Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-07-07 08:50:19 |
Fake Kaseya VSA security update backdoors networks with Cobalt Strike (lien direct) |
Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. [...] |
Ransomware
Spam
Threat
|
|
|
|
2021-07-02 02:56:48 |
Microsoft shares mitigations for Windows PrintNightmare zero-day bug (lien direct) |
Microsoft says in a newly released security advisory that the Windows Print Spooler zero-day vulnerability known as PrintNightmare has already been exploited in the wild by threat actors. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-30 19:01:14 |
Leaked Babuk Locker ransomware builder used in new attacks (lien direct) |
A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. [...] |
Ransomware
Tool
Threat
|
|
|
|
2021-06-29 17:28:58 |
Hackers use zero-day to mass-wipe My Book Live devices (lien direct) |
A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. [...] |
Vulnerability
Threat
Guideline
|
|
★★★★
|
|
2021-06-29 12:23:47 |
DoubleVPN servers, logs, and account info seized by law enforcement (lien direct) |
Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. [...] |
Threat
|
|
|
|
2021-06-24 08:00:00 |
Phishing attack\'s unusual file attachment is a double-edged sword (lien direct) |
A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them. [...] |
Threat
|
|
|
|
2021-06-19 13:59:31 |
(Déjà vu) South Korea\'s Nuclear Research agency hacked using VPN flaw (lien direct) |
South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] |
Threat
|
|
|
|
2021-06-19 13:59:31 |
South Korea\'s Nuclear Research agency breached using VPN flaw (lien direct) |
South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] |
Threat
|
|
|
|
2021-06-18 12:48:23 |
Fake DarkSide gang targets energy, food industry in extortion emails (lien direct) |
Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. [...] |
Ransomware
Threat
|
|
|
|
2021-06-17 17:47:15 |
(Déjà vu) Eggfree Cake Box suffer data breach exposing credit card numbers (lien direct) |
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] |
Data Breach
Threat
|
|
|
|
2021-06-17 17:47:15 |
Egg free Cake Box suffer data breach exposing credit card numbers (lien direct) |
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] |
Data Breach
Threat
|
|
|
|
2021-06-16 00:19:02 |
Peloton Bike+ vulnerability allowed complete takeover of devices (lien direct) |
A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-15 17:53:16 |
Avaddon ransomware\'s exit sheds light on victim landscape (lien direct) |
A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation. [...] |
Ransomware
Threat
|
|
|
|
2021-06-08 14:20:52 |
Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days (lien direct) |
Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. [...] |
Threat
|
|
|
|
2021-06-04 14:51:32 |
Phishing uses Colonial Pipeline ransomware lures to infect victims (lien direct) |
The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files. [...] |
Ransomware
Threat
|
|
|
|
2021-06-04 14:23:21 |
(Déjà vu) Attackers are scanning for vulnerable VMware servers, patch now! (lien direct) |
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-04 14:23:21 |
Attackers scan for unpatched VMware vCenter servers, PoC exploit available (lien direct) |
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-03 11:55:34 |
Chinese threat actors hacked NYC MTA using Pulse Secure zero-day (lien direct) |
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. [...] |
Threat
|
|
|
|
2021-06-01 15:33:46 |
US: Russian threat actors likely behind JBS ransomware attack (lien direct) |
The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. [...] |
Ransomware
Threat
|
|
★★★
|
|
2021-06-01 13:25:36 |
Critical WordPress plugin zero-day under active exploitation (lien direct) |
Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware. [...] |
Threat
|
|
★★★
|
|
2021-05-29 11:33:44 |
New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers (lien direct) |
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. [...] |
Ransomware
Threat
|
|
|
|
2021-05-28 13:14:20 |
Mexico walls off national lottery sites after ransomware DDoS threat (lien direct) |
Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. [...] |
Ransomware
Threat
|
|
|
|
2021-05-28 12:12:21 |
Chinese cyberspies are targeting US, EU orgs with new malware (lien direct) |
Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. [...] |
Malware
Threat
|
|
|
|
2021-05-28 08:08:16 |
Microsoft: SolarWinds hackers target govt agencies from 24 countries (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-based SolarWinds hackers are behind an ongoing phishing campaign targeting government agencies worldwide. [...] |
Threat
|
|
|
|
2021-05-27 13:37:01 |
(Déjà vu) New BazaFlix attack pushes BazarLoader malware via fake movie site (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-27 13:37:01 |
New BazaFlix phishing delivers BazarLoader malware via call center (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-25 14:37:16 |
Domino\'s India discloses data breach after hackers sell data online (lien direct) |
Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] |
Data Breach
Threat
|
|
|
|
2021-05-24 10:02:03 |
North Korean hackers behind CryptoCore multi-million dollar heists (lien direct) |
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. [...] |
Threat
|
APT 38
|
|
|
2021-05-19 08:57:01 |
Hackers scan for vulnerable devices minutes after bug disclosure (lien direct) |
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. [...] |
Threat
|
|
|
|
2021-05-17 20:57:51 |
Student health insurance carrier Guard.me suffers a data breach (lien direct) |
Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] |
Data Breach
Vulnerability
Threat
|
|
|
|
2021-05-17 15:01:35 |
FBI spots spear-phishing posing as Truist Bank bank to deliver malware (lien direct) |
Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. [...] |
Malware
Threat
|
|
|
|
2021-05-14 10:37:45 |
(Déjà vu) DarkSide ransomware servers reportedly seized, operation shuts down (lien direct) |
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] |
Ransomware
Threat
|
|
|
|
2021-05-14 10:37:45 |
DarkSide ransomware servers reportedly seized, REvil restricts targets (lien direct) |
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] |
Ransomware
Threat
|
|
|
|
2021-05-13 18:24:29 |
Chemical distributor pays $4.4 million to DarkSide ransomware (lien direct) |
Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. [...] |
Ransomware
Threat
|
|
|
|
2021-05-13 13:00:00 |
(Déjà vu) Microsoft build tool abused to deliver password-stealing malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-13 13:00:00 |
Attackers abuse Microsoft dev tool to deploy Windows malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-12 12:49:16 |
Microsoft: Threat actors target aviation orgs with new malware (lien direct) |
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. [...] |
Malware
Threat
|
|
|
|
2021-05-11 13:01:55 |
Microsoft Defender ATP now secures networked Linux, macOS devices (lien direct) |
Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). [...] |
Threat
|
|
|
|
2021-05-06 10:31:45 |
New Moriya rootkit used in the wild to backdoor Windows systems (lien direct) |
A new stealthy rootkit was used by an unknown threat actor to backdoor targeted Windows systems in a likely ongoing espionage campaign dubbed TunnelSnake and going back to at least 2018. [...] |
Threat
|
|
|
|
2021-04-30 02:43:43 |
(Déjà vu) Codecov starts notifying customers affected by supply-chain attack (lien direct) |
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] |
Threat
|
|
|
|
2021-04-30 02:43:43 |
Codecov begins notifying affected customers, discloses IOCs (lien direct) |
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] |
Threat
|
|
|
|
2021-04-29 18:00:00 |
New ransomware group uses SonicWall zero-day to breach networks (lien direct) |
A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. [...] |
Ransomware
Threat
|
|
|
|
2021-04-28 09:00:44 |
Cyberspies target military organizations with new Nebulae backdoor (lien direct) |
A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. [...] |
Threat
|
|
|
|
2021-04-27 10:46:26 |
(Déjà vu) MangaDex discloses data breach after stolen database shared online (lien direct) |
Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] |
Data Breach
Threat
|
|
|
|
2021-04-27 10:46:26 |
MangaDex discloses data breach after stolen data gets shared online (lien direct) |
Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] |
Data Breach
Threat
|
|
|
|
2021-04-26 12:54:01 |
Microsoft Defender now blocks cryptojacking malware using Intel TDT (lien direct) |
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [...] |
Malware
Threat
|
|
|
|
2021-04-25 16:28:55 |
Hacker leaks 20 million alleged BigBasket user records for free (lien direct) |
A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. [...] |
Threat
|
|
|
|
2021-04-19 18:27:46 |
Geico data breach exposed customers\' driver\'s license numbers (lien direct) |
Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. [...] |
Data Breach
Threat
|
|
|
|
2021-04-19 17:07:40 |
Google Alerts continues to be a hotbed of scams and malware (lien direct) |
Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. [...] |
Malware
Threat
|
|
|
|
2021-04-17 11:08:22 |
(Déjà vu) Microsoft fixes Windows 10 bug that can corrupt NTFS drives (lien direct) |
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...] |
Threat
|
|
|