Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-10-19 08:00:00 |
New Karma ransomware group likely a Nemty rebrand (lien direct) |
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...] |
Threat
Ransomware
|
|
|
|
2021-10-19 05:12:07 |
(Déjà vu) Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability (lien direct) |
Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments. [...] |
Threat
Vulnerability
|
|
|
|
2021-10-19 05:12:07 |
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code (lien direct) |
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments. [...] |
Threat
Vulnerability
|
|
|
|
2021-10-14 06:00:00 |
New Yanluowang ransomware used in targeted enterprise attacks (lien direct) |
A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered. [...] |
Threat
Ransomware
|
|
|
|
2021-10-11 11:52:27 |
Microsoft: Iran-linked hackers target US defense tech companies (lien direct) |
Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks. [...] |
Threat
|
|
|
|
2021-10-10 13:16:30 |
FontOnLake malware infects Linux systems via trojanized utilities (lien direct) |
A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components. [...] |
Threat
Malware
|
|
|
|
2021-10-07 19:38:57 |
Google warns 14,000 Gmail users targeted by Russian hackers (lien direct) |
Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. [...] |
Threat
|
APT 28
|
|
|
2021-10-06 15:42:54 |
Hackers use stealthy ShellClient malware on aerospace, telco firms (lien direct) |
Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018. [...] |
Threat
Malware
|
|
|
|
2021-10-01 10:32:26 |
Hackers rob thousands of Coinbase customers using MFA flaw (lien direct) |
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [...] |
Threat
Vulnerability
|
|
|
|
2021-09-30 15:32:05 |
Fake Amnesty International Pegasus scanner used to infect Windows (lien direct) |
Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent. [...] |
Threat
Tool
|
|
|
|
2021-09-30 12:38:43 |
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data (lien direct) |
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom. [...] |
Threat
Ransomware
|
|
|
|
2021-09-29 14:17:43 |
CISA releases tool to help orgs fend off insider threat risks (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [...] |
Threat
Tool
Vulnerability
|
|
|
|
2021-09-29 13:47:24 |
Trucking giant Forward Air reports ransomware data breach (lien direct) |
Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. [...] |
Threat
Ransomware
Data Breach
|
|
|
|
2021-09-28 07:03:15 |
Working exploit released for VMware vCenter CVE-2021-22005 bug (lien direct) |
A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. [...] |
Threat
Vulnerability
|
|
★★★
|
|
2021-09-27 11:22:58 |
New malware steals Steam, Epic Games Store, and EA Origin accounts (lien direct) |
A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. [...] |
Threat
Malware
|
|
|
|
2021-09-25 10:00:00 |
Bitcoin.org hackers steal $17,000 in \'double your cash\' scam (lien direct) |
This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...] |
Threat
Hack
|
|
|
|
2021-09-22 17:44:24 |
Hackers are scanning for VMware CVE-2021-22005 targets, patch now! (lien direct) |
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...] |
Threat
Guideline
Vulnerability
|
|
|
|
2021-09-22 08:05:54 |
RaidForums data marketplace accidentally exposes private staff page (lien direct) |
Underground marketplace and hacker forum, Raidforums, recently exposed internal pages from its website, meant for staff members only. Raidforums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. [...] |
Threat
|
|
★★★★★
|
|
2021-09-20 16:15:36 |
Hacked sites push TeamViewer using fake expired certificate alert (lien direct) |
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. [...] |
Threat
|
|
|
|
2021-09-20 11:39:25 |
VoIP.ms phone services disrupted by DDoS extortion attack (lien direct) |
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. [...] |
Threat
|
|
|
|
2021-09-17 11:23:14 |
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners (lien direct) |
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...] |
Threat
|
|
|
|
2021-09-16 14:11:42 |
FBI and CISA warn of state hackers exploiting critical Zoho bug (lien direct) |
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. [...] |
Threat
|
|
|
|
2021-09-16 11:16:15 |
Microsoft: Windows MSHTML bug now exploited by ransomware gangs (lien direct) |
Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. [...] |
Threat
Ransomware
|
|
|
|
2021-09-14 07:00:00 |
Millions of HP OMEN gaming PCs impacted by driver vulnerability (lien direct) |
Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. [...] |
Threat
Vulnerability
|
|
|
|
2021-09-13 10:00:00 |
Hacker-made Linux Cobalt Strike beacon used in ongoing attacks (lien direct) |
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. [...] |
Threat
|
|
|
|
2021-09-12 13:07:46 |
Windows MSHTML zero-day exploits shared on hacking forums (lien direct) |
Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. [...] |
Threat
Vulnerability
|
|
|
|
2021-09-09 16:37:28 |
Windows MSHTML zero-day defenses bypassed as new info emerges (lien direct) |
New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks. [...] |
Threat
|
|
|
|
2021-09-08 15:03:32 |
Hackers leak passwords for 500,000 Fortinet VPN accounts (lien direct) |
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. [...] |
Threat
|
|
|
|
2021-09-06 06:00:00 |
Ransomware gangs target companies using these criteria (lien direct) |
Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [...] |
Threat
Ransomware
|
|
|
|
2021-09-04 12:35:55 |
Watch out for new malware campaign\'s \'Windows 11 Alpha\' attachment (lien direct) |
Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents. [...] |
Threat
Malware
|
|
|
|
2021-09-03 16:17:10 |
The Week in Ransomware - September 3rd 2021 - Targeting Exchange (lien direct) |
Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [...] |
Threat
Ransomware
|
|
|
|
2021-09-03 11:22:01 |
Babuk ransomware\'s full source code leaked on hacker forum (lien direct) |
A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. [...] |
Threat
Ransomware
|
|
|
|
2021-08-24 09:23:35 |
New zero-click iPhone exploit used to deploy NSO spyware (lien direct) |
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [...] |
Threat
|
|
|
|
2021-08-23 18:17:49 |
FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 (lien direct) |
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. [...] |
Threat
Ransomware
|
|
|
|
2021-08-20 15:07:51 |
LockFile ransomware uses PetitPotam attack to hijack Windows domains (lien direct) |
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...] |
Threat
Ransomware
|
|
|
|
2021-08-20 09:43:40 |
AT&T denies data breach after hacker auctions 70 million user database (lien direct) |
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [...] |
Threat
Data Breach
|
|
|
|
2021-08-19 15:32:48 |
CEO tried funding his startup by asking insiders to deploy ransomware (lien direct) |
Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...] |
Threat
Ransomware
|
|
|
|
2021-08-16 15:52:44 |
T-Mobile confirms servers were hacked, investigates data breach (lien direct) |
T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen. [...] |
Threat
Data Breach
|
|
|
|
2021-08-16 09:06:46 |
Hackers behind Iranian wiper attacks linked to Syrian breaches (lien direct) |
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. [...] |
Threat
Malware
|
|
|
|
2021-08-15 18:27:28 |
Hacker claims to steal data of 100 million T-mobile customers (lien direct) |
A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. [...] |
Threat
|
|
★★★
|
|
2021-08-14 10:00:00 |
US brokers warned of ongoing phishing attacks impersonating FINRA (lien direct) |
The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. [...] |
Threat
|
|
★★★
|
|
2021-08-12 17:24:22 |
(Déjà vu) Microsoft Exchange servers are getting hacked via ProxyShell exploits (lien direct) |
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] |
Threat
Vulnerability
|
|
|
|
2021-08-12 17:24:22 |
Hackers now backdoor Microsoft Exchange using ProxyShell exploits (lien direct) |
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] |
Threat
Vulnerability
|
|
|
|
2021-08-11 17:21:22 |
(Déjà vu) Hacker behind biggest ever cryptocurrency heist returns stolen funds (lien direct) |
The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds. [...] |
Threat
|
|
|
|
2021-08-11 17:21:22 |
Hacker behind biggest cryptocurrency heist ever returns stolen funds (lien direct) |
The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds. [...] |
Threat
|
|
|
|
2021-08-10 15:28:07 |
Windows security update blocks PetitPotam NTLM relay attacks (lien direct) |
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain. [...] |
Threat
|
|
|
|
2021-08-09 18:19:37 |
One million stolen credit cards leaked to promote carding market (lien direct) |
A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. [...] |
Threat
|
|
|
|
2021-08-09 17:43:03 |
FlyTrap malware hijacks thousands of Facebook accounts (lien direct) |
A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. [...] |
Threat
Malware
|
|
|
|
2021-08-07 12:53:34 |
Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now (lien direct) |
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. [...] |
Threat
|
|
|
|
2021-08-07 10:10:05 |
Actively exploited bug bypasses authentication on millions of routers (lien direct) |
Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...] |
Threat
Vulnerability
|
|
|