What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-05 03:58:33 | Heroku Forces User Password Resets Following GitHub OAuth Token Theft (lien direct) | Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification, revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts." As a consequence, Salesforce | |||
|
2022-05-05 03:31:01 | Thousands of Borrowers\' Data Exposed from ENCollect Debt Collection Service (lien direct) | An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those records included personal information like name, | |||
|
2022-05-04 20:13:27 | Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software (lien direct) | Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine, | |||
|
2022-05-04 19:38:14 | F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability (lien direct) | Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of | Vulnerability | ||
|
2022-05-04 06:46:47 | SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds (lien direct) | The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating | |||
|
2022-05-04 06:04:06 | Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies (lien direct) | An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included technology and | Threat | APT 41 | |
|
2022-05-04 05:05:34 | Critical RCE Bug Reported in dotCMS Content Management Software (lien direct) | A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an | Vulnerability | ||
|
2022-05-04 01:34:17 | Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers (lien direct) | A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open | Malware Threat | ||
|
2022-05-03 07:14:13 | Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches (lien direct) | Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an | |||
|
2022-05-03 05:01:53 | Experts Analyze Conti and Hive Ransomware Gangs Chats With Their Victims (lien direct) | An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a | Ransomware | ★★★ | |
|
2022-05-02 22:50:32 | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection (lien direct) | Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend | Ransomware | ||
|
2022-05-02 22:32:30 | Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (lien direct) | A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot). "PlugX and | Malware Threat | ||
|
2022-05-02 21:58:25 | Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems. uClibc is known to be used by major | Vulnerability | ||
|
2022-05-02 21:17:31 | New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions (lien direct) | A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are | Threat | ||
|
2022-05-02 20:49:13 | GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted" (lien direct) | Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an | |||
|
2022-05-02 07:00:53 | Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload (lien direct) | According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don't work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010, | Vulnerability Patching | ||
|
2022-05-02 06:39:38 | Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (lien direct) | A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week. "The target of this attack is currently unknown but with high | APT 30 | ||
|
2022-05-02 04:40:01 | Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia (lien direct) | A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium ( | Threat | APT 29 | |
|
2022-05-01 23:06:07 | Google Releases First Developer Preview of Privacy Sandbox on Android 13 (lien direct) | Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview. A "multi-year effort," | |||
|
2022-05-01 21:51:22 | Here\'s a New Tool That Scans Open-Source Repositories for Malicious Packages (lien direct) | The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the | Tool | ||
|
2022-04-29 05:32:39 | Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine (lien direct) | At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. "Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and | |||
|
2022-04-28 23:26:50 | Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers (lien direct) | Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass | Vulnerability | ||
|
2022-04-28 23:04:01 | Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In (lien direct) | India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber | |||
|
2022-04-28 04:59:11 | Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group (lien direct) | A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that " | Threat | ||
|
2022-04-28 04:26:21 | Everything you need to know to create a Vulnerability Assessment Report (lien direct) | You've been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be "What is that?" Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from. As it's likely the request for such a report came from an important source such | Vulnerability | ||
|
2022-04-28 04:01:07 | Cybercriminals Using New Malware Loader \'Bumblebee\' in the Wild (lien direct) | Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new, | Malware Threat | ||
|
2022-04-28 02:57:15 | Twitter\'s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal (lien direct) | Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages (DM) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet. The statement comes days after the microblogging service announced it officially entered into | Hack | ★★★★ | |
|
2022-04-28 01:20:39 | New RIG Exploit Kit Campaign Infecting Victims\' PCs with RedLine Stealer (lien direct) | A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN | |||
|
2022-04-27 22:41:33 | U.S Cybersecurity Agency Lists 2021\'s Top 15 Most Exploited Software Vulnerabilities (lien direct) | Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand | |||
|
2022-04-27 21:45:22 | CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second (lien direct) | Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS | |||
|
2022-04-27 21:26:01 | QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), allowing Unix-like operating systems to serve as file servers for Apple macOS computers. | |||
|
2022-04-27 09:01:17 | [eBook] Your First 90 Days as MSSP: 10 Steps to Success (lien direct) | Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we've seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren't just focusing their efforts on supply chains.For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue | |||
|
2022-04-27 05:24:39 | Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (lien direct) | A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has | Malware Threat | ||
|
2022-04-27 05:09:21 | Google\'s New Safety Section Shows What Data Android Apps Collect About Users (lien direct) | Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy, | |||
|
2022-04-27 01:28:17 | U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers (lien direct) | The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State Department's Rewards for Justice Program | |||
|
2022-04-26 21:57:19 | NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages (lien direct) | A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February | Malware Threat | ||
|
2022-04-26 20:21:05 | Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (lien direct) | Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other | Threat | ||
|
2022-04-26 05:35:10 | Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default (lien direct) | The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a "departure" from the group's typical behavior, ProofPoint alternatively | Threat | ||
|
2022-04-26 03:17:12 | Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak (lien direct) | The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period | Ransomware Malware Threat | ||
|
2022-04-26 02:53:07 | North Korean Hackers Target Journalists with GOLDBACKDOOR Malware (lien direct) | A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an | Malware Threat Cloud | APT 37 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-25 13:00:00 | Researchers Report Critical RCE Vulnerability in Google\'s VirusTotal Platform (lien direct) | Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report | Vulnerability | ||
|
2022-04-25 03:51:30 | Critical Bug in Everscale Wallet Could\'ve Let Attackers Steal Cryptocurrencies (lien direct) | A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared | Vulnerability | ★★★★★ | |
|
2022-04-25 02:41:16 | New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices (lien direct) | A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020. | Malware | ||
|
2022-04-24 21:52:36 | FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide (lien direct) | The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and | Ransomware Malware | ||
|
2022-04-22 23:20:36 | T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code (lien direct) | Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to the arrest of its | |||
|
2022-04-22 22:52:42 | Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability (lien direct) | Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been | Vulnerability | ||
|
2022-04-22 04:43:05 | Researcher Releases PoC for Recent Java Cryptographic Vulnerability (lien direct) | A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2 | Vulnerability | ||
|
2022-04-22 02:30:49 | Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud (lien direct) | LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike | Malware | ||
|
2022-04-22 01:15:16 | QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier |
To see everything:
Our RSS (filtrered)
