What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-25 03:51:50 | Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities (lien direct) | The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in | Malware | ★★★★★ | |
|
2022-01-24 22:47:00 | Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection (lien direct) | A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint | Malware | ||
|
2022-01-24 06:52:03 | ZTNAs Address Requirements VPNs Cannot. Here\'s Why. (lien direct) | I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, | |||
|
2022-01-24 03:09:03 | Hackers Creating Fraudulent Crypto Tokens as Part of \'Rug Pull\' Scams (lien direct) | Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the | |||
|
2022-01-23 23:10:39 | Emotet Now Using Unconventional IP Address Formats to Evade Detection (lien direct) | Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted | Malware | ||
|
2022-01-23 22:53:04 | High-Severity Rust Programming Bug Could Lead to File, Directory Deletion (lien direct) | The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete, | Vulnerability | ||
|
2022-01-22 06:47:43 | Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine (lien direct) | Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, | Malware | NotPetya NotPetya | |
|
2022-01-22 02:57:39 | Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure (lien direct) | An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information | Malware Threat | ||
|
2022-01-21 23:39:04 | Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (lien direct) | In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based | |||
|
2022-01-21 20:04:16 | Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (lien direct) | Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on | |||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2022-01-21 01:40:08 | U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine (lien direct) | The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to | |||
|
2022-01-20 22:20:56 | Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (lien direct) | Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled | Vulnerability | ||
|
2022-01-20 05:18:05 | Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (lien direct) | An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both | |||
|
2022-01-20 02:20:27 | Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang (lien direct) | A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with | |||
|
2022-01-20 00:28:40 | A Trip to the Dark Site - Leak Sites Analyzed (lien direct) | Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can | Ransomware Threat | ||
|
2022-01-19 23:54:23 | DoNot Hacking Team Targeting Government and Military Entities in South Asia (lien direct) | A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a | Malware Threat | ||
|
2022-01-19 21:26:42 | New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (lien direct) | A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the | Malware | ||
|
2022-01-19 20:57:47 | Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks (lien direct) | Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that | Vulnerability Threat | ||
|
2022-01-19 07:04:52 | Cyber Threat Protection - It All Starts with Visibility (lien direct) | Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just | Threat | ||
|
2022-01-19 06:39:32 | Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (lien direct) | Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of | Malware Tool | ||
|
2022-01-19 04:29:31 | FIN8 Hackers Spotted Using New \'White Rabbit\' Ransomware in Recent Attacks (lien direct) | The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February | Ransomware | ||
|
2022-01-18 23:32:41 | DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms (lien direct) | An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader | Malware | ★★★★★ | |
|
2022-01-18 22:56:23 | Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (lien direct) | The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the | Malware | ||
|
2022-01-18 06:40:59 | Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts (lien direct) | Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said | |||
|
2022-01-18 05:23:32 | Europol Shuts Down VPNLab, Cybercriminals\' Favourite VPN Service (lien direct) | VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the | Ransomware | ||
|
2022-01-18 05:10:20 | Don\'t Use Public Wi-Fi Without DNS Filtering (lien direct) | Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet, | |||
|
2022-01-18 00:02:51 | Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors (lien direct) | An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, | Threat | ||
|
2022-01-17 21:13:47 | Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central (lien direct) | Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip | Vulnerability | ||
|
2022-01-17 05:36:50 | Chrome Limits Websites\' Direct Access to Private Networks for Security Reasons (lien direct) | Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called | |||
|
2022-01-17 00:08:53 | Dark Web\'s Largest Marketplace for Stolen Credit Cards is Shutting Down (lien direct) | UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to | |||
|
2022-01-16 21:18:12 | High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites (lien direct) | Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a | Vulnerability | ||
|
2022-01-16 20:29:32 | Ukrainian Government Officially Accuses Russia of Recent Cyberattacks (lien direct) | The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the | |||
|
2022-01-16 06:31:14 | New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking (lien direct) | A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB | |||
|
2022-01-16 01:28:50 | A New Destructive Malware Targeting Ukrainian Government and Business Entities (lien direct) | Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," | Ransomware Malware | ||
|
2022-01-15 01:38:55 | Get Lifetime Access to Cybersecurity Certification Prep Courses (lien direct) | You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities - including six-figure roles. There is just a small matter of some exams to pass. To help | |||
|
2022-01-15 01:21:23 | Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks (lien direct) | In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses | Ransomware | ||
|
2022-01-14 22:29:16 | Massive Cyber Attack Knocks Down Ukrainian Government Websites (lien direct) | No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson, tweeted. The Security | |||
|
2022-01-14 06:16:30 | North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide (lien direct) | Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions | APT 38 APT 28 | ||
|
2022-01-14 00:23:21 | U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images (lien direct) | A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs | |||
|
2022-01-14 00:06:04 | Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies (lien direct) | Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation, which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from | Ransomware | ||
|
2022-01-13 23:20:56 | Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM (lien direct) | Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and | Vulnerability | ||
|
2022-01-13 06:23:34 | GootLoader Hackers Targeting Employees of Law and Accounting Firms (lien direct) | Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, | Malware | ||
|
2022-01-13 06:06:54 | Researchers Decrypted Qakbot Banking Trojan\'s Encrypted Registry Keys (lien direct) | Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new | |||
|
2022-01-13 00:37:23 | Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (lien direct) | An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations | Tool Vulnerability | ||
|
2022-01-13 00:18:27 | Meeting Patching-Related Compliance Requirements with TuxCare (lien direct) | Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude | Patching | ||
|
2022-01-12 23:51:35 | US Cyber Command Links \'MuddyWater\' Hacking Group to Iranian Intelligence (lien direct) | The U.S. Cyber Command (USCYBERCOM) on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force (CNMF) | |||
|
2022-01-12 20:58:10 | Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability (lien direct) | Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service (DoS) issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when | Vulnerability | ||
|
2022-01-12 05:09:28 | Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware (lien direct) | Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, | Malware | ||
|
2022-01-12 02:54:38 | New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users (lien direct) | A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on | Malware |
To see everything:
Our RSS (filtrered)
