What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-09 07:24:25 | Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack (lien direct) | Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical | Data Breach Threat | ||
|
2022-08-09 05:32:48 | U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering (lien direct) | The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been | Medical | APT 38 | |
|
2022-08-09 05:18:40 | The Truth About False Positives in Security (lien direct) | TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course, referring to the COVID-19 pandemic, which required massive testing campaigns in order to control the | |||
|
2022-08-09 04:48:10 | 10 Credential Stealing Python Libraries Found on PyPI Repository (lien direct) | In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and Api tokens. The packages "install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check | |||
|
2022-08-09 00:25:36 | Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions (lien direct) | Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint | Threat | ||
|
2022-08-08 06:55:44 | New Orchard Botnet Uses Bitcoin Founder\'s Account Info to Generate Malicious Domains (lien direct) | A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend | |||
|
2022-08-08 06:43:02 | The Benefits of Building a Mature and Diverse Blue Team (lien direct) | A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy camper being part of Cymulate's blue team. What upset me was that my friend could not grasp the idea | |||
|
2022-08-08 06:37:54 | Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore (lien direct) | A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the | |||
|
2022-08-08 00:00:14 | Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (lien direct) | Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting | Malware | ||
|
2022-08-06 21:29:52 | New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack (lien direct) | A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," | Malware | ||
|
2022-08-06 01:44:06 | Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users (lien direct) | Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform said in an alert on 4th | ★★★★ | ||
|
2022-08-05 07:37:40 | Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government (lien direct) | A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania's National Agency of Information | Threat | ||
|
2022-08-05 03:06:00 | A Growing Number of Malware Attacks Leveraging Dark Utilities \'C2-as-a-Service\' (lien direct) | A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared | Malware | ||
|
2022-08-04 22:54:43 | CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary | Vulnerability Guideline | ||
|
2022-08-04 08:50:10 | Who Has Control: The SaaS App Admin Paradox (lien direct) | Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login. This CRM, however, defines MFA as a top-tier security setting; for example, | |||
|
2022-08-04 06:10:59 | Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers (lien direct) | As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured | Vulnerability Guideline | ||
|
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Malware Tool Vulnerability Threat | ★★★★★ | |
|
2022-08-04 03:24:10 | Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage (lien direct) | A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch | Threat | ||
|
2022-08-03 22:11:25 | Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws (lien direct) | Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8) | |||
|
2022-08-03 09:09:54 | Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour (lien direct) | A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization | |||
|
2022-08-03 05:36:55 | VirusTotal Reveals Most Impersonated Software in Malware Attacks (lien direct) | Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the | Malware Threat | CCleaner | |
|
2022-08-03 05:13:12 | On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams (lien direct) | The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Nearly 60% of enterprises can't find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study. The result? Heavier workloads, unfilled positions, and | Threat | ||
|
2022-08-02 21:49:51 | VMware Releases Patches for Several New Flaws Affecting Multiple Products (lien direct) | Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager | |||
|
2022-08-02 09:03:45 | Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike (lien direct) | Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this | ★★★★ | ||
|
2022-08-02 05:05:19 | New \'ParseThru\' Parameter Smuggling Vulnerability Affects Golang-based Applications (lien direct) | Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm | Vulnerability Threat | ★★★ | |
|
2022-08-02 04:25:05 | What is ransomware and how can you defend your business from it? (lien direct) | Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat | Ransomware Malware | ||
|
2022-08-02 01:07:34 | LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload (lien direct) | A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial | Ransomware Tool Threat | ||
|
2022-08-01 07:09:45 | Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (lien direct) | Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four | |||
|
2022-08-01 07:05:14 | Two Key Ways Development Teams Can Increase Their Security Maturity (lien direct) | Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent global research, 67% of developers that were interviewed said they were still shipping code they knew | Threat | ||
|
2022-07-31 23:31:03 | Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals (lien direct) | A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as the administrator for the tool from 2013 until its | Tool | ||
|
2022-07-31 21:51:16 | Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (lien direct) | The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings | Malware | ||
|
2022-07-30 02:53:43 | Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (lien direct) | Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via | Malware | ||
|
2022-07-29 21:20:43 | North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (lien direct) | A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name | Malware Threat | ||
|
2022-07-29 21:01:25 | CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center | |||
|
2022-07-29 06:25:15 | Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (lien direct) | A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been | Malware | ||
|
2022-07-29 03:49:50 | Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (lien direct) | Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the | Vulnerability Guideline | ||
|
2022-07-29 03:26:46 | Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network (lien direct) | The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a | |||
|
2022-07-29 00:00:11 | Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System (lien direct) | Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to | |||
|
2022-07-28 20:22:24 | Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation (lien direct) | A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain | Vulnerability | ||
|
2022-07-28 04:54:43 | Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default (lien direct) | With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The Hacker News. In its | ★★ | ||
|
2022-07-28 04:26:56 | Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits (lien direct) | A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the | |||
|
2022-07-28 04:11:03 | Top MSSP CEOs Share 7 Must-Do Tips for Higher MSSP Revenue and Margin (lien direct) | MSSPs must find ways to balance the need to please existing customers, add new ones, and deliver high-margin services against their internal budget constraints and the need to maintain high employee morale.In an environment where there are thousands of potential alerts each day and cyberattacks are growing rapidly in frequency and sophistication, this isn't an easy balance to maintain. Customers | |||
|
2022-07-28 03:58:04 | How to Combat the Biggest Security Risks Posed by Machine Identities (lien direct) | The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity | ★★★ | ||
|
2022-07-27 23:09:54 | U.S. Offers $10 Million Reward for Information on North Korean Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or | Medical | APT 38 | |
|
2022-07-27 06:37:25 | These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware (lien direct) | As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous | Malware | ||
|
2022-07-27 04:00:30 | Taking the Risk-Based Approach to Vulnerability Patching (lien direct) | Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or | Vulnerability Threat Patching | ||
|
2022-07-27 03:28:48 | New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts (lien direct) | Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure | Malware Threat | ||
|
2022-07-27 00:17:05 | Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access (lien direct) | Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target | Threat | ||
|
2022-07-26 09:16:45 | Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware (lien direct) | Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what's the very first ransomware bug bounty program, | Ransomware | ||
|
2022-07-26 09:01:13 | 4 Steps Financial Industry Can Take to Cope With Their Growing Attack Surface (lien direct) | The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of the financial services and insurance firms surveyed experienced a notable increase in digital/mobile |
To see everything:
Our RSS (filtrered)
