What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-10 09:47:58 | Previously undetected FontOnLake Linux malware used in targeted attacks (lien direct) | ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. According to the experts, modules of this malware family are under development and continuously improved. […] | Malware | ||
|
2021-10-09 14:59:32 | Google addresses four high-severity flaws in Chrome (lien direct) | Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. The most severe vulnerability, tracked as CVE-2021-37977, is an after-free issue in Garbage Collection that could […] | |||
|
2021-10-09 12:03:07 | Security expert published NMAP script for Apache CVE-2021-41773 vulnerability (lien direct) | Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security researcher Dhiraj Mishra released an NMAP script for the CVE-2021-41773 path traversal vulnerability affecting Apache Web Server version 2.4.49. This week Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path […] | Vulnerability | ||
|
2021-10-09 11:31:19 | Sky.com servers exposed via misconfiguration (lien direct) | CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints. Sky, a subsidiary of Comcast, is Europe’s largest […] | |||
|
2021-10-09 07:52:18 | (Déjà vu) Cox Media Group took down broadcasts after a ransomware attack (lien direct) | American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June […] | Ransomware | ||
|
2021-10-08 21:19:53 | 58% of all nation-state attacks in the last year were launched by Russian nation-state actors (lien direct) | Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft revealed that most of the cyber attacks on US government agencies are orchestrated by Russia-linked cyberespionage groups. According to the IT giant, approximately 58% of all nation-state attacks between July 2020 and June 2021 were […] | |||
|
2021-10-08 11:36:12 | The Netherlands declares war on ransomware operations (lien direct) | The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them. Cyberespionage and sabotage attacks, […] | Ransomware | ||
|
2021-10-08 09:09:54 | Google warns of APT28 attack attempts against 14,000 Gmail users (lien direct) | Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch […] | Threat | APT 28 | ★★★ |
|
2021-10-08 07:38:40 | Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw (lien direct) | Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild. Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release. An attacker can trigger the flaw […] | Vulnerability | ||
|
2021-10-07 21:38:17 | FIN12 ransomware gang don\'t implement double extortion to prioritize speed (lien direct) | Researchers detailed the activities of the FIN12 ransomware group that earned million of dollars over the past years. Researchers from Mandiant published a detailed report on the activities of a financially motivated ransomware group tracked as FIN12 that has been active since at least October 2018. The vast majority of FIN12 victims have more than […] | Ransomware | ||
|
2021-10-07 14:42:06 | PoC exploit for 2 flaws in Dahua cameras leaked online (lien direct) | A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045. A remote attacker can exploit both vulnerabilities […] | |||
|
2021-10-07 10:45:56 | (Déjà vu) Twitch data breach updates: login credentials or card numbers not exposed (lien direct) | An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous 4chan user has published a torrent link to a 128GB file on the 4chan discussion board, the leaked archive contains sensitive data stolen from 6,000 internal Twitch Git repositories. […] | Data Breach | ||
|
2021-10-07 07:53:47 | Operation GhostShell: MalKamak APT targets aerospace and telco firms (lien direct) | Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus and Incident Response Teams discovered a new threat actor that is targeting organizations in the aerospace and telecommunications sectors with the ShellClient malware as part […] | Malware Threat | ||
|
2021-10-06 21:37:35 | Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs (lien direct) | Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage. Agent Tesla, first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from […] | Tool Threat | ||
|
2021-10-06 20:39:09 | Twitch source code and sensitive data leaked online (lien direct) | An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous individual has leaked online the source code and streamers and users data of the popular video streaming platform Twitch. The anonymous 4chan user has published a torrent link to […] | |||
|
2021-10-06 13:59:56 | Arizona governor announces the launch of Command Center to protect state computer systems (lien direct) | The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers. The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state. […] | |||
|
2021-10-06 06:56:27 | (Déjà vu) UK newspaper The Telegraph exposed a 10TB database with subscriber data (lien direct) | The UK media outlet The Telegraph has leaked 10 TB of subscriber data after failing to properly secure one of its databases. The UK newspaper The Telegraph', one of the UK's largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases. The popular researcher […] | |||
|
2021-10-06 04:52:35 | LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables (lien direct) | Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a “transmitting antenna.” Security researchers from the Cyber Security Research Center in the Ben Gurion University of the Negev (Israel) devised a new data exfiltration mechanism, dubbed LANtenna Attack, that leverages Ethernet cables as a “transmitting […] | |||
|
2021-10-05 17:15:28 | (Déjà vu) Apache patch a zero-day flaw exploited in the wild (lien direct) | Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server actively exploited in the wild. Apache has rolled out security patches to address two flaws, including a path traversal and file disclosure issue in its HTTP server that is actively exploited in the wild. The […] | |||
|
2021-10-05 16:13:36 | Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers (lien direct) | An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server. Researchers from Sophos were investigating a ransomware attack when discovered that the attackers employed a Python script to encrypt virtual machines hosted on VMware ESXi servers. In the attack investigated by the […] | Ransomware | ||
|
2021-10-05 09:30:41 | Telco service provider giant Syniverse had unauthorized access since 2016 (lien direct) | Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers’ credentials. Syniverse is a global company that provides technology and business services for a number of telecommunications companies as well as a variety of other multinational enterprises. The company is a privileged target for threat […] | Threat | ||
|
2021-10-05 08:14:31 | Dark web marketplace White House announces end to its operations (lien direct) | The dark web marketplace White House Market shuts down its operation, last week its operators announced that they were retiring. The dark web marketplace White House Market shuts down its operation, the announcement was published on a dread forum. The admin of White House Market, mr white, explained that it has decided to halt the […] | |||
|
2021-10-04 18:11:59 | Facebook, WhatsApp, and Instagram are down worldwide, it\'s panic online (lien direct) | Users worldwide are experiencing problems while accessing Facebook services, including Instagram and WhatsApp. Users worldwide are not able to access Facebook, Instagram, and WhatsApp services due to a BGP problems. Users attempting to visit the above services are displaying “DNS_PROBE_FINISHED_NXDOMAIN.” The mobile applications of the social network giant and its Tor hidden services are also […] | |||
|
2021-10-04 13:48:04 | Pottawatomie County paid the ransom to recover its systems (lien direct) | Pottawatomie County restored operations that were suspended after a ransomware attack hit its systems on September 17, 2021. Officials at Pottawatomie County announced to have fully recovered their IT infrastructure that was hit by a ransomware attack on September 17, 2021. County Administrator Chad Kinsley announced that the county opted to pay the ransomware, they […] | Ransomware | ||
|
2021-10-04 13:13:08 | Two ransomware operators were arrested in Kyiv with EUROPOL\'s support (lien direct) | Two ransomware operators arrested in Kyiv, Ukraine, that are suspected to have attacked more than 100 companies causing more than $150M in damages. A joint international law enforcement operation led to the arrest of the ransomware operators in Kyiv, Ukraine on September 28. The operation was conducted by the Ukrainian National Police, with the support […] | Ransomware | ||
|
2021-10-04 11:22:45 | New APT ChamelGang Targets energy and aviation companies in Russia (lien direct) | ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets Russian companies in the energy and aviation industry. In March, the cyberespionage group was observed leveraging […] | |||
|
2021-10-04 07:28:59 | LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting (lien direct) | Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. was hit by LockBit 2.0 ransomware, operators will leak files on 07 Oct, 2021. LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting Ltd, threat actors claim to have stolen data from the company and are threatening to leak them on […] | Ransomware Threat | ||
|
2021-10-03 19:38:53 | TA544 group behind a spike in Ursnif malware campaigns targeting Italy (lien direct) | Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns distributing hundreds of thousands of malicious […] | Malware Threat | ||
|
2021-10-03 15:16:17 | CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure (lien direct) | Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary code. The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote code execution vulnerability tracked as CVE-2021-38647. CVE-2021-38647 is one of the four vulnerabilities in the Open […] | Vulnerability | ||
|
2021-10-03 11:57:28 | Security Affairs newsletter Round 334 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Threat actors exploit a flaw in Coinbase 2FA to steal user funds Flubot Android banking Trojan spreads […] | Threat | ||
|
2021-10-03 08:41:34 | The Biden administration will work with 30 countries to curb global cybercrime (lien direct) | The Biden administration announced it will work with 30 countries, including NATO allies and G7 partners, to curb global cybercrime. U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide. “This month, the United States will bring together 30 countries […] | Ransomware | ||
|
2021-10-02 16:30:10 | Threat actors exploit a flaw in Coinbase 2FA to steal user funds (lien direct) | Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users. According to a data […] | Vulnerability Threat | ||
|
2021-10-02 14:17:02 | Flubot Android banking Trojan spreads via fake security updates (lien direct) | The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the […] | Malware Threat | ||
|
2021-10-02 08:18:37 | Tim\'s RED Team Research reports 3 new CVEs, two of which in 4G/5G (lien direct) | Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli reported three new flaws in Oracle GlassFish and Nokia NetAct. Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli, reported three new vulnerabilities affecting Oracle GlassFish and Nokia NetAct, as reported on the online project's page. Two vulnerabilities affect Nokia NetAct, a […] | |||
|
2021-10-01 21:34:11 | Baby died at Alabama Springhill Medical Center due to cyber attack (lien direct) | A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack. An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its […] | Ransomware | ||
|
2021-10-01 14:46:22 | Hydra Android trojan campaign targets customers of European banks (lien direct) | Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan. According to malware researchers from the MalwareHunterTeam and Cyble, the new campaign mainly impacted the customers of Commerzbank, Germany's […] | Malware | ||
|
2021-10-01 13:32:49 | Neiman Marcus discloses data breach, payment card data exposed (lien direct) | Luxury retail company Neiman Marcus Group has announced this week that it has suffered a data breach that impacted customer information. The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and […] | Data Breach Threat | ||
|
2021-10-01 10:48:10 | Google fixes 2 new actively exploited zero-day flaws in Chrome (lien direct) | Google rolled out urgent security updates to address two new actively exploited zero-day vulnerabilities in its Chrome browser. Google this week rolled out urgent security updates for the Chrome browser to address four security flaws, including two new zero-day vulnerabilities that are being exploited in the wild. Google has addressed a total of five zero-day […] | |||
|
2021-10-01 07:27:33 | Weaponizing Apple AirTag to lure users to malicious sites (lien direct) | Threat actors could exploit a stored cross-site scripting (XSS) vulnerability in Apple AirTag product to lure users to malicious websites. Security researcher Bobby Rauch discovered a stored cross-site scripting (XSS) vulnerability in the Apple AirTag product that can be exploited by attackers to lure users to malicious websites. Apple AirTag is a tracking device designed […] | Vulnerability | ||
|
2021-09-30 19:04:01 | Experts show how to make fraudulent payments using Apple Pay with VISA on locked iPhones (lien direct) | Security researchers devised a new attack method against iPhone owners using Apple Pay and Visa payment cards. Boffins from the University of Birmingham and the University of Surrey exploited a series of vulnerabilities in an attack against iPhone owners using Apple Pay and Visa payment cards. A team of researchers has demonstrated a new attack […] | |||
|
2021-09-30 16:15:14 | Popular Android apps with 142.5 million collective installs leak user data (lien direct) | 14 top Android apps with 142.5 million installs are misconfigured, leaving their data exposed to unauthorized parties Original post @ https://cybernews.com/security/research-popular-android-apps-with-142-5-million-collective-downloads-are-leaking-user-data/ 14 top Android apps with 142.5 million installs are misconfigured, leaving their data exposed to unauthorized parties. Nine out of 14 popular Android apps are still potentially leaking the data of more than 30.5 […] | |||
|
2021-09-30 09:17:50 | Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence (lien direct) | Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux. At the end of August, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects […] | Vulnerability | ||
|
2021-09-30 07:19:56 | (Déjà vu) CISA releases Insider Risk Mitigation Self-Assessment Tool (lien direct) | The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their […] | Tool | ||
|
2021-09-30 06:22:42 | Facebook released Mariana Trench tool to find flaws in Android and Java apps (lien direct) | Facebook released Mariana Trench, an internal open-source tool that can be used to identify vulnerabilities in Android and Java applications. The Facebook security team has open-sourced the code for Mariana Trench, an internal open-source tool used by the company experts to identify vulnerabilities in Android and Java applications. The name comes from the Mariana Trench, the […] | Tool | ||
|
2021-09-29 18:50:32 | Expert discloses new iPhone lock screen vulnerability in iOS 15 (lien direct) | The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access […] | Vulnerability Threat | ||
|
2021-09-29 14:27:48 | GriftHorse malware infected more than 10 million Android phones from 70 countries (lien direct) | Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries. According to the experts, the malware campaign has been […] | Malware | ||
|
2021-09-29 11:48:06 | (Déjà vu) NSA, CISA release guidance on hardening remote access via VPN solutions (lien direct) | The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions. Multiple attacks against private organizations and government entities, especially during […] | |||
|
2021-09-29 09:37:38 | Group-IB CEO was put under arrest on treason charges (lien direct) | Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an investigation into a criminal case. The police made searches in the Moscow office of the threat intelligence firm Group-IB, according to the media local authorities are investigating a criminal case. According to RTVI, the police […] | Threat | ||
|
2021-09-29 05:20:49 | Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit (lien direct) | Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Malware researchers at Kaspersky have spotted a new improvement of the infamous commercial FinSpy surveillance spyware (also known as Wingbird), it can now hijack and replace the Windows UEFI (Unified […] | Malware | ||
|
2021-09-28 16:58:03 | Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! (lien direct) | Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked as CVE-2021-36745, that affects the Trend Micro ServerProtect product. Trend Micro Server Protect offers comprehensive real-time protection for enterprise infrastructure, preventing them from being targeted by viruses, […] |
To see everything:
Our RSS (filtrered)
