What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-26 20:03:00 | Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (lien direct) | At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn | Threat | ||
|
2022-09-26 17:44:00 | Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor (lien direct) | A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan | Threat | ||
|
2022-09-26 16:03:00 | BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (lien direct) | The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec | Ransomware Malware | ||
|
2022-09-26 16:00:00 | 5 Network Security Threats And How To Protect Yourself (lien direct) | Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, | |||
|
2022-09-26 15:17:00 | Google to Make Account Login Mandatory for New Fitbit Users in 2023 (lien direct) | Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023. Rather, support for Fitbit accounts is | |||
|
2022-09-26 10:34:00 | Ukraine Arrests Cybercrime Group for Selling Data of 30 Million People (lien direct) | Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems | |||
|
2022-09-24 12:07:00 | London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches (lien direct) | The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in | Uber Uber | ||
|
2022-09-24 10:33:00 | Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability (lien direct) | Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it | Vulnerability | ||
|
2022-09-23 19:34:00 | Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts (lien direct) | GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to | Hack | ||
|
2022-09-23 18:55:00 | Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities (lien direct) | A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security | Threat | ||
|
2022-09-23 15:51:00 | CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency | Vulnerability | ||
|
2022-09-23 15:50:00 | Firing Your Entire Cybersecurity Team? Are You Sure? (lien direct) | What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any | |||
|
2022-09-23 15:26:00 | Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities (lien direct) | A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles | |||
|
2022-09-23 12:45:00 | (Déjà vu) Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware (lien direct) | An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to | Malware | ★★ | |
|
2022-09-23 10:44:00 | Hackers Using Malicious OAuth Apps to Take Over Email Servers (lien direct) | Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain | Threat | ★★ | |
|
2022-09-22 22:33:00 | Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs (lien direct) | A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were | Threat | ||
|
2022-09-22 20:31:00 | Malicious NPM Package Caught Mimicking Material Tailwind CSS Package (lien direct) | A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The | Threat | ||
|
2022-09-22 18:42:00 | IT Security Takeaways from the Wiseasy Hack (lien direct) | Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely | Hack | ||
|
2022-09-22 16:10:00 | Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure (lien direct) | Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as | Vulnerability | ||
|
2022-09-22 14:47:00 | 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects (lien direct) | As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, | Vulnerability | ||
|
2022-09-22 11:47:00 | Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (lien direct) | A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment | Vulnerability | ||
|
2022-09-21 19:08:00 | Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet (lien direct) | An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of unauthorized | |||
|
2022-09-21 17:51:00 | Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident (lien direct) | In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet. The company said that its centralized | Hack | ||
|
2022-09-21 17:30:00 | Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem (lien direct) | For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore. Threats from within organizations – also known as “insider threats” – are increasing and cybersecurity practitioners are feeling the pain. Traditional | |||
|
2022-09-21 16:24:00 | U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List (lien direct) | The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could | Threat | ||
|
2022-09-21 12:00:00 | Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing (lien direct) | Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS). "Attackers used HTTP/2 multiplexing, or combining | |||
|
2022-09-21 10:54:00 | Critical Remote Hack Flaws Found in Dataprobe\'s Power Distribution Units (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe | Hack Guideline | ||
|
2022-09-21 10:50:00 | Product Review: Stellar Cyber Open XDR Platform (lien direct) | Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. Stellar Cyber delivers an Open XDR solution that allows organizations to use | Threat | ||
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat | ||
|
2022-09-20 14:51:00 | Uber Blames LAPSUS$ Hacking Group for Recent Security Breach (lien direct) | Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based | Threat | Uber Uber | |
|
2022-09-19 23:03:00 | Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage (lien direct) | American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company said in a notice shared on its | |||
|
2022-09-19 18:12:00 | Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (lien direct) | The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, | Ransomware Malware Threat | ||
|
2022-09-19 17:30:00 | Microsoft Teams\' GIFShell Attack: What Is It and How You Can Protect Yourself from It (lien direct) | Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been | Threat | ||
|
2022-09-19 15:15:00 | Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware (lien direct) | A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries, | Ransomware | ||
|
2022-09-19 14:20:00 | Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers (lien direct) | Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's | |||
|
2022-09-17 14:23:00 | Uber Claims No Sensitive Data Exposed in Latest Breach… But There\'s More to This (lien direct) | Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." | Uber Uber | ||
|
2022-09-17 08:17:00 | Hackers Had Access to LastPass\'s Development Systems for Four Days (lien direct) | Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this | Threat | LastPass | |
|
2022-09-16 19:47:00 | Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services (lien direct) | Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The | Malware Threat | ||
|
2022-09-16 19:17:00 | North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application (lien direct) | A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034. "UNC4034 established communication with the victim over WhatsApp and lured them | Threat | ||
|
2022-09-16 19:09:00 | How to Use a UTM Solution & Win Time, Money and Resources (lien direct) | Unified threat management is thought to be a universal solution for many reasons. First of all, it is compatible with almost any hardware. As a business or an MSP, you don't have to bother with leasing or subleasing expensive equipment. There is no need to chase your clients to return your costly hardware. The all-in-one UTM solution will save you money and time & make work routine less | Threat | ||
|
2022-09-16 16:28:00 | Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (lien direct) | Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as | Vulnerability | ||
|
2022-09-16 08:38:00 | Uber Says It\'s Investigating a Potential Breach of Its Computer Systems (lien direct) | Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. | Hack | Uber | |
|
2022-09-15 20:00:00 | Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube (lien direct) | Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today. | Malware | ||
|
2022-09-15 17:55:00 | Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware (lien direct) | An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a | Malware | ||
|
2022-09-15 17:00:00 | 5 Ways to Mitigate Your New Insider Threats in the Great Resignation (lien direct) | Companies are in the midst of an employee "turnover tsunami" with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide. At Davos 2022, | |||
|
2022-09-15 15:44:00 | Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks (lien direct) | A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report | Threat | ||
|
2022-09-15 12:19:00 | U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks (lien direct) | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked | Ransomware | ||
|
2022-09-14 19:34:00 | Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks (lien direct) | The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," researchers from cybersecurity firm Arctic Wolf said in a report | Ransomware | ||
|
2022-09-14 15:50:00 | SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor (lien direct) | A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state actor dubbed SparklingGoblin. The unnamed university is said to have been already targeted by the | Malware | ||
|
2022-09-14 15:40:00 | How to Do Malware Analysis? (lien direct) | According to the 2022 Malwarebytes Threat review, 40M Windows business computers' threats were detected in 2021. And malware analysis is necessary to combat and avoid this kind of attack. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis? Malware analysis is a process of studying a malicious | Malware Threat |
To see everything:
Our RSS (filtrered)
