What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-11 07:20:37 | Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack (lien direct) | Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks.
Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot. There are many different types of social engineering |
Threat | ||
|
2021-10-11 02:21:02 | Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo (lien direct) | A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa.
Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team" (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also |
Threat | ||
|
2021-10-08 06:41:27 | Ransomware Group FIN12 Aggressively Going After Healthcare Targets (lien direct) | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Cybersecurity firm Mandiant attributed the intrusions to a |
Ransomware Threat | ||
|
2021-10-05 09:58:29 | Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (lien direct) | Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the |
Threat | ||
|
2021-10-04 05:48:16 | A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (lien direct) | A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.
Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang - referring to their |
Threat | ★★★★ | |
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat | ||
|
2021-10-01 00:21:43 | Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware (lien direct) | In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks |
Malware Threat | ||
|
2021-09-30 06:49:19 | New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
"This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's |
Vulnerability Threat | ||
|
2021-09-30 06:32:43 | Incentivizing Developers is the Key to Better Security Practices (lien direct) | Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow.
The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win |
Threat | ||
|
2021-09-30 00:40:22 | (Déjà vu) New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack (lien direct) | Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools.
Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another |
Malware Threat | ||
|
2021-09-28 08:31:06 | Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns (lien direct) | Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that |
Vulnerability Threat | ||
|
2021-09-28 01:32:38 | New BloodyStealer Trojan Steals Gamers\' Epic Games and Steam Accounts (lien direct) | A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in |
Malware Tool Threat | ||
|
2021-09-27 23:15:52 | Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers (lien direct) | Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers.
The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked |
Malware Threat | ||
|
2021-09-27 06:35:19 | Russian Turla APT Group Deploying New Backdoor on Targeted Systems (lien direct) | State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.
Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. |
Malware Threat | ||
|
2021-09-26 23:26:49 | A New Jupyter Malware Version is Being Distributed via MSI Installers (lien direct) | Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions.
The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "how threat actors |
Malware Threat | ||
|
2021-09-24 22:16:49 | A New APT Hacker Group Spying On Hotels and Governments Worldwide (lien direct) | A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms.
Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the |
Threat | ||
|
2021-09-24 05:49:39 | Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows (lien direct) | Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
"Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google |
Malware Threat | ||
|
2021-09-21 06:00:03 | Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug (lien direct) | Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.
The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a |
Ransomware Threat | ||
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 | |
|
2021-09-19 22:07:28 | Numando: A New Banking Trojan Targeting Latin American Users (lien direct) | A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro.
The threat actor |
Threat | ||
|
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-14 04:13:23 | HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to |
Threat | ||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-02 02:07:03 | Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks (lien direct) | The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing |
Malware Threat | ||
|
2021-09-01 08:50:52 | Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns (lien direct) | Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious |
Malware Threat | ||
|
2021-08-26 05:57:02 | The Increased Liability of Local In-home Propagation (lien direct) | Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home.
In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the |
Threat | ||
|
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-23 06:27:54 | Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems (lien direct) | Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top |
Hack Threat | ||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-20 03:38:09 | Cybercrime Group Asking Insiders for Help in Planting Ransomware (lien direct) | A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the |
Ransomware Threat | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 03:20:48 | Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks (lien direct) | IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients.
The attacks, which occurred in two waves in May and July 2021, have been linked |
Threat | ||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-13 02:46:09 | Hackers Actively Searching for Unpatched Microsoft Exchange Servers (lien direct) | Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
The remote code execution flaws have been collectively dubbed "ProxyShell." At least |
Threat | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-10 06:19:00 | Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel (lien direct) | A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world |
Threat | ||
|
2021-08-10 02:27:54 | Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers (lien direct) | Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.
Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers |
Vulnerability Threat | ||
|
2021-08-06 03:34:12 | New Amazon Kindle Bug Could\'ve Let Attackers Hijack Your eBook Reader (lien direct) | Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book.
"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from |
Vulnerability Threat | ||
|
2021-08-04 05:49:36 | Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus (lien direct) | An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.
The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called "Webdav-O" that was detected in the intrusions, with the cybersecurity firm observing similarities between |
Threat | ||
|
2021-08-04 03:28:13 | New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks (lien direct) | A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research.
The intrusions have been attributed to an advanced persistent threat named APT31 (FireEye), which is tracked by the |
Threat | APT 31 | |
|
2021-08-02 04:11:48 | New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits (lien direct) | A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks.
Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced, stealthy |
Threat | ||
|
2021-08-02 03:07:15 | Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild (lien direct) | Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar.
Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with |
Malware Threat | ||
|
2021-07-30 03:00:54 | Experts Uncover Several C&C Servers Linked to WellMess Malware (lien direct) | Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign.
More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said |
Malware Threat | APT 29 | |
|
2021-07-30 00:36:30 | A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System (lien direct) | A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."
The campaign - dubbed "MeteorExpress" - has not been linked to any previously identified threat group or to additional attacks, making it the first |
Malware Threat | ||
|
2021-07-29 08:18:26 | Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs (lien direct) | An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
The backdoor is distributed via a decoy document named "Manifest.docx" that |
Malware Threat |
To see everything:
