Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-03-18 20:05:36 |
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure (lien direct) |
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure. |
|
|
|
|
2022-03-18 18:53:40 |
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data (lien direct) |
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says. |
|
|
|
|
2022-03-18 17:17:17 |
Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet (lien direct) |
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. |
|
NotPetya
NotPetya
|
|
|
2022-03-18 14:49:01 |
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops (lien direct) |
Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations' networks for further malicious activity. |
Ransomware
|
|
|
|
2022-03-17 19:21:09 |
Dev Sabotages Popular NPM Package to Protest Russian Invasion (lien direct) |
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.
|
|
|
|
|
2022-03-17 14:36:04 |
Misconfigured Firebase Databases Exposing Data in Mobile Apps (lien direct) |
Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say.
|
Threat
|
|
|
|
2022-03-17 13:00:38 |
Reporting Mandates to Clear Up Feds\' Hazy Look into Threat Landscape – Podcast (lien direct) |
It's about time, AttackIQ's Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. |
Threat
|
|
|
|
2022-03-16 17:32:59 |
\'CryptoRom\' Crypto-Scam is Back via Side-Loaded Apps (lien direct) |
Scammers are bypassing Apple's App Store security, stealing thousands of dollars' worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs. |
|
|
|
|
2022-03-16 16:29:11 |
Another Destructive Wiper Targets Organizations in Ukraine (lien direct) |
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on. |
|
|
|
|
2022-03-16 04:00:47 |
Phony Instagram \'Support Staff\' Emails Hit Insurance Company (lien direct) |
The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.”
|
|
|
|
|
2022-03-15 19:47:39 |
Cyberattacks Against Israeli Government Sites: \'Largest in the Country\'s History\' (lien direct) |
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. |
|
|
|
|
2022-03-15 16:58:43 |
Most QNAP NAS Devices Affected by \'Dirty Pipe\' Linux Flaw (lien direct) |
The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage (NAS) appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reported local privilege escalation vulnerability, affects the Linux kernel on QNAP […] |
Vulnerability
|
|
|
|
2022-03-15 12:58:59 |
Pandora Ransomware Hits Giant Automotive Supplier Denso (lien direct) |
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.
|
Ransomware
|
|
|
|
2022-03-14 21:50:45 |
Staff Think Conti Group Is a Legit Employer – Podcast (lien direct) |
The ransomware group's benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest's Marco Figueroa.
|
Ransomware
|
|
|
|
2022-03-14 13:52:37 |
Cybercrooks\' Political In-Fighting Threatens the West (lien direct) |
They're choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.
|
Ransomware
|
|
|
|
2022-03-11 18:34:34 |
Russia Issues Its Own TLS Certs (lien direct) |
The country's citizens are being blocked from the internet because foreign certificate authorities can't accept payments due to Ukraine-related sanctions, so it created its own CA.
|
|
|
|
|
2022-03-11 15:03:20 |
Raccoon Stealer Crawls Into Telegram (lien direct) |
The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.
|
|
|
|
|
2022-03-10 19:54:00 |
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers (lien direct) |
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep's clothing that grabs your cryptocurrency info instead. |
Tool
|
|
|
|
2022-03-10 15:30:19 |
Most Orgs Would Take Security Bugs Over Ethical Hacking Help (lien direct) |
A new survey suggests that security is becoming more important for enterprises, but they're still falling back on old "security by obscurity" ways. |
|
|
|
|
2022-03-10 14:10:04 |
Russia May Use Ransomware Payouts to Avoid Sanctions (lien direct) |
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine.
|
Ransomware
|
|
|
|
2022-03-10 14:00:32 |
Multi-Ransomwared Victims Have It Coming–Podcast (lien direct) |
Let's blame the victim. IT decision makers' confidence about security doesn't jibe with their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles. |
|
|
★★
|
|
2022-03-10 13:00:32 |
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads (lien direct) |
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things. |
Malware
|
|
|
|
2022-03-09 21:10:20 |
APT41 Spies Broke Into 6 US State Networks via a Livestock App (lien direct) |
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
|
Threat
Hack
|
APT 41
|
|
|
2022-03-09 16:00:32 |
Most ServiceNow Instances Misconfigured, Exposed (lien direct) |
Customers aren't locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.
|
Guideline
|
|
|
|
2022-03-09 14:07:55 |
Russian APTs Furiously Phish Ukraine – Google (lien direct) |
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.
|
|
|
|
|
2022-03-08 21:42:06 |
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday (lien direct) |
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. |
|
|
★★★★★
|
|
2022-03-08 15:56:36 |
The Uncertain Future of IT Automation (lien direct) |
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. |
|
|
|
|
2022-03-08 15:14:09 |
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure (lien direct) |
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. |
|
|
|
|
2022-03-08 14:52:05 |
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape (lien direct) |
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. |
|
|
|
|
2022-03-07 21:30:12 |
Novel Attack Turns Amazon Devices Against Themselves (lien direct) |
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. |
|
|
|
|
2022-03-07 19:28:36 |
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak (lien direct) |
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. |
Ransomware
|
|
|
|
2022-03-07 17:46:39 |
Nvidia\'s Stolen Code-Signing Certs Used to Sign Malware (lien direct) |
Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. |
Malware
|
|
|
|
2022-03-07 16:19:15 |
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape (lien direct) |
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser. |
|
|
|
|
2022-03-04 22:46:59 |
Massive Meris Botnet Embeds Ransomware Notes from REvil (lien direct) |
Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL. |
Ransomware
|
|
|
|
2022-03-04 16:56:27 |
Free HermeticRansom Ransomware Decryptor Released (lien direct) |
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
|
Ransomware
|
|
|
|
2022-03-03 17:18:44 |
Phishing Campaign Targeted Those Aiding Ukraine Refugees (lien direct) |
A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians.
|
|
|
|
|
2022-03-03 16:31:36 |
Russia Leaks Data From a Thousand Cuts–Podcast (lien direct) |
It's not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
|
Ransomware
|
|
|
|
2022-03-03 14:00:53 |
Securing Data With a Frenzied Remote Workforce–Podcast (lien direct) |
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
|
|
|
|
|
2022-03-02 22:50:09 |
TeaBot Trojan Haunts Google Play Store, Again (lien direct) |
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.
|
|
|
|
|
2022-03-02 18:14:49 |
Conti Ransomware Decryptor, TrickBot Source Code Leaked (lien direct) |
The decryptor spilled by ContiLeaks won't work with recent victims. Conti couldn't care less: It's still operating just fine. Still, the dump is a bouquet's worth of intel. |
Ransomware
|
|
|
|
2022-03-01 21:44:32 |
(Déjà vu) RCE Bugs in Hugely Popular VoIP Apps: Patch Now! (lien direct) |
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. |
|
|
|
|
2022-03-01 21:44:32 |
RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now! (lien direct) |
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. |
|
|
|
|
2022-03-01 17:55:46 |
Daxin Espionage Backdoor Ups the Ante on Chinese Malware (lien direct) |
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet. |
Malware
Tool
|
|
|
|
2022-03-01 16:55:47 |
Ukraine Hit with Novel \'FoxBlade\' Trojan Hours Before Invasion (lien direct) |
Microsoft detected cyberattacks launched against Ukraine hours before Russia's tanks and missiles began to pummel the country last week. |
|
|
|
|
2022-03-01 10:57:23 |
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting (lien direct) |
Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis. |
|
|
|
|
2022-02-28 21:00:32 |
Ukraine-Russia Cyber Warzone Splits Cyber Underground (lien direct) |
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides. |
Ransomware
|
|
|
|
2022-02-28 17:23:49 |
Toyota to Close Japan Plants After Suspected Cyberattack (lien direct) |
The plants will shut down on Tuesday, halting about a third of the company's global production. Toyota doesn't know how long the 14 plants will be unplugged.
|
|
|
|
|
2022-02-25 21:32:15 |
TrickBot Takes a Break, Leaving Researchers Scratching Their Heads (lien direct) |
The infamous trojan is likely making some major operational changes, researchers believe. |
|
|
|
|
2022-02-25 19:46:57 |
Microsoft Exchange Bugs Exploited by \'Cuba\' Ransomware Gang (lien direct) |
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks' favorites, ProxyShell and ProxyLogon – as initial infection vectors. |
Ransomware
|
|
|
|
2022-02-25 00:29:32 |
White House Denies Mulling Massive Cyberattacks Against Russia (lien direct) |
The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia's military operations in Ukraine. |
|
|
|