What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-12 02:01:58 | Google Sues Scammer for Running \'Puppy Fraud Scheme\' Website (lien direct) | Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies - with alluring photos and fake customer testimonials - in order to take advantage of people during the | |||
|
2022-04-11 20:37:10 | Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (lien direct) | A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report | Malware | ||
|
2022-04-11 03:41:27 | Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild (lien direct) | Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz | |||
|
2022-04-10 22:19:20 | Microsoft\'s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date (lien direct) | Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior product marketing manager at Microsoft, in a post last week. "The second Tuesday of every month will be | |||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-08 09:59:55 | Chinese Hacker Groups Continue to Target Indian Power Grid Assets (lien direct) | China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been dubbed a "masterpiece | |||
|
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-08 02:49:42 | Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States (lien direct) | A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual's criminal work as a "high-level hacker" in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. | |||
|
2022-04-08 00:04:32 | Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine (lien direct) | Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable | APT 28 | ||
|
2022-04-07 23:51:59 | New Octo Banking Trojan Spreading via Fake Apps on Google Play Store (lien direct) | A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm | Malware | ||
|
2022-04-07 08:29:56 | First Malware Targeting AWS Lambda Serverless Platform Discovered (lien direct) | A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said | Malware | ||
|
2022-04-07 07:13:09 | Hamas-linked Hackers Targeting High-Ranking Israelis Using \'Catfish\' Lures (lien direct) | A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and | Threat | ||
|
2022-04-07 06:00:00 | Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 (lien direct) | During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on | |||
|
2022-04-07 04:33:24 | SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps (lien direct) | As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it | Malware | ||
|
2022-04-07 03:34:26 | Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (lien direct) | Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an | Malware | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Malware Threat | ★★★★ | |
|
2022-04-06 22:49:08 | VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products (lien direct) | VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager | |||
|
2022-04-06 06:34:17 | Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users (lien direct) | Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News. The copycat | |||
|
2022-04-06 02:01:34 | Block Admits Data Breach Involving Cash App Data Accessed by Former Employee (lien direct) | Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after | Data Breach | ||
|
2022-04-06 00:55:06 | U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace (lien direct) | The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal | |||
|
2022-04-05 08:05:03 | Battling Cybersecurity Risk: How to Start Somewhere, Right Now (lien direct) | Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of | |||
|
2022-04-05 07:50:30 | FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks (lien direct) | The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various | Ransomware | ||
|
2022-04-05 04:58:03 | Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin (lien direct) | Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace. "[543] Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. The agency attributed the shutdown of | |||
|
2022-04-05 03:19:49 | Is API Security on Your Radar? (lien direct) | With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API helps generate revenue by allowing customers access to the functionality of a website or computer | |||
|
2022-04-05 03:11:07 | Researchers Trace Widespread Espionage Attacks Back to Chinese \'Cicada\' Hackers (lien direct) | A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied | Threat | APT 10 | |
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-05 00:31:37 | CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring | Vulnerability | ★★★★★ | |
|
2022-04-04 06:44:44 | Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers (lien direct) | An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app - that has the package name "com.remote.app" - establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the | |||
|
2022-04-04 03:41:30 | Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles (lien direct) | A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed "Brokenwire," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the | Hack | ||
|
2022-04-04 00:38:17 | Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (lien direct) | A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani | Malware | ||
|
2022-04-04 00:09:13 | Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers (lien direct) | A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said. "Five new exploits were | |||
|
2022-04-01 22:49:06 | 15-Year-Old Bug in PEAR PHP Repository Could\'ve Enabled Supply Chain Attacks (lien direct) | A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker | Vulnerability | ||
|
2022-04-01 21:16:41 | British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group (lien direct) | The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. "Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false | |||
|
2022-04-01 21:03:58 | GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts (lien direct) | DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an | Vulnerability | ||
|
2022-04-01 06:50:55 | Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems (lien direct) | The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against | Malware | ||
|
2022-04-01 05:31:18 | Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code (lien direct) | Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner | ★★★★ | ||
|
2022-04-01 03:55:18 | Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition (lien direct) | Threat actor groups like Wizard Spider and Sandworm have been wreaking havoc over the past few years – developing and deploying cybercrime tools like Conti, Trickbot, and Ryuk ransomware. Most recently, Sandworm (suspected to be a Russian cyber-military unit) unleashed cyberattacks against Ukranian infrastructure targets. To ensure cybersecurity providers are battle ready, MITRE Engenuity uses | |||
|
2022-04-01 03:41:53 | Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit (lien direct) | A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates," said | Threat | APT 19 | |
|
2022-04-01 03:37:45 | North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims\' Crypto (lien direct) | The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed | Medical | APT 38 | |
|
2022-03-31 23:02:26 | Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices (lien direct) | Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory | Vulnerability | ★★★ | |
|
2022-03-31 19:54:05 | Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices (lien direct) | Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as CVE-2022-22675, | |||
|
2022-03-31 08:35:19 | Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework (lien direct) | The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users | |||
|
2022-03-31 06:27:18 | Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds (lien direct) | Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug | |||
|
2022-03-31 06:11:55 | New Python-based Ransomware Targeting JupyterLab Web Notebooks (lien direct) | Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the | Ransomware | ||
|
2022-03-31 06:02:46 | Hackers Increasingly Using \'Browser in a Browser\' Technique in Ukraine Related Attacks (lien direct) | A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social | Threat | ||
|
2022-03-30 22:59:46 | Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security (lien direct) | A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another | Vulnerability | ||
|
2022-03-30 20:30:52 | QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices (lien direct) | Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows | Vulnerability | ||
|
2022-03-30 07:05:57 | Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread (lien direct) | A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report | Malware | ||
|
2022-03-30 04:45:53 | Honda\'s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles (lien direct) | A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured | Vulnerability | ||
|
2022-03-30 03:25:04 | Improve Your Hacking Skills with 9 Python Courses for Just $39 (lien direct) | For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the “soft” side of cybersecurity - like scraping the web for compromised data and detecting bugs. Featuring nine full-length video courses, The Complete 2022 Python Programmer Bundle helps you |
To see everything:
Our RSS (filtrered)
