RSS (filtrered)
