What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-03 00:03:51 | Facebook to Shut Down Facial Recognition System and Delete Billions of Records (lien direct) | Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products.
The Menlo Park tech giant described the about-face as "one of the largest shifts in facial |
|||
|
2021-11-02 22:20:12 | Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks (lien direct) | Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks.
Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are |
Vulnerability | ★★ | |
|
2021-11-02 03:03:31 | Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild (lien direct) | A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks.
Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. |
Vulnerability | ||
|
2021-11-02 02:37:00 | Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws (lien direct) | Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel.
To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched |
|||
|
2021-11-01 05:08:43 | Critical Flaws Uncovered in Pentaho Business Analytics Software (lien direct) | Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application.
The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs |
|||
|
2021-11-01 04:50:39 | Securing SaaS Apps - CASB vs. SSPM (lien direct) | There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable |
|||
|
2021-11-01 04:25:57 | New \'Trojan Source\' Technique Lets Hackers Hide Vulnerabilities in Source Code (lien direct) | A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.
Dubbed "Trojan Source attacks," the technique "exploits subtleties in text-encoding standards such as Unicode to produce source |
Malware Threat | ||
|
2021-11-01 01:31:28 | Researchers Uncover \'Pink\' Botnet Malware That Infected Over 1.6 Million Devices (lien direct) | Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.
Qihoo 360's Netlab security team dubbed the botnet " |
Malware | ||
|
2021-10-30 11:28:44 | Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (lien direct) | 12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups.
The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of cash |
Ransomware | ||
|
2021-10-29 04:06:53 | Winter is Coming for CentOS 8 (lien direct) | Winter is Coming for CentOS 8-but here is how you can enjoy your holidays after all.
The server environment is complex and if you're managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected.
That is exactly what Red Hat, the parent company of the CentOS Project, did when it suddenly announced a curtailment of support for |
|||
|
2021-10-29 04:03:00 | New \'Shrootless\' Bug Could Let Attackers Install Rootkit on macOS Systems (lien direct) | Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions.
Dubbed "Shrootless" and tracked as CVE-2021-30892, the "vulnerability lies in how Apple-signed packages with |
Vulnerability | ||
|
2021-10-29 00:33:09 | Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime (lien direct) | A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group.
Court documents showed that Vladimir Dunaev, 28, along with other members of the transnational, cybercriminal organization, stole money and |
|||
|
2021-10-28 21:08:52 | Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (lien direct) | Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild.
Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and |
|||
|
2021-10-28 06:12:30 | Israeli Researcher Cracked Over 3500 Wi-Fi Networks in Tel Aviv City (lien direct) | Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike.
CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the |
|||
|
2021-10-28 05:47:57 | A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365 (lien direct) | Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols.
Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' credentials, |
|||
|
2021-10-28 00:59:45 | New Wslink Malware Loader Runs as a Server and Executes Modules in Memory (lien direct) | Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East.
Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the |
Malware | ||
|
2021-10-28 00:05:43 | Malicious NPM Libraries Caught Installing Password Stealer and Ransomware (lien direct) | Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware.
The bogus packages - named "noblox.js-proxy" and "noblox.js-proxies" - were found to |
Ransomware | ||
|
2021-10-27 06:47:55 | Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike (lien direct) | A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems.
"These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed |
Spam Malware | ||
|
2021-10-27 06:03:30 | [eBook] The Guide to Centralized Log Management for Lean IT Security Teams (lien direct) | One of the side effects of today's cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don't have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations to gain real-time transparency and visibility into security events.
XDR provider Cynet has offered |
|||
|
2021-10-27 04:16:16 | Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country (lien direct) | A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline.
Posts and videos circulated on social media showed messages that said, "Khamenei! Where is our gas?" - a reference to the country's supreme leader Ayatollah Ali Khamenei. Other signs read, " |
Guideline | ||
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-10-26 04:18:47 | Over 10 Million Android Users Targeted With Premium SMS Scam Apps (lien direct) | A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge.
The premium SMS scam campaign - dubbed "UltimaSMS" - is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo |
|||
|
2021-10-26 00:41:44 | Malicious Firefox Add-ons Block Browser From Downloading Security Updates (lien direct) | Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser.
The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely |
|||
|
2021-10-25 06:51:31 | New Attack Let Attacker Collect and Spoof Browser\'s Digital Fingerprints (lien direct) | A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy.
Academics from Texas A&M University dubbed the attack system "Gummy Browsers," likening it to a nearly 20-year-old "Gummy Fingers" technique that can |
|||
|
2021-10-25 06:04:47 | Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM (lien direct) | The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the |
Guideline | ||
|
2021-10-25 03:11:50 | Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group (lien direct) | Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many" |
|||
|
2021-10-25 01:19:44 | Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware (lien direct) | Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully |
Ransomware Vulnerability Threat | ||
|
2021-10-24 23:55:50 | NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia (lien direct) | The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021.
The University of Toronto's Citizen Lab, which publicized the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and |
Tool | ||
|
2021-10-23 09:25:31 | Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks (lien direct) | Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in |
Tool Threat | ||
|
2021-10-23 02:23:13 | Popular NPM Package Hijacked to Publish Crypto-mining Malware (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library.
The supply-chain attack targeting the open-source library saw three |
Malware | ||
|
2021-10-23 01:49:01 | Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline (lien direct) | The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem.
The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the |
Ransomware | ||
|
2021-10-22 08:01:26 | \'Lone Wolf\' Hacker Group Targeting Afghanistan and India with Commodity RATs (lien direct) | A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints.
Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse |
Malware Threat | ||
|
2021-10-22 06:46:50 | Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks (lien direct) | The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity |
Ransomware Guideline | ||
|
2021-10-22 05:41:06 | Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild (lien direct) | A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China.
Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking |
Malware | ||
|
2021-10-21 10:52:28 | Before and After a Pen Test: Steps to Get Through It (lien direct) | An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial |
|||
|
2021-10-21 06:18:02 | Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer (lien direct) | A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks.
Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This |
Hack | ||
|
2021-10-21 06:07:03 | Product Overview: Cynet SaaS Security Posture Management (SSPM) (lien direct) | Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations.
As SaaS application use expands, as well as the number of |
|||
|
2021-10-21 04:00:55 | Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices (lien direct) | Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.
The malicious packages in question - named okhsa, klow, and klown - were published by the same |
|||
|
2021-10-21 00:43:45 | U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes (lien direct) | The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons.
The mandate, which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national |
|||
|
2021-10-21 00:03:14 | Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts (lien direct) | Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting |
Threat | ||
|
2021-10-20 20:42:39 | Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals (lien direct) | Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015.
Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, |
Malware | ||
|
2021-10-20 06:27:34 | Researchers Break Intel SGX With New \'SmashEx\' CPU Attack Technique (lien direct) | A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.
The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense |
Vulnerability | ||
|
2021-10-20 01:16:08 | OWASP\'s 2021 List Shuffle: A New Battle Plan and Primary Foe (lien direct) | Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice.
In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and |
|||
|
2021-10-20 01:01:19 | LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019 (lien direct) | A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata.
"The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals |
|||
|
2021-10-20 00:20:33 | Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices (lien direct) | Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism.
Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed "TPM Carte Blanche" by Google software engineer Chris |
Vulnerability | ||
|
2021-10-19 08:07:56 | Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services (lien direct) | Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.
Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used |
Hack Vulnerability | ||
|
2021-10-19 05:03:46 | A New Variant of FlawedGrace Spreading Through Mass Email Campaigns (lien direct) | Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria.
Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat |
Malware | ||
|
2021-10-18 23:11:57 | Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia (lien direct) | A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.
Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka |
Malware Threat | ||
|
2021-10-18 09:00:32 | Why Database Patching Best Practice Just Doesn\'t Work and How to Fix It (lien direct) | Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions.
But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done.
Yes, in some instances, you can just run a command line to install |
Patching | ||
|
2021-10-18 01:21:01 | Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting (lien direct) | Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."
"From malign operations against local health providers that endanger patient care, to |
Ransomware Threat |
To see everything:
Our RSS (filtrered)
