What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-04 15:31:00 | CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and | |||
|
2022-11-03 23:10:00 | Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers (lien direct) | A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black | Ransomware Threat | ||
|
2022-11-03 16:04:00 | Why Identity & Access Management Governance is a Core Part of Your SaaS Security (lien direct) | Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Since enterprises have thousands to tens of thousands of users, and hundreds to thousands of different apps, ensuring each entrance point and | |||
|
2022-11-03 15:51:00 | OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa (lien direct) | A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as | Threat | ||
|
2022-11-03 14:50:00 | Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT (lien direct) | The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that | |||
|
2022-11-03 12:18:00 | New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users\' Data (lien direct) | Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee | |||
|
2022-11-02 18:41:00 | Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software (lien direct) | Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher | |||
|
2022-11-02 17:17:00 | These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites (lien direct) | A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times. According to Malwarebytes, the websites are designed to generate | |||
|
2022-11-02 16:58:00 | Inside Raccoon Stealer V2 (lien direct) | Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version | Malware | ||
|
2022-11-02 15:09:00 | Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App (lien direct) | A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group. "SandStrike is distributed as a means to access resources about the Bahá'í religion | Threat | ||
|
2022-11-02 12:40:00 | Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories (lien direct) | File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the | Threat | ||
|
2022-11-01 21:56:00 | OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities (lien direct) | The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email | |||
|
2022-11-01 21:24:00 | Researchers Disclose Details of Critical \'CosMiss\' RCE Flaw Affecting Azure Cosmos DB (lien direct) | Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. "In short, if an attacker had | Vulnerability | ||
|
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-11-01 17:34:00 | Last Years Open Source - Tomorrow\'s Vulnerabilities (lien direct) | Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for | |||
|
2022-11-01 16:58:00 | Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution (lien direct) | IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's | Vulnerability | ||
|
2022-10-31 19:58:00 | Fodcha DDoS Botnet Resurfaces with New Capabilities (lien direct) | The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to | Threat | ||
|
2022-10-31 19:20:00 | Tips for Choosing a Pentesting Company (lien direct) | In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a | |||
|
2022-10-31 17:30:00 | Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability (lien direct) | An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a | Ransomware Vulnerability | ||
|
2022-10-31 15:55:00 | Samsung Galaxy Store Bug Could\'ve Let Hackers Secretly Install Apps on Targeted Devices (lien direct) | A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue | |||
|
2022-10-31 14:47:00 | GitHub Repojacking Bug Could\'ve Allowed Attackers to Takeover Other Users\' Repositories (lien direct) | Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with | |||
|
2022-10-29 15:55:00 | Twilio Reveals Another Breach from the Same Hackers Behind the August Hack (lien direct) | Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in | Hack Threat | ||
|
2022-10-28 20:00:00 | High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices (lien direct) | Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability | Vulnerability | ||
|
2022-10-28 19:00:00 | These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (lien direct) | Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric | |||
|
2022-10-28 18:55:00 | Cloud Security Made Simple in New Guidebook For Lean Teams (lien direct) | Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way. With one glaring | |||
|
2022-10-28 16:31:00 | Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers (lien direct) | A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools | Malware | ||
|
2022-10-28 16:13:00 | Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks (lien direct) | The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security measures to safeguard assets. A | |||
|
2022-10-28 15:48:00 | Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints (lien direct) | The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC | Malware Threat | ||
|
2022-10-27 20:06:00 | British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace (lien direct) | A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was | |||
|
2022-10-27 19:49:00 | Researchers Expose Over 80 ShadowPad Malware C2 Servers (lien direct) | As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular | Malware Threat | ||
|
2022-10-27 18:33:00 | Ransomware: Open Source to the Rescue (lien direct) | Automobile, Energy, Media, Ransomware?When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those menaces as a new vertical. Ransomware has every trait of the classical economical vertical. A thriving ecosystem of insurers, negotiators, software providers, and managed | |||
|
2022-10-27 15:45:00 | Apple iOS and macOS Flaw Could\'ve Let Apps Eavesdrop on Your Conversations with Siri (lien direct) | A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August | |||
|
2022-10-27 13:53:00 | Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers\' Data (lien direct) | Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health | Ransomware | ||
|
2022-10-27 13:25:00 | New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances (lien direct) | A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured | Uber | ||
|
2022-10-26 21:39:00 | U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service (lien direct) | A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon | Malware | ||
|
2022-10-26 21:32:00 | This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level (lien direct) | If you regularly read The Hacker News, there's a fair chance that you know something about cybersecurity. It's possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses, The 2022 Masters in Cyber Security Certification Bundle helps you get ready for the next step. And in a | |||
|
2022-10-26 21:20:00 | Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (lien direct) | The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the | Malware | ||
|
2022-10-26 19:07:00 | Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (lien direct) | The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on | Threat | ||
|
2022-10-26 13:43:00 | Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector (lien direct) | A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using | Ransomware Threat | ||
|
2022-10-26 13:25:00 | Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities (lien direct) | Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges. | |||
|
2022-10-26 09:54:00 | VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform (lien direct) | VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in | Vulnerability | ||
|
2022-10-25 19:47:00 | 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (lien direct) | A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21 | Vulnerability | ||
|
2022-10-25 19:28:00 | Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (lien direct) | The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises | Ransomware Threat | ||
|
2022-10-25 18:16:00 | Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog (lien direct) | Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows "any domain user to remotely | |||
|
2022-10-25 17:26:00 | How the Software Supply Chain Security is Threatened by Hackers (lien direct) | Introduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials. However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of | |||
|
2022-10-25 17:03:00 | Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards (lien direct) | Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at | Malware Threat | ||
|
2022-10-25 09:05:00 | Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (lien direct) | Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of | Vulnerability | ||
|
2022-10-24 23:04:00 | Download eBook: Top virtual CISOs share 7 tips for vCISO service providers (lien direct) | Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are | |||
|
2022-10-24 11:55:00 | SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan (lien direct) | SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection | Malware | APT-C-17 | |
|
2022-10-24 11:42:00 | CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware (lien direct) | U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said. The | Ransomware |
To see everything:
Our RSS (filtrered)
