What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-01 11:26:15 | New EvilQuest ransomware targets macOS users (lien direct) | Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected […] | Ransomware | ||
|
2020-07-01 08:57:46 | Microsoft releases emergency security updates to fix Windows codecs (lien direct) | Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10 […] | |||
|
2020-07-01 07:08:39 | Maze Ransomware operators hacked the Xerox Corporation (lien direct) | Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show […] | Ransomware | ||
|
2020-06-30 19:15:54 | APTs will exploit Palo Alto Networks\'s PAN-OS flaw soon, US Cyber Command says (lien direct) | U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated […] | |||
|
2020-06-30 12:49:18 | Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam (lien direct) | Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage […] | Threat | ||
|
2020-06-30 09:54:01 | A threat actor is selling databases stolen from 14 companies (lien direct) | A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChef, Minted, Tokopedia, and Zoosk) were previously reported data breaches. The list of […] | Threat | ||
|
2020-06-30 06:08:13 | UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack (lien direct) | The University of California San Francisco (UCSF) revealed that it paid roughly $1.14 million to cybercriminals to recover data after a ransomware attack. Late last week, the University of California San Francisco (UCSF) admitted having paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. […] | Ransomware | ||
|
2020-06-30 05:34:07 | (Déjà vu) Palo Alto Networks fixes a critical flaw in firewall PAN-OS (lien direct) | Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and […] | |||
|
2020-06-29 19:26:10 | At least 31 US Businesses targeted with WastedLocker Ransomware (lien direct) | Tens of organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. The malicious code was first documented by researchers from the NCC Group's report and later Symantec published its own analysis. Security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered […] | Ransomware | ||
|
2020-06-29 13:21:18 | Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown (lien direct) | Researchers revealed that the number of daily brute-force attacks on Windows RDP has doubled during the pandemic lockdown. Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. The phenomenon is not surprising because during the COVID-19 lockdown employees were forced to work from […] | |||
|
2020-06-29 10:37:06 | Chinese tax software bundled with GoldenSpy backdoor targets western companies (lien direct) | A new malware dubbed GoldenSpy is being distributed embedded in tax payment software that some businesses operating in China are required to install. GoldenSpy is a new backdoor that is being distributed embedded in tax payment software (the Aisino Intelligent tax software) that some businesses operating in China are required to install. The campaign is […] | Malware | ||
|
2020-06-29 08:21:18 | REvil operators threaten to leak files stolen from Australian firm Lion (lien direct) | Australian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems. The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage […] | |||
|
2020-06-29 07:25:39 | Office 365 users that are returning to the workplace targeted with Coronavirus training resources (lien direct) | Experts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In […] | Threat | ||
|
2020-06-28 18:12:25 | Australian ACSC \'s report confirms the use of Chinese malware in recent attacks (lien direct) | Australian ACSC published a detailed report on the techniques, tactics, and procedures associated with the threat actor that targeted organizations in the country. Recently, Australia 's prime minister Scott Morrison revealed that a “state-based actor” is targeting government, public services, and businesses. Warning Australians of “specific risks” and an increased frequency of attacks, the Australian […] | Malware Threat | ||
|
2020-06-28 10:58:26 | Security Affairs newsletter Round 270 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 230k+ Indonesian COVID-19 patients records for sale in the Darkweb COVID-19 themed attacks are just a small percentage of the overall threats New Shlayer Mac malware spreads via poisoned search […] | Malware | ||
|
2020-06-28 10:04:03 | Magento 1.x EOL is set on June 30, 75% of installs potentially impacted (lien direct) | Adobe, Mastercard, Visa are warning the owners of the online store running Magento 1.x of updating their installs because it will reach EOL by June 30 Adobe, Mastercard, Visa are warning the owners of online store running Magento 1.x of updating their installs because it will reach the end-of-life (EOL) by June 30 After June […] | |||
|
2020-06-28 07:31:54 | Asian media firm E27 hacked, attackers asked for a “donation” (lien direct) | Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they […] | |||
|
2020-06-27 20:59:29 | NVIDIA addressed multiple code execution issues in GPU Drivers (lien direct) | NVIDIA released security patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including code execution issues. NVIDIA has released security updates to address a dozen vulnerabilities in GPU display drivers and vGPU software, some of them could lead to code execution. “NVIDIA has released a software security update for NVIDIA GPU Display […] | Guideline | ||
|
2020-06-27 12:11:34 | France Télévisions group hit by a cyber attack, its antennas were not impacted (lien direct) | The France Télévisions group announced yesterday that it was hit by a cyber attack, targeting one of its broadcasting sites. The France Télévisions group announced Friday that it was the victim of a cyber attack that targeted one of its broadcasting sites. According to the group, the attack did not impact its antennae. “One of its dissemination sites has been […] | |||
|
2020-06-27 09:45:38 | (Déjà vu) The man behind Cardplanet credit card market sentenced to 9 years in prison (lien direct) | A 30-year old Russian national was sentenced to nine years in prison for running Cardplanet and Direct Connection credit card market. The Russian national named Aleksey Yurievich Burkov (30) was sentenced to nine years in prison for running Cardplanet and Direct Connection, two credit card market that facilitated payment card fraud, computer hacking, and other illegal activities. In 2019, Burkov […] | |||
|
2020-06-26 20:50:07 | Crooks hide e-skimmer code in favicon EXIF Metadata (lien direct) | Malwarebytes experts observed crooks hiding a software skimmer in the EXIF metadata of an image that was surreptitiously loaded by compromised online stores. While investigating a Magecart attack, experts found an e-skimmer code hidden in the EXIF metadata of an image file and surreptitiously loaded by compromised online stores. The malicious script detected by the […] | |||
|
2020-06-26 18:49:09 | Developer of DDoS Mirai based botnets sentenced to prison (lien direct) | A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet. […] | |||
|
2020-06-26 13:40:25 | Police arrested 32 people while investigating underground economy forum (lien direct) | German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum. According to prosecutors in Frankfurt and Bamberg, the German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of the “crimenetwork.co” illegal underground economy forum. The operation involved […] | ★★★★★ | ||
|
2020-06-26 06:40:49 | New Lucifer DDoS botnet targets Windows systems with multiple exploits (lien direct) | A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it […] | Hack Threat | ||
|
2020-06-25 20:10:20 | Akamai mitigated the largest ever PPS DDoS attack (lien direct) | Akamai announced to have mitigated a record distributed denial-of-service (DDoS) attack that hit a European bank. Akamai revealed that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS). “On June 21, 2020, Akamai mitigated the largest packet per second (PPS) distributed […] | |||
|
2020-06-25 12:05:39 | WikiLeaks founder Julian Assange faces superseding indictment for conspiring with LulzSec hackers (lien direct) | WikiLeaks founder Julian Assange attempted to recruit hackers at conferences in Europe and Asia who could have stolen info for his anti-secrecy site, states DoJ. US Department of Justice claims Julian Assange tried to recruit hackers at conferences in Europe and Asia to steal classified information on his behalf and that could have been published […] | |||
|
2020-06-25 09:28:10 | Maze ransomware operators claim to have breached LG Electronics (lien direct) | Maze ransomware operators claims to have breached the South Korean multinational electronics company LG Electronics. Researchers at Cyble discovered a data leak of LG Electronics published by Maze ransomware operators. “As part of our regular darkweb monitoring, our researchers came across the data leak of LG Electronics been published by the Maze ransomware operators. Just after the WorldNet Telecommunications, the LG […] | Ransomware | ||
|
2020-06-25 08:12:08 | Microsoft issues guidance to defend Exchange servers under attack (lien direct) | Microsoft researchers are warning of attacks against Exchange servers and published guidance on how to defend them. Microsoft’s Defender ATP Research Team released guidance on how to defend against attacks targeting Exchange servers with the use of behavior-based detection. Microsoft researchers analyzed multiple campaigns targeting Exchange servers in early April which showed how the malicious […] | |||
|
2020-06-24 20:50:30 | VMware addresses critical flaws in Workstation and Fusion (lien direct) | VMware addressed 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity code issues on the hypervisor. VMware has addressed 10 vulnerabilities affecting ESXi, Workstation and Fusion products, including critical and high-severity issues that can be exploited by attackers to execute arbitrary code on the hypervisor. The most serious issue is a […] | |||
|
2020-06-24 18:59:20 | CryptoCore hacker group stole over $200M from cryptocurrency exchanges (lien direct) | The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges. The CryptoCore group, […] | |||
|
2020-06-24 13:10:35 | (Déjà vu) Frost & Sullivan databases available for sale on a hacker forum (lien direct) | U.S. business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost […] | Threat | ||
|
2020-06-24 11:32:05 | Von der Leyen said Chinese cyberattacks on EU hospitals cannot be tolerated (lien direct) | European Commission President Ursula von der Leyen called out China for launching cyberattacks EU hospitals and health care institutions during the COVID-19 pandemic. European Commission President Ursula von der Leyen publicly linked to China a series of cyber attacks against EU hospitals and health care institutions during the COVID-19 pandemic. von der Leyen added that this conduct cannot be tolerated, she also added that China carried out […] | |||
|
2020-06-24 09:19:20 | (Déjà vu) REvil ransomware gang scans healthcare victim\'s network for PoS systems (lien direct) | Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Researchers from Symantec’s Threat Intelligence team reported that the REvil ransomware operators have been observed while scanning one of their victim’s network for Point of […] | Ransomware Threat | ||
|
2020-06-24 06:54:51 | New XORDDoS, Kaiji DDoS botnet variants target Docker servers (lien direct) | Operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online, Trend Micro warns. Trend Micro researchers reported that operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was […] | Threat | ||
|
2020-06-23 17:54:20 | Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln (lien direct) | Group-IB published a detailed report on Fxmsp – a heavyweight of the Russian-speaking cyber underground who made a name for himself selling access to corporate networks. Group-IB, a Singapore-based cybersecurity company, has issued a comprehensive report on Fxmsp – a heavyweight of the Russian-speaking cyber underground who made a name for himself selling access to corporate networks. Group-IB […] | |||
|
2020-06-23 13:16:41 | A daily average of 80,000 printers exposed online via IPP (lien direct) | Experts found tens of thousands of printers that are exposed online that are leaking device names, organization names, WiFi SSIDs, and other info. It’s not a mystery, a printer left exposed online without proper security could open the doors to hackers, now researchers from Shadowserver Foundation have discovered tens of thousands of printers that are […] | |||
|
2020-06-23 09:55:28 | CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group (lien direct) | CLOP ransomware operators have allegedly hacked IndiaBulls Group, an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group, its primary businesses are housing finance, consumer finance, and wealth management. Indiabulls Group has around 19,000 employees, the company has been earning an average revenue of 25,000 crore Indian rupees. The […] | Ransomware | ||
|
2020-06-23 07:13:38 | (Déjà vu) BlueLeaks: 269GB of data from US law enforcement organizations leaked online (lien direct) | A group of hacktivists and transparency advocates published a massive 269 GB of data, dubbed BlueLeaks, allegedly stolen from U.S. Police and Fusion Centers. A group of hacktivists and transparency advocates has leaked online hundreds of thousands of sensitive documents allegedly stolen from more than 200 police departments, fusion centers, and law enforcement agencies across the […] | |||
|
2020-06-22 19:57:25 | New Zealand freezes assets of Russian cyber criminal Alexander Vinnik (lien direct) | New Zealand police had frozen NZ$140 million (US$90 million) in assets linked to a Russian cyber criminal. New Zealand police announced that they had frozen NZ$140 million (US$90 million) in assets linked to the Russian nation Alexander Vinnik. Alexander Vinnik is currently in France to face a charge of money laundering for organised crime using […] | |||
|
2020-06-22 18:24:38 | Crooks leverage Google Analytics in web skimming attacks (lien direct) | Security researchers at Kaspersky uncovered a web skimming campaign leveraging Google Analytics service to steal user data. Recently, researchers at Kaspersky identified several web skimming attacks that abused Google Analytics service to exfiltrate data stolen with an e-skimmer software. Threat actors exploit the trust in Analytics to bypass Content Security Policy (CSP) using the Analytics API. […] | Threat | ||
|
2020-06-22 13:18:15 | AMD is going to patch UEFI SMM callout privilege escalation flaw (lien direct) | AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). AMD recently announced that it was preparing patches for an SMM Callout Privilege Escalation vulnerability, tracked as CVE-2020-12890, that affects the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability […] | Vulnerability | ||
|
2020-06-22 11:03:12 | Moroccan journalist targeted with network injection attacks using NSO Group \'s spyware (lien direct) | Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. In October 2019, security experts at Amnesty International's Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. The researchers are […] | |||
|
2020-06-22 07:50:07 | A new variant of the IcedID banking Trojan spreads using COVID-19 lures (lien direct) | Experts spotted a new version of the IcedID banking trojan that uses steganography to infect victims as part of COVID-19 themed attacks. A new version of the IcedID banking trojan was employed in COVID-19 themed attacks, the new variant uses steganography to infect victims and implements anti-detection capabilities. Researchers at Juniper Threat Labs have spotted […] | Threat | ||
|
2020-06-21 23:06:37 | US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia (lien direct) | The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. The United States has deported the computer programmer Stanislav Vitaliyevich Lisov (35) to Russia, he is the author of NeverQuest banking malware, Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. The […] | |||
|
2020-06-21 15:47:53 | 230k+ Indonesian COVID-19 patients\' records for sale in the Darkweb (lien direct) | Security researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients records leaked in the darknet. As part of a regular Deepweb and Darkweb monitoring activity, researchers at threat intelligence firm Cyble identified a credible threat actor who was selling the database of COVID-19 patients of Indonesia. The threat actor is offering around […] | Threat | ||
|
2020-06-21 13:47:41 | New Shlayer Mac malware spreads via poisoned search engine results (lien direct) | Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk […] | Malware Threat | ||
|
2020-06-21 12:00:11 | Security Affairs newsletter Round 269 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of 'biased facial recognition technology Accessories giant Claires […] | Ransomware | ||
|
2020-06-21 09:35:08 | COVID-19 themed attacks are just a small percentage of the overall threats (lien direct) | Threat actors adapted their tactics to exploit the interest in the ongoing COVID-19 pandemic, Microsoft says. Since the beginning of the COVID-19 pandemic, threat actors started to actively deploy opportunistic campaigns using Coronavirus lures. Anyway, Microsoft says that malware attacks that abused the COVID-19 theme only had a temporary effect on the total volume of […] | Malware Threat | ||
|
2020-06-15 13:39:28 | (Déjà vu) Black Kingdom ransomware operators exploit Pulse VPN flaws (lien direct) | Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Researchers from security firm REDTEAM reported that operators behind the Black Kingdom ransomware are targeting enterprises exploiting the CVE-2019-11510 flaw in Pulse Secure VPN software to gain access to the network. Black Kingdom ransomware was first spotted in […] | Ransomware | ||
|
2020-06-15 09:54:48 | Accessories giant Claire\'s is the victim of a Magecart attack, credit card data exposed (lien direct) | Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained access to customer’s credit cards. Claire’s […] | Threat |
To see everything:
