What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-02 14:28:13 | New COVID19 wiper overwrites MBR making computers unusable (lien direct) | A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall's security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the numerous attacks conducted by […] | Malware | ||
|
2020-04-02 13:16:29 | Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak (lien direct) | Crooks target Android users working from home due to the Coronavirus outbreak with a Trojanized version of the popular video messaging app Zoom. Security experts from Bitdefender have spotted tainted versions of the Android Zoom video-conferencing application that is targeting users working from home due to the Coronavirus outbreak. Researchers detected re-packaged Zoom mobile applications […] | |||
|
2020-04-02 07:39:08 | Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks (lien direct) | Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. Recently Microsoft has published details about human-operated ransomware attacks that targeted organizations in various industries. […] | Ransomware | ||
|
2020-04-01 20:34:24 | Zoom client for Windows could allow hackers to steal users\'Windows password (lien direct) | The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoom is an efficient […] | Vulnerability | ||
|
2020-04-01 15:49:15 | Vollgar botnet has managed to infect around 3k MSSQL DB servers daily (lien direct) | Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet, tracked as Vollgar botnet, that is targeting MSSQL databases since 2018. The botnet is used to launch brute-force attacks against MSSQL databases to take over servers and install Monero […] | |||
|
2020-04-01 11:38:56 | Experts published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows (lien direct) | Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation. Cybersecurity firms Kryptos […] | |||
|
2020-04-01 09:38:59 | New Raccoon Stealer uses Google Cloud Services to evade detection (lien direct) | Researchers found a piece of Raccoon Stealer that abuse of Google Cloud Services and leverages multiple delivery techniques. Racoon malware (aka Legion, Mohazo, and Racealer) is an info-stealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data from about […] | Malware Threat | ||
|
2020-04-01 08:00:10 | LimeRAT malware delivered using 8-year-old VelvetSweatshop trick (lien direct) | Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as an open-source project on Github, it […] | Malware Tool Threat | ||
|
2020-03-31 21:43:12 | A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges (lien direct) | A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […] | Vulnerability Threat | ||
|
2020-03-31 16:58:56 | Marriott discloses data breach impacting up to 5.2 Million guests (lien direct) | Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests. Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020. “At the end of February […] | Data Breach | ★★★★ | |
|
2020-03-31 15:08:25 | Holy Water targets religious figures and charities in Asia (lien direct) | Holy Water – An APT group compromised a server hosting Web pages belonging mainly to religious figures and charities to carry out watering hole attacks. On December 4, 2019, Kaspersky experts discovered a watering hole attack, tracked Holy Water, aimed at an Asian religious and ethnic group. The campaign has been active since at least […] | |||
|
2020-03-31 13:51:13 | 42 million records of Iranian users of unofficial Telegram fork leaked online (lien direct) | Security expert Bob Diachenko discovered that 42 million Iranian ‘Telegram’ user IDs and phone numbers have been leaked online. Comparitech along with the popular researcher Bob Diachenko discovered 42 million Iranian ‘Telegram’ user IDs and phone numbers online. The accounts belong to Iranian users, they are from a third-party version of the Telegram app. Telegram […] | |||
|
2020-03-31 11:20:03 | FBI warns of nation-state actors using the Kwampirs malware (lien direct) | For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored […] | Malware | ||
|
2020-03-31 07:56:37 | Microsoft Edge will warn users if their credentials have been compromised (lien direct) | Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data […] | |||
|
2020-03-30 20:19:28 | Crooks leverage Zoom\'s popularity in Coronavirus outbreak to serve malware (lien direct) | Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and […] | Malware | ||
|
2020-03-30 15:24:27 | Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak (lien direct) | The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, […] | Spam Malware | ||
|
2020-03-30 11:41:53 | (Déjà vu) Voter information for 4,934,863 Georgians leaked online (lien direct) | Voter information for 4,934,863 Georgians has been published on a hacker forum over the weekend. According to the data breach notification service Under the Breach, on Saturday a file containing voter information for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum. Georgia has 3.7 million citizens, but the voting […] | Data Breach | ||
|
2020-03-30 08:41:15 | Your colleague was infected with Coronavirus, this is the latest phishing lure (lien direct) | Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently […] | |||
|
2020-03-29 19:16:15 | (Déjà vu) Source code of Dharma ransomware now surfacing on public hacking forums (lien direct) | The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware, is up for sale on two Russian-language hacking forums. The Dharma ransomware first appeared on the threat landscape in February 2016, at the […] | Ransomware Threat | ||
|
2020-03-29 13:23:08 | (Déjà vu) Coronavirus-themed attacks March 22 – March 28, 2020 (lien direct) | In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 22 to March 28, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 23 – COVID19-themed […] | Threat | ★★★★★ | |
|
2020-03-29 12:53:04 | Security Affairs newsletter Round 257 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Coronavirus-themed attacks March 15 – March 21, 2020 Google addresses high severity bugs in Chrome Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records Security firm accidentally exposed an unprotected database with 5 Billion […] | |||
|
2020-03-29 12:08:18 | FIN7 hackers target enterprises with weaponized USB drives via USPS (lien direct) | The FIN7 APT group has been targeting businesses with malicious USB drives and Teddy Bears sent to the victims, the FBI warns. The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged […] | |||
|
2020-03-28 15:36:33 | Critical buffer overflow in CODESYS allows remote code execution (lien direct) | Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbitrary code. CODESYS […] | |||
|
2020-03-28 11:27:59 | Hackers target zero-day flaws in enterprise Draytek network devices (lien direct) | Experts from Qihoo 360’s NetLab recently spotted two zero-day campaigns targeting DrayTek enterprise-grade networking devices. Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. While Netlab360 has found about ~100,000 devices […] | |||
|
2020-03-28 08:14:51 | AMD admits hacker stole source code files related to its GPUs (lien direct) | AMD admitted that a hacker has stolen files related to some of its graphics products, but it downplayed the potential impact of the hack. AMD admitted that a hacker that goes online with the moniker “Palesa” has stolen source code files related to some of its graphics products, but it downplayed the potential impact of […] | |||
|
2020-03-27 17:52:47 | 0patch releases free unofficial patches for Windows 0days exploited in the wild (lien direct) | ACROS Security's 0patch service released unofficial patches for two Windows flaws actively exploited by attackers in the wild. ACROS Security's 0patch service released unofficial patches for two Windows vulnerabilities actively exploited by attackers in the wild, both issues have yet to be fixed by Microsoft. A few days ago, Microsoft warned of hackers actively exploiting […] | |||
|
2020-03-27 14:50:48 | Google issued 40,000 alerts of State-Sponsored attacks in 2019 (lien direct) | Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The number of alerts decreased by 25% […] | Malware | ||
|
2020-03-27 10:45:31 | A missing authorization check in WordPre WPvivid plugin that can lead to the exposure of the database and all files (lien direct) | Researchers warn of a security flaw recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. WebARX experts warn of a missing authorization check recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. “There is a missing […] | |||
|
2020-03-27 10:04:32 | New financially motivated attacks in Western Europe traced to Russian-speaking threat actors (lien direct) | Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected successful attacks in Western Europe carried out in late January 2020 traced to Russian-speaking threat actors. At least two companies operating in pharmaceutical and manufacturing sectors have […] | Threat | ||
|
2020-03-27 08:42:37 | (Déjà vu) Ryuk Ransomware operators continue to target hospitals during COVID19 outbreak (lien direct) | Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware […] | Ransomware Threat | ||
|
2020-03-26 22:02:05 | Operation Poisoned News: Hong Kong iOS users targeted with watering hole attacks (lien direct) | Operation Poisoned News – Experts observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to spy on them. Security experts at Trend Micro have observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as lightSpy. […] | |||
|
2020-03-26 16:11:55 | Stealing videos from VLC (lien direct) | An unauthenticated insecure direct object reference (IDOR) issue in VLC for iOS could allow a local attacker to steal media from the storage. VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP. […] | |||
|
2020-03-26 14:38:14 | (Déjà vu) Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware (lien direct) | The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware. Hackers compromiseD-Link and Linksys routers and change DNS settings to redirect […] | Malware | ||
|
2020-03-26 11:58:43 | FBI shuts down the Russian-based hacker platform DEER.IO (lien direct) | The FBI shuts down Deer.io, a Russian-based online platform that has been hosting hundreds of online shops where illegal products and services were being sold, The Department of Justice announced on Tuesday, that the Federal Bureau of Investigation has recently taken down the Russian-based online platform DEER.IO that is hosting various cybercrime products and services […] | |||
|
2020-03-26 09:08:42 | WordPress WP-VCD malware delivered via pirated Coronavirus plugins (lien direct) | Crooks behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites The malware was first spotted in July 2017 by the Italian security expert Manuel D'Orso who noticed that the malicious code was […] | Malware | ||
|
2020-03-25 22:17:01 | China-linked APT41 group exploits Citrix, Cisco, Zoho flaws (lien direct) | The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye, threat actor targeted many organizations worldwide the […] | Threat Guideline | APT 41 | |
|
2020-03-25 17:54:06 | Tupperware website has been compromised with a payment card skimmer (lien direct) | The Tupperware website, the popular manufactured of plastic food container products was infected with a payment card skimmer. Hackers have compromised the website of the popular vendor of plastic food container products Tupperware implanting a payment card skimmer used to steal customers’ payment card details. The official website has approximately 1 million monthly visits on average. […] | |||
|
2020-03-25 16:01:00 | Fake Coronavirus Finder spread Ginp Mobile Banker (lien direct) | Security experts have spotted a new COVID-themed campaign aimed at distributing the Ginp Mobile Banker with “Coronavirus Finder” lure. With the COVID19 outbreak, the number of Coronavirus-themed attacks is rapidly increasing. Kaspersky Lab experts have uncovered a malicious campaign that is spreading the Android banking trojan Ginp masquerade as a Coronavirus Finder. “Cybercriminals behind Ginp, […] | |||
|
2020-03-25 13:39:19 | Tor Browser 9.0.7 addresses a flaw that could allow unmasking Tor users (lien direct) | The Tor Project released Tor Browser 9.0.7 that definitively addresses a vulnerability that allowed to execute JavaScript code on sites it should not. The Tor Project released Tor Browser 9.0.7 that permanently addresses a severe bug that allowed JavaScript code to run on sites it should not. A couple of weeks ago, the Tor Project […] | Vulnerability | ||
|
2020-03-24 21:45:39 | WildPressure, a new APT group targets the Middle East\'s industrial sector (lien direct) | Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in the Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August […] | Malware Threat | ||
|
2020-03-24 16:25:45 | Adobe addressed a critical vulnerability in Adobe Creative Cloud App that allows deleting files (lien direct) | Adobe has addressed a critical vulnerability in its Creative Cloud desktop application that can be exploited by hackers to delete arbitrary files. Adobe has fixed a critical vulnerability in its Creative Cloud desktop application that can be exploited by attackers to delete arbitrary files. Creative Cloud is a collection of 20+ desktop and mobile apps […] | Vulnerability | ||
|
2020-03-24 14:46:51 | (Déjà vu) Fortune 500 tech giant General Electric (GE) discloses data breach after Canon hack (lien direct) | General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered […] | Data Breach Hack | ||
|
2020-03-24 11:08:07 | MalwareBazaar – welcome to the abuse-ch malware repository (lien direct) | Abuse.ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. Abuse.ch launched a malware repository, called MalwareBazaar, to allow experts to share known malware samples and related analysis. MalwareBazaar is available for free and only collects known malware samples, the repository will not include adware or […] | Malware | ||
|
2020-03-24 10:06:10 | (Déjà vu) New York Attorney General asks domain registrars to crack down on coronavirus scam sites (lien direct) | New York Attorney General asks domain registrars, including GoDaddy, and Namecheap, to crack down on coronavirus scam sites. The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. The New York Attorney General asks GoDaddy, Namecheap, Register.com, and Endurance International Group and other domain […] | Malware | ||
|
2020-03-23 23:23:50 | (Déjà vu) Microsoft warns of targeted attacks exploiting Windows zero-day flaws (lien direct) | Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows. The vulnerabilities affects the way Windows Adobe Type Manager Library […] | |||
|
2020-03-23 18:52:03 | The University of Utah Health discloses security breach (lien direct) | The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts. The University of Utah Health disclosed a security breach, the research hospital has discovered unauthorized access to some employee email accounts along with the presence of malware on its systems. […] | Malware | ||
|
2020-03-23 15:33:49 | Operation Pangea: Europol dismantles criminal gangs selling coronavirus medicine, surgical masks (lien direct) | Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care. The Coronavirus outbreak is sustaining an unprecedented demand in hygiene products, surgical masks, and drugs that could care the COVID infection. The Europol announced the result of an international operation, dubbed Operation Pangea, […] | Guideline | ||
|
2020-03-23 14:10:51 | Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware (lien direct) | MalwareHunterTeam experts have identified a new Coronavirus phishing campaign that aims at delivering the Netwalker Ransomware. The number of coronavirus-themed cyberattacks continues to increase, MalwareHunterTeam researchers uncovered a new campaign that is delivering the Netwalker Ransomware, aka Mailto. The researchers have analyzed an attachment, named “CORONAVIRUS_COVID-19.vbs,” used in a new Coronavirus phishing campaign that was designed to […] | Ransomware | ||
|
2020-03-23 11:45:45 | 538 Million Weibo users\' records being sold on Dark Web (lien direct) | Hackers are offering for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers. Data of 538 million Weibo users are available for sale on the dark web the news was reported by several Chinese media and users on social networks. 107 million records include personal data and […] | |||
|
2020-03-23 08:48:12 | Botnet operators target multiple zero-day flaws in LILIN DVRs (lien direct) | Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN- According to the Chinese security firm Qihoo 360’s Netlab team, operators of several botnets, including Chalubo, FBot, and Moobot, targeting LILIN DVRs at least since […] |
To see everything:
Our RSS (filtrered)
