Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-03-29 03:32:16 |
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation (lien direct) |
Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks.
The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal |
Vulnerability
|
|
|
|
2022-03-29 03:16:31 |
New Malware Loader \'Verblecon\' Infects Hacked PCs with Cryptocurrency Miners (lien direct) |
An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens.
"The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," |
Malware
Threat
|
|
|
|
2022-03-29 03:07:06 |
Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation (lien direct) |
Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar.
Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits |
Malware
|
|
|
|
2022-03-29 01:39:20 |
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages (lien direct) |
A threat actor dubbed "RED-LILI" has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
"Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks," Israeli security company Checkmarx said. "As it seems this time, the attacker has fully-automated the process |
Threat
|
|
|
|
2022-03-29 00:50:41 |
New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack (lien direct) |
An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022.
In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page "intrusion timeline" allegedly prepared by Mandiant, the cybersecurity firm hired by |
Hack
|
|
|
|
2022-03-28 06:00:00 |
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware (lien direct) |
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
"The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with |
Malware
|
|
|
|
2022-03-28 05:10:47 |
Of Cybercriminals and IP Addresses (lien direct) |
You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target's machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are |
|
|
|
|
2022-03-28 02:14:38 |
\'Purple Fox\' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks (lien direct) |
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.
"Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on |
Malware
|
|
|
|
2022-03-27 23:59:18 |
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability (lien direct) |
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The |
Vulnerability
|
|
|
|
2022-03-26 00:30:54 |
FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List (lien direct) |
The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "unacceptable risk to the national security" of the country.
The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Also added alongside |
Threat
|
|
|
|
2022-03-26 00:14:18 |
Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (lien direct) |
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict.
"The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine |
Threat
|
|
|
|
2022-03-25 19:11:38 |
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (lien direct) |
Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.
Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.
Type confusion errors, |
Vulnerability
|
|
★★
|
|
2022-03-25 06:17:05 |
U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide (lien direct) |
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond.
"The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed |
|
|
|
|
2022-03-25 04:59:22 |
7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K. (lien direct) |
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.
The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based |
|
|
|
|
2022-03-25 02:31:40 |
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (lien direct) |
Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds.
"These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey," said Lukáš Štefanko |
|
|
|
|
2022-03-24 23:45:23 |
North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT and Media Firms (lien direct) |
Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.
The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations |
Threat
|
|
★★★★
|
|
2022-03-24 06:27:58 |
23-Year-Old Russian Hacker Wanted by FBI for Running Marketplace of Stolen Logins (lien direct) |
A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's (FBI) Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data.
Igor Dekhtyarchuk, who first appeared in hacker forums in 2013 under the alias "floraby," has |
|
|
|
|
2022-03-24 06:16:14 |
Chinese APT Hackers Targeting Betting Companies in Southeast Asia (lien direct) |
A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong.
Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately |
Malware
Threat
|
|
|
|
2022-03-24 06:06:05 |
How to Build a Custom Malware Analysis Sandbox (lien direct) |
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Why do you need a malware |
Malware
|
|
|
|
2022-03-24 01:45:01 |
Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England (lien direct) |
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the " |
|
|
|
|
2022-03-24 00:19:36 |
Over 200 Malicious NPM Packages Caught Targeting Azure Developers (lien direct) |
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information.
"After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts |
|
|
|
|
2022-03-23 20:38:05 |
VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control (lien direct) |
VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems.
Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system. |
Vulnerability
|
|
|
|
2022-03-23 04:59:47 |
Chinese \'Mustang Panda\' Hackers Spotted Deploying New \'Hodur\' Malware (lien direct) |
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021.
"Most |
Malware
Threat
|
|
|
|
2022-03-23 03:03:39 |
New Variant of Chinese Gimmick Malware Targeting macOS Users (lien direct) |
Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud |
Malware
Threat
|
|
|
|
2022-03-23 02:49:30 |
Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware (lien direct) |
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.
According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same |
Malware
|
|
|
|
2022-03-22 20:25:15 |
Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group (lien direct) |
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach.
"No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that |
Threat
|
|
|
|
2022-03-22 08:00:24 |
Lapsus$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta (lien direct) |
Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang.
The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel.
The leaked 37GB |
|
|
|
|
2022-03-22 06:04:47 |
Wazuh Offers XDR Functionality at a Price Enterprises Will Love - Free! (lien direct) |
Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response (XDR). It described a unified cybersecurity infrastructure that brought endpoint threat detection, network analysis and visibility (NAV), access management, and more under |
Threat
|
|
|
|
2022-03-22 05:51:14 |
U.S. Government Warns Companies of Potential Russian Cyberattacks (lien direct) |
The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.
"It's part of Russia's playbook," U.S. President Joe Biden said in a statement, citing "evolving intelligence that the Russian Government is exploring options."
The development |
|
|
|
|
2022-03-22 00:34:15 |
New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems (lien direct) |
Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI).
Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the |
Guideline
|
|
|
|
2022-03-21 05:26:42 |
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable (lien direct) |
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.
According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options |
|
|
|
|
2022-03-21 02:12:27 |
New Backdoor Targets French Entities via Open-Source Package Installer (lien direct) |
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems.
Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns |
Threat
|
|
|
|
2022-03-21 01:43:16 |
\'CryptoRom\' Crypto Scam Abusing iPhone Features to Target Mobile Users (lien direct) |
Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign "CryptoRom," characterized it as a wide-ranging global scam.
"This style of |
|
|
|
|
2022-03-21 00:15:57 |
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (lien direct) |
Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by |
Threat
|
|
|
|
2022-03-18 09:20:26 |
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (lien direct) |
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker |
Threat
|
|
|
|
2022-03-18 05:28:40 |
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (lien direct) |
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
While it's typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel |
Ransomware
|
|
|
|
2022-03-18 00:31:53 |
Google Uncovers \'Initial Access Broker\' Working with Conti Ransomware Gang (lien direct) |
Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of |
Ransomware
Threat
|
|
|
|
2022-03-17 21:52:58 |
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers (lien direct) |
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.
According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that |
Malware
|
|
|
|
2022-03-17 06:25:49 |
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion (lien direct) |
In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP |
|
|
|
|
2022-03-17 05:59:15 |
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (lien direct) |
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
"The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday.
"One worm |
Malware
|
|
|
|
2022-03-17 05:34:41 |
The Golden Hour of Incident Response (lien direct) |
As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident.
Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully |
|
|
|
|
2022-03-17 03:05:39 |
TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers (lien direct) |
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.
"By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds |
Malware
|
|
|
|
2022-03-17 01:46:43 |
Ukraine Secret Service Arrests Hacker Helping Russian Invaders (lien direct) |
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.
The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of |
|
|
|
|
2022-03-17 00:37:22 |
New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers (lien direct) |
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host.
"Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike |
Vulnerability
|
Uber
|
|
|
2022-03-16 07:18:21 |
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (lien direct) |
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits.
Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes."
|
|
|
|
|
2022-03-16 06:52:51 |
New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers (lien direct) |
The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw |
Guideline
|
|
|
|
2022-03-16 06:29:45 |
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.
"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [ |
Threat
|
|
★★★
|
|
2022-03-16 06:14:32 |
Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters (lien direct) |
Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
"By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it |
Vulnerability
Guideline
|
|
|
|
2022-03-16 01:54:40 |
Build Your 2022 Cybersecurity Plan With This Free PPT Template (lien direct) |
The end of the year is coming, and it's time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.
The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an |
|
|
|
|
2022-03-16 01:20:57 |
German Government Warns Against Using Russia\'s Kaspersky Antivirus Software (lien direct) |
Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security (BSI) against using the company's security solutions in the country over "doubts about the reliability of the manufacturer."
Calling that the decision was made on "political grounds," the company said it will "continue to assure our partners and customers of the |
|
|
|