What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-30 02:53:43 | Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (lien direct) | Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via | Malware | ||
|
2022-07-29 21:20:43 | North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (lien direct) | A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name | Malware Threat | ||
|
2022-07-29 21:01:25 | CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center | |||
|
2022-07-29 06:25:15 | Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (lien direct) | A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been | Malware | ||
|
2022-07-29 03:49:50 | Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (lien direct) | Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the | Vulnerability Guideline | ||
|
2022-07-29 03:26:46 | Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network (lien direct) | The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a | |||
|
2022-07-29 00:00:11 | Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System (lien direct) | Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to | |||
|
2022-07-28 20:22:24 | Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation (lien direct) | A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain | Vulnerability | ||
|
2022-07-28 04:54:43 | Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default (lien direct) | With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its | ★★ | ||
|
2022-07-28 04:26:56 | Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits (lien direct) | A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the | |||
|
2022-07-28 04:11:03 | Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin (lien direct) | MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn't an easy balance to maintain. Customers | |||
|
2022-07-28 03:58:04 | How to Combat the Biggest Security Risks Posed by Machine Identities (lien direct) | The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity | ★★★ | ||
|
2022-07-27 23:09:54 | U.S. Offers $10 Million Reward for Information on North Korean Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or | Medical | APT 38 | |
|
2022-07-27 06:37:25 | These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware (lien direct) | As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous | Malware | ||
|
2022-07-27 04:00:30 | Taking the Risk-Based Approach to Vulnerability Patching (lien direct) | Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or | Vulnerability Threat Patching | ||
|
2022-07-27 03:28:48 | New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts (lien direct) | Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure | Malware Threat | ||
|
2022-07-27 00:17:05 | Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access (lien direct) | Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target | Threat | ||
|
2022-07-26 09:16:45 | Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware (lien direct) | Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, | Ransomware | ||
|
2022-07-26 09:01:13 | 4 Steps Financial Industry Can Take to Cope With Their Growing Attack Surface (lien direct) | The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile | |||
|
2022-07-26 05:13:54 | Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection (lien direct) | As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This | |||
|
2022-07-26 03:12:33 | Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers (lien direct) | FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty | |||
|
2022-07-26 00:18:41 | SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware (lien direct) | An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a | Malware | ||
|
2022-07-25 20:09:32 | Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores (lien direct) | Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is | Vulnerability | ||
|
2022-07-25 08:43:07 | Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 (lien direct) | Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 | Threat | ||
|
2022-07-25 07:05:54 | Experts Uncover New \'CosmicStrand\' UEFI Firmware Rootkit Used by Chinese Hackers (lien direct) | An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common | Threat | ||
|
2022-07-25 02:13:38 | Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants (lien direct) | Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch | |||
|
2022-07-25 01:52:13 | Racoon Stealer is Back - How to Protect Your Organization (lien direct) | The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of | Malware | ||
|
2022-07-24 21:49:27 | Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (lien direct) | The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming | Malware Threat | ||
|
2022-07-22 11:39:32 | SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products (lien direct) | Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in | Vulnerability | ||
|
2022-07-22 05:17:13 | Microsoft Resumes Blocking Office VBA Macros by Default After \'Temporary Pause\' (lien direct) | Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," the company said in an update on July | |||
|
2022-07-22 02:28:18 | An Easier Way to Keep Old Python Code Healthy and Secure (lien direct) | Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of | |||
|
2022-07-22 02:19:50 | Google Bringing the Android App Permissions Section Back to the Play Store (lien direct) | Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and | |||
|
2022-07-22 01:25:11 | Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy\'s Health (lien direct) | Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," | |||
|
2022-07-22 01:13:28 | Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists (lien direct) | The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed | Malware | ||
|
2022-07-21 06:23:20 | New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems (lien direct) | A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active | Malware | ||
|
2022-07-21 05:20:03 | Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms (lien direct) | The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade | Malware Threat | ||
|
2022-07-21 05:02:00 | Hackers Target Ukrainian Software Company Using GoMet Backdoor (lien direct) | A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be | |||
|
2022-07-21 05:01:54 | The New Weak Link in SaaS Security: Devices (lien direct) | Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so, | Threat | ||
|
2022-07-21 01:46:43 | Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability (lien direct) | Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username " | Vulnerability | ||
|
2022-07-21 01:25:01 | FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers (lien direct) | The U.S. Department of Justice (DoJ) has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. "The seized funds include ransoms paid by healthcare providers in Kansas and Colorado," the DoJ said in a press release issued Tuesday. The recovery of the bitcoin ransoms | Ransomware | ||
|
2022-07-21 01:23:57 | Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers (lien direct) | Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual | |||
|
2022-07-20 23:40:50 | Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities (lien direct) | Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is | |||
|
2022-07-20 21:58:18 | Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers (lien direct) | Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity. The most severe of the issues are CVE-2022-20857, CVE-2022-20858, | Vulnerability | ||
|
2022-07-20 06:41:04 | Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private (lien direct) | Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS (DoT), which was incorporated into the mobile operating system with Android 9.0. DoH3 is also an alternative to | |||
|
2022-07-20 05:00:44 | New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems (lien direct) | Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi | Ransomware Malware | ||
|
2022-07-20 04:44:31 | This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies (lien direct) | The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne | |||
|
2022-07-20 02:44:15 | Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of | Guideline | ||
|
2022-07-20 02:23:46 | Dealing With Alert Overload? There\'s a Guide For That (lien direct) | The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years. One of the biggest culprits? Alert overload. The average | |||
|
2022-07-19 22:58:36 | Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" (lien direct) | Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and | Malware Threat | ||
|
2022-07-19 21:03:48 | Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads (lien direct) | The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday | APT 29 |
To see everything:
