What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-07 18:28:00 | Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework (lien direct) | Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. "Not | Threat | ★★ | |
|
2023-02-07 15:51:00 | VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree (lien direct) | VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware | Ransomware Threat | ★ | |
|
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
|
2023-02-02 18:13:00 | New Russian-Backed Gamaredon\'s Spyware Variants Targeting Ukrainian Authorities (lien direct) | The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of | Threat | ★★ | |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-01 15:55:00 | Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards (lien direct) | The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its | Malware Threat | ★ | |
|
2023-01-31 16:09:00 | Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years (lien direct) | A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically | Malware Threat | ★★★ | |
|
2023-01-31 09:07:00 | GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom (lien direct) | GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, | Threat | ★★ | |
|
2023-01-30 16:56:00 | Titan Stealer: A New Golang-Based Information Stealer Malware Emerges (lien direct) | A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers | Malware Threat | ★★ | |
|
2023-01-29 11:17:00 | Gootkit Malware Continues to Evolve with New Components and Obfuscations (lien direct) | The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group." Gootkit, also called Gootloader, is spread through compromised websites that | Malware Threat | ★★ | |
|
2023-01-27 19:20:00 | Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (lien direct) | Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The | Malware Threat | ★★★ | |
|
2023-01-26 21:36:00 | Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation (lien direct) | Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News. "However, a | Threat | ★★★ | |
|
2023-01-26 20:04:00 | Researchers Uncover Connection b/w Moses Staff and Emerging Abraham\'s Ax Hacktivists Group (lien direct) | New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU) said | Threat | ★★ | |
|
2023-01-25 16:11:00 | North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks (lien direct) | A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as | Threat | ★★ | |
|
2023-01-25 13:13:00 | LastPass Parent Company GoTo Suffers Data Breach, Customers\' Backups Compromised (lien direct) | LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The | Threat | LastPass | ★★ |
|
2023-01-24 17:28:00 | FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber | Hack Threat Medical | APT 38 | ★★ |
|
2023-01-24 16:33:00 | Emotet Malware Makes a Comeback with New Evasion Techniques (lien direct) | The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via | Malware Threat | ★★★★ | |
|
2023-01-23 17:09:00 | SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric (lien direct) | The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access. The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures | Threat | ★★ | |
|
2023-01-23 15:24:00 | Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks (lien direct) | The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation | Threat | ★★ | |
|
2023-01-20 22:03:00 | Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers\' DNS Settings (lien direct) | Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea. | Malware Threat | ★★ | |
|
2023-01-20 12:29:00 | New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (lien direct) | A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were | Malware Vulnerability Threat | ★★ | |
|
2023-01-19 18:57:00 | Android Users Beware: New Hook Malware with RAT Capabilities Emerges (lien direct) | The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring | Malware Threat | ★★★ | |
|
2023-01-19 18:31:00 | New Research Delves into the World of Malicious LNK Files and Hackers Behind Them (lien direct) | Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and | Threat | ★★★★ | |
|
2023-01-19 11:03:00 | Mailchimp Suffers Another Security Breach Compromising Some Customers\' Information (lien direct) | Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee | Tool Threat | ★ | |
|
2023-01-18 22:54:00 | Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa (lien direct) | An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails, | Threat Prediction | ★★ | |
|
2023-01-18 16:35:00 | Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks (lien direct) | The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated | Malware Threat | ★★★ | |
|
2023-01-17 18:15:00 | Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware (lien direct) | New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port | Malware Threat | ★★★ | |
|
2023-01-17 12:06:00 | Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems (lien direct) | A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been | Malware Threat | ★★★ | |
|
2023-01-16 15:39:00 | New Backdoor Created Using Leaked CIA\'s Hive Malware Discovered in the Wild (lien direct) | Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it xdr33 based on its embedded Bot-side certificate CN=xdr33," | Malware Threat | ★★★★ | |
|
2023-01-14 14:11:00 | Malware Attack on CircleCI Engineer\'s Laptop Leads to Recent Security Incident (lien direct) | DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus | Malware Threat | ★★★ | |
|
2023-01-13 16:56:00 | Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar (lien direct) | Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher | Malware Threat | ★★★ | |
|
2023-01-12 20:16:00 | IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (lien direct) | A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in | Malware Threat | ★★ | |
|
2023-01-11 23:05:00 | New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (lien direct) | A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance, | Malware Threat | ★★ | |
|
2023-01-11 15:02:00 | Dark Pink APT Group Targets Governments and Military in APAC Region (lien direct) | Government and military organizations in the Asia Pacific region are being targeted by a previously unknown advanced persistent threat (APT) actor, per the latest research. Singapore-headquartered Group-IB, in a report shared with The Hacker News, said it's tracking the ongoing campaign under the name Dark Pink and attributed seven successful attacks to the adversarial collective between June | Threat | ★★★ | |
|
2023-01-10 22:10:00 | (Déjà vu) StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users (lien direct) | The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report. "The app is | Malware Threat | ★ | |
|
2023-01-10 19:29:00 | Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App (lien direct) | A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, | Threat | ★★ | |
|
2023-01-09 19:33:00 | Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL (lien direct) | The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week. Kinsing has a storied history of | Threat | Uber | ★★★ |
|
2023-01-09 18:27:00 | Why Do User Permissions Matter for SaaS Security? (lien direct) | Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp's customers' end users. Three months later, Mailchimp was hit with another attack. Once again, an | Threat | ★★★ | |
|
2023-01-06 23:12:00 | Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub (lien direct) | A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 | Threat | ★★★ | |
|
2023-01-06 19:45:00 | Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS (lien direct) | Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these | Ransomware Malware Threat | ★★★ | |
|
2023-01-05 20:25:00 | Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (lien direct) | A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the | Threat | APT-C-36 | ★★★ |
|
2023-01-04 15:54:00 | The FBI\'s Perspective on Ransomware (lien direct) | Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, | Ransomware Threat Medical | ★★★ | |
|
2022-12-28 15:46:00 | BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies (lien direct) | Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a " | Threat | ★★★ | |
|
2022-12-28 12:42:00 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (lien direct) | Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. | Malware Threat | ★ | |
|
2022-12-24 18:21:00 | W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names (lien direct) | Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum | Malware Threat | ★★★ | |
|
2022-12-23 16:44:00 | Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials (lien direct) | A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK files are used to initiate code execution which eventually downloads and runs a | Threat | ★★ | |
|
2022-12-22 18:43:00 | FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape (lien direct) | An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as Carbanak, | Ransomware Threat | ★★★ | |
|
2022-12-22 18:09:00 | The Era of Cyber Threat Intelligence Sharing (lien direct) | We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of | Threat | ★★★ | |
|
2022-12-22 15:09:00 | Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities (lien direct) | The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, | Threat | ★★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ |
To see everything:
Our RSS (filtrered)
