What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-11 01:30:00 | Navigating The Threat Landscape 2021 – From Ransomware to Botnets (lien direct) | Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with | Ransomware Threat | ||
|
2021-11-11 00:00:26 | Iran\'s Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa (lien direct) | A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred | Threat | ★★★★★ | |
|
2021-11-09 00:44:10 | Robinhood Trading App Suffers Data Breach Exposing 7 Million Users\' Information (lien direct) | Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor.
The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users. |
Data Breach Threat | ||
|
2021-11-08 06:39:11 | Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit (lien direct) | At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution.
The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of |
Threat | ||
|
2021-11-08 06:10:37 | BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups (lien direct) | A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns.
BlackBerry's research and intelligence team dubbed the entity "Zebra2104," with the group responsible for offering a means of a digital approach to ransomware syndicates |
Ransomware Threat | ||
|
2021-11-08 05:12:48 | Critical Flaws in Philips TASY EMR Could Expose Patient Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive patient data from patient databases.
"Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from |
Threat | ||
|
2021-11-03 08:24:34 | BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released (lien direct) | An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period.
No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a |
Ransomware Threat | ||
|
2021-11-01 04:25:57 | New \'Trojan Source\' Technique Lets Hackers Hide Vulnerabilities in Source Code (lien direct) | A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.
Dubbed "Trojan Source attacks," the technique "exploits subtleties in text-encoding standards such as Unicode to produce source |
Malware Threat | ||
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-10-25 01:19:44 | Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware (lien direct) | Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully |
Ransomware Vulnerability Threat | ||
|
2021-10-23 09:25:31 | Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks (lien direct) | Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in |
Tool Threat | ||
|
2021-10-22 08:01:26 | \'Lone Wolf\' Hacker Group Targeting Afghanistan and India with Commodity RATs (lien direct) | A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints.
Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse |
Malware Threat | ||
|
2021-10-21 00:03:14 | Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts (lien direct) | Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting |
Threat | ||
|
2021-10-18 23:11:57 | Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia (lien direct) | A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.
Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka |
Malware Threat | ||
|
2021-10-18 01:21:01 | Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting (lien direct) | Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."
"From malign operations against local health providers that endanger patient care, to |
Ransomware Threat | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-14 09:30:34 | Google: We\'re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries (lien direct) | Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an |
Malware Threat | ||
|
2021-10-11 23:32:49 | Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms (lien direct) | An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East.
Microsoft is tracking the hacking crew under the |
Threat | ||
|
2021-10-11 07:20:37 | Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack (lien direct) | Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks.
Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot. There are many different types of social engineering |
Threat | ||
|
2021-10-11 02:21:02 | Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo (lien direct) | A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa.
Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team" (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also |
Threat | ||
|
2021-10-08 06:41:27 | Ransomware Group FIN12 Aggressively Going After Healthcare Targets (lien direct) | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Cybersecurity firm Mandiant attributed the intrusions to a |
Ransomware Threat | ||
|
2021-10-05 09:58:29 | Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (lien direct) | Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the |
Threat | ||
|
2021-10-04 05:48:16 | A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (lien direct) | A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.
Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang - referring to their |
Threat | ★★★★ | |
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat | ||
|
2021-10-01 00:21:43 | Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware (lien direct) | In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks |
Malware Threat | ||
|
2021-09-30 06:49:19 | New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
"This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's |
Vulnerability Threat | ||
|
2021-09-30 06:32:43 | Incentivizing Developers is the Key to Better Security Practices (lien direct) | Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow.
The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win |
Threat | ||
|
2021-09-30 00:40:22 | (Déjà vu) New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack (lien direct) | Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools.
Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another |
Malware Threat | ||
|
2021-09-28 08:31:06 | Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns (lien direct) | Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that |
Vulnerability Threat | ||
|
2021-09-28 01:32:38 | New BloodyStealer Trojan Steals Gamers\' Epic Games and Steam Accounts (lien direct) | A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in |
Malware Tool Threat | ||
|
2021-09-27 23:15:52 | Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers (lien direct) | Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers.
The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked |
Malware Threat | ||
|
2021-09-27 06:35:19 | Russian Turla APT Group Deploying New Backdoor on Targeted Systems (lien direct) | State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.
Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. |
Malware Threat | ||
|
2021-09-26 23:26:49 | A New Jupyter Malware Version is Being Distributed via MSI Installers (lien direct) | Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions.
The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "how threat actors |
Malware Threat | ||
|
2021-09-24 22:16:49 | A New APT Hacker Group Spying On Hotels and Governments Worldwide (lien direct) | A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms.
Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the |
Threat | ||
|
2021-09-24 05:49:39 | Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows (lien direct) | Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
"Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google |
Malware Threat | ||
|
2021-09-21 06:00:03 | Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug (lien direct) | Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.
The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a |
Ransomware Threat | ||
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 | |
|
2021-09-19 22:07:28 | Numando: A New Banking Trojan Targeting Latin American Users (lien direct) | A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro.
The threat actor |
Threat | ||
|
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-14 04:13:23 | HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to |
Threat | ||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-02 02:07:03 | Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks (lien direct) | The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing |
Malware Threat | ||
|
2021-09-01 08:50:52 | Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns (lien direct) | Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious |
Malware Threat | ||
|
2021-08-26 05:57:02 | The Increased Liability of Local In-home Propagation (lien direct) | Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home.
In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the |
Threat | ||
|
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-23 06:27:54 | Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems (lien direct) | Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top |
Hack Threat |
To see everything:
Our RSS (filtrered)
