What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-07 18:08:00 | New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices (lien direct) | A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a | Malware | ||
|
2022-09-07 17:40:00 | North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (lien direct) | The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being | Malware Medical | APT 38 | |
|
2022-09-07 17:30:00 | 4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar (lien direct) | Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey, 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – | |||
|
2022-09-07 12:27:00 | Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities (lien direct) | A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42 said in a | |||
|
2022-09-07 10:58:00 | Critical RCE Vulnerability Affects Zyxel NAS Devices - Firmware Patch Released (lien direct) | Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a | Vulnerability | ||
|
2022-09-06 17:59:00 | Worok Hackers Target High-Profile Asian Companies and Governments (lien direct) | High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET | |||
|
2022-09-06 15:27:00 | TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks (lien direct) | Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order | Malware Threat | ||
|
2022-09-06 14:27:00 | Integrating Live Patching in SecDevOps Workflows (lien direct) | SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the | Patching | ||
|
2022-09-06 12:17:00 | New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security (lien direct) | A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday | Threat | ||
|
2022-09-06 10:48:00 | Researchers Find New Android Spyware Campaign Targeting Uyghur Community (lien direct) | A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the | Malware Guideline | ||
|
2022-09-06 08:41:00 | QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw (lien direct) | QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo | Ransomware | ||
|
2022-09-05 20:29:00 | TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users\' Information (lien direct) | Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows | Data Breach | ||
|
2022-09-05 19:59:00 | What Is Your Security Team Profile? Prevention, Detection, or Risk Management (lien direct) | Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist! Most attacks succeed by taking advantage of common failures in their target's systems. Whether new or | |||
|
2022-09-05 17:56:00 | Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus (lien direct) | A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, | Ransomware | ||
|
2022-09-05 12:40:00 | Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan (lien direct) | The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the | |||
|
2022-09-03 09:47:00 | Samsung Admits Data Breach that Exposed Details of Some U.S. Customers (lien direct) | South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined | Data Breach | ★★ | |
|
2022-09-03 09:26:00 | Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability (lien direct) | Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An | Vulnerability | ||
|
2022-09-02 20:04:00 | Prynt Stealer Contains a Backdoor to Steal Victims\' Data Stolen by Other Cybercriminals (lien direct) | Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat | |||
|
2022-09-02 16:27:00 | JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users (lien direct) | More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger, cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early | Threat | ||
|
2022-09-02 16:13:00 | The Ultimate Security Blind Spot You Don\'t Know You Have (lien direct) | How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The disappointing part is that many of these | |||
|
2022-09-02 15:51:00 | Warning: PyPI Feature Executes Code Automatically After Python Package Download (lien direct) | In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a | |||
|
2022-09-02 12:30:00 | New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers (lien direct) | Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson | Malware | ||
|
2022-09-02 11:25:00 | (Déjà vu) Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content (lien direct) | A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104, according to developer Jeff Johnson. While the | |||
|
2022-09-01 19:35:00 | Stop Worrying About Passwords Forever (lien direct) | So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications, | |||
|
2022-09-01 18:25:00 | Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (lien direct) | The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in | Ransomware | ★★★★★ | |
|
2022-09-01 15:49:00 | (Déjà vu) Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials (lien direct) | Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a | Threat | ||
|
2022-09-01 15:33:00 | Infra Used in Cisco Hack Also Targeted Workforce Management Solution (lien direct) | The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of | Hack | ||
|
2022-09-01 12:43:00 | Microsoft Discover Severe \'One-Click\' Exploit for TikTok Android App (lien direct) | Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft | Vulnerability | ★★★★★ | |
|
2022-09-01 08:54:00 | Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability (lien direct) | Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech | Vulnerability Guideline | ||
|
2022-08-31 16:15:00 | Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users (lien direct) | Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit of retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole | |||
|
2022-08-31 14:22:00 | Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope (lien direct) | A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the | Malware Threat | ||
|
2022-08-31 14:20:00 | Interested in Reducing Your Risk Profile? Jamf Has a Solution for That (lien direct) | The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerable to cyberattacks, making mobile security an increasingly important concern for enterprises. This | Threat | ||
|
2022-08-31 11:12:00 | Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks (lien direct) | Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer | Vulnerability | ||
|
2022-08-31 07:23:00 | Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks (lien direct) | A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a | Malware | ||
|
2022-08-30 18:25:00 | Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (lien direct) | As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and | |||
|
2022-08-30 18:00:00 | Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs (lien direct) | As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is Stellar Cyber. Stellar Cyber claims to address the needs of MSSPs by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their | Threat | ||
|
2022-08-30 12:30:00 | India\'s Newest Airline Akasa Air Found Leaking Passengers\' Personal Information (lien direct) | Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, | Guideline | ||
|
2022-08-30 11:42:00 | FBI Warns Investors to Take Precautions with Decentralized Financial Platforms (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification. Attackers are said to have used | |||
|
2022-08-30 09:05:00 | FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones (lien direct) | The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients. "Kochava then sells | |||
|
2022-08-29 22:55:00 | New Golang-based \'Agenda Ransomware\' Can Be Customized For Each Victim (lien direct) | A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last week. Qilin, the threat | Ransomware | ||
|
2022-08-29 15:45:00 | Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software (lien direct) | A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News. "They can | |||
|
2022-08-29 15:36:00 | A CISO\'s Ultimate Security Validation Checklist (lien direct) | If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – the office, our Security Validation Checklist can help make sure your security posture is in good | |||
|
2022-08-29 12:37:00 | Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users (lien direct) | Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts. It has since | Threat | ||
|
2022-08-29 09:53:00 | CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful | |||
|
2022-08-27 08:53:00 | Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations (lien direct) | Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence | Threat | ||
|
2022-08-27 01:09:00 | Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center (lien direct) | Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An | Vulnerability Guideline | ||
|
2022-08-26 14:40:00 | Hackers Breach LastPass Developer System to Steal Source Code (lien direct) | Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed. “An unauthorized party gained access to portions of the LastPass development | LastPass | ||
|
2022-08-26 12:22:00 | Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework (lien direct) | Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. “Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time,” Microsoft security experts said. “Sliver thus presents an attractive alternative for actors looking for a | Threat | ||
|
2022-08-25 20:19:00 | Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations (lien direct) | The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from | Threat | ||
|
2022-08-25 18:54:00 | Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (lien direct) | The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech | Malware Threat |
To see everything:
Our RSS (filtrered)
