What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-03 23:38:56 | Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks (lien direct) | Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.
The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target |
Vulnerability | ||
|
2021-05-03 09:28:34 | Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys (lien direct) | Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn't always the case.
To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called BeVigil where individuals can search and check app security ratings and other security |
|||
|
2021-05-03 06:03:10 | A New Buer Malware Variant Has Been Written In Rust Programming (lien direct) | Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called 'Buer' written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis.
Dubbed "RustyBuer," the malware is distributed via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 |
Malware | ||
|
2021-05-03 02:12:48 | Researchers Uncover Iranian State-Sponsored Ransomware Operation (lien direct) | Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis.
"Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint said in its findings summarizing three |
Ransomware | ||
|
2021-05-03 00:43:49 | New Chinese Malware Targeted Russia\'s Largest Nuclear Submarine Designer (lien direct) | A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) |
Malware Threat | ||
|
2021-04-30 06:01:07 | Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks (lien direct) | An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that |
Ransomware Threat | ||
|
2021-04-30 02:49:59 | Microsoft Finds \'BadAlloc\' Flaws Affecting Wide-Range of IoT and OT Devices (lien direct) | Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash.
"These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and |
|||
|
2021-04-30 01:08:00 | Here\'s A New Forum for Cybersecurity Leaders Outside of the Fortune 2000 (lien direct) | Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island.
It's even more challenging for |
Guideline | ||
|
2021-04-30 00:24:38 | Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach (lien direct) | Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
"We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an |
Data Breach Threat | ||
|
2021-04-29 08:27:33 | A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks (lien direct) | The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack.
Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix was |
Vulnerability | ||
|
2021-04-29 07:46:57 | LuckyMouse Hackers Target Banks, Companies and Governments in 2020 (lien direct) | An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East.
The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical |
Threat | ||
|
2021-04-29 03:31:38 | How to Conduct Vulnerability Assessments: An Essential Guide for 2021 (lien direct) | Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment.
Read this guide to learn how to perform vulnerability |
Vulnerability | ★★★★★ | |
|
2021-04-29 03:19:09 | Chinese Hackers Attacking Military Organizations With New Backdoor (lien direct) | Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia.
Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing |
Threat | APT 30 | |
|
2021-04-29 02:02:21 | Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years (lien direct) | A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems.
Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate |
Malware Threat | ||
|
2021-04-28 06:43:39 | Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware (lien direct) | Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.
The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.
"The biggest risk for the targeted |
Malware Threat | ||
|
2021-04-28 06:00:43 | F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability (lien direct) | Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services.
"The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," |
Vulnerability | ||
|
2021-04-28 00:59:10 | Attention! FluBot Android Banking Malware Spreads Quickly Across Europe (lien direct) | Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been |
Malware Threat | ||
|
2021-04-27 04:59:11 | Hackers Threaten to Leak D.C. Police Informants\' Info If Ransom Is Not Paid (lien direct) | The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack.
The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders |
Ransomware | ||
|
2021-04-27 04:26:34 | Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results (lien direct) | The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry.
The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks.
However, for the uninitiated, the results can be |
Guideline | ||
|
2021-04-27 03:29:01 | Hackers Exploit 0-Day Gatekeeper Flaw to Attack MacOS Computers (lien direct) | Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs.
The macOS flaw, identified as CVE-2021-30657, was discovered and reported to Apple by security engineer Cedric Owens |
Vulnerability | ||
|
2021-04-27 02:14:23 | FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures (TTPs) adopted by the Russian Foreign Intelligence Service (SVR) in its attacks targeting the U.S and foreign entities.
By |
|||
|
2021-04-26 05:57:29 | Minnesota University Apologizes for Contributing Malicious Code to the Linux Project (lien direct) | Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future.
"While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a |
|||
|
2021-04-26 04:03:22 | Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby (lien direct) | New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt, |
|||
|
2021-04-26 03:38:20 | How to Test and Improve Your Domain\'s Email Security? (lien direct) | No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers.
Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, |
Tool | ||
|
2021-04-26 02:50:01 | Emotet Malware Destroys Itself From All Infected Computers (lien direct) | Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware |
Ransomware Spam Malware | ||
|
2021-04-26 01:49:35 | 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails (lien direct) | A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords.
In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the |
|||
|
2021-04-24 12:18:26 | Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux (lien direct) | A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed.
The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a |
Vulnerability | ||
|
2021-04-24 01:09:49 | Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs (lien direct) | Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack.
The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers.
The breach is said to have occurred |
Malware | ||
|
2021-04-23 07:43:43 | New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It! (lien direct) | A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.
First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.
In response to the |
Ransomware | ||
|
2021-04-23 00:42:28 | Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers (lien direct) | Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.
"Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm |
Malware | ||
|
2021-04-22 22:52:36 | Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.
"The threat actor connected to the entity's network via a Pulse Secure virtual private network ( |
Malware Threat | ||
|
2021-04-22 06:18:25 | Researchers Find Additional Infrastructure Used By SolarWinds Hackers (lien direct) | The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, |
Threat | ||
|
2021-04-22 05:41:28 | Cost of Account Unlocks, and Password Resets Add Up (lien direct) | There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords.
Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the COVID-19 pandemic.
Causes of account lockouts and password resets
End-user password policies, such as |
|||
|
2021-04-22 03:00:15 | Cybercriminals Using Telegram Messenger to Control ToxicEye Malware (lien direct) | Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.
"Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity |
Malware | ||
|
2021-04-21 23:42:45 | Facebook Busts Palestinian Hackers\' Operation Spreading Mobile Spyware (lien direct) | Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware.
The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor is known as |
Threat | ||
|
2021-04-21 06:17:02 | Improve Your Cyber Security Posture by Combining State of the Art Security Tools (lien direct) | Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective.
This means that you won't be able to do the right mitigations to improve your security posture. Here are examples |
|||
|
2021-04-21 05:47:27 | Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn\'t paid (lien direct) | Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks |
Ransomware Threat | ||
|
2021-04-21 01:30:40 | Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit (lien direct) | Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.
Tracked as CVE-2021-21224, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5
According |
Vulnerability | ||
|
2021-04-20 22:17:53 | 3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances (lien direct) | SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild.
Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on |
|||
|
2021-04-20 21:41:13 | WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations (lien direct) | If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet.
At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations |
Vulnerability Threat | ||
|
2021-04-20 09:19:08 | Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store (lien direct) | Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud.
The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.
The findings were reported |
|||
|
2021-04-20 03:50:31 | [eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR (lien direct) | For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing |
Vulnerability Threat | ||
|
2021-04-20 03:41:36 | 120 Compromised Ad Servers Target Millions of Internet Users (lien direct) | An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.
Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing |
|||
|
2021-04-19 22:33:45 | Lazarus APT Hackers are now using BMP images to hide RAT malware (lien direct) | A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes |
Malware Threat Medical | APT 38 | |
|
2021-04-19 04:20:51 | Passwordless: More Mirage Than Reality (lien direct) | The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way?
That's the premise behind |
APT 15 APT 15 | ||
|
2021-04-19 03:21:26 | Malware Spreads Via Xcode Projects Now Targeting Apple\'s M1-based Macs (lien direct) | A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps.
XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload |
Malware | ||
|
2021-04-17 02:44:52 | SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence (lien direct) | A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday.
Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, |
Threat | ||
|
2021-04-17 02:13:23 | What are the different roles within cybersecurity? (lien direct) | People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do.
In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories |
|||
|
2021-04-16 01:39:52 | Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution.
All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that |
|||
|
2021-04-15 09:59:21 | US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack (lien direct) | The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR).
"Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services |
To see everything:
