What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-27 03:06:04 | Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years (lien direct) | Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments |
|||
|
2021-08-27 02:24:09 | Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers (lien direct) | U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution.
The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure ( |
Vulnerability | ||
|
2021-08-27 00:59:36 | Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers (lien direct) | Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.
The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the |
Vulnerability | ||
|
2021-08-26 05:57:02 | The Increased Liability of Local In-home Propagation (lien direct) | Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home.
In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the |
Threat | ||
|
2021-08-26 04:51:18 | F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices (lien direct) | Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code.
Of the 29 bugs addressed, 13 are |
|||
|
2021-08-26 02:47:51 | New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access (lien direct) | Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to research by EY.
While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft – |
|||
|
2021-08-26 00:50:53 | VMware Issues Patches to Fix New Flaws Affecting Multiple Products (lien direct) | VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system.
The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and |
|||
|
2021-08-25 22:58:32 | Critical Flaw Discovered in Cisco APIC for Switches - Patch Released (lien direct) | Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system.
Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue - which is due to improper access control - could |
Vulnerability | ||
|
2021-08-25 06:12:12 | Preventing your Cloud \'Secrets\' from Public Exposure: An IDE plugin solution (lien direct) | I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication.
Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level confidential |
|||
|
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 03:28:57 | B.Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages (lien direct) | Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication.
McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021, |
|||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-24 05:28:14 | Modified Version of WhatsApp for Android Spotted Installing Triada Trojan (lien direct) | A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.
"The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," |
|||
|
2021-08-24 05:13:19 | Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group (lien direct) | A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists.
"The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq |
|||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-24 02:58:38 | 38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations (lien direct) | More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure."
"The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, |
|||
|
2021-08-23 07:09:09 | Navigating Vendor Risk Management as IT Professionals (lien direct) | One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves.
In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for |
|||
|
2021-08-23 06:48:23 | Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group (lien direct) | ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed.
"Primarily operating on Raid Forums, the collective's moniker and motivation can partly be |
Data Breach | ||
|
2021-08-23 06:27:54 | Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems (lien direct) | Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top |
Hack Threat | ||
|
2021-08-22 02:51:51 | Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.
Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL |
Ransomware | ||
|
2021-08-20 09:02:51 | Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps (lien direct) | Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date.
The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million |
|||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-20 03:38:09 | Cybercrime Group Asking Insiders for Help in Planting Ransomware (lien direct) | A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the |
Ransomware Threat | ||
|
2021-08-20 01:15:08 | Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways (lien direct) | Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings.
"Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat |
|||
|
2021-08-19 23:47:08 | Critical Flaw Found in Older Cisco Small Business Routers Won\'t Be Fixed (lien direct) | A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.
Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart |
Vulnerability | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 08:48:40 | Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices (lien direct) | A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution.
Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw |
Vulnerability Guideline | ★★★ | |
|
2021-08-18 08:05:01 | BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices (lien direct) | A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment.
The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by |
Vulnerability | ||
|
2021-08-18 03:20:48 | Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks (lien direct) | IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients.
The attacks, which occurred in two waves in May and July 2021, have been linked |
Threat | ||
|
2021-08-18 03:10:37 | Does a VPN Protect You from Hackers? (lien direct) | A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more.
But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of |
|||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-17 20:41:47 | Unpatched Remote Hacking Flaw Disclosed in Fortinet\'s FortiWeb WAF (lien direct) | Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.
"An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands |
Vulnerability | ||
|
2021-08-17 04:55:37 | Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan (lien direct) | A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts.
The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir |
|||
|
2021-08-16 23:19:08 | Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices (lien direct) | Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors.
The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to |
|||
|
2021-08-16 08:18:15 | Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks (lien direct) | Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks, surpassing many of the existing UDP-based amplification factors to date.
Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security |
|||
|
2021-08-16 04:36:40 | Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients (lien direct) | Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials.
The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of |
|||
|
2021-08-16 00:29:29 | New AdLoad Variant Bypasses Apple\'s Security Defenses to Target macOS Systems (lien direct) | A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
"AdLoad," as the malware is known, is one of several |
Malware | ||
|
2021-08-14 05:34:23 | New Glowworm Attack Recovers Device\'s Sound from Its LED Power Indicator (lien direct) | A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters.
Dubbed the "Glowworm attack," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "an optical TEMPEST |
|||
|
2021-08-14 03:35:21 | Learn Ethical Hacking From Scratch - 18 Online Courses for Just $43 (lien direct) | If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career?
The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills.
Featuring 18 courses from top-rated instructors, The All-In-One 2021 Super-Sized Ethical Hacking |
|||
|
2021-08-14 03:20:34 | Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger (lien direct) | Facebook on Friday said it's extending end-to-end encryption (E2EE) for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs.
"The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's |
|||
|
2021-08-13 06:15:19 | Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection (lien direct) | Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials.
The phishing attacks take the form of invoice-themed lures mimicking financial-related |
|||
|
2021-08-13 05:54:59 | Why Is There A Surge In Ransomware Attacks? (lien direct) | The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions.
It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays |
Ransomware | ||
|
2021-08-13 02:46:09 | Hackers Actively Searching for Unpatched Microsoft Exchange Servers (lien direct) | Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
The remote code execution flaws have been collectively dubbed "ProxyShell." At least |
Threat | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-12 06:02:40 | How Companies Can Protect Themselves from Password Spraying Attacks (lien direct) | Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords.
The password spraying attack is a special kind of password attack that can prove effective in compromising your environment. Let's look closer |
|||
|
2021-08-12 00:26:50 | IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data (lien direct) | Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown.
"These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on |
Ransomware | ||
|
2021-08-11 22:23:20 | Microsoft Security Bulletin Warns of New Windows Print Spooler RCE Vulnerability (lien direct) | A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update.
Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the |
Vulnerability | ||
|
2021-08-11 04:57:32 | Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic (lien direct) | Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks.
"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari |
|||
|
2021-08-11 01:31:12 | Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network (lien direct) | Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches of exchanges Coincheck and Mt. Gox.
Poly Network, a cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin, Ethereum, |
To see everything:
Our RSS (filtrered)
