What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-07 16:32:00 | Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm (lien direct) | The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News. | Ransomware | ★★ | |
|
2023-02-07 15:51:00 | VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree (lien direct) | VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware | Ransomware Threat | ★ | |
|
2023-02-06 18:06:00 | GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry (lien direct) | E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, | Malware | ★★ | |
|
2023-02-06 17:39:00 | Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack (lien direct) | An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Microsoft, which disclosed details of the incident, is tracking the activity cluster under its chemical element-themed moniker NEPTUNIUM, which is an Iran-based company known as Emennet Pasargad. In January 2022, the U.S. Federal | Hack | ★★ | |
|
2023-02-06 15:30:00 | SaaS in the Real World: Who\'s Responsible to Secure this Data? (lien direct) | When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible for securing their data. What's far murkier, however, is where the data responsibility lies on the | ★★ | ||
|
2023-02-06 15:25:00 | OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability (lien direct) | The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth | Vulnerability | ★★ | |
|
2023-02-06 13:41:00 | FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (lien direct) | An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a | Malware | ★★ | |
|
2023-02-04 19:09:00 | PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions (lien direct) | A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS ( | Malware | ★★★ | |
|
2023-02-04 11:00:00 | New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (lien direct) | VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an | Ransomware | ★★★ | |
|
2023-02-04 10:11:00 | Warning: Hackers Actively Exploiting Zero-Day in Fortra\'s GoAnywhere MFT (lien direct) | A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is a case of remote code injection that requires access to the administrative console of the application | Vulnerability | ★★★ | |
|
2023-02-03 21:06:00 | Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered (lien direct) | Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge | ★★ | ||
|
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
|
2023-02-03 17:42:00 | Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations (lien direct) | The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif | Prediction | APT 34 | ★★ |
|
2023-02-03 17:07:00 | The Pivot: How MSPs can Turn a Challenge Into a Once-in-a-Decade Opportunity (lien direct) | Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity | ★★ | ||
|
2023-02-03 13:25:00 | Atlassian\'s Jira Software Found Vulnerable to Critical Authentication Vulnerability (lien direct) | Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An | Vulnerability | ★★★ | |
|
2023-02-03 12:56:00 | New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products (lien direct) | F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP | Vulnerability Guideline | ★★ | |
|
2023-02-03 10:53:00 | CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle | ★★ | ||
|
2023-02-02 18:13:00 | New Russian-Backed Gamaredon\'s Spyware Variants Targeting Ukrainian Authorities (lien direct) | The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of | Threat | ★★ | |
|
2023-02-02 15:34:00 | Cybersecurity budgets are going up. So why aren\'t breaches going down? (lien direct) | Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become | Guideline | ★★ | |
|
2023-02-02 15:15:00 | North Korean Hackers Exploit Unpatched Zimbra Devices in \'No Pineapple\' Campaign (lien direct) | A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple. Targets of the malicious operation included a healthcare research organization | Medical | APT 38 | ★★ |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-02 01:29:00 | Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility (lien direct) | Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A | Guideline | ★★★ | |
|
2023-02-01 19:26:00 | Experts Warn of \'Ice Breaker\' Cyberattacks Targeting Gaming and Gambling Industry (lien direct) | A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that's scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript | ★★ | ||
|
2023-02-01 16:16:00 | New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices (lien direct) | A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google | ★★★★ | ||
|
2023-02-01 15:55:00 | Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards (lien direct) | The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its | Malware Threat | ★ | |
|
2023-02-01 14:59:00 | Auditing Kubernetes with Open Source SIEM and XDR (lien direct) | Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in | Uber | ★★ | |
|
2023-02-01 11:00:00 | Hackers Abused Microsoft\'s "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts (lien direct) | Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting | Hack | ★★ | |
|
2023-02-01 08:44:00 | Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software (lien direct) | Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively | ★★ | ||
|
2023-01-31 18:16:00 | You Don\'t Know Where Your Secrets Are (lien direct) | Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought when | Guideline | ★★★ | |
|
2023-01-31 16:38:00 | New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector (lien direct) | The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker | Malware | ★★★ | |
|
2023-01-31 16:09:00 | Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years (lien direct) | A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically | Malware Threat | ★★★ | |
|
2023-01-31 09:36:00 | QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (lien direct) | Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject | Vulnerability Guideline | ★★ | |
|
2023-01-31 09:07:00 | GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom (lien direct) | GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, | Threat | ★★ | |
|
2023-01-30 16:56:00 | Titan Stealer: A New Golang-Based Information Stealer Malware Emerges (lien direct) | A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers | Malware Threat | ★★ | |
|
2023-01-30 15:00:00 | Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices (lien direct) | Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks | Hack Vulnerability | ★★★ | |
|
2023-01-29 11:17:00 | Gootkit Malware Continues to Evolve with New Components and Obfuscations (lien direct) | The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group." Gootkit, also called Gootloader, is spread through compromised websites that | Malware Threat | ★★ | |
|
2023-01-28 16:12:00 | Microsoft Urges Customers to Secure On-Premises Exchange Servers (lien direct) | Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post. "There are too many | ★★★ | ||
|
2023-01-28 16:11:00 | Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge (lien direct) | The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization's data is a difficult task. Understanding the risks that | ★★★ | ||
|
2023-01-28 13:25:00 | ISC Releases Security Patches for New BIND DNS Software Vulnerabilities (lien direct) | The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity | Guideline | ★★★ | |
|
2023-01-28 11:19:00 | Ukraine Hit with New Golang-based \'SwiftSlicer\' Wiper Malware in Latest Cyber Attack (lien direct) | Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow | Malware | ★★ | |
|
2023-01-27 19:20:00 | Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (lien direct) | Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The | Malware Threat | ★★★ | |
|
2023-01-27 17:23:00 | Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices (lien direct) | Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn | Malware | ★★★ | |
|
2023-01-27 16:25:00 | 3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox (lien direct) | Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN's top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus | Malware | ★★★ | |
|
2023-01-27 16:07:00 | British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (lien direct) | The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. "The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists," the | ★★ | ||
|
2023-01-26 21:50:00 | Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort (lien direct) | The infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals," Europol said in a statement. The U.S. Department of | Ransomware | ★★★ | |
|
2023-01-26 21:36:00 | Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation (lien direct) | Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News. "However, a | Threat | ★★★ | |
|
2023-01-26 20:22:00 | Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA (lien direct) | Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in | Vulnerability | ★★ | |
|
2023-01-26 20:04:00 | Researchers Uncover Connection b/w Moses Staff and Emerging Abraham\'s Ax Hacktivists Group (lien direct) | New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU) said | Threat | ★★ | |
|
2023-01-26 19:51:00 | Is Once-Yearly Pen Testing Enough for Your Organization? (lien direct) | Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security: Web applications are constantly evolving, and new | Data Breach | ★★ | |
|
2023-01-26 11:31:00 | PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration (lien direct) | Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. "This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and exfiltration," Securonix said in a report shared with The Hacker | Malware | ★★ |
To see everything:
Our RSS (filtrered)
