What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-30 02:09:19 | ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage (lien direct) | The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months.
Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.
Nearly every morning, the |
Data Breach | ||
|
2021-09-30 00:40:22 | (Déjà vu) New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack (lien direct) | Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools.
Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another |
Malware Threat | ||
|
2021-09-30 00:00:33 | Cybersecurity Firm Group-IB\'s CEO Arrested Over Treason Charges in Russia (lien direct) | Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28.
The Russian company, which is headquartered in Singapore, confirmed the development but noted the "reason for the search was not yet clear," adding "The decentralized infrastructure |
|||
|
2021-09-29 10:59:29 | Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps (lien direct) | Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale.
"[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the |
Tool | ||
|
2021-09-29 06:01:11 | Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users (lien direct) | A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge.
Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from |
|||
|
2021-09-29 05:17:37 | [eBook] Your First 90 Days as CISO - 9 Steps to Success (lien direct) | Chief Information Security Officers (CISOs) are an essential pillar of an organization's defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.
Fortunately. A new guide by XDR provider Cynet (download here) looks to |
|||
|
2021-09-29 03:21:12 | Hackers Targeting Brazil\'s PIX Payment System to Drain Users\' Bank Accounts (lien direct) | Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control.
"The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, |
|||
|
2021-09-29 02:06:23 | New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit (lien direct) | Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis.
Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux |
Malware | ||
|
2021-09-28 08:31:06 | Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns (lien direct) | Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that |
Vulnerability Threat | ||
|
2021-09-28 01:32:38 | New BloodyStealer Trojan Steals Gamers\' Epic Games and Steam Accounts (lien direct) | A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in |
Malware Tool Threat | ||
|
2021-09-27 23:15:52 | Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers (lien direct) | Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers.
The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked |
Malware Threat | ||
|
2021-09-27 06:35:19 | Russian Turla APT Group Deploying New Backdoor on Targeted Systems (lien direct) | State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.
Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. |
Malware Threat | ||
|
2021-09-27 04:47:41 | New Android Malware Steals Financial Data from 378 Banking and Wallet Apps (lien direct) | The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research.
"The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed |
Malware | ||
|
2021-09-27 04:21:35 | How Does DMARC Prevent Phishing? (lien direct) | DMARC is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This helps curb spam and phishing attacks, which are among the most prevalent cybercrimes of today. Gmail, Yahoo, and many other large email providers have implemented DMARC and praised its benefits in recent years.
If your company's domain name is |
Spam | Yahoo | |
|
2021-09-26 23:26:49 | A New Jupyter Malware Version is Being Distributed via MSI Installers (lien direct) | Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions.
The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "how threat actors |
Malware Threat | ||
|
2021-09-24 23:39:22 | Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability (lien direct) | Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild.
Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the |
Vulnerability | ||
|
2021-09-24 22:41:08 | SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices (lien direct) | Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely.
Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an |
Vulnerability | ||
|
2021-09-24 22:16:49 | A New APT Hacker Group Spying On Hotels and Governments Worldwide (lien direct) | A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms.
Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the |
Threat | ||
|
2021-09-24 06:15:14 | Apple\'s New iCloud Private Relay Service Leaks Users\' Real IP Addresses (lien direct) | A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system.
Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users' IP address |
|||
|
2021-09-24 05:49:39 | Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows (lien direct) | Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
"Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google |
Malware Threat | ||
|
2021-09-24 00:27:56 | Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software (lien direct) | Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices.
The list of three flaws is as follows -
CVE-2021-34770 (CVSS score: |
|||
|
2021-09-23 20:48:44 | Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days (lien direct) | Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users.
Chief among them is CVE-2021-30869, a type confusion flaw |
Tool | ||
|
2021-09-23 10:25:59 | Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials (lien direct) | An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide.
"This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP |
|||
|
2021-09-23 05:01:52 | A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit (lien direct) | Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.
"These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers |
|||
|
2021-09-23 04:16:28 | Why You Should Consider QEMU Live Patching (lien direct) | Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently.
But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the |
Patching | ||
|
2021-09-23 02:55:09 | New Android Malware Targeting US, Canadian Users with COVID-19 Lures (lien direct) | An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data.
Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot."
"The malware |
Malware | ||
|
2021-09-23 02:55:06 | Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers (lien direct) | More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase.
The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate |
|||
|
2021-09-22 05:25:22 | Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation (lien direct) | Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.
"With over 100 available phishing templates that mimic known brands and services, the |
|||
|
2021-09-22 03:41:14 | New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures (lien direct) | As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.
Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive |
Guideline | ||
|
2021-09-22 03:38:43 | How Cynet\'s Response Automation Helps Organizations Mitigate Cyber Threats (lien direct) | One of the determining factors of how much damage a cyber-attack cause is how fast organizations can respond to it. Time to response is critical for security teams, and it is a major hurdle for leaner teams.
To help improve this metric and enhance organizations' ability to respond to attacks quickly, many endpoint detection and response (EDR) and extended detection and response (XDR) vendors |
|||
|
2021-09-21 23:16:44 | US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs (lien direct) | The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies.
"Virtual currency exchanges such as |
Ransomware | ||
|
2021-09-21 21:18:29 | The Gap in Your Zero Trust Implementation (lien direct) | Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model.
A zero trust security model is based on the idea that no IT resource should be trusted |
|||
|
2021-09-21 20:34:56 | High-Severity RCE Flaw Disclosed in Several Netgear Router Models (lien direct) | Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.
Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models -
R6400v2 (fixed in firmware version 1.0.4.120)
R6700 |
Vulnerability | ||
|
2021-09-21 20:22:09 | VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server (lien direct) | VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system.
The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with |
Vulnerability | ||
|
2021-09-21 09:48:15 | Unpatched High-Severity Vulnerability Affects Apple macOS Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines.
"A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will |
Vulnerability | ||
|
2021-09-21 06:00:03 | Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug (lien direct) | Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.
The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a |
Ransomware Threat | ||
|
2021-09-21 03:08:05 | New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin (lien direct) | A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency.
"The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, |
Malware | ||
|
2021-09-21 01:30:33 | Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus? (lien direct) | 2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. The rise in volumes |
|||
|
2021-09-20 04:58:52 | Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters (lien direct) | Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year.
"The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such |
|||
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 | |
|
2021-09-19 22:35:42 | Google to Auto-Reset Unused Android App Permissions for Billions of Devices (lien direct) | Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above.
The expansion is expected to go live later this year in December 2021 and enabled on Android phones with Google Play services running Android 6.0 (API level 23) or higher, which the company said should cover " |
|||
|
2021-09-19 22:07:28 | Numando: A New Banking Trojan Targeting Latin American Users (lien direct) | A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro.
The threat actor |
Threat | ||
|
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-16 06:38:16 | Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects (lien direct) | Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
The issue - tracked as CVE-2021-41077 - concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the |
|||
|
2021-09-16 02:48:22 | Third Critical Bug Affects Netgear Smart Switches - Details and PoC Released (lien direct) | New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.
The flaw - dubbed "Seventh Inferno" (CVSS score: 9.8) - is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8) |
Vulnerability | ||
|
2021-09-16 00:19:46 | Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks (lien direct) | Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
"These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon |
|||
|
2021-09-16 00:03:09 | You Can Now Sign-in to Your Microsoft Accounts Without a Password (lien direct) | Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
The change is expected to be rolled out in the coming weeks.
"Except for auto-generated passwords that are nearly impossible to remember, we largely create our own |
|||
|
2021-09-15 11:36:41 | Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs (lien direct) | Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.
The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure |
|||
|
2021-09-15 04:03:55 | 3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company (lien direct) | The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company.
The trio in question - Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 - are accused of "knowingly and willfully combine, conspire, confederate, and |
To see everything:
Our RSS (filtrered)
