What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-29 17:30:00 | Researchers Uncover Covert Attack Campaign Targeting Military Contractors (lien direct) | A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out | |||
|
2022-09-29 17:15:00 | Five Steps to Mitigate the Risk of Credential Exposure (lien direct) | Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the | |||
|
2022-09-29 15:42:00 | Swachh City Platform Suffers Data Breach Leaking 16 Million User Records (lien direct) | A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK | Data Breach Threat | ||
|
2022-09-29 15:26:00 | (Déjà vu) Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (lien direct) | Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point said in | |||
|
2022-09-28 19:30:00 | Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems (lien direct) | A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through | Malware | ||
|
2022-09-28 18:06:00 | Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware (lien direct) | A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for € | Malware | ||
|
2022-09-28 17:45:00 | Improve your security posture with Wazuh, a free and open source XDR (lien direct) | Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of | |||
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-09-28 14:15:00 | Facebook Shuts Down Covert Political \'Influence Operations\' from Russia and China (lien direct) | Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes | |||
|
2022-09-28 10:33:00 | Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (lien direct) | WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and | Hack Vulnerability Guideline | ||
|
2022-09-27 19:24:00 | Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures (lien direct) | The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on | |||
|
2022-09-27 18:49:00 | New NullMixer Malware Campaign Stealing Users\' Payment Data and Credentials (lien direct) | Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety | Malware | ||
|
2022-09-27 17:34:00 | Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme (lien direct) | As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app | |||
|
2022-09-27 17:09:00 | Why Continuous Security Testing is a Must for Organizations Today (lien direct) | The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026. One big area of spending includes the art of putting cybersecurity defenses under pressure, commonly known as security testing. MarketsandMarkets forecasts the global | |||
|
2022-09-27 11:44:00 | Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (lien direct) | The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The | Hack | ||
|
2022-09-26 20:03:00 | Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (lien direct) | At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn | Threat | ||
|
2022-09-26 17:44:00 | Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor (lien direct) | A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan | Threat | ||
|
2022-09-26 16:03:00 | BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (lien direct) | The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec | Ransomware Malware | ||
|
2022-09-26 16:00:00 | 5 Network Security Threats And How To Protect Yourself (lien direct) | Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, | |||
|
2022-09-26 15:17:00 | Google to Make Account Login Mandatory for New Fitbit Users in 2023 (lien direct) | Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is | |||
|
2022-09-26 10:34:00 | Ukraine Arrests Cybercrime Group for Selling Data of 30 Million People (lien direct) | Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems | |||
|
2022-09-24 12:07:00 | London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches (lien direct) | The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in | Uber Uber | ||
|
2022-09-24 10:33:00 | Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability (lien direct) | Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it | Vulnerability | ||
|
2022-09-23 19:34:00 | Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts (lien direct) | GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to | Hack | ||
|
2022-09-23 18:55:00 | Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities (lien direct) | A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security | Threat | ||
|
2022-09-23 15:51:00 | CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency | Vulnerability | ||
|
2022-09-23 15:50:00 | Firing Your Entire Cybersecurity Team? Are You Sure? (lien direct) | What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any | |||
|
2022-09-23 15:26:00 | Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities (lien direct) | A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles | |||
|
2022-09-23 12:45:00 | (Déjà vu) Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware (lien direct) | An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to | Malware | ★★ | |
|
2022-09-23 10:44:00 | Hackers Using Malicious OAuth Apps to Take Over Email Servers (lien direct) | Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain | Threat | ★★ | |
|
2022-09-22 22:33:00 | Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs (lien direct) | A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were | Threat | ||
|
2022-09-22 20:31:00 | Malicious NPM Package Caught Mimicking Material Tailwind CSS Package (lien direct) | A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The | Threat | ||
|
2022-09-22 18:42:00 | IT Security Takeaways from the Wiseasy Hack (lien direct) | Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely | Hack | ||
|
2022-09-22 16:10:00 | Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure (lien direct) | Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as | Vulnerability | ||
|
2022-09-22 14:47:00 | 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects (lien direct) | As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, | Vulnerability | ||
|
2022-09-22 11:47:00 | Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (lien direct) | A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment | Vulnerability | ||
|
2022-09-21 19:08:00 | Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet (lien direct) | An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of unauthorized | |||
|
2022-09-21 17:51:00 | Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident (lien direct) | In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet. The company said that its centralized | Hack | ||
|
2022-09-21 17:30:00 | Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem (lien direct) | For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations – also known as “insider threats” – are increasing and cybersecurity practitioners are feeling the pain. Traditional | |||
|
2022-09-21 16:24:00 | U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List (lien direct) | The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could | Threat | ||
|
2022-09-21 12:00:00 | Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing (lien direct) | Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS). "Attackers used HTTP/2 multiplexing, or combining | |||
|
2022-09-21 10:54:00 | Critical Remote Hack Flaws Found in Dataprobe\'s Power Distribution Units (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe | Hack Guideline | ||
|
2022-09-21 10:50:00 | Product Review: Stellar Cyber Open XDR Platform (lien direct) | Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. Stellar Cyber delivers an Open XDR solution that allows organizations to use | Threat | ||
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat | ||
|
2022-09-20 14:51:00 | Uber Blames LAPSUS$ Hacking Group for Recent Security Breach (lien direct) | Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based | Threat | Uber Uber | |
|
2022-09-19 23:03:00 | Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage (lien direct) | American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company said in a notice shared on its | |||
|
2022-09-19 18:12:00 | Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (lien direct) | The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, | Ransomware Malware Threat | ||
|
2022-09-19 17:30:00 | Microsoft Teams\' GIFShell Attack: What Is It and How You Can Protect Yourself from It (lien direct) | Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been | Threat | ||
|
2022-09-19 15:15:00 | Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware (lien direct) | A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries, | Ransomware | ||
|
2022-09-19 14:20:00 | Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers (lien direct) | Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's |
To see everything:
Our RSS (filtrered)
