What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-04 01:01:31 | Russian Gamaredon Hackers Targeted \'Western Government Entity\' in Ukraine (lien direct) | The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of | Threat | ||
|
2022-02-04 00:34:02 | Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation (lien direct) | Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful | Vulnerability | ||
|
2022-02-03 22:25:09 | CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could | |||
|
2022-02-03 21:51:28 | Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (lien direct) | A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the | Vulnerability Threat | ||
|
2022-02-03 06:05:29 | Critical Flaws Discovered in Cisco Small Business RV Series Routers (lien direct) | Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest | |||
|
2022-02-03 02:49:41 | New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software (lien direct) | An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to | Malware Threat | ||
|
2022-02-03 02:19:10 | How SSPM Simplifies Your SOC2 SaaS Security Posture Audit (lien direct) | An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask | |||
|
2022-02-03 01:24:44 | New Variant of UpdateAgent Malware Infects Mac Computers with Adware (lien direct) | Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones | Malware Threat | ||
|
2022-02-03 00:14:56 | New Wave of Cyber Attacks Target Palestine with Political Bait and Malware (lien direct) | Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based | Malware | APT-C-23 | |
|
2022-02-02 04:09:19 | New Malware Used by SolarWinds Attackers Went Undetected for Years (lien direct) | The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted | Malware Threat | ||
|
2022-02-02 03:36:43 | Cynet\'s Keys to Extend Threat Visibility (lien direct) | We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 | Data Breach Threat | ||
|
2022-02-01 23:04:42 | Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors (lien direct) | As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface (UEFI) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly, | |||
|
2022-02-01 22:16:39 | Hacker Group \'Moses Staff\' Using New StrifeWater RAT in Ransomware Attacks (lien direct) | A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff | Ransomware | ||
|
2022-02-01 21:24:29 | Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations (lien direct) | A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows | Vulnerability | ||
|
2022-02-01 05:30:16 | Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems (lien direct) | In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted | Malware Threat | ||
|
2022-02-01 02:28:30 | Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks (lien direct) | An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's | Malware Threat Conference | APT 35 APT 35 | |
|
2022-02-01 01:11:07 | Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (lien direct) | Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013. In November 2021, | |||
|
2022-01-31 23:48:02 | Reasons Why Every Business is a Target of DDoS Attacks (lien direct) | DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were | |||
|
2022-01-31 23:13:54 | Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users (lien direct) | Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat (APT) group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target's enterprise," | Malware Threat | ||
|
2022-01-31 21:38:28 | New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks (lien direct) | A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. Cybersecurity firm Immersive Labs, in a technical write-up detailing the findings, said that 42Gears released a series of updates between November 2021 and January 2022 to close out | |||
|
2022-01-31 20:56:38 | Behind The Buzzword: Four Ways to Assess Your Zero Trust Security Posture (lien direct) | With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based | |||
|
2022-01-31 20:16:00 | New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root (lien direct) | Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "vfs_fruit" | Vulnerability | ||
|
2022-01-31 07:38:14 | Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web (lien direct) | Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to track users across the web persistently. Dubbed DrawnApart, the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper," adding " variations in speed among the multiple | |||
|
2022-01-31 01:00:09 | German Court Rules Websites Embedding Google Fonts Violates GDPR (lien direct) | A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the | |||
|
2022-01-30 22:45:11 | Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication (lien direct) | A group of academics at South Korea's Gwangju Institute of Science and Technology (GIST) have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "practically unbreachable." "The first natural physical unclonable function (PUF) […] takes advantage of the diffraction of light through natural microholes in native | |||
|
2022-01-30 22:07:04 | Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam (lien direct) | Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of | Hack | ||
|
2022-01-30 21:15:55 | DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering (lien direct) | An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He pleaded guilty to money laundering | Guideline | ||
|
2022-01-28 03:10:59 | Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing (lien direct) | Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take | Spam | ||
|
2022-01-28 02:48:25 | How Wazuh Can Improve Digital Security for Businesses (lien direct) | 2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh. Wazuh is a free and open source | Ransomware | ||
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2022-01-28 01:00:56 | North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (lien direct) | A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection | Malware | ||
|
2022-01-27 21:20:36 | Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers (lien direct) | Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 | |||
|
2022-01-27 20:58:02 | QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices (lien direct) | Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest | Ransomware | ||
|
2022-01-27 04:50:56 | Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (lien direct) | There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer | |||
|
2022-01-27 04:37:34 | Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions (lien direct) | A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest | Malware | ||
|
2022-01-27 02:15:12 | Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices (lien direct) | Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " | Malware | ||
|
2022-01-26 22:59:24 | Hackers Using New Evasive Technique to Deliver AsyncRAT Malware (lien direct) | A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted | Malware Threat | ||
|
2022-01-26 21:05:03 | Apple Releases iOS and iPadOS Updates to Patch Actively Exploited 0-Day Vulnerability (lien direct) | Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to | Vulnerability | ||
|
2022-01-26 05:40:48 | Webinar: How to See More, But Respond Less with Enhanced Threat Visibility (lien direct) | The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets | Threat | ||
|
2022-01-26 05:33:05 | Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers (lien direct) | An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a | Vulnerability | ||
|
2022-01-25 23:55:13 | Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads (lien direct) | Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of | |||
|
2022-01-25 21:39:33 | 12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access (lien direct) | A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's | Vulnerability | ||
|
2022-01-25 06:04:56 | Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets (lien direct) | Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix, | ★★★★★ | ||
|
2022-01-25 05:42:03 | TrickBot Malware Using New Techniques to Evade Web Injection Attacks (lien direct) | The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these | Malware | ★★★★★ | |
|
2022-01-25 04:32:25 | Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (lien direct) | A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar | Malware | ★★★★ | |
|
2022-01-25 03:51:50 | Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities (lien direct) | The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in | Malware | ★★★★★ | |
|
2022-01-24 22:47:00 | Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection (lien direct) | A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint | Malware | ||
|
2022-01-24 06:52:03 | ZTNAs Address Requirements VPNs Cannot. Here\'s Why. (lien direct) | I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, | |||
|
2022-01-24 03:09:03 | Hackers Creating Fraudulent Crypto Tokens as Part of \'Rug Pull\' Scams (lien direct) | Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the | |||
|
2022-01-23 23:10:39 | Emotet Now Using Unconventional IP Address Formats to Evade Detection (lien direct) | Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted | Malware |
To see everything:
Our RSS (filtrered)
