What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-22 22:36:32 | Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (lien direct) | QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an | Vulnerability | ||
|
2022-06-22 07:05:50 | Researchers Uncover Ways to Break the Encryption of \'MEGA\' Cloud Storage Service (lien direct) | A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a | |||
|
2022-06-22 04:51:03 | Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism | Vulnerability | APT 28 | |
|
2022-06-22 02:08:41 | Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign (lien direct) | A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code - "scanalytic[.]org" and "js.staticounter[.]net" - are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis | |||
|
2022-06-22 00:45:59 | Europol Busts Phishing Gang Responsible for Millions in Losses (lien direct) | Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and | |||
|
2022-06-21 21:41:58 | RIG Exploit Kit Now Infects Victims\' PCs With Dridex Instead of Raccoon Stealer (lien direct) | The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in | Malware | ||
|
2022-06-21 05:22:35 | New ToddyCat Hacker Group on Experts\' Radar After Targeting MS Exchange Servers (lien direct) | An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and | Threat | ||
|
2022-06-21 03:34:27 | Mitigate Ransomware in a Remote-First World (lien direct) | Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a | Ransomware Threat | ||
|
2022-06-21 03:25:51 | Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors (lien direct) | Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these | |||
|
2022-06-21 02:46:21 | Former Amazon Employee Found Guilty in 2019 Capital One Data Breach (lien direct) | A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected | Data Breach | ||
|
2022-06-21 00:02:12 | New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain (lien direct) | A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory | |||
|
2022-06-20 05:34:58 | Do You Have Ransomware Insurance? Look at the Fine Print (lien direct) | Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current | Ransomware | ||
|
2022-06-20 02:10:26 | Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild (lien direct) | A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to | Vulnerability | ||
|
2022-06-19 22:18:13 | BRATA Android Malware Gains Advanced Mobile Threat Capabilities (lien direct) | The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which | Malware Threat | ||
|
2022-06-17 22:40:11 | Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF (lien direct) | In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150 | |||
|
2022-06-17 22:29:36 | Over a Dozen Flaws Found in Siemens\' Industrial Network Management System (lien direct) | Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution | |||
|
2022-06-17 22:11:06 | Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices (lien direct) | The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things ( | |||
|
2022-06-17 20:11:14 | Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (lien direct) | A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner | Ransomware Vulnerability | ||
|
2022-06-17 06:22:49 | Reimagine Hybrid Work: Same CyberSec in Office and at Home (lien direct) | It was first the pandemic that changed the usual state of work - before, it was commuting, working in the office & coming home for most corporate employees. Then, when we had to adapt to the self-isolation rules, the work moved to home offices, which completely changed the workflow for many businesses.As the pandemic went down, we realized success never relied on where the work was done. Whether | |||
|
2022-06-17 06:12:54 | Researchers Uncover \'Hermit\' Android Spyware Used in Kazakhstan, Syria, and Italy (lien direct) | An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front | Cloud | APT 37 | |
|
2022-06-17 01:39:56 | Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity (lien direct) | A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks | Vulnerability Threat | ||
|
2022-06-17 01:10:39 | Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability (lien direct) | WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, | Vulnerability | ||
|
2022-06-16 05:38:18 | BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers (lien direct) | Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and | Ransomware | ||
|
2022-06-16 03:06:20 | Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning (lien direct) | For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the | Vulnerability | ||
|
2022-06-16 03:05:49 | A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage (lien direct) | A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable | Ransomware Malware | ||
|
2022-06-16 00:25:57 | High-Severity RCE Vulnerability Reported in Popular Fastjson Library (lien direct) | Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project maintainers in | Vulnerability | ||
|
2022-06-15 20:00:55 | MaliBot: A New Android Banking Trojan Spotted in the Wild (lien direct) | A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot. The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor | Malware | ||
|
2022-06-15 19:28:48 | Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication (lien direct) | Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper | Vulnerability | ||
|
2022-06-15 05:05:43 | Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers (lien direct) | A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed | Malware | ||
|
2022-06-15 01:46:41 | New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs (lien direct) | A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal | Vulnerability | ||
|
2022-06-15 01:46:03 | Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR (lien direct) | Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don't have the financial resources to recover if they | Threat | ||
|
2022-06-14 22:16:38 | Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (lien direct) | Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of | |||
|
2022-06-14 19:42:01 | Patch Tuesday: Microsoft Issues Fix for Actively Exploited \'Follina\' Vulnerability (lien direct) | Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. | Vulnerability | ||
|
2022-06-14 07:13:25 | New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials (lien direct) | A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal | Vulnerability | ||
|
2022-06-14 06:51:12 | What is the Essential Eight (And Why Non-Aussies Should Care) (lien direct) | In 2017, The Australian Cyber Security Center (ACSC) published a set of mitigation strategies that were designed to help organizations to protect themselves against cyber security incidents. These strategies, which became known as the Essential Eight, are designed specifically for use on Windows networks, although variations of these strategies are commonly applied to other platforms. What is | |||
|
2022-06-14 05:21:21 | Technical Details Released for \'SynLapse\' RCE Vulnerability Reported in Microsoft Azure (lien direct) | Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client | Vulnerability | ||
|
2022-06-14 01:30:24 | Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens (lien direct) | An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other | Threat | ||
|
2022-06-14 00:54:54 | New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets" (lien direct) | A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security | |||
|
2022-06-14 00:02:08 | Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware (lien direct) | Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont | Malware | ||
|
2022-06-13 05:53:14 | Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (lien direct) | A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be | Threat | ||
|
2022-06-13 05:26:13 | Chinese \'Gallium\' Hackers Using New PingPull Malware in Cyberespionage Attacks (lien direct) | A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, | Malware Threat | ||
|
2022-06-13 02:55:31 | Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses (lien direct) | Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May | |||
|
2022-06-13 02:49:51 | Quick and Simple: BPFDoor Explained (lien direct) | BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit | Malware Threat | ||
|
2022-06-13 00:55:14 | Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems (lien direct) | Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based | Ransomware | ||
|
2022-06-12 19:39:36 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks (lien direct) | The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " | Malware Tool Threat | ||
|
2022-06-11 00:31:56 | MIT Researchers Discover New Flaw in Apple M1 CPUs That Can\'t Be Patched (lien direct) | A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT | |||
|
2022-06-10 06:53:09 | Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones (lien direct) | A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer | |||
|
2022-06-10 01:10:55 | Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users (lien direct) | Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. "As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim | |||
|
2022-06-09 23:03:24 | Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier (lien direct) | As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security | |||
|
2022-06-09 08:39:22 | New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing (lien direct) | A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before |
To see everything:
Our RSS (filtrered)
