What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-21 22:54:00 | Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability (lien direct) | Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration | Vulnerability | ||
|
2022-08-20 09:33:00 | New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers (lien direct) | Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute ' | Malware Threat | ||
|
2022-08-20 09:30:00 | Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF (lien direct) | With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the All-In-One 2022 Super-Sized Ethical Hacking Bundle. This collection of 18 | |||
|
2022-08-20 07:19:00 | CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch | Vulnerability | ||
|
2022-08-19 07:04:21 | DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (lien direct) | The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold | Malware Threat | ||
|
2022-08-19 06:35:28 | Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations (lien direct) | A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, | Malware Threat | ||
|
2022-08-19 03:15:07 | Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second (lien direct) | Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this | |||
|
2022-08-19 01:23:06 | New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (lien direct) | Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm | Vulnerability | ||
|
2022-08-18 10:11:07 | Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware (lien direct) | A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It | Malware Threat | ||
|
2022-08-18 06:33:50 | China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year (lien direct) | The Chinese advanced persistent threat (APT) actor tracked as Winnti (aka APT41) has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and | Threat Guideline | APT 41 | ★★ |
|
2022-08-18 02:26:20 | Penetration Testing or Vulnerability Scanning? What\'s the Difference? (lien direct) | Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an | Vulnerability | ||
|
2022-08-18 02:20:52 | Hackers Using Bumblebee Loader to Compromise Active Directory Services (lien direct) | The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and | Malware Threat | ||
|
2022-08-17 21:08:45 | Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities (lien direct) | Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An | Threat Guideline | ||
|
2022-08-17 06:59:58 | Cybercriminals Developing BugDrop Malware to Bypass Android Security Features (lien direct) | In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals | Malware | ||
|
2022-08-17 05:02:28 | New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild (lien direct) | Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on | Vulnerability Threat | ||
|
2022-08-17 03:59:13 | Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers (lien direct) | A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new | Threat | ||
|
2022-08-17 03:50:14 | Lean Security 101: 3 Tips for Building Your Framework (lien direct) | Cobalt, Lazarus, MageCart, Evil, Revil - cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and | APT 38 | ||
|
2022-08-17 01:44:47 | Malicious Browser Extensions Targeted Over a Million Users So Far This Year (lien direct) | More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said. As many as | |||
|
2022-08-16 23:20:26 | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware (lien direct) | The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into | Malware Medical | APT 38 | |
|
2022-08-16 21:46:23 | RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers (lien direct) | RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. "Users in this category who do not | |||
|
2022-08-16 07:58:22 | ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors (lien direct) | A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution | Vulnerability | ||
|
2022-08-16 04:04:09 | Unified Threat Management: The All-in-One Cybersecurity Solution (lien direct) | UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a | Threat | ||
|
2022-08-16 03:57:11 | New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks (lien direct) | Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider | |||
|
2022-08-16 02:35:04 | Microsoft Warns About Phishing Attacks by Russia-linked Hackers (lien direct) | Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. " | Threat | ||
|
2022-08-15 23:36:41 | Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware (lien direct) | Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated | Malware Threat | ||
|
2022-08-15 22:42:11 | Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (lien direct) | Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said. "All users can rest assured that | Hack | ||
|
2022-08-15 09:27:31 | Credential Theft Is (Still) A Top Attack Method (lien direct) | Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations | Ransomware | ||
|
2022-08-15 04:54:52 | SOVA Android Banking Trojan Returns With New Capabilities and Targets (lien direct) | The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept | Malware | ||
|
2022-08-14 23:37:10 | Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems (lien direct) | A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer | |||
|
2022-08-14 00:11:11 | Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer (lien direct) | Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and | |||
|
2022-08-13 05:41:16 | Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users (lien direct) | A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the | Threat | APT 27 | ★★ |
|
2022-08-12 13:02:30 | Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders (lien direct) | A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader | Vulnerability | ||
|
2022-08-12 05:20:11 | Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments (lien direct) | Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution | |||
|
2022-08-12 03:41:33 | U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang (lien direct) | The U.S. State Department on Thursday announced a $10 million reward for information related to five individuals associated with the Conti ransomware group. The reward offer, first reported by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other associates have been referred to as "Tramp," "Dandis," " | Ransomware | ||
|
2022-08-12 02:09:09 | Facebook Testing Default End-to-End Encryption and Encrypted Backup in Messenger (lien direct) | Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the | |||
|
2022-08-12 01:48:31 | Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions (lien direct) | Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) | Vulnerability Threat | ||
|
2022-08-12 01:36:31 | Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered (lien direct) | Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies - things like packet switching and TCP/IP - gave much consideration to the need to secure the | |||
|
2022-08-11 23:14:20 | Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2) | Vulnerability | ||
|
2022-08-11 10:52:44 | Conti Cybercrime Cartel Using \'BazarCall\' Phishing Attacks as Initial Attack Vector (lien direct) | Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report. | Threat | ||
|
2022-08-11 09:11:00 | Cisco Confirms It\'s Been Hacked by Yanluowang Ransomware Gang (lien direct) | Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. | Ransomware | ★★★★★ | |
|
2022-08-11 03:24:07 | What the Zola Hack Can Teach Us About Password Security (lien direct) | Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as credential | Hack | ||
|
2022-08-11 03:21:44 | Hackers Behind Cuba Ransomware Attacks Using New RAT Malware (lien direct) | Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the constellation-themed moniker | Ransomware Malware Threat | ★★★★ | |
|
2022-08-11 02:23:14 | Critical Flaws Disclosed in Device42 IT Asset Management Software (lien direct) | Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the | |||
|
2022-08-10 23:07:07 | GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions (lien direct) | Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," | Vulnerability | ||
|
2022-08-10 08:12:02 | Former Twitter Employee Found Guilty of Spying for Saudi Arabia (lien direct) | A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years in prison when sentenced. The verdict comes nearly three years | |||
|
2022-08-10 06:05:01 | Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers (lien direct) | The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least | Ransomware | ||
|
2022-08-10 03:56:41 | Hackers Behind Twilio Breach Also Targeted Cloudflare Employees (lien direct) | Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards | |||
|
2022-08-10 03:20:32 | The Business of Hackers-for-Hire Threat Actors (lien direct) | Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new | Threat | ||
|
2022-08-09 23:59:19 | CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a | Vulnerability | ★★★★ | |
|
2022-08-09 23:12:13 | (Déjà vu) Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack (lien direct) | As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues | Tool Vulnerability | ★★★★ |
To see everything:
Our RSS (filtrered)
