What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-02 22:32:30 | Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (lien direct) | A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot). "PlugX and | Malware Threat | ||
|
2022-05-02 21:17:31 | New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions (lien direct) | A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are | Threat | ||
|
2022-05-02 04:40:01 | Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia (lien direct) | A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium ( | Threat | APT 29 | |
|
2022-04-28 04:59:11 | Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group (lien direct) | A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that " | Threat | ||
|
2022-04-28 04:01:07 | Cybercriminals Using New Malware Loader \'Bumblebee\' in the Wild (lien direct) | Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new, | Malware Threat | ||
|
2022-04-27 05:24:39 | Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (lien direct) | A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has | Malware Threat | ||
|
2022-04-26 21:57:19 | NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages (lien direct) | A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February | Malware Threat | ||
|
2022-04-26 20:21:05 | Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (lien direct) | Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other | Threat | ||
|
2022-04-26 05:35:10 | Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default (lien direct) | The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a "departure" from the group's typical behavior, ProofPoint alternatively | Threat | ||
|
2022-04-26 03:17:12 | Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak (lien direct) | The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period | Ransomware Malware Threat | ||
|
2022-04-26 02:53:07 | North Korean Hackers Target Journalists with GOLDBACKDOOR Malware (lien direct) | A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an | Malware Threat Cloud | APT 37 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-19 00:02:44 | FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) | Threat Medical | APT 38 APT 28 | |
|
2022-04-18 05:58:45 | Researchers Share In-Depth Analysis of PYSA Ransomware Group (lien direct) | An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to | Ransomware Malware Tool Threat | ||
|
2022-04-17 23:00:22 | New Hacking Campaign Targeting Ukrainian Government with IcedID Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document ( | Malware Threat | ||
|
2022-04-16 01:31:45 | Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector (lien direct) | The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) | Hack Threat Medical | APT 38 APT 28 | |
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-14 20:25:43 | Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13 | Threat | ||
|
2022-04-14 06:17:09 | Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions (lien direct) | A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore | Threat | ||
|
2022-04-14 03:08:29 | New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt (lien direct) | A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet | Threat | ★★★★ | |
|
2022-04-13 21:51:58 | Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild (lien direct) | A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The | Vulnerability Threat | ||
|
2022-04-13 06:07:21 | Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (lien direct) | The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks | Malware Threat | ||
|
2022-04-12 03:35:27 | Finding Attack Paths in Cloud Environments (lien direct) | The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to match this new tantalizing target landscape. With threat actors' high reactivity and adaptability, it | Threat | ||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-07 07:13:09 | Hamas-linked Hackers Targeting High-Ranking Israelis Using \'Catfish\' Lures (lien direct) | A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and | Threat | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Malware Threat | ★★★★ | |
|
2022-04-05 03:11:07 | Researchers Trace Widespread Espionage Attacks Back to Chinese \'Cicada\' Hackers (lien direct) | A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied | Threat | APT 10 | |
|
2022-04-01 03:41:53 | Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit (lien direct) | A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates," said | Threat | APT 19 | |
|
2022-03-31 06:02:46 | Hackers Increasingly Using \'Browser in a Browser\' Technique in Ukraine Related Attacks (lien direct) | A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social | Threat | ||
|
2022-03-29 05:42:02 | New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials (lien direct) | A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers said in an analysis shared with The Hacker News. "Their primary targets have | Threat | APT 36 | |
|
2022-03-29 03:16:31 | New Malware Loader \'Verblecon\' Infects Hacked PCs with Cryptocurrency Miners (lien direct) | An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," | Malware Threat | ||
|
2022-03-29 01:39:20 | A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages (lien direct) | A threat actor dubbed "RED-LILI" has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. "Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks," Israeli security company Checkmarx said. "As it seems this time, the attacker has fully-automated the process | Threat | ||
|
2022-03-26 00:30:54 | FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List (lien direct) | The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "unacceptable risk to the national security" of the country. The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Also added alongside | Threat | ||
|
2022-03-26 00:14:18 | Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (lien direct) | A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine | Threat | ||
|
2022-03-24 23:45:23 | North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT and Media Firms (lien direct) | Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations | Threat | ★★★★ | |
|
2022-03-24 06:16:14 | Chinese APT Hackers Targeting Betting Companies in Southeast Asia (lien direct) | A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately | Malware Threat | ||
|
2022-03-23 04:59:47 | Chinese \'Mustang Panda\' Hackers Spotted Deploying New \'Hodur\' Malware (lien direct) | A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. "Most | Malware Threat | ||
|
2022-03-23 03:03:39 | New Variant of Chinese Gimmick Malware Targeting macOS Users (lien direct) | Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud | Malware Threat | ||
|
2022-03-22 20:25:15 | Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group (lien direct) | Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that | Threat | ||
|
2022-03-22 06:04:47 | Wazuh Offers XDR Functionality at a Price Enterprises Will Love - Free! (lien direct) | Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response (XDR). It described a unified cybersecurity infrastructure that brought endpoint threat detection, network analysis and visibility (NAV), access management, and more under | Threat | ||
|
2022-03-21 02:12:27 | New Backdoor Targets French Entities via Open-Source Package Installer (lien direct) | Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns | Threat | ||
|
2022-03-21 00:15:57 | South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (lien direct) | Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by | Threat | ||
|
2022-03-18 09:20:26 | Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (lien direct) | A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker | Threat | ||
|
2022-03-18 00:31:53 | Google Uncovers \'Initial Access Broker\' Working with Conti Ransomware Gang (lien direct) | Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of | Ransomware Threat | ||
|
2022-03-16 06:29:45 | FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [ | Threat | ★★★ | |
|
2022-03-14 06:19:43 | Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools (lien direct) | As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing | Threat | ||
|
2022-03-10 07:12:52 | Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (lien direct) | The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive | Ransomware Malware Threat | ||
|
2022-03-09 02:04:37 | Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (lien direct) | APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in | Vulnerability Threat Guideline | APT 41 | |
|
2022-03-08 06:10:46 | Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (lien direct) | A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military | Threat | APT 28 | |
|
2022-03-07 23:54:47 | The Continuing Threat of Unpatched Security Vulnerabilities (lien direct) | Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries | Threat |
To see everything:
Our RSS (filtrered)
