What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-02 22:03:13 | New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! (lien direct) | Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild.
Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux on Tuesday, comes with a total of 47 security fixes, the most severe of which concerns an " |
Vulnerability | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-03-02 01:37:31 | New \'unc0ver\' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 (lien direct) | A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.
The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its |
Tool Vulnerability Guideline | ||
|
2021-03-01 06:18:35 | Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites (lien direct) | A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years |
Ransomware Malware | ||
|
2021-03-01 02:18:42 | Why do companies fail to stop breaches despite soaring IT security investment? (lien direct) | Let's first take a look back at 2020!
Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data.
A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.3 |
|||
|
2021-03-01 02:11:36 | Chinese Hackers Targeted India\'s Power Grid Amid Geopolitical Tensions (lien direct) | Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups.
The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and |
|||
|
2021-03-01 01:27:47 | SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020 (lien direct) | As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.
The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the |
|||
|
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2021-02-26 01:03:59 | ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process (lien direct) | Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information.
The findings were presented on Wednesday at the Network and Distributed System Security |
|||
|
2021-02-26 00:11:21 | Cisco Releases Security Patches for Critical Flaws Affecting its Products (lien direct) | Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices.
"An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful |
Vulnerability | ||
|
2021-02-25 05:59:56 | Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations (lien direct) | Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.
"Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said |
|||
|
2021-02-25 03:18:23 | The Top Free Tools for Sysadmins in 2021 (lien direct) | It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools.
If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software |
|||
|
2021-02-25 01:13:03 | Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack (lien direct) | Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
"The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most |
Malware | ||
|
2021-02-24 08:04:41 | Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (lien direct) | With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without |
Threat | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-24 04:32:23 | Everything You Need to Know About Evolving Threat of Ransomware (lien direct) | The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal-most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.
Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and |
Ransomware Threat | ||
|
2021-02-23 23:58:05 | Critical RCE Flaws Affect VMware ESXi and vSphere Client - Patch Now (lien direct) | VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
"A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying |
|||
|
2021-02-23 05:37:56 | Experts Find a Way to Learn What You\'re Typing During Video Calls (lien direct) | A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.
The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack |
|||
|
2021-02-23 03:01:03 | 5 Security Lessons for Small Security Teams for the Post COVID19 Era (lien direct) | A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about.
Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working |
|||
|
2021-02-23 02:46:13 | Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs (lien direct) | Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain |
|||
|
2021-02-22 23:18:33 | Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks (lien direct) | Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546.
The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named |
|||
|
2021-02-22 03:21:15 | How to Fight Business Email Compromise (BEC) with Email Authentication? (lien direct) | An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.
Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.
It is a common misconception that cybercriminals usually lay their focus on MNCs and |
Guideline | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-21 23:47:09 | New \'Silver Sparrow\' Malware Infected Nearly 30,000 Apple Macs (lien direct) | Days after the first malware targeting Apple M1 chips were discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that has already infected 29,139 Macs running Intel x86_64 and the iPhone maker's M1 processors.
However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload |
Malware | ||
|
2021-02-20 08:16:13 | Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users (lien direct) | Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.
The bug was addressed in a hotfix release (V1.20.108) made available yesterday.
Brave ships with a built-in feature called "Private Window with Tor" that integrates the Tor anonymity |
|||
|
2021-02-19 07:28:53 | New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card (lien direct) | Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card.
The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage |
Hack | ||
|
2021-02-19 01:18:55 | Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials (lien direct) | A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a .NET-based malware with capabilities to hinder static analysis - |
Malware | ||
|
2021-02-18 23:27:29 | SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune (lien direct) | Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data.
The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to |
|||
|
2021-02-18 02:20:10 | First Malware Designed for Apple M1 Chip Discovered in the Wild (lien direct) | One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors.
While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better |
Malware | ||
|
2021-02-17 23:26:15 | U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist (lien direct) | The U.S. Department of Justice (DoJ) on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses.
The three defendants - Jon Chang Hyok, Kim Il, and Park Jin Hyok - are said to be members of the Reconnaissance General Bureau, a military intelligence division of |
|||
|
2021-02-17 05:29:09 | Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (lien direct) | A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls.
That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and |
Vulnerability Threat | ||
|
2021-02-17 04:02:37 | Researchers Unmask Hackers Behind APOMacroSploit Malware Builder (lien direct) | Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.
The tool - dubbed "APOMacroSploit" - is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, |
Malware Tool | ||
|
2021-02-16 23:11:54 | (Déjà vu) Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites (lien direct) | A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams.
The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious parties to bypass the iframe sandboxing policy in the browser engine that |
Vulnerability | ||
|
2021-02-16 05:30:35 | Learn How to Manage and Secure Active Directory Service Accounts (lien direct) | There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account.
A service account is a special type of account that serves a specific purpose for services, and ultimately, applications in the environment.
These special-purpose Active Directory accounts are also the |
|||
|
2021-02-16 05:02:42 | Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware (lien direct) | Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.
The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices |
Malware Guideline | ||
|
2021-02-16 04:33:59 | Managed Service Provider? Watch This Video to Learn about Autonomous XDR (lien direct) | As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately.
In the meanwhile, your clients are constantly demanding more security for a lesser cost.
Cynet recently published an 8-min video detailing their platform, the Cynet |
|||
|
2021-02-15 22:00:16 | Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities (lien direct) | Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.
The intrusion campaign - which breached "several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French |
Hack Tool Threat | ||
|
2021-02-15 20:19:37 | A Sticker Sent On Telegram Could Have Exposed Your Secret Chats (lien direct) | Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors.
The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the app. Following responsible disclosure, Telegram addressed them in a series of patches on September 30 |
|||
|
2021-02-15 03:41:11 | Apple will proxy Safe Browsing requests to hide iOS users\' IP from Google (lien direct) | Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.
A built-in security-focused feature in the Safari browser, "Fraudulent Website Warning," alerts users about dangerous websites that have been reported as deceptive, |
|||
|
2021-02-12 20:39:52 | (Déjà vu) Yandex Employee Caught Selling Access to Users\' Email Inboxes (lien direct) | Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.
"The employee was one of three system administrators with the necessary access |
Data Breach | ||
|
2021-02-12 02:18:41 | Secret Chat in Telegram Left Self-Destructing Media Files On Devices (lien direct) | Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats.
The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in |
Vulnerability | ★★★ | |
|
2021-02-11 08:23:13 | Researchers Uncover Android Spying Campaign Targeting Pakistan Officials (lien direct) | Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign.
Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among |
Malware | ||
|
2021-02-11 02:48:57 | The Weakest Link in Your Security Posture: Misconfigured SaaS Settings (lien direct) | In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations.
Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today's company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State Actors implicated in SolarWinds breach. Their |
|||
|
2021-02-11 02:22:04 | 10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities (lien direct) | Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S.
The Europol-coordinated year-long investigation was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada.
" |
|||
|
2021-02-11 01:02:36 | Poor Password Security Lead to Recent Water Treatment Facility Hack (lien direct) | New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments.
The breach, which occurred last Friday, involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels |
Hack | ||
|
2021-02-10 23:43:10 | Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies (lien direct) | UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch |
Tool Threat | ||
|
2021-02-10 04:57:14 | Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies (lien direct) | In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution.
The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix |
Uber | ||
|
2021-02-10 04:18:09 | LodaRAT Windows Malware Now Also Targets Android Devices (lien direct) | A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives.
"The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis. "A new iteration of LodaRAT for Windows has been identified with |
Malware | ||
|
2021-02-10 02:23:24 | Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug (lien direct) | Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system.
"A local attacker may be able to elevate their privileges," Apple said in a security advisory. "This issue was addressed by updating to sudo version 1.9.5p2."
Sudo is a common utility built into most Unix and |
Vulnerability | ★★ | |
|
2021-02-09 20:44:35 | Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs (lien direct) | Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild.
In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity - six of which are previously disclosed vulnerabilities.
The updates cover .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, |
Vulnerability |
To see everything:
Our RSS (filtrered)
