What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-08 20:18:34 | A cyberattack shutdown US Colonial Pipeline (lien direct) | A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in Pelham, Alabama. The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and […] | |||
|
2021-05-08 13:05:48 | Microsoft warns of a large-scale BEC campaign to make gift card scam (lien direct) | Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI's Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business […] | Threat | ||
|
2021-05-07 21:03:42 | Russia-linked APT29 group changes TTPs following April advisories (lien direct) | The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […] | APT 29 | ||
|
2021-05-07 16:35:28 | 19 petabytes of data exposed across 29,000+ unprotected databases (lien direct) | CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […] | Threat | ★★★ | |
|
2021-05-07 13:35:31 | [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) (lien direct) | HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around […] | Threat | ||
|
2021-05-07 13:00:50 | VMware addresses critical RCE in vRealize Business for Cloud (lien direct) | VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware vRealize Business for Cloud. vRealize Business for Cloud is an automated cloud business management solution that allows customers to […] | |||
|
2021-05-07 09:57:25 | Connecting the Bots – Hancitor fuels Cuba Ransomware Operations (lien direct) | The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […] | Ransomware Malware | ||
|
2021-05-07 08:06:05 | Possible attacks on the TCP/IP protocol stack and countermeasures (lien direct) | Let's look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. Excluding in this discussion threats due to natural disasters, we can classify […] | |||
|
2021-05-06 23:12:30 | Windows Moriya rootkit used in highly targeted attacks (lien direct) | Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […] | Threat | ||
|
2021-05-06 19:30:44 | Qualcomm bug impacts about 30% of all smartphones (lien direct) | A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm Mobile Station Modem that can be exploited by attackers to trigger memory corruption and execute arbitrary code on the […] | |||
|
2021-05-06 13:54:30 | Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage (lien direct) | Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future's Insikt Group have discovered six procurement documents from official People's Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from […] | |||
|
2021-05-06 09:22:21 | A taste of the latest release of QakBot (lien direct) | A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim's secrets using […] | Malware | ||
|
2021-05-06 06:25:05 | Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software (lien direct) | Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could […] | |||
|
2021-05-05 15:27:31 | (Déjà vu) UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware (lien direct) | A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization […] | Malware Threat | ||
|
2021-05-05 08:59:32 | (Déjà vu) Cyber Defense Magazine – May 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 90 pages of excellent content. Cyber Defense Magazine May 2021 OVER 90+ PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.CLICK HERE AND […] | |||
|
2021-05-05 07:58:42 | Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager (lien direct) | Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer's cloud infrastructure. “A security vulnerability […] | Vulnerability | ||
|
2021-05-04 19:48:58 | A massive DDoS knocked offline Belgian government websites (lien direct) | A massive distributed denial of service (DDoS) attack shut down Belgiums’ government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government's IT network, according to the media the attack also knocked offline internal systems. People attempting to visit websites hosted on the Belnet network […] | |||
|
2021-05-04 17:10:01 | Most of Exim email servers could be hacked by exploiting 21Nails flaws (lien direct) | The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address a collection of 21 vulnerabilities, dubbed 21Nails, that can be exploited by attackers to take over […] | |||
|
2021-05-04 15:34:49 | Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws (lien direct) | American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked as CVE-2021-21551, that affects Dell DBUtil driver. The flaw affects version 2.3 of the Dell BIOS driver, it is one of a series of […] | |||
|
2021-05-04 09:01:06 | Project Signal: a second Iranian State-Sponsored Ransomware Operation (lien direct) | Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran's Islamic Revolutionary Guard Corps (IRGC) through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). […] | Ransomware | ||
|
2021-05-04 06:52:30 | Apple addresses three zero-day flaws in its WebKit browser engine (lien direct) | Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS. The WebKit browser engine is […] | |||
|
2021-05-03 21:08:43 | Expert released PoC exploit for Microsoft Exchange flaw (lien direct) | Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems. April […] | Vulnerability | ||
|
2021-05-03 17:39:49 | Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited (lien direct) | Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms […] | Vulnerability Threat | ★★★★ | |
|
2021-05-03 14:42:52 | Most Common Causes of Data Breach and How to Prevent It (lien direct) | Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon's 2020 Data Breach Investigations Report, you canfind some of the most common causes of data breaches. However, you will also […] | Data Breach | ||
|
2021-05-03 14:07:55 | Experian API exposed credit scores of tens of millions of Americans (lien direct) | Experian API Exposed Credit Scores of Most Americans could have been accessed due to a weakness with a partner website. Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just […] | |||
|
2021-05-03 06:39:57 | Threat Report Portugal: Q1 2021 (lien direct) | The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […] | Malware Threat | ||
|
2021-05-02 16:00:15 | WeSteal, a shameless commodity cryptocurrency stealer available for sale (lien direct) | The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.” […] | Guideline | ||
|
2021-05-02 13:32:59 | Security Affairs newsletter Round 312 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely Hackers are targeting Soliton FileZen file-sharing servers A supply chain attack compromised the update mechanism of Passwordstate Password Manager Boffins […] | |||
|
2021-05-02 11:05:41 | Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle (lien direct) | A security duo has demonstrated how to hack a Tesla Model X's and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […] | Hack | ||
|
2021-05-02 08:06:06 | Cloud hosting provider Swiss Cloud suffered a ransomware attack (lien direct) | Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company's server infrastructure. The company is currently working to restore operations from its backups with the help of experts from […] | Ransomware | ||
|
2021-05-01 18:38:18 | AgeLocker ransomware operation targets QNAP NAS devices (lien direct) | Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn’t provide technical details of the attacks, it is not clear if the ransomware gang exploited know vulnerabilities. “The QNAP security team has […] | Ransomware | ||
|
2021-05-01 14:14:37 | (Déjà vu) Flaws in the BIND software expose DNS servers to attacks (lien direct) | The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address several vulnerabilities that can be exploited by attackers to trigger denial-of-service (DoS) conditions and potentially to remotely execute […] | |||
|
2021-05-01 12:19:53 | Babuk crew announced it will stop ransomware attacks (lien direct) | Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. Recently the Babuk ransomware operators made the headlines for the ransomware attack against the DC Police Department. Experts believe that the decision of the group to leave the ransomware practice could be the […] | Ransomware | ||
|
2021-04-30 22:29:54 | China-linked APT uses a new backdoor in attacks at Russian defense contractor (lien direct) | China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. The state-sponsored hackers […] | |||
|
2021-04-30 16:25:58 | UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed (lien direct) | UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye's Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue (CVE-2021-20016) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before […] | |||
|
2021-04-30 14:09:35 | Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization (lien direct) | UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and the United Nations International Computing Centre (UNICC), detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. […] | Threat | ||
|
2021-04-29 21:28:53 | (Déjà vu) Command injection flaw in PHP Composer allowed supply-chain attacks (lien direct) | A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. Composer is the major […] | Vulnerability | ||
|
2021-04-29 18:10:09 | An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos (lien direct) | Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches […] | Ransomware | ||
|
2021-04-29 16:53:26 | An issue in the Linux Kernel could allow the hack of your system (lien direct) | An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization (KASLR) is a computer security technique designed to prevent […] | Hack | ||
|
2021-04-29 11:15:03 | Purple Lambert, a new malware of CIA-linked Lambert APT group (lien direct) | Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […] | Malware | ||
|
2021-04-29 06:22:02 | RotaJakiro Linux backdoor has flown under the radar since 2018 (lien direct) | Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims. RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing […] | Malware Threat | ||
|
2021-04-28 19:40:55 | Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs (lien direct) | China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region. Organizations targeted by the […] | APT 30 | ||
|
2021-04-28 13:46:06 | Google addresses a high severity flaw in V8 engine in Chrome (lien direct) | Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. […] | |||
|
2021-04-28 10:48:59 | UK rail network Merseyrail hit by ransomware gang (lien direct) | UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack. A ransomware gang has also compromised the email system of the organization to […] | Ransomware | ||
|
2021-04-28 09:14:11 | Cloud misconfiguration, a major risk for cloud security (lien direct) | Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue's new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue to pose a severe security risk to organizations. Cloud misconfiguration remains the top cause of data breaches in the cloud, and the ongoing COVID-19 […] | |||
|
2021-04-27 18:14:55 | FBI shares with HIBP 4 million email addresses involved in Emotet attacks (lien direct) | The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. The authorities automatically wiped the infamous Emotet malware from infected systems […] | Malware | ★★★★ | |
|
2021-04-27 15:33:11 | (Déjà vu) CISA, NIST published an advisory on supply chain attacks (lien direct) | CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released a joint advisory that provides trends and best practices related to […] | |||
|
2021-04-27 11:50:29 | Ransomware hit Guilderland Central School District near Albany (lien direct) | Officials revealed that the school district near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday. The Guilderland Central School District near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday, the news […] | Ransomware | ||
|
2021-04-27 08:33:35 | Microsoft Defender uses Intel TDT technology against crypto-mining malware (lien direct) | Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using Cryptojacking malware […] | Malware Threat | ||
|
2021-04-27 06:53:05 | (Déjà vu) Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature (lien direct) | Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. The developers behind the Shlayer malware have successfully […] | Malware |
To see everything:
Our RSS (filtrered)
