Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-05-31 11:45:04 |
New XLoader botnet uses probability theory to hide its servers (lien direct) |
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...] |
Malware
Threat
|
|
|
|
2022-05-26 15:11:03 |
OAS platform vulnerable to critical RCE and API access flaws (lien direct) |
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution. [...] |
Threat
Guideline
|
|
★★★
|
|
2022-05-25 07:21:30 |
BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) |
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] |
Malware
Vulnerability
Threat
|
|
|
|
2022-05-24 14:44:22 |
Microsoft: Credit card stealers are getting much stealthier (lien direct) |
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...] |
Threat
|
|
|
|
2022-05-24 12:09:07 |
Trend Micro fixes bug Chinese hackers exploited for espionage (lien direct) |
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...] |
Threat
|
|
|
|
2022-05-23 16:12:01 |
Fake Windows exploits target infosec community with Cobalt Strike (lien direct) |
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...] |
Threat
|
|
|
|
2022-05-23 12:26:19 |
New RansomHouse group sets up extortion market, adds first victims (lien direct) |
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. [...] |
Threat
|
|
|
|
2022-05-22 12:15:10 |
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware (lien direct) |
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...] |
Malware
Threat
|
|
|
|
2022-05-22 10:00:00 |
Google: Predator spyware infected Android devices using zero-days (lien direct) |
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...] |
Threat
|
|
|
|
2022-05-20 14:02:19 |
Backdoor baked into premium school management plugin for WordPress (lien direct) |
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...] |
Threat
|
|
|
|
2022-05-19 09:00:00 |
Phishing websites now use chatbots to steal your credentials (lien direct) |
Threat analysts have observed a new trend in the phishing space which is to incorporate interactive chatbots on sites that guide visitors through the process of losing their sensitive data. [...] |
Threat
|
|
★★★
|
|
2022-05-18 10:54:14 |
Fake crypto sites lure wannabe thieves by spamming login credentials (lien direct) |
Threat actors are luring potential thieves by spamming login credentials for other people account's on fake crypto trading sites, illustrating once again, that there is no honor among thieves. [...] |
Threat
|
|
|
|
2022-05-17 11:33:32 |
Cybersecurity agencies reveal top initial access attack vectors (lien direct) |
A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks. [...] |
Threat
|
|
|
|
2022-05-16 14:33:32 |
Apple emergency update fixes zero-day used to hack Macs, Watches (lien direct) |
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] |
Hack
Vulnerability
Threat
|
|
|
|
2022-05-16 14:05:30 |
Ukraine supporters in Germany targeted with PowerShell RAT malware (lien direct) |
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...] |
Malware
Threat
|
|
|
|
2022-05-13 16:58:23 |
The Week in Ransomware - May 13th 2022 - A National Emergency (lien direct) |
While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...] |
Ransomware
Malware
Threat
|
|
|
|
2022-05-12 17:30:15 |
Iranian hackers exposed in a highly targeted espionage campaign (lien direct) |
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. [...] |
Threat
|
APT 34
|
|
|
2022-05-12 15:18:45 |
Eternity malware kit offers stealer, miner, worm, ransomware tools (lien direct) |
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...] |
Ransomware
Malware
Threat
|
|
|
|
2022-05-12 14:13:52 |
Zyxel fixes firewall flaws that could lead to hacked networks (lien direct) |
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...] |
Vulnerability
Threat
|
|
|
|
2022-02-14 18:34:11 |
Google Chrome emergency update fixes zero-day exploited in attacks (lien direct) |
Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. [...] |
Vulnerability
Threat
|
|
|
|
2022-02-10 15:02:17 |
Hacking group \'ModifiedElephant\' evaded discovery for a decade (lien direct) |
Threat analysts have linked a decade of activity to an APT (advanced persistent threat) actor called 'ModifiedElephant', who has managed to remain elusive to all threat intelligence firms since 2012. [...] |
Threat
|
|
|
|
2022-02-09 07:58:50 |
Fake Windows 11 upgrade installers infect you with RedLine malware (lien direct) |
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. [...] |
Malware
Threat
|
|
|
|
2022-02-07 12:05:03 |
Google Cloud hypervisor modified to detect cryptominers without agents (lien direct) |
Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. [...] |
Malware
Threat
|
|
|
|
2022-02-06 10:17:34 |
Law enforcement action push ransomware gangs to surgical attacks (lien direct) |
The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations. [...] |
Ransomware
Threat
Guideline
|
|
|
|
2022-02-04 19:15:26 |
The Week in Ransomware - February 4th 2022 - Critical Infrastructure (lien direct) |
Critical infrastructure suffered ransomware attacks, with threat actors targeting an oil petrol distributor and oil terminals in major ports in different attacks. [...] |
Ransomware
Threat
|
|
|
|
2022-02-04 11:01:14 |
HHS: Conti ransomware encrypted 80% of Ireland\'s HSE IT systems (lien direct) |
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack. [...] |
Ransomware
Threat
|
|
|
|
2022-02-02 11:29:36 |
Microsoft Sentinel adds threat monitoring for GitHub repos (lien direct) |
Microsoft says its cloud-native SIEM (Security Information and Event Management) platform now allows to detect potential ransomware activity using the Fusion machine learning model. [...] |
Threat
|
|
|
|
2022-02-02 11:02:58 |
Business services provider Morley discloses ransomware incident (lien direct) |
Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files. [...] |
Ransomware
Data Breach
Threat
|
|
|
|
2022-02-01 14:21:47 |
Microsoft Defender now detects Android and iOS vulnerabilities (lien direct) |
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...] |
Vulnerability
Threat
|
|
★★★★
|
|
2022-01-31 18:27:27 |
FBI warns of 2022 Beijing Olympics cyberattack, privacy risks (lien direct) |
The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered. [...] |
Threat
|
|
|
|
2022-01-31 10:40:46 |
277,000 routers exposed to Eternal Silence attacks via UPnP (lien direct) |
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. [...] |
Threat
|
|
|
|
2022-01-28 09:29:31 |
Hackers are taking over CEO accounts with rogue OAuth apps (lien direct) |
Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts. [...] |
Threat
|
|
|
|
2022-01-27 13:11:58 |
Microsoft warns of multi-stage phishing campaign leveraging Azure AD (lien direct) |
Microsoft's threat analysts have uncovered a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails. [...] |
Threat
|
|
★★★
|
|
2022-01-25 11:31:34 |
Google Drive now warns you of suspicious phishing, malware docs (lien direct) |
Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. [...] |
Malware
Threat
|
|
|
|
2022-01-25 09:59:33 |
Segway store hacked to steal customers\' credit cards (lien direct) |
Segway's online store was compromised to include a malicious Magecart script that potentially allowed threat actors to steal credit cards and customer information during checkout. [...] |
Threat
|
|
|
|
2022-01-19 17:32:23 |
Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks (lien direct) |
SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. [...] |
Vulnerability
Threat
|
|
|
|
2022-01-19 16:25:11 |
Marketing giant RRD confirms data theft in Conti ransomware attack (lien direct) |
RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. [...] |
Ransomware
Threat
|
|
|
|
2022-01-15 11:20:00 |
Qlocker ransomware returns to target QNAP NAS devices worldwide (lien direct) |
Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide. [...] |
Ransomware
Threat
|
|
|
|
2022-01-14 14:04:10 |
(Déjà vu) White House reminds tech giants open source is a national security issue (lien direct) |
The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks. [...] |
Threat
|
|
|
|
2022-01-13 15:14:32 |
BlueNoroff hackers steal crypto using fake MetaMask extension (lien direct) |
The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. [...] |
Threat
|
|
|
|
2022-01-13 13:08:36 |
Microsoft Defender weakness lets hackers bypass malware detection (lien direct) |
Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. [...] |
Malware
Threat
|
|
|
|
2022-01-12 11:36:26 |
TellYouThePass ransomware returns as a cross-platform Golang threat (lien direct) |
TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target major platforms beyond Windows, like macOS and Linux. [...] |
Ransomware
Threat
|
|
|
|
2022-01-10 12:39:58 |
Microsoft: powerdir bug gives access to protected macOS user data (lien direct) |
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data. [...] |
Vulnerability
Threat
|
|
|
|
2022-01-07 09:29:26 |
NHS warns of hackers exploiting Log4Shell in VMware Horizon (lien direct) |
UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. [...] |
Threat
|
|
|
|
2022-01-06 09:00:00 |
Google Docs commenting feature exploited for spear-phishing (lien direct) |
A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. [...] |
Threat
|
|
|
|
2021-12-23 12:47:14 |
AvosLocker ransomware reboots in Safe Mode to bypass security tools (lien direct) |
Recent AvosLocker ransomware attacks are characterized by a focus on disabling endpoint security solutions that stand in the way of threat actors. [...] |
Ransomware
Threat
|
|
|
|
2021-12-21 17:37:20 |
PYSA ransomware behind most double extortion attacks in November (lien direct) |
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. [...] |
Ransomware
Tool
Threat
|
|
|
|
2021-12-20 11:33:11 |
Log4j vulnerability now used to install Dridex banking malware (lien direct) |
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. [...] |
Malware
Vulnerability
Threat
|
|
|
|
2021-12-20 06:00:00 |
Phishing attacks impersonate Pfizer in fake requests for quotation (lien direct) |
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. [...] |
Threat
|
|
|
|
2021-12-17 18:37:23 |
The Week in Ransomware - December 17th 2021 - Enter Log4j (lien direct) |
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks. [...] |
Ransomware
Vulnerability
Threat
|
|
|