What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-18 15:41:00 | Chinese \'Spyder Loader\' Malware Spotted Targeting Organizations in Hong Kong (lien direct) | The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly | Malware Threat Guideline | APT 41 | |
|
2022-10-17 18:24:00 | Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4 (lien direct) | The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The | Ransomware Threat | ||
|
2022-10-17 15:50:00 | Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter (lien direct) | Don't let the ongoing “crypto winter” lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use | Threat | ||
|
2022-10-14 18:57:00 | (Déjà vu) New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos (lien direct) | Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all | Threat | ||
|
2022-10-14 15:31:00 | How To Build a Career as a Freelance Cybersecurity Analyst - From Scratch (lien direct) | With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide - and that number is still growing. The situation means that | Threat | ||
|
2022-10-13 17:30:00 | New Timing Attack Against NPM Registry API Could Expose Private Packages (lien direct) | A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them," | Threat | ||
|
2022-10-13 15:38:00 | Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization (lien direct) | An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other intrusions mounted over the past six months were directed against | Threat | APT 27 | |
|
2022-10-13 12:48:00 | Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers (lien direct) | A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity | Threat | ||
|
2022-10-11 16:58:00 | Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox (lien direct) | A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The | Threat | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-07 18:29:00 | LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data (lien direct) | Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with | Threat | ||
|
2022-10-07 12:22:00 | BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (lien direct) | In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical | Ransomware Threat | ||
|
2022-10-06 18:27:00 | Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals (lien direct) | The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding | Malware Threat | ||
|
2022-10-05 13:42:00 | Want More Secure Software? Start Recognizing Security-Skilled Developers (lien direct) | Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable “digital gold”. Attackers are constantly | Threat | ||
|
2022-10-03 20:05:00 | Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack (lien direct) | A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the | Malware Threat | ||
|
2022-10-03 18:26:00 | Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers (lien direct) | The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly | Ransomware Threat | ||
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-09-30 20:12:00 | New Malware Families Found Targeting VMware ESXi Hypervisors (lien direct) | Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access | Malware Threat | ||
|
2022-09-30 17:22:00 | Cyber Attacks Against Middle East Governments Hide Malware in Windows logo (lien direct) | An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 | Malware Threat | ||
|
2022-09-30 15:32:00 | North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks (lien direct) | A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is | Threat Medical | APT 38 | |
|
2022-09-29 19:45:00 | Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware (lien direct) | A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep | Malware Threat | ||
|
2022-09-29 15:42:00 | Swachh City Platform Suffers Data Breach Leaking 16 Million User Records (lien direct) | A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK | Data Breach Threat | ||
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-09-26 20:03:00 | Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (lien direct) | At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn | Threat | ||
|
2022-09-26 17:44:00 | Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor (lien direct) | A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan | Threat | ||
|
2022-09-23 18:55:00 | Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities (lien direct) | A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security | Threat | ||
|
2022-09-23 10:44:00 | Hackers Using Malicious OAuth Apps to Take Over Email Servers (lien direct) | Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain | Threat | ★★ | |
|
2022-09-22 22:33:00 | Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs (lien direct) | A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were | Threat | ||
|
2022-09-22 20:31:00 | Malicious NPM Package Caught Mimicking Material Tailwind CSS Package (lien direct) | A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The | Threat | ||
|
2022-09-21 16:24:00 | U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List (lien direct) | The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could | Threat | ||
|
2022-09-21 10:50:00 | Product Review: Stellar Cyber Open XDR Platform (lien direct) | Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. Stellar Cyber delivers an Open XDR solution that allows organizations to use | Threat | ||
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat | ||
|
2022-09-20 14:51:00 | Uber Blames LAPSUS$ Hacking Group for Recent Security Breach (lien direct) | Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based | Threat | Uber Uber | |
|
2022-09-19 18:12:00 | Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (lien direct) | The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, | Ransomware Malware Threat | ||
|
2022-09-19 17:30:00 | Microsoft Teams\' GIFShell Attack: What Is It and How You Can Protect Yourself from It (lien direct) | Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been | Threat | ||
|
2022-09-17 08:17:00 | Hackers Had Access to LastPass\'s Development Systems for Four Days (lien direct) | Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this | Threat | LastPass | |
|
2022-09-16 19:47:00 | Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services (lien direct) | Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The | Malware Threat | ||
|
2022-09-16 19:17:00 | North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application (lien direct) | A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034. "UNC4034 established communication with the victim over WhatsApp and lured them | Threat | ||
|
2022-09-16 19:09:00 | How to Use a UTM Solution & Win Time, Money and Resources (lien direct) | Unified threat management is thought to be a universal solution for many reasons. First of all, it is compatible with almost any hardware. As a business or an MSP, you don't have to bother with leasing or subleasing expensive equipment. There is no need to chase your clients to return your costly hardware. The all-in-one UTM solution will save you money and time & make work routine less | Threat | ||
|
2022-09-15 15:44:00 | Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks (lien direct) | A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report | Threat | ||
|
2022-09-14 15:40:00 | How to Do Malware Analysis? (lien direct) | According to the 2022 Malwarebytes Threat review, 40M Windows business computers' threats were detected in 2021. And malware analysis is necessary to combat and avoid this kind of attack. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis? Malware analysis is a process of studying a malicious | Malware Threat | ||
|
2022-09-14 14:21:00 | Researchers Detail OriginLogger RAT - Successor to Agent Tesla Malware (lien direct) | Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted | Malware Threat | ||
|
2022-09-13 14:55:00 | Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research (lien direct) | Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers | Threat | ||
|
2022-09-11 09:51:00 | Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents (lien direct) | A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps ( | Threat | APT 42 | |
|
2022-09-09 17:06:00 | U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers (lien direct) | More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and | Threat Medical | APT 38 | |
|
2022-09-08 11:08:00 | Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (lien direct) | Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and | Ransomware Threat Conference | APT 35 | |
|
2022-09-07 20:12:00 | Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks (lien direct) | Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat | Threat | ||
|
2022-09-06 15:27:00 | TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks (lien direct) | Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order | Malware Threat | ||
|
2022-09-06 12:17:00 | New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security (lien direct) | A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday | Threat |
To see everything:
Our RSS (filtrered)
