What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-18 22:50:24 | Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims (lien direct) | The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their | Ransomware | ||
|
2021-11-18 21:38:10 | New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks (lien direct) | Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers | |||
|
2021-11-18 04:59:17 | Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models (lien direct) | Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead | Vulnerability Guideline | ||
|
2021-11-18 04:43:56 | How to Build a Security Awareness Training Program that Yields Measurable Results (lien direct) | Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the | |||
|
2021-11-17 23:59:00 | Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware (lien direct) | Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their | Ransomware Threat | ||
|
2021-11-17 07:44:03 | U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws (lien direct) | Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple | Threat | ||
|
2021-11-17 07:13:06 | Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities (lien direct) | A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which was observed in September 2021, deployed Cobalt Strike payloads as a stepping stone for launching | |||
|
2021-11-17 03:10:39 | Israel\'s Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East (lien direct) | Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets in the U.K., Yemen, and Saudi Arabia, as well as to Hezbollah; to government institutions in Iran ( | |||
|
2021-11-17 02:48:50 | On-Demand Webinar: Into the Cryptoverse (lien direct) | In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream. This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more | |||
|
2021-11-16 22:40:27 | Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform (lien direct) | Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to | Threat | ||
|
2021-11-16 08:48:41 | New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses (lien direct) | Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique - dubbed "Blacksmith" (CVE-2021-42114, CVSS score: 9.0) - is designed to trigger bit flips on target refresh rate-enabled DRAM | |||
|
2021-11-16 04:41:42 | Researchers Demonstrate New Way to Detect MITM Phishing Kits in the Wild (lien direct) | No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, | |||
|
2021-11-16 01:22:15 | Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware (lien direct) | The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously | Malware | ||
|
2021-11-15 22:52:38 | New \'Moses Staff\' Hacker Group Targets Israeli Companies With Destructive Attacks (lien direct) | A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to | |||
|
2021-11-15 21:38:51 | SharkBot - A New Android Trojan Stealing Banking and Cryptocurrency Accounts (lien direct) | Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets - counting 22 unnamed international banks in Italy and the U.K. as well as five | Malware | ||
|
2021-11-15 07:30:01 | Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic (lien direct) | A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate ( | Threat | ||
|
2021-11-15 02:21:24 | (Déjà vu) North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro (lien direct) | Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets. IDA Pro is an Interactive Disassembler that's | APT 38 | ||
|
2021-11-15 01:53:34 | How to Tackle SaaS Security Misconfigurations (lien direct) | Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is - each app has tens or hundreds of security settings to configure, in | |||
|
2021-11-14 21:28:16 | FBI\'s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line "Urgent: Threat actor in systems" | Threat | ||
|
2021-11-12 07:32:30 | Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks (lien direct) | Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the | Ransomware Malware Threat | ★★★ | |
|
2021-11-12 07:15:52 | Abcbot - A New Evolving Wormable Botnet Malware Targeting Linux (lien direct) | Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 | Malware | ||
|
2021-11-11 21:43:11 | Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant (lien direct) | Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a | Hack Threat | ||
|
2021-11-11 09:52:12 | Researchers Uncover Hacker-for-Hire Group That\'s Active Since 2015 (lien direct) | A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain while lurking in the shadows. Named after a many-headed dragon from Romanian folklore, the adversary | |||
|
2021-11-11 03:50:08 | TrickBot Operators Partner with Shatak Attackers for Conti Ransomware (lien direct) | The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a | Ransomware Threat Guideline | ||
|
2021-11-11 01:30:00 | Navigating The Threat Landscape 2021 – From Ransomware to Botnets (lien direct) | Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with | Ransomware Threat | ||
|
2021-11-11 00:00:26 | Iran\'s Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa (lien direct) | A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred | Threat | ★★★★★ | |
|
2021-11-10 22:35:59 | Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN (lien direct) | A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Massachusetts-based cybersecurity firm Randori | Vulnerability | ||
|
2021-11-10 06:04:42 | Researchers Discover PhoneSpy Malware Spying on South Korean Citizens (lien direct) | An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices.
"With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium |
Malware | ||
|
2021-11-10 02:11:00 | 13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment (lien direct) | As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak.
Collectively called "NUCLEUS:13," successful attacks abusing the flaws can "result in devices going offline |
|||
|
2021-11-10 00:08:40 | 14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution.
The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, |
Tool Guideline | ||
|
2021-11-09 22:24:06 | Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs (lien direct) | Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system.
Of the 55 glitches, six are rated Critical and 49 are rated as |
|||
|
2021-11-09 05:05:52 | Unique Challenges to Cyber-Security in Healthcare and How to Address Them (lien direct) | No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks.
Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can |
Ransomware | ||
|
2021-11-09 00:44:10 | Robinhood Trading App Suffers Data Breach Exposing 7 Million Users\' Information (lien direct) | Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.
The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users. |
Data Breach Threat | ||
|
2021-11-08 21:38:08 | U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang (lien direct) | The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks.
According to unsealed court documents, |
Ransomware | ||
|
2021-11-08 19:41:04 | Suspected REvil Ransomware Affiliates Arrested in Global Takedown (lien direct) | Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history.
The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which |
Ransomware | ||
|
2021-11-08 06:39:11 | Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit (lien direct) | At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution.
The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of |
Threat | ||
|
2021-11-08 06:10:37 | BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups (lien direct) | A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns.
BlackBerry's research and intelligence team dubbed the entity "Zebra2104," with the group responsible for offering a means of a digital approach to ransomware syndicates |
Ransomware Threat | ||
|
2021-11-08 05:29:45 | Types of Penetration Testing (lien direct) | If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your security objectives.
What is penetration testing?
Penetration testing, commonly referred to as "pen |
|||
|
2021-11-08 05:12:48 | Critical Flaws in Philips TASY EMR Could Expose Patient Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive patient data from patient databases.
"Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from |
Threat | ||
|
2021-11-07 20:47:50 | Two NPM Packages With 22 Million Weekly Downloads Found Backdoored (lien direct) | In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts.
The two libraries in question are "coa," a parser for command-line options, and "rc," a |
|||
|
2021-11-05 05:57:15 | (Déjà vu) Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group (lien direct) | Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service (FSB).
Calling the hacker group "an FSB special project, which specifically targeted Ukraine," the Security Service of |
|||
|
2021-11-05 03:10:25 | U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes.
"These |
|||
|
2021-11-05 02:36:51 | U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group (lien direct) | The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands.
On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country |
Ransomware Guideline | ||
|
2021-11-04 23:15:46 | Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access (lien direct) | Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems.
Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco |
Vulnerability | ||
|
2021-11-04 05:09:12 | Critical RCE Vulnerability Reported in Linux Kernel\'s TIPC Module (lien direct) | Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.
The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel |
Vulnerability | ||
|
2021-11-04 05:01:46 | Our journey to API security at Raiffeisen Bank International (lien direct) | This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle.
Launching the "Security in Agile" program
Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14 |
|||
|
2021-11-04 00:05:55 | US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware (lien direct) | The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "malicious cyber activities."
The agency said the two companies were added to the list based on evidence that "these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government |
|||
|
2021-11-03 08:24:34 | BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released (lien direct) | An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period.
No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a |
Ransomware Threat | ||
|
2021-11-03 08:12:15 | Product Overview - Cynet Centralized Log Management (lien direct) | For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights.
On the other, organizations don't have the right means to manage the massive scale of logs and data produced to derive any value from it.
Log |
|||
|
2021-11-03 03:07:25 | Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques (lien direct) | The operators behind the Mekotio banking trojan have resurfaced with a shift in its infection flow so as to stay under the radar and evade security software, while staging nearly 100 attacks over the last three months.
"One of the main characteristics […] is the modular attack which gives the attackers the ability to change only a small part of the whole in order to avoid detection," researchers |
To see everything:
Our RSS (filtrered)
