What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-27 09:01:17 | [eBook] Your First 90 Days as MSSP: 10 Steps to Success (lien direct) | Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we've seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren't just focusing their efforts on supply chains.For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud – creating a new avenue | |||
|
2022-04-27 05:24:39 | Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (lien direct) | A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has | Malware Threat | ||
|
2022-04-27 05:09:21 | Google\'s New Safety Section Shows What Data Android Apps Collect About Users (lien direct) | Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy, | |||
|
2022-04-27 01:28:17 | U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers (lien direct) | The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State Department's Rewards for Justice Program | |||
|
2022-04-26 21:57:19 | NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages (lien direct) | A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February | Malware Threat | ||
|
2022-04-26 20:21:05 | Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (lien direct) | Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other | Threat | ||
|
2022-04-26 05:35:10 | Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default (lien direct) | The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a "departure" from the group's typical behavior, ProofPoint alternatively | Threat | ||
|
2022-04-26 03:17:12 | Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak (lien direct) | The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period | Ransomware Malware Threat | ||
|
2022-04-26 02:53:07 | North Korean Hackers Target Journalists with GOLDBACKDOOR Malware (lien direct) | A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an | Malware Threat Cloud | APT 37 | |
|
2022-04-25 23:18:38 | Iranian Hackers Exploiting VMware RCE Bug to Deploy \'Code Impact\' Backdoor (lien direct) | An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and | Tool Vulnerability Threat | ||
|
2022-04-25 13:00:00 | Researchers Report Critical RCE Vulnerability in Google\'s VirusTotal Platform (lien direct) | Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report | Vulnerability | ||
|
2022-04-25 03:51:30 | Critical Bug in Everscale Wallet Could\'ve Let Attackers Steal Cryptocurrencies (lien direct) | A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared | Vulnerability | ★★★★★ | |
|
2022-04-25 02:41:16 | New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices (lien direct) | A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020. | Malware | ||
|
2022-04-24 21:52:36 | FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide (lien direct) | The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and | Ransomware Malware | ||
|
2022-04-22 23:20:36 | T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code (lien direct) | Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March prior to the arrest of its | |||
|
2022-04-22 22:52:42 | Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability (lien direct) | Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been | Vulnerability | ||
|
2022-04-22 04:43:05 | Researcher Releases PoC for Recent Java Cryptographic Vulnerability (lien direct) | A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2 | Vulnerability | ||
|
2022-04-22 02:30:49 | Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud (lien direct) | LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike | Malware | ||
|
2022-04-22 01:15:16 | QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier | |||
|
2022-04-21 22:15:18 | Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA (lien direct) | Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems. The first of the three flaws, CVE-2022-20783 (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software, and stems | |||
|
2022-04-21 07:02:28 | Hackers Sneak \'More_Eggs\' Malware Into Resumes Sent to Corporate Hiring Managers (lien direct) | A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of | Malware | ||
|
2022-04-21 05:22:49 | Amazon\'s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug (lien direct) | The "hotpatch" released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution," Palo Alto Networks Unit 42 researcher Yuval | |||
|
2022-04-21 03:50:01 | Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails (lien direct) | An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability [...] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell said in a report published | Vulnerability | ||
|
2022-04-21 03:33:12 | Critical Chipset Bugs Open Millions of Android Devices to Remote Spying (lien direct) | Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by | |||
|
2022-04-21 03:00:58 | New Incident Report Reveals How Hive Ransomware Targets Organizations (lien direct) | A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise," Varonis security researcher, Nadav Ovadia, | Ransomware | ||
|
2022-04-20 20:36:17 | Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure (lien direct) | The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, | |||
|
2022-04-20 07:03:53 | Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021 (lien direct) | Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 zero-day exploits were tracked in 2015. In contrast, only 25 zero-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days in 2021 is | |||
|
2022-04-20 03:54:14 | [eBook] The Ultimate Security for Management Presentation Template (lien direct) | Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program. But getting buy-in from leadership can be difficult when they are a non-technical audience. On top of managing your organization's breach protection | Guideline | ||
|
2022-04-20 03:43:52 | Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System (lien direct) | Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort | Vulnerability | ||
|
2022-04-19 23:35:14 | Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers (lien direct) | Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang. Stating that the "impact of the incident was significantly less than the maximum potential impact" the company had previously shared last month, Okta said the intrusion impacted only two customer tenants, down from 366 | |||
|
2022-04-19 20:58:48 | Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild (lien direct) | A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by | Vulnerability | ||
|
2022-04-19 05:30:59 | New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops (lien direct) | Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used only during the | |||
|
2022-04-19 03:26:20 | Experts Uncover Spyware Attacks Against Catalan Politicians and Activists (lien direct) | A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations," the University of Toronto's Citizen Lab said in a | |||
|
2022-04-19 00:02:44 | FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) | Threat Medical | APT 38 APT 28 | |
|
2022-04-18 22:20:56 | Github Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens (lien direct) | GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the | |||
|
2022-04-18 05:58:45 | Researchers Share In-Depth Analysis of PYSA Ransomware Group (lien direct) | An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to | Ransomware Malware Tool Threat | ||
|
2022-04-18 05:44:50 | Benchmarking Linux Security – Latest Research Findings (lien direct) | How well do your Linux security practices stack up in today's challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. The research sponsored by TuxCare sought to understand better how organizations are currently managing | |||
|
2022-04-18 05:24:43 | New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar (lien direct) | Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files)," Palo Alto Networks Unit 42 researchers said in | Malware | ||
|
2022-04-17 23:00:22 | New Hacking Campaign Targeting Ukrainian Government with IcedID Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document ( | Malware Threat | ||
|
2022-04-17 22:47:13 | Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin (lien direct) | Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the | |||
|
2022-04-16 05:15:54 | Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount (lien direct) | Java is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most technical skills, the best way to learn Java is through building your own projects. But you can definitely speed things up with high-quality training. The Complete 2022 Java Coder Bundle provides plenty of that - nine full-length video | |||
|
2022-04-16 01:31:45 | Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector (lien direct) | The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) | Hack Threat Medical | APT 38 APT 28 | |
|
2022-04-15 21:38:40 | GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (lien direct) | Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM | |||
|
2022-04-15 04:52:18 | JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots (lien direct) | As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information," | |||
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-15 02:46:30 | As State-Backed Cyber Threats Grow, Here\'s How the World Is Reacting (lien direct) | With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware | Ransomware Malware | ||
|
2022-04-14 21:05:06 | Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software (lien direct) | Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the | Vulnerability | ||
|
2022-04-14 20:42:22 | Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure (lien direct) | Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. | |||
|
2022-04-14 20:25:43 | Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13 | Threat | ||
|
2022-04-14 06:17:09 | Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions (lien direct) | A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore | Threat |
To see everything:
Our RSS (filtrered)
