What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-30 23:09:06 | Amazon Quietly Patches \'High Severity\' Vulnerability in Android Photos App (lien direct) | Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said. "Others, | Vulnerability | ||
|
2022-06-30 21:36:23 | Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (lien direct) | A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads | Malware Threat | ||
|
2022-06-30 08:04:29 | Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups (lien direct) | Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and | Threat | ||
|
2022-06-30 04:41:45 | U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores (lien direct) | One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently | |||
|
2022-06-30 03:55:53 | What is Shadow IT and why is it so risky? (lien direct) | Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively. An old school phenomenon Shadow IT is not new. There have been countless examples of | |||
|
2022-06-30 01:40:14 | Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks (lien direct) | A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to | Ransomware Guideline | ||
|
2022-06-29 23:01:41 | North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack (lien direct) | The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. | Hack Medical | APT 38 | |
|
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
|
2022-06-29 01:29:21 | New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (lien direct) | A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. | Hack Vulnerability | ||
|
2022-06-29 00:40:11 | New \'FabricScape\' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads (lien direct) | Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated | |||
|
2022-06-28 20:01:21 | CISA Warns of Active Exploitation of \'PwnKit\' Linux Vulnerability in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an | Vulnerability | ||
|
2022-06-28 07:38:24 | ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks (lien direct) | A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," | Malware | ★★ | |
|
2022-06-28 03:43:41 | Overview of Top Mobile Security Threats in 2022 (lien direct) | Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? | Threat | ||
|
2022-06-28 03:30:25 | APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (lien direct) | Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include | Threat | ||
|
2022-06-28 00:59:56 | OpenSSH to Release Security Patch for Remote Memory Corruption Vulnerability (lien direct) | The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. Security | Vulnerability | ||
|
2022-06-27 23:56:46 | New Android Banking Trojan \'Revive\' Targeting Users of Spanish Financial Services (lien direct) | A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the | Malware | ||
|
2022-06-27 05:44:52 | Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware (lien direct) | The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, | Ransomware Threat | ||
|
2022-06-27 02:38:36 | What Are Shadow IDs, and How Are They Crucial in 2022? (lien direct) | Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool | |||
|
2022-06-27 02:35:53 | Critical Security Flaws Identified in CODESYS ICS Automation Software (lien direct) | CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code | |||
|
2022-06-27 02:21:46 | Italy Data Protection Authority Warns Websites Against Use of Google Analytics (lien direct) | Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that | Tool | ||
|
2022-06-27 02:00:33 | Researchers Warn of \'Matanbuchus\' Malware Campaign Dropping Cobalt Strike Beacons (lien direct) | A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected | Malware | ||
|
2022-06-25 02:30:22 | Learn NIST Inside Out With 21 Hours of Training @ 86% OFF (lien direct) | In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework - a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you | |||
|
2022-06-24 04:58:27 | Hackers Exploit Mitel VoIP Zero-Day Bug to Deploy Ransomware (lien direct) | A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown | Ransomware | ||
|
2022-06-24 03:40:50 | Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (lien direct) | A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat | Malware Cloud | APT 37 | |
|
2022-06-24 01:52:27 | Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys (lien direct) | Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as | |||
|
2022-06-24 00:06:51 | State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks (lien direct) | A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, | Ransomware Threat | ||
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
|
2022-06-23 19:36:46 | Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, | Hack Threat | ||
|
2022-06-23 03:08:07 | NSO Confirms Pegasus Spyware Used by at least 5 European Countries (lien direct) | The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. | Tool | ||
|
2022-06-23 03:07:58 | Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation (lien direct) | When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report. The survey report, | Tool | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 | |
|
2022-06-22 22:36:32 | Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (lien direct) | QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an | Vulnerability | ||
|
2022-06-22 07:05:50 | Researchers Uncover Ways to Break the Encryption of \'MEGA\' Cloud Storage Service (lien direct) | A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a | |||
|
2022-06-22 04:51:03 | Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism | Vulnerability | APT 28 | |
|
2022-06-22 02:08:41 | Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign (lien direct) | A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code - "scanalytic[.]org" and "js.staticounter[.]net" - are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis | |||
|
2022-06-22 00:45:59 | Europol Busts Phishing Gang Responsible for Millions in Losses (lien direct) | Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and | |||
|
2022-06-21 21:41:58 | RIG Exploit Kit Now Infects Victims\' PCs With Dridex Instead of Raccoon Stealer (lien direct) | The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in | Malware | ||
|
2022-06-21 05:22:35 | New ToddyCat Hacker Group on Experts\' Radar After Targeting MS Exchange Servers (lien direct) | An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and | Threat | ||
|
2022-06-21 03:34:27 | Mitigate Ransomware in a Remote-First World (lien direct) | Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a | Ransomware Threat | ||
|
2022-06-21 03:25:51 | Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors (lien direct) | Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these | |||
|
2022-06-21 02:46:21 | Former Amazon Employee Found Guilty in 2019 Capital One Data Breach (lien direct) | A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected | Data Breach | ||
|
2022-06-21 00:02:12 | New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain (lien direct) | A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory | |||
|
2022-06-20 05:34:58 | Do You Have Ransomware Insurance? Look at the Fine Print (lien direct) | Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current | Ransomware | ||
|
2022-06-20 02:10:26 | Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild (lien direct) | A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to | Vulnerability | ||
|
2022-06-19 22:18:13 | BRATA Android Malware Gains Advanced Mobile Threat Capabilities (lien direct) | The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which | Malware Threat | ||
|
2022-06-17 22:40:11 | Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF (lien direct) | In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150 | |||
|
2022-06-17 22:29:36 | Over a Dozen Flaws Found in Siemens\' Industrial Network Management System (lien direct) | Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution | |||
|
2022-06-17 22:11:06 | Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices (lien direct) | The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things ( | |||
|
2022-06-17 20:11:14 | Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (lien direct) | A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner | Ransomware Vulnerability | ||
|
2022-06-17 06:22:49 | Reimagine Hybrid Work: Same CyberSec in Office and at Home (lien direct) | It was first the pandemic that changed the usual state of work - before, it was commuting, working in the office & coming home for most corporate employees. Then, when we had to adapt to the self-isolation rules, the work moved to home offices, which completely changed the workflow for many businesses.As the pandemic went down, we realized success never relied on where the work was done. Whether |
To see everything:
Our RSS (filtrered)
