What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-20 02:03:20 | Experts Discover Backdoor Deployed on the U.S. Federal Agency\'s Network (lien direct) | A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "classic APT-type operation." "This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate | |||
|
2021-12-19 23:47:27 | Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store (lien direct) | A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message ("com.guo.smscolor.amessage"), | Malware | ||
|
2021-12-18 04:26:36 | New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability (lien direct) | Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," | Vulnerability | ||
|
2021-12-18 02:24:47 | Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability (lien direct) | The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch - version 2.17.0 - for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16.0, which | Tool Vulnerability | ||
|
2021-12-17 06:20:24 | Facebook Bans 7 \'Cyber Mercenary\' Companies for Spying on 50,000 Users (lien direct) | Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of | |||
|
2021-12-17 03:05:10 | New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (lien direct) | Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky | Malware | APT 38 | |
|
2021-12-17 02:08:46 | How to Prevent Customer Support Help Desk Fraud Using VPN and Other Tools (lien direct) | It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable scams and fraud. And that's just what it does. Right now, the world's on track to lose $10.5 trillion | |||
|
2021-12-16 23:19:24 | New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency (lien direct) | Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "enables the botnet to operate | |||
|
2021-12-16 05:08:56 | Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips (lien direct) | Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as | |||
|
2021-12-16 04:56:43 | The Guide to Automating Security Training for Lean Security Teams (lien direct) | Cyber threats used to be less threatening. While nobody wants their customers' credit card numbers stolen in a data breach, or to see a deranged manifesto plastered over their company website, such incidents can almost seem quaint compared to ransomware attacks that bring all of your critical information systems to a dead halt. The frequency of these attacks increased more than 150% in the U.S. | Ransomware | ||
|
2021-12-16 02:19:19 | New Fileless Malware Uses Windows Registry as Storage to Evade Detection (lien direct) | A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify | Malware | ||
|
2021-12-15 22:24:49 | Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (lien direct) | Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. "This vulnerability is actively being exploited and | Vulnerability Threat | ||
|
2021-12-15 08:58:17 | Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets (lien direct) | Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or service," said | |||
|
2021-12-15 06:31:34 | Cynet\'s MDR Offers Organizations Continuous Security Oversight (lien direct) | Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any | Threat | ||
|
2021-12-15 04:08:50 | Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials (lien direct) | Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes | |||
|
2021-12-14 23:14:45 | Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (lien direct) | Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to | Malware | ||
|
2021-12-14 21:53:07 | Second Log4j Vulnerability (CVE-2021-45046) Discovered - New Patch Released (lien direct) | The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations." The second vulnerability - tracked as CVE-2021-45046 - is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 | Vulnerability | ||
|
2021-12-14 03:09:49 | Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware (lien direct) | Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a .NET binary, from a | Ransomware Vulnerability | ||
|
2021-12-14 03:09:40 | How Extended Security Posture Management Optimizes Your Security Stack (lien direct) | As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in | |||
|
2021-12-13 23:56:11 | Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine (lien direct) | Europol, the European Union's premier law enforcement agency, has announced the arrest of a third Romanian national for his role as a ransomware affiliate suspected of hacking high-profile organizations and companies and stealing large volumes of sensitive data. The 41-year-old unnamed individual was apprehended Monday morning at his home in Craiova, Romania, by the Romanian Directorate for | Ransomware | ||
|
2021-12-13 22:10:28 | Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones (lien direct) | Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to | |||
|
2021-12-13 20:30:59 | Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild (lien direct) | Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102, the flaw relates to a use-after-free bug in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from | |||
|
2021-12-13 04:33:16 | Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group (lien direct) | A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021. The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture's | Threat | ||
|
2021-12-13 04:21:18 | Top 3 SaaS Security Threats for 2022 (lien direct) | With 2021 drawing to a close and many closing their plans and budgets for 2022, the time has come to do a brief wrap-up of the SaaS Security challenges on the horizon. Here are the top 3 SaaS security posture challenges as we see them. 1 - The Mess of Misconfiguration Management The good news is that more businesses than ever are using SaaS apps such as GitHub, Microsoft 365, Salesforce, Slack, | |||
|
2021-12-13 00:10:11 | Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan (lien direct) | Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize | Malware Threat | ||
|
2021-12-12 21:43:38 | Apache Log4j Vulnerability - Log4Shell - Widely Under Active Attack (lien direct) | Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo 360, disclosed | Vulnerability | ||
|
2021-12-10 20:18:19 | Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk (lien direct) | The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote | Vulnerability | ||
|
2021-12-10 06:25:41 | BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (lien direct) | Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also | Ransomware Malware | ||
|
2021-12-10 03:59:04 | 1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses (lien direct) | As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a | |||
|
2021-12-10 02:06:43 | Russia Blocks Tor Privacy Service in Latest Censorship Move (lien direct) | Russia has stepped up its censorship efforts in the country by fully banning access to the Tor web anonymity service, coinciding with the ban of six virtual private network (VPN) operators, as the government continues to control the internet and crackdown on attempts to circumvent locally imposed web restrictions. The Federal Service for Supervision of Communications, Information Technology and | |||
|
2021-12-09 03:40:04 | Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions) (lien direct) | It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks. So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of | |||
|
2021-12-09 03:15:55 | Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs (lien direct) | At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in | |||
|
2021-12-08 23:02:51 | Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers (lien direct) | At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and environment variables from users' computers as well as gain full control | |||
|
2021-12-08 21:18:35 | SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws (lien direct) | Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, | |||
|
2021-12-08 05:10:03 | Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers (lien direct) | Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the | Threat | ||
|
2021-12-08 03:00:26 | 140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead (lien direct) | The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India ( | Malware | ||
|
2021-12-08 02:55:50 | [eBook] Guide to Achieving 24x7 Threat Monitoring and Response for Lean IT Security Teams (lien direct) | If there is one thing the past few years have taught the world, it's that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it's also not entirely feasible for many. Attackers are better than ever at slipping in undetected, and threats are constantly evolving. Teams can't | Threat | ||
|
2021-12-07 22:33:02 | Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the | Malware Cloud | APT 37 | |
|
2021-12-07 04:06:56 | Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides (lien direct) | Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable | |||
|
2021-12-07 03:07:15 | SolarWinds Hackers Targeting Government and Business Entities Worldwide (lien direct) | Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are being tracked by Mandiant under two | Threat | ||
|
2021-12-07 00:14:47 | Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers (lien direct) | Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group it pursues as Nickel, and by the wider cybersecurity industry under the | APT 15 | ||
|
2021-12-06 21:21:01 | Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code (lien direct) | Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is | |||
|
2021-12-06 04:51:23 | Malicious KMSPico Windows Activator Stealing Users\' Cryptocurrency Wallets (lien direct) | Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing | Malware | ||
|
2021-12-06 04:22:29 | Vulnerability Scanning Frequency Best Practices (lien direct) | So you've decided to set up a vulnerability scanning programme, great. That's one of the best ways to avoid data breaches. How often you should run your scans, though, isn't such a simple question. The answers aren't the same for every type of organization or every type of system you're scanning. This guide will help you understand the questions you should be asking and help you come up with the | Vulnerability | ||
|
2021-12-06 01:52:59 | Hackers Steal $200 Million Worth of Cryptocurrency Tokens from Bitmart Exchange (lien direct) | Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that the wallets carried only a "small percentage | |||
|
2021-12-06 01:25:44 | 14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers (lien direct) | Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites in the | |||
|
2021-12-04 01:01:44 | Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats (lien direct) | Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the | |||
|
2021-12-03 21:09:04 | Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks (lien direct) | Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability | Vulnerability | ||
|
2021-12-03 05:54:05 | Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments (lien direct) | A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is | Threat | ||
|
2021-12-03 02:59:47 | New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions (lien direct) | A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. Cisco Talos |
To see everything:
Our RSS (filtrered)
