What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-31 01:42:43 | Hackers are implanting multiple backdoors at industrial targets in Japan (lien direct) | Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan.
Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Cicada) using previously undocumented malware to deliver |
Malware | APT 10 APT 10 | |
|
2021-03-29 23:21:45 | MobiKwik Suffers Major Breach - KYC Data of 3.5 Million Users Exposed (lien direct) | Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS |
Data Breach | ||
|
2021-03-29 08:28:08 | Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks (lien direct) | As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service.
"Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition," the U.S. |
|||
|
2021-03-29 04:49:07 | New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems (lien direct) | Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws - tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS |
Threat | ||
|
2021-03-29 04:45:53 | How to Effectively Prevent Email Spoofing Attacks in 2021? (lien direct) | Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it was sent from a person or location other than the actual sender," it has plagued brands for decades. |
|||
|
2021-03-29 02:57:10 | PHP\'s Git Server Hacked to Insert Secret Backdoor to Its Source code (lien direct) | In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code.
The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the |
|||
|
2021-03-27 02:14:40 | Watch Out! That Android System Update May Contain A Powerful Spyware (lien direct) | Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls.
While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app |
Malware | ||
|
2021-03-26 23:57:43 | (Déjà vu) Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack (lien direct) | Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.
Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that |
Vulnerability | ||
|
2021-03-26 07:56:12 | OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities (lien direct) | The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.
Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL |
|||
|
2021-03-26 01:57:28 | New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks (lien direct) | New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network.
AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were |
|||
|
2021-03-25 22:07:54 | Another Critical RCE Flaw Discovered in SolarWinds Orion Platform (lien direct) | IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).
Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via |
Tool | ||
|
2021-03-25 05:05:29 | Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers (lien direct) | More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.
The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit |
Ransomware Malware | ||
|
2021-03-25 04:43:56 | Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI (lien direct) | When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment (ROI). If you have purchased or are thinking about purchasing a self-service password reset (SSPR) tool, one of the most important things you will need to do is make sure that 100% of users are registered |
|||
|
2021-03-25 02:58:36 | Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems (lien direct) | Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS.
Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a |
Hack | ||
|
2021-03-25 01:52:11 | Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad (lien direct) | Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices.
"They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, |
Hack | ||
|
2021-03-23 23:36:20 | Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers (lien direct) | Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities.
The ongoing campaign makes use of a "novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," according to |
Malware | ||
|
2021-03-23 04:24:24 | (Déjà vu) Critical Flaws Affecting GE\'s Universal Relay Pose Threat to Electric Utilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices.
"Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory |
Threat | ||
|
2021-03-22 22:47:01 | WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack (lien direct) | Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks.
Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an "improper input validation" issue in Qualcomm's Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests |
Vulnerability | ||
|
2021-03-22 07:52:54 | Popular Netops Remote Learning Software Found Vulnerable to Hacking (lien direct) | Cybersecurity researchers on Sunday disclosed several critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers.
"These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain full |
|||
|
2021-03-22 01:34:44 | Critical RCE Vulnerability Found in Apache OFBiz ERP Software-Patch Now (lien direct) | The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system.
Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an attack vector to permit |
Vulnerability | ||
|
2021-03-20 09:03:30 | Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online (lien direct) | Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks.
News of in the wild exploitation development comes on the heels of a proof-of-concept exploit code that |
|||
|
2021-03-19 04:34:08 | Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud (lien direct) | The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks-a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company.
A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday |
Ransomware Malware | ★★★ | |
|
2021-03-18 23:48:27 | New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps (lien direct) | A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings.
Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, thereby briefly exposing the contents to all meeting participants.
It's worth pointing out |
Vulnerability | ||
|
2021-03-18 09:08:15 | Critical RCE Flaw Reported in MyBB Forum Software-Patch Your Sites (lien direct) | A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account.
The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an |
|||
|
2021-03-18 06:03:41 | How to Successfully Pursue a Career in Malware Analysis (lien direct) | Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career.Did you know that new malware is released every seven seconds?
As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive. Once upon a time, a computer virus might cause |
Malware | ||
|
2021-03-18 03:19:16 | Why Cached Credentials Can Cause Account Lockouts and How to Stop it (lien direct) | When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked.
Another common cause, for example, is an application or script that is configured to log into the system using an old password. Perhaps the most easily |
|||
|
2021-03-18 02:06:08 | Google Reveals What Personal Data Chrome and It\'s Apps Collect On You (lien direct) | Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes.
"After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company |
|||
|
2021-03-17 23:59:55 | Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites (lien direct) | Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.
The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.
According to Wordfence |
Tool | ★★★★ | |
|
2021-03-17 04:20:39 | Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code (lien direct) | Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories.
"The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the |
Threat | ||
|
2021-03-17 04:09:14 | [Webinar] Oy Vey, We Hired a Large, Hairy Hacker… (lien direct) | It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover.
After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing platforms and tools to defend organizations, the other keeping them accountable and looking for blind |
|||
|
2021-03-17 02:25:20 | 18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter \'Bitcoin Scam\' Hack (lien direct) | A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence.
Graham Ivan Clark, 18, will also serve an additional three years on probation.
The development comes after the U.S. Department of Justice (DoJ) charged Mason Sheppard (aka |
Hack | ||
|
2021-03-17 01:33:24 | Apple May Start Delivering Security Patches Separately From Other OS Updates (lien direct) | Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems.
According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates.
The changes were first reported by the 9to5Mac website.
While Google's Android has had monthly security |
|||
|
2021-03-16 03:32:22 | New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild (lien direct) | Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems.
"Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 Threat |
Malware | ||
|
2021-03-15 23:06:51 | Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks (lien direct) | Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks.
Called Exchange On-premises Mitigation Tool (EOMT), the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using |
Tool | ||
|
2021-03-15 03:03:35 | Rising Demand for DDoS Protection Software Market By 2020-2028 (lien direct) | Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable.
Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions. Many |
★★ | ||
|
2021-03-15 02:39:15 | (Déjà vu) CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals (lien direct) | The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement.
Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been |
★★★★★ | ||
|
2021-03-13 00:25:57 | CompTIA Security Certification Prep - Lifetime Access for just $30 (lien direct) | At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it.
CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to choose from.
If you would like to scoop them all, The CompTIA Security Infrastructure Expert Bundle is |
|||
|
2021-03-12 19:16:30 | Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild (lien direct) | Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.
The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.
While the update contains a total of five security fixes, the most important flaw rectified by |
|||
|
2021-03-12 01:53:41 | Researchers Spotted Malware Written in Nim Programming Language (lien direct) | Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.
Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
"Malware developers may choose to use a rare programming language |
Malware Threat | ||
|
2021-03-12 00:43:28 | Hackers Are Targeting Microsoft Exchange Servers With Ransomware (lien direct) | It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
Now it appears that threat actors have caught up.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server |
Ransomware Threat | ||
|
2021-03-11 22:35:18 | New Browser Attack Allows Tracking Users Online With JavaScript Disabled (lien direct) | Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled.
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out |
|||
|
2021-03-11 07:04:03 | ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals.
"CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal |
|||
|
2021-03-11 06:28:12 | Fixing the Weakest Link - The Passwords - in Cybersecurity Today (lien direct) | Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations.
Many companies have used Microsoft's default password policies for decades. While these can be customized, businesses often accept the default values for their organization.
The Windows default password |
|||
|
2021-03-10 22:01:14 | Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform - Patch ASAP! (lien direct) | Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks.
The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and |
|||
|
2021-03-10 08:31:56 | Researchers Unveil New Linux Malware Linked to Chinese Hackers (lien direct) | Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, |
Malware Threat | APT 17 | |
|
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 21:43:00 | Microsoft Issues Security Patches for 82 Flaws - IE 0-Day Under Active Attacks (lien direct) | Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.
Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly |
|||
|
2021-03-09 03:13:45 | 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware (lien direct) | Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices.
"This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect |
Malware | ||
|
2021-03-09 02:42:07 | Cybersecurity Webinar - SolarWinds Sunburst: The Big Picture (lien direct) | The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020.
As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the long-term ramifications of this type of supply chain vulnerabilities continue to be actively |
Vulnerability | Solardwinds Solardwinds | |
|
2021-03-09 01:58:23 | SolarWinds Hack - New Evidence Suggests Potential Links to Chinese Hackers (lien direct) | A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second |
Hack Threat | ★★★★★ |
To see everything:
Our RSS (filtrered)
