What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-16 01:31:45 | Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector (lien direct) | The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) | Hack Threat Medical | APT 38 APT 28 | |
|
2022-04-15 21:38:40 | GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (lien direct) | Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM | |||
|
2022-04-15 04:52:18 | JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots (lien direct) | As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information," | |||
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-15 02:46:30 | As State-Backed Cyber Threats Grow, Here\'s How the World Is Reacting (lien direct) | With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware | Ransomware Malware | ||
|
2022-04-14 21:05:06 | Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software (lien direct) | Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the | Vulnerability | ||
|
2022-04-14 20:42:22 | Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure (lien direct) | Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. | |||
|
2022-04-14 20:25:43 | Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13 | Threat | ||
|
2022-04-14 06:17:09 | Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions (lien direct) | A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore | Threat | ||
|
2022-04-14 03:08:29 | New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt (lien direct) | A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet | Threat | ★★★★ | |
|
2022-04-14 00:02:45 | Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation (lien direct) | Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a | Malware | ||
|
2022-04-13 21:52:47 | U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (lien direct) | The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, compromise, and control | Malware | ||
|
2022-04-13 21:51:58 | Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild (lien direct) | A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The | Vulnerability Threat | ||
|
2022-04-13 07:35:00 | Webinar: How The Right XDR Can Be a Game-Changer for Lean Security Teams (lien direct) | Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it's even the right solution for their organization. But | |||
|
2022-04-13 06:07:21 | Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (lien direct) | The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks | Malware Threat | ||
|
2022-04-13 03:57:21 | Russian Hackers Tried Attacking Ukraine\'s Power Grid with Industroyer2 Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated | Malware | ||
|
2022-04-13 00:39:14 | FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin (lien direct) | An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the arrest of the forum's | |||
|
2022-04-12 20:22:09 | Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (lien direct) | Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws | |||
|
2022-04-12 19:50:33 | Cross-Regional Disaster Recovery with Elasticsearch (lien direct) | Unsurprisingly, here at Rewind, we've got a lot of data to protect (over 2 petabytes worth). One of the databases we use is called Elasticsearch (ES or Opensearch, as it is currently known in AWS). To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is essential when customers are looking for a particular file or item that they need to restore using | |||
|
2022-04-12 06:08:56 | Critical LFI Vulnerability Reported in Hashnode Blogging Platform (lien direct) | Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download | Vulnerability | ||
|
2022-04-12 03:35:27 | Finding Attack Paths in Cloud Environments (lien direct) | The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to match this new tantalizing target landscape. With threat actors' high reactivity and adaptability, it | Threat | ||
|
2022-04-12 03:26:44 | EU Officials Reportedly Targeted with Israeli Pegasus Spyware (lien direct) | Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the | |||
|
2022-04-12 02:19:14 | NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation (lien direct) | The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks said in an advisory | |||
|
2022-04-12 02:01:58 | Google Sues Scammer for Running \'Puppy Fraud Scheme\' Website (lien direct) | Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies - with alluring photos and fake customer testimonials - in order to take advantage of people during the | |||
|
2022-04-11 20:37:10 | Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (lien direct) | A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report | Malware | ||
|
2022-04-11 03:41:27 | Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild (lien direct) | Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz | |||
|
2022-04-10 22:19:20 | Microsoft\'s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date (lien direct) | Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior product marketing manager at Microsoft, in a post last week. "The second Tuesday of every month will be | |||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-08 09:59:55 | Chinese Hacker Groups Continue to Target Indian Power Grid Assets (lien direct) | China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been dubbed a "masterpiece | |||
|
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-08 02:49:42 | Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States (lien direct) | A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual's criminal work as a "high-level hacker" in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. | |||
|
2022-04-08 00:04:32 | Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine (lien direct) | Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable | APT 28 | ||
|
2022-04-07 23:51:59 | New Octo Banking Trojan Spreading via Fake Apps on Google Play Store (lien direct) | A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm | Malware | ||
|
2022-04-07 08:29:56 | First Malware Targeting AWS Lambda Serverless Platform Discovered (lien direct) | A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said | Malware | ||
|
2022-04-07 07:13:09 | Hamas-linked Hackers Targeting High-Ranking Israelis Using \'Catfish\' Lures (lien direct) | A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and | Threat | ||
|
2022-04-07 06:00:00 | Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 (lien direct) | During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on | |||
|
2022-04-07 04:33:24 | SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps (lien direct) | As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it | Malware | ||
|
2022-04-07 03:34:26 | Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (lien direct) | Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an | Malware | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Malware Threat | ★★★★ | |
|
2022-04-06 22:49:08 | VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products (lien direct) | VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager | |||
|
2022-04-06 06:34:17 | Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users (lien direct) | Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News. The copycat | |||
|
2022-04-06 02:01:34 | Block Admits Data Breach Involving Cash App Data Accessed by Former Employee (lien direct) | Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after | Data Breach | ||
|
2022-04-06 00:55:06 | U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace (lien direct) | The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal | |||
|
2022-04-05 08:05:03 | Battling Cybersecurity Risk: How to Start Somewhere, Right Now (lien direct) | Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of | |||
|
2022-04-05 07:50:30 | FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks (lien direct) | The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various | Ransomware | ||
|
2022-04-05 04:58:03 | Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin (lien direct) | Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace. "[543] Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. The agency attributed the shutdown of | |||
|
2022-04-05 03:19:49 | Is API Security on Your Radar? (lien direct) | With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate revenue by allowing customers access to the functionality of a website or computer | |||
|
2022-04-05 03:11:07 | Researchers Trace Widespread Espionage Attacks Back to Chinese \'Cicada\' Hackers (lien direct) | A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied | Threat | APT 10 | |
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-05 00:31:37 | CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring | Vulnerability | ★★★★★ |
To see everything:
Our RSS (filtrered)
