What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-18 10:47:00 | LockBit 3.0 Ransomware: Inside the Cyberthreat That\'s Costing Millions (lien direct) | U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," | Ransomware Threat | ★★★ | |
|
2023-03-17 23:45:00 | FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps (lien direct) | An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said. | Malware | ★★★ | |
|
2023-03-17 17:41:00 | THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter (lien direct) | Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do | General Information | ★★★ | |
|
2023-03-17 17:37:00 | New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (lien direct) | A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a | Malware Threat | ★★★ | |
|
2023-03-17 16:16:00 | A New Security Category Addresses Web-borne Threats (lien direct) | In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of | General Information Cloud | ★★★ | |
|
2023-03-17 15:52:00 | Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware (lien direct) | Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of | Malware Threat | ★★ | |
|
2023-03-17 12:36:00 | Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials (lien direct) | The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The | Threat | ★★ | |
|
2023-03-17 12:23:00 | Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips (lien direct) | Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 | ★★★ | ||
|
2023-03-16 21:00:00 | Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (lien direct) | Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as | Malware Threat | ★★ | |
|
2023-03-16 19:09:00 | Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (lien direct) | The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the | Malware | ★★ | |
|
2023-03-16 15:16:00 | Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme (lien direct) | A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, | ★★ | ||
|
2023-03-16 12:42:00 | What\'s Wrong with Manufacturing? (lien direct) | In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other | ★★ | ||
|
2023-03-16 12:04:00 | Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency (lien direct) | Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). | Vulnerability Threat | ★★ | |
|
2023-03-16 10:17:00 | CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion | Vulnerability Threat | ★★ | |
|
2023-03-15 19:19:00 | YoroTrooper Stealing Credentials and Information from Government and Energy Organizations (lien direct) | A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots," Cisco | Threat Threat | ★★★★ | |
|
2023-03-15 15:41:00 | New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining (lien direct) | Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet," CrowdStrike said in a new report shared with The | General Information | Uber | ★★★ |
|
2023-03-15 15:13:00 | The Different Methods and Stages of Penetration Testing (lien direct) | The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the | Data Breach | ★★★ | |
|
2023-03-15 14:53:00 | Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company (lien direct) | A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which | Malware Threat | ★★★ | |
|
2023-03-15 10:56:00 | Microsoft Rolls Out Patches for 80 New Security Flaws - Two Under Active Attack (lien direct) | Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The | ★★ | ||
|
2023-03-14 17:32:00 | GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks (lien direct) | A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor | Malware Threat | ★★★ | |
|
2023-03-14 17:22:00 | The Prolificacy of LockBit Ransomware (lien direct) | Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first | Ransomware Threat | ★★★ | |
|
2023-03-14 15:41:00 | Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (lien direct) | An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's | Threat | ★★★ | |
|
2023-03-14 11:31:00 | Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities (lien direct) | Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers Guillaume Lovet and Alex Kong said in an | Threat | ★★★ | |
|
2023-03-13 20:29:00 | Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects (lien direct) | A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an unknown | Threat | ★★★ | |
|
2023-03-13 17:54:00 | Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising (lien direct) | A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio | Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-13 17:53:00 | How to Apply NIST Principles to SaaS in 2023 (lien direct) | The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed | Cloud | ★★★ | |
|
2023-03-13 17:17:00 | Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (lien direct) | Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," | Malware Threat | ★★ | |
|
2023-03-13 13:06:00 | Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (lien direct) | More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up. Akuvox E11 is | ★★★ | ||
|
2023-03-13 11:45:00 | KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (lien direct) | The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate | Malware Threat | ★★★ | |
|
2023-03-11 19:02:00 | BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (lien direct) | The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for | Malware | ChatGPT | ★★ |
|
2023-03-10 19:32:00 | New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (lien direct) | An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation | Malware | ★★★ | |
|
2023-03-10 19:20:00 | China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware (lien direct) | A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The | Malware | ★★ | |
|
2023-03-10 19:09:00 | International Law Enforcement Takes Down Infamous NetWire Cross-Platform RAT (lien direct) | A coordinated international law enforcement exercise has taken down the online infrastructure associated with a cross-platform remote access trojan (RAT) known as NetWire. Coinciding with the seizure of the sales website www.worldwiredlabs[.]com, a Croatian national who is suspected to be the website's administrator has been arrested. While the suspect's name was not released, investigative | ★★ | ||
|
2023-03-10 18:26:00 | When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (lien direct) | Multi-factor Authentication (MFA) has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be less known are the inherent coverage limitations of traditional MFA solutions. While compatible with | ★★ | ||
|
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Malware Threat | ★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Malware Threat | ★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Malware Threat | ★★★ | |
|
2023-03-09 19:31:00 | IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (lien direct) | A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to | Ransomware Vulnerability | ★★★ | |
|
2023-03-09 17:55:00 | Does Your Help Desk Know Who\'s Calling? (lien direct) | Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take | Threat | ★★★ | |
|
2023-03-09 17:50:00 | Iranian Hackers Target Women Involved in Human Rights and Middle East Politics (lien direct) | Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The cybersecurity | Threat | ★★★ | |
|
2023-03-09 13:40:00 | New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (lien direct) | The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt, | ★★★ | ||
|
2023-03-09 10:53:00 | New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access (lien direct) | Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in | Vulnerability Threat | ★★★ | |
|
2023-03-08 22:00:00 | Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks (lien direct) | A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are | Guideline Cloud | ★★ | |
|
2023-03-08 17:56:00 | Syxsense Platform: Unified Security and Endpoint Management (lien direct) | As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that | ★★ | ||
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-03-08 13:27:00 | Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments (lien direct) | High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the " | Threat | ★★★ | |
|
2023-03-08 12:00:00 | CISA\'s KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability | Vulnerability | ★★ | |
|
2023-03-07 19:28:00 | SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms (lien direct) | Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure | Threat | ★★★★★ | |
|
2023-03-07 17:09:00 | Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (lien direct) | A suspected Pakistan-aligned advanced persistent threat (APT) group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET said in a report | Threat | APT 36 | ★★ |
|
2023-03-07 16:53:00 | Why Healthcare Can\'t Afford to Ignore Digital Identity (lien direct) | Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. - by Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing | ★★★ |
To see everything:
Our RSS (filtrered)
