What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-11 03:21:44 | Hackers Behind Cuba Ransomware Attacks Using New RAT Malware (lien direct) | Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the constellation-themed moniker | Ransomware Malware Threat | ★★★★ | |
|
2022-08-11 02:23:14 | Critical Flaws Disclosed in Device42 IT Asset Management Software (lien direct) | Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the | |||
|
2022-08-10 23:07:07 | GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions (lien direct) | Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," | Vulnerability | ||
|
2022-08-10 08:12:02 | Former Twitter Employee Found Guilty of Spying for Saudi Arabia (lien direct) | A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years in prison when sentenced. The verdict comes nearly three years | |||
|
2022-08-10 06:05:01 | Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers (lien direct) | The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least | Ransomware | ||
|
2022-08-10 03:56:41 | Hackers Behind Twilio Breach Also Targeted Cloudflare Employees (lien direct) | Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards | |||
|
2022-08-10 03:20:32 | The Business of Hackers-for-Hire Threat Actors (lien direct) | Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new | Threat | ||
|
2022-08-09 23:59:19 | CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a | Vulnerability | ★★★★ | |
|
2022-08-09 23:12:13 | (Déjà vu) Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack (lien direct) | As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues | Tool Vulnerability | ★★★★ | |
|
2022-08-09 07:24:25 | Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack (lien direct) | Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical | Data Breach Threat | ||
|
2022-08-09 05:32:48 | U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering (lien direct) | The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been | Medical | APT 38 | |
|
2022-08-09 05:18:40 | The Truth About False Positives in Security (lien direct) | TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course, referring to the COVID-19 pandemic, which required massive testing campaigns in order to control the | |||
|
2022-08-09 04:48:10 | 10 Credential Stealing Python Libraries Found on PyPI Repository (lien direct) | In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and Api tokens. The packages "install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check | |||
|
2022-08-09 00:25:36 | Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions (lien direct) | Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint | Threat | ||
|
2022-08-08 06:55:44 | New Orchard Botnet Uses Bitcoin Founder\'s Account Info to Generate Malicious Domains (lien direct) | A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend | |||
|
2022-08-08 06:43:02 | The Benefits of Building a Mature and Diverse Blue Team (lien direct) | A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea | |||
|
2022-08-08 06:37:54 | Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore (lien direct) | A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the | |||
|
2022-08-08 00:00:14 | Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (lien direct) | Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting | Malware | ||
|
2022-08-06 21:29:52 | New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack (lien direct) | A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," | Malware | ||
|
2022-08-06 01:44:06 | Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users (lien direct) | Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform said in an alert on 4th | ★★★★ | ||
|
2022-08-05 07:37:40 | Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government (lien direct) | A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania's National Agency of Information | Threat | ||
|
2022-08-05 03:06:00 | A Growing Number of Malware Attacks Leveraging Dark Utilities \'C2-as-a-Service\' (lien direct) | A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared | Malware | ||
|
2022-08-04 22:54:43 | CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary | Vulnerability Guideline | ||
|
2022-08-04 08:50:10 | Who Has Control: The SaaS App Admin Paradox (lien direct) | Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login. This CRM, however, defines MFA as a top-tier security setting; for example, | |||
|
2022-08-04 06:10:59 | Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers (lien direct) | As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured | Vulnerability Guideline | ||
|
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Malware Tool Vulnerability Threat | ★★★★★ | |
|
2022-08-04 03:24:10 | Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage (lien direct) | A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch | Threat | ||
|
2022-08-03 22:11:25 | Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws (lien direct) | Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8) | |||
|
2022-08-03 09:09:54 | Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour (lien direct) | A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization | |||
|
2022-08-03 05:36:55 | VirusTotal Reveals Most Impersonated Software in Malware Attacks (lien direct) | Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the | Malware Threat | CCleaner | |
|
2022-08-03 05:13:12 | On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams (lien direct) | The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Nearly 60% of enterprises can't find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study. The result? Heavier workloads, unfilled positions, and | Threat | ||
|
2022-08-02 21:49:51 | VMware Releases Patches for Several New Flaws Affecting Multiple Products (lien direct) | Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager | |||
|
2022-08-02 09:03:45 | Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike (lien direct) | Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this | ★★★★ | ||
|
2022-08-02 05:05:19 | New \'ParseThru\' Parameter Smuggling Vulnerability Affects Golang-based Applications (lien direct) | Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm | Vulnerability Threat | ★★★ | |
|
2022-08-02 04:25:05 | What is ransomware and how can you defend your business from it? (lien direct) | Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat | Ransomware Malware | ||
|
2022-08-02 01:07:34 | LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload (lien direct) | A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial | Ransomware Tool Threat | ||
|
2022-08-01 07:09:45 | Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (lien direct) | Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four | |||
|
2022-08-01 07:05:14 | Two Key Ways Development Teams Can Increase Their Security Maturity (lien direct) | Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew | Threat | ||
|
2022-07-31 23:31:03 | Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals (lien direct) | A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as the administrator for the tool from 2013 until its | Tool | ||
|
2022-07-31 21:51:16 | Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (lien direct) | The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings | Malware | ||
|
2022-07-30 02:53:43 | Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (lien direct) | Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via | Malware | ||
|
2022-07-29 21:20:43 | North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (lien direct) | A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name | Malware Threat | ||
|
2022-07-29 21:01:25 | CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center | |||
|
2022-07-29 06:25:15 | Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (lien direct) | A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been | Malware | ||
|
2022-07-29 03:49:50 | Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (lien direct) | Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the | Vulnerability Guideline | ||
|
2022-07-29 03:26:46 | Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network (lien direct) | The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a | |||
|
2022-07-29 00:00:11 | Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System (lien direct) | Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to | |||
|
2022-07-28 20:22:24 | Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation (lien direct) | A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain | Vulnerability | ||
|
2022-07-28 04:54:43 | Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default (lien direct) | With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its | ★★ | ||
|
2022-07-28 04:26:56 | Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits (lien direct) | A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the |
To see everything:
Our RSS (filtrered)
