What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-04 06:24:50 | Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism (lien direct) | Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that "user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group." Prominent among the groups are anti-Russian cyber | |||
|
2022-03-03 22:31:31 | New Security Vulnerability Affects Thousands of GitLab Instances (lien direct) | Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions | Vulnerability | ||
|
2022-03-03 22:06:40 | Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks (lien direct) | As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure. Some of the noticeable domains in the listing released by Russia's National Coordination Center for Computer | |||
|
2022-03-03 05:54:21 | Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption (lien direct) | A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it | |||
|
2022-03-03 05:33:04 | Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products (lien direct) | Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a | |||
|
2022-03-03 05:17:42 | How to Automate Offboarding to Keep Your Company Safe (lien direct) | In the midst of 'The Great Resignation,' the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. When employee counts range into the five-figure territory - and entire networks of contractors have to be | |||
|
2022-03-03 02:21:52 | Hackers Who Broke Into NVIDIA\'s Network Leak DLSS Source Code Online (lien direct) | American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the | Ransomware | ||
|
2022-03-03 01:04:40 | Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities (lien direct) | An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or | |||
|
2022-03-03 00:37:32 | U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security (lien direct) | The U.S. Senate unanimously passed the "Strengthening American Cybersecurity Act" on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), | |||
|
2022-03-02 06:47:24 | Hackers Try to Hack European Officials to Get Info on Ukrainian Refugees, Supplies (lien direct) | Details of a new nation-state sponsored phishing campaign has been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks "Asylum | Hack | ||
|
2022-03-02 02:38:44 | Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (lien direct) | Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS | |||
|
2022-03-02 02:29:17 | LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022 (lien direct) | With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and | Ransomware | ||
|
2022-03-01 23:10:38 | Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack (lien direct) | As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. The weaknesses were identified and reported by JFrog's Security Research team, following which the project maintainers released | |||
|
2022-03-01 22:41:59 | Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (lien direct) | Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues | Vulnerability | ||
|
2022-03-01 22:20:17 | TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps (lien direct) | An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and | Malware | ||
|
2022-03-01 08:46:53 | Second New \'IsaacWiper\' Data Wiper Targets Ukraine After Russian Invasion (lien direct) | A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper | Malware | ||
|
2022-03-01 06:12:12 | Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99 (lien direct) | It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One 2022 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects | |||
|
2022-03-01 06:03:02 | Conti Ransomware Gang\'s Internal Chats Leaked Online After Siding With Russia (lien direct) | Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated | Ransomware Malware | ||
|
2022-03-01 05:22:15 | Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (lien direct) | Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [ | Malware | ||
|
2022-03-01 01:18:08 | Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (lien direct) | Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new | Malware Threat | ||
|
2022-03-01 00:01:03 | China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (lien direct) | A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a | Malware Tool Threat | ||
|
2022-02-28 20:37:57 | CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra | Vulnerability | ||
|
2022-02-28 06:34:49 | 100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature (lien direct) | A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, | |||
|
2022-02-28 03:35:52 | CISA Warns of High-Severity Flaws in Schneider and GE Digital\'s SCADA Software (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to | |||
|
2022-02-28 03:10:56 | Reborn of Emotet: New Features of the Botnet and How to Detect it (lien direct) | One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues | Malware | ||
|
2022-02-28 02:01:25 | Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures (lien direct) | Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive | |||
|
2022-02-27 22:52:31 | Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (lien direct) | An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313, which it assesses with "moderate | Malware Threat | ||
|
2022-02-26 02:19:53 | Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (lien direct) | A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent | Malware | ||
|
2022-02-25 23:39:31 | Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (lien direct) | Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related | Malware | ||
|
2022-02-25 09:21:07 | New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors (lien direct) | Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the | Malware | ||
|
2022-02-25 06:08:03 | Iran\'s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks (lien direct) | Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies | Malware Threat | ||
|
2022-02-25 00:33:47 | Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks (lien direct) | The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center said that the "attacks can be aimed at disrupting | |||
|
2022-02-25 00:03:14 | Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure (lien direct) | The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's | Malware | ||
|
2022-02-24 21:06:48 | New Flaws Discovered in Cisco\'s Network Operating System for Switches (lien direct) | Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of | |||
|
2022-02-24 05:28:40 | TrickBot Gang Likely Shifting Operations to Switch to New Malware (lien direct) | TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators | Malware Threat | ||
|
2022-02-24 05:27:27 | From Pet Systems to Cattle Farm - What Happened to the Data Center? (lien direct) | There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass | |||
|
2022-02-24 04:34:53 | Warning - Deadbolt Ransomware Targeting ASUSTOR NAS Devices (lien direct) | ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to "fix related security issues." The company is also urging users to take the following actions to keep data secure – | Ransomware | ||
|
2022-02-24 04:16:53 | CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, | |||
|
2022-02-24 03:57:49 | US, UK Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices (lien direct) | Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) | Malware | VPNFilter VPNFilter | |
|
2022-02-23 21:28:39 | New Wiper Malware Targeting Ukraine Amid Russia\'s Military Operation (lien direct) | Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper" (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that | Malware | ||
|
2022-02-23 05:01:46 | Dridex Malware Deploying Entropy Ransomware on Hacked Computers (lien direct) | Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), | Ransomware Malware | ||
|
2022-02-23 00:39:07 | Chinese Experts Uncover Details of Equation Group\'s Bvp47 Covert Hacking Tool (lien direct) | Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed "Bvp47" owing to numerous references to the string "Bvp" and the numerical value "0x47" used in the encryption algorithm, the | Tool Threat | ||
|
2022-02-22 23:06:23 | 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software (lien direct) | Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further | Vulnerability | ||
|
2022-02-22 22:30:13 | 25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository (lien direct) | Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, | |||
|
2022-02-22 06:43:05 | Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace (lien direct) | Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs, short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from | |||
|
2022-02-22 00:11:01 | Chinese Hackers Target Taiwan\'s Financial Trading Sector with Supply Chain Attack (lien direct) | An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10, also known as Stone Panda, the MenuPass group, and Bronze Riverside, | Threat | APT 10 APT 10 | |
|
2022-02-21 23:22:21 | Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike (lien direct) | Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean | Tool Vulnerability Threat | ||
|
2022-02-21 08:04:55 | New Android Banking Trojan Spreading via Google Play Store Targets Europeans (lien direct) | A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the | Malware | ||
|
2022-02-21 06:49:54 | Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware (lien direct) | An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt | Malware | ||
|
2022-02-21 05:54:18 | A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022 (lien direct) | For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately - the bad guys have the upper hand at the moment. Part of the reason for that is the fallout from the rapid | Threat |
To see everything:
Our RSS (filtrered)
