What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-13 21:58:49 | NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers (lien direct) | In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server.
Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity.
Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be |
Vulnerability | ||
|
2021-04-13 05:24:29 | New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices (lien direct) | Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system.
Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security |
Studies | ||
|
2021-04-13 04:51:30 | Hackers Using Website\'s Contact Forms to Deliver IcedID Malware (lien direct) | Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.
"The emails instruct recipients to click a link to review |
Malware | ||
|
2021-04-13 04:04:13 | Detecting the "Next" SolarWinds-Style Cyber Attack (lien direct) | The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.
Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual |
Solardwinds Solardwinds | ||
|
2021-04-12 23:52:10 | BRATA Malware Poses as Android Security Scanners on Google Play Store (lien direct) | A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm |
Malware | ||
|
2021-04-12 23:03:57 | RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers (lien direct) | An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.
Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers and is believed |
Vulnerability | ||
|
2021-04-12 09:04:02 | Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users\' Data (lien direct) | Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web.
The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled |
Data Breach | ||
|
2021-04-12 05:22:52 | What Does It Take To Be a Cybersecurity Researcher? (lien direct) | Behind the strategies and solutions needed to counter today's cyber threats are-dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.
But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from |
|||
|
2021-04-12 00:51:48 | Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 (lien direct) | The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade.
A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI).
Targets with successful attempts included Zoom, Apple |
|||
|
2021-04-09 23:50:38 | Hackers Tampered With APKPure Store to Distribute Malware Apps (lien direct) | APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.
In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users |
Malware Threat | ||
|
2021-04-09 07:59:41 | Alert - There\'s A New Malware Out There Snatching Users\' Passwords (lien direct) | A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads.
Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development.
"Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was |
Malware | ||
|
2021-04-09 07:37:03 | [WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business (lien direct) | For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword.
Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices.
For organizations that work along the DoD supply chain, this |
|||
|
2021-04-09 02:22:26 | Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers (lien direct) | Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices.
The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, |
Vulnerability | ||
|
2021-04-09 00:45:17 | Gigaset Android Update Server Hacked to Install Malware on Users\' Devices (lien direct) | Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider.
Impacting older smartphone models - GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series - the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update |
Malware | ||
|
2021-04-08 06:37:05 | Researchers uncover a new Iranian malware used in recent cyberattacks (lien direct) | An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
APT34 (aka OilRig) is |
Malware Threat | APT 34 | |
|
2021-04-08 06:13:17 | Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets (lien direct) | Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks.
At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim.
The |
Ransomware | ||
|
2021-04-08 05:47:29 | NIST and HIPAA: Is There a Password Connection? (lien direct) | When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally.
While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? |
|||
|
2021-04-07 22:52:07 | PHP Site\'s User Database Was Hacked In Recent Source Code Backdoor Attack (lien direct) | The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.
"We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user |
|||
|
2021-04-07 08:28:56 | Android to Support Rust Programming Language to Prevent Memory Flaws (lien direct) | Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs.
To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system |
|||
|
2021-04-07 03:36:31 | WhatsApp-based wormable Android malware spotted on the Google Play Store (lien direct) | Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages.
Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a |
Malware | ||
|
2021-04-07 03:02:45 | 11 Useful Security Tips for Securing Your AWS Environment (lien direct) | Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security.
Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly.
Read on to learn some important AWS security tips.
Use Multi-Factor authentication
When setting up your AWS |
|||
|
2021-04-07 01:03:48 | Critical Auth Bypass Bug Found in VMWare Data Centre Security Product (lien direct) | A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.
Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.
Carbon Black Cloud Workload is a data center security product from VMware that |
Vulnerability | ||
|
2021-04-07 00:16:29 | Pre-Installed Malware Dropper Found On German Gigaset Android Phones (lien direct) | In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app.
"The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not |
Malware | ||
|
2021-04-06 22:38:07 | Experts uncover a new Banking Trojan targeting Latin American users (lien direct) | Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.
Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble |
Malware | ||
|
2021-04-06 06:43:59 | Watch Out! Mission Critical SAP Applications Are Under Active Attack (lien direct) | Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research.
"Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial |
Guideline | ||
|
2021-04-06 03:09:00 | MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm (lien direct) | April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.
This means that every cybersecurity vendor will be tripping |
|||
|
2021-04-06 00:04:02 | Hackers Targeting professionals With \'more_eggs\' Malware via LinkedIn Job Offers (lien direct) | A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."
To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.
"For example, if the |
Malware | ||
|
2021-04-05 07:52:56 | How the Work-From-Home Shift Impacts SaaS Security (lien direct) | The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%.
Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due |
Data Breach | ||
|
2021-04-04 03:04:02 | (Déjà vu) 533 Million Facebook Users\' Phone Numbers and Personal Data Leaked Online (lien direct) | In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free-which was harvested by hackers in 2019 using a Facebook vulnerability.
The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, |
|||
|
2021-04-02 23:49:52 | How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection (lien direct) | Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. |
Tool | ||
|
2021-04-02 23:41:55 | Google limits which apps can access the list of installed apps on your device (lien direct) | Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed.
Apart from all the usual concerns about misuse of such a data grab, the information can be abused by a potentially harmful app to fingerprint other installed apps, check for the presence |
|||
|
2021-04-01 05:34:31 | DeepDotWeb Admin Pleads Guilty to Money Laundering Charges (lien direct) | The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces."
According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel, |
Guideline | ||
|
2021-04-01 03:15:49 | 22-Year-Old Charged With Hacking Water System and Endangering Lives (lien direct) | A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community.
Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected |
|||
|
2021-04-01 02:49:20 | How to Vaccinate Against the Poor Password Policy Pandemic (lien direct) | Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked.
As a result of the volume of data breaches and cybersecurity incidents, hackers now have access to a vast swathe of credentials that they can use to power various password-related attacks.
One |
|||
|
2021-04-01 01:19:06 | Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence (lien direct) | A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily.
In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK |
|||
|
2021-03-31 23:58:40 | Hackers Set Up a Fake Cybersecurity Firm to Target Real Security Experts (lien direct) | A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and |
Malware Threat | ||
|
2021-03-31 06:02:52 | Decided to move on from your NGAV/EDR? A Guide for Small Security Teams to What\'s Next (lien direct) | You're fully aware of the need to stop threats at the front door and then hunt any that got through that first gate, so your company installed an EPP/ EDR solution.
But like most companies, you've already come across its shortcoming – and these are amplified since you have a small security team. More than likely, you noticed that it has its share of detection blind spots and limitations for |
|||
|
2021-03-31 01:42:43 | Hackers are implanting multiple backdoors at industrial targets in Japan (lien direct) | Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan.
Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Cicada) using previously undocumented malware to deliver |
Malware | APT 10 APT 10 | |
|
2021-03-29 23:21:45 | MobiKwik Suffers Major Breach - KYC Data of 3.5 Million Users Exposed (lien direct) | Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS |
Data Breach | ||
|
2021-03-29 08:28:08 | Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks (lien direct) | As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service.
"Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition," the U.S. |
|||
|
2021-03-29 04:49:07 | New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems (lien direct) | Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws - tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS |
Threat | ||
|
2021-03-29 04:45:53 | How to Effectively Prevent Email Spoofing Attacks in 2021? (lien direct) | Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it was sent from a person or location other than the actual sender," it has plagued brands for decades. |
|||
|
2021-03-29 02:57:10 | PHP\'s Git Server Hacked to Insert Secret Backdoor to Its Source code (lien direct) | In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code.
The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the |
|||
|
2021-03-27 02:14:40 | Watch Out! That Android System Update May Contain A Powerful Spyware (lien direct) | Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls.
While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app |
Malware | ||
|
2021-03-26 23:57:43 | (Déjà vu) Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack (lien direct) | Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.
Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that |
Vulnerability | ||
|
2021-03-26 07:56:12 | OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities (lien direct) | The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.
Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL |
|||
|
2021-03-26 01:57:28 | New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks (lien direct) | New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network.
AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were |
|||
|
2021-03-25 22:07:54 | Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (lien direct) | IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via |
Tool | ||
|
2021-03-25 05:05:29 | Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers (lien direct) | More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.
The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit |
Ransomware Malware | ||
|
2021-03-25 04:43:56 | Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI (lien direct) | When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment (ROI). If you have purchased or are thinking about purchasing a self-service password reset (SSPR) tool, one of the most important things you will need to do is make sure that 100% of users are registered |
To see everything:
