What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Malware Threat | ★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Malware Threat | ★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Malware Threat | ★★★ | |
|
2023-03-09 17:55:00 | Does Your Help Desk Know Who\'s Calling? (lien direct) | Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take | Threat | ★★★ | |
|
2023-03-09 17:50:00 | Iranian Hackers Target Women Involved in Human Rights and Middle East Politics (lien direct) | Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The cybersecurity | Threat | ★★★ | |
|
2023-03-09 10:53:00 | New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access (lien direct) | Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in | Vulnerability Threat | ★★★ | |
|
2023-03-08 13:27:00 | Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments (lien direct) | High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the " | Threat | ★★★ | |
|
2023-03-07 19:28:00 | SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms (lien direct) | Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure | Threat | ★★★★★ | |
|
2023-03-07 17:09:00 | Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (lien direct) | A suspected Pakistan-aligned advanced persistent threat (APT) group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET said in a report | Threat | APT 36 | ★★ |
|
2023-03-06 19:34:00 | From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (lien direct) | Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement | Threat | ★★★ | |
|
2023-03-03 15:48:00 | New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices (lien direct) | A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the | Threat Guideline | ★★★ | |
|
2023-03-03 12:12:00 | U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware\'s Deadly Capabilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said. The custom ransomware | Ransomware Threat | ★★ | |
|
2023-03-02 16:51:00 | Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI (lien direct) | A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an | Malware Threat Guideline | ★★ | |
|
2023-03-02 13:33:00 | SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics (lien direct) | The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said | Malware Threat Prediction | APT 27 | ★★ |
|
2023-03-01 19:32:00 | Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware (lien direct) | Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization ( | Malware Threat | ★★ | |
|
2023-03-01 17:02:00 | BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11 (lien direct) | A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI | Malware Threat | ★★★★ | |
|
2023-02-28 16:03:00 | APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia (lien direct) | The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, law | Threat | APT-C-36 | ★★★ |
|
2023-02-28 12:12:00 | CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive | Vulnerability Threat | ★★★ | |
|
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
|
2023-02-27 15:52:00 | (Déjà vu) PureCrypter Malware Targets Government Entities in Asia-Pacific and North America (lien direct) | Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security researcher | Malware Threat | ★★ | |
|
2023-02-24 18:52:00 | How to Use AI in Cybersecurity and Avoid Being Trapped (lien direct) | The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity infrastructure | Vulnerability Threat | ★★★ | |
|
2023-02-23 22:19:00 | Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware (lien direct) | Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed as Final Cut Pro, a video editing software from Apple, which contained an unauthorized modification. "This malware makes use of the Invisible Internet Project (i2p) [...] to download | Malware Threat | ★ | |
|
2023-02-23 20:32:00 | Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products (lien direct) | Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as 24 different products, including Access | Vulnerability Threat | ★★ | |
|
2023-02-23 17:37:00 | New Hacking Cluster \'Clasiopa\' Targeting Materials Research Organizations in Asia (lien direct) | Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India. This includes references to " | Threat | ★★ | |
|
2023-02-22 16:29:00 | Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia (lien direct) | Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News. There is no | Threat Medical | ★★ | |
|
2023-02-22 12:48:00 | Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks (lien direct) | An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. "While C2 frameworks are prolific, the | Threat | ★★★★ | |
|
2023-02-21 16:05:00 | Researchers Discover Dozens Samples of Information Stealer \'Stealc\' in the Wild (lien direct) | A new information stealer called Stealc that's being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. "The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers," SEKOIA said in a Monday report. The French cybersecurity company said it discovered more than 40 | Malware Threat | ★★★ | |
|
2023-02-21 11:25:00 | Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies (lien direct) | A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with another actor called Transparent Tribe. It is so named for mimicking the infection chains associated | Threat | APT 36 | ★★★ |
|
2023-02-20 16:32:00 | How to Detect New Threats via Suspicious Activities (lien direct) | Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently. Challenges of new threats' | Malware Threat | ★★★ | |
|
2023-02-20 16:24:00 | Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine (lien direct) | Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group (TAG) and Mandiant disclosed in a new joint report. The targeting, which coincided and has since persisted following the country's military invasion of Ukraine in February 2022, focused heavily on the Ukrainian government and military entities, alongside critical | Threat | ★★ | |
|
2023-02-20 15:41:00 | North Korean Cyber Espionage Group Deploys WhiskerSpy Backdoor in Latest Attacks (lien direct) | The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed the use of watering holes | Malware Threat | ★★ | |
|
2023-02-18 14:51:00 | GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (lien direct) | Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. The company attributed the campaign to a "sophisticated and organized group targeting hosting services." GoDaddy said in December 2022, it received an unspecified number of customer complaints about | Malware Threat | ★★★★ | |
|
2023-02-17 14:55:00 | New Mirai Botnet Variant \'V3G4\' Exploiting 13 Flaws to Target Linux and IoT Devices (lien direct) | A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor. "Once the vulnerable devices are compromised, they | Threat | ★★★ | |
|
2023-02-16 16:29:00 | New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East (lien direct) | Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected espionage-related campaign. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former's work-in-progress moniker WIP26. "WIP26 relies heavily on public cloud infrastructure in an attempt to evade detection by making | Threat | ★★ | |
|
2023-02-15 20:29:00 | North Korea\'s APT37 Targeting Southern Counterpart with New M2RAT Malware (lien direct) | The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and | Malware Threat Cloud | APT 38 APT 37 | ★★ |
|
2023-02-15 19:03:00 | Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware (lien direct) | A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389." The attacks, per the cybersecurity company, | Ransomware Malware Threat | ★★★ | |
|
2023-02-14 22:21:00 | Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected (lien direct) | The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin said in a report | Malware Threat | ★★ | |
|
2023-02-14 15:42:00 | A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (lien direct) | One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as | Ransomware Threat | ★★★ | |
|
2023-02-13 21:01:00 | Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players\' Systems (lien direct) | An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021. "Since V8 | Threat | ★★ | |
|
2023-02-13 15:29:00 | Honeypot-Factory: The Use of Deception in ICS/OT Environments (lien direct) | There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically | Threat Industrial | ★★ | |
|
2023-02-13 13:28:00 | Chinese Tonto Team Hackers\' Second Attempt to Target Cybersecurity Firm Group-IB Fails (lien direct) | The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto Team, | Threat | ★★ | |
|
2023-02-13 13:14:00 | Hackers Targeting U.S. and German Firms Monitor Victims\' Desktops with Screenshotter (lien direct) | A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks at | Malware Threat | ★★★ | |
|
2023-02-11 19:06:00 | New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool (lien direct) | After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB | Ransomware Tool Threat | ★★ | |
|
2023-02-11 16:41:00 | Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (lien direct) | Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar | Malware Threat Prediction | ★★ | |
|
2023-02-10 09:58:00 | Reddit Suffers Security Breach Exposing Internal Documents and Source Code (lien direct) | Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees. The attack | Threat | ★★★★ | |
|
2023-02-09 19:39:00 | Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices (lien direct) | A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli | Threat Industrial | ★★★★ | |
|
2023-02-09 16:36:00 | NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (lien direct) | A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said. PIMEC, short for | Threat | ★★ | |
|
2023-02-09 16:08:00 | Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (lien direct) | The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. "The threat actor | Malware Threat | ★★★ | |
|
2023-02-08 16:31:00 | Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (lien direct) | A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide | Malware Threat | ★★ | |
|
2023-02-08 11:46:00 | CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency describing the activity as likely motivated by espionage given the toolset employed. The | Threat | ★★ |
To see everything:
Our RSS (filtrered)
