What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-12 12:17:52 | (Déjà vu) Insurance firm discloses data breach (lien direct) | Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents’ online accounts using compromised login credentials. The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that […] | Data Breach | APT 32 | |
 |
2020-05-21 11:49:49 | Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia (lien direct) | Cybersecurity researchers uncovered an Iranian cyber espionage campaign conducted by Chafer APT and aimed at critical infrastructures in Kuwait and Saudi Arabia. Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer […] | Prediction | APT 39 | |
 |
2020-05-21 01:11:42 | Iranian APT Group Targets Governments in Kuwait and Saudi Arabia (lien direct) | Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal |
Threat Prediction | APT 39 | |
 |
2020-05-20 13:00:40 | Check Point and Citrix: Securing the SD-WAN Edge with Multi-layered Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms The coronavirus has challenged enterprises to quickly enable their employees to work productively from home. Enterprises are turning away from traditional WAN architectures and adopting SD-WAN to provide better support for cloud SaaS applications. SD-WAN enables users to connect through their local Internet providers instead of… | Prediction | APT 39 | |
|
2020-05-13 06:49:31 | USCYBERCOM shares five new North Korea-linked malware samples (lien direct) | The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT, it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the […] | Malware | APT 38 | |
 |
2020-05-12 18:00:00 | That Fresh Sea Breeze You Breathe May Be Laced With Microplastic (lien direct) | Researchers have discovered that the ocean is burping tiny plastic particles, which then blow onto land-and potentially into your lungs. | APT 32 | ||
 |
2020-05-12 16:30:00 | DHS, FBI & DoD Report on New North Korean Malware (lien direct) | Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea. | Malware Medical | APT 38 | |
 |
2020-05-12 11:36:58 | US govt exposes new North Korean malware, phishing attacks (lien direct) | The US government today released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA. [...] | Malware Medical | APT 38 | |
 |
2020-05-10 14:50:19 | DigitalOcean Admits Of Data Breach After Leaving Internal Document Online (lien direct) | DigitalOcean, the world's leading web hosting platform, has confirmed that it exposed customer data after it accidentally left an internal Digital Ocean document online, according to a report from The Hacker News. According to the breach notification email sent to affected customers, the data leak took place when a DigitalOcean-owned document from 2018 was unintentionally […] | Data Breach Guideline | APT 32 | |
|
2020-05-09 22:14:52 | North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT (lien direct) | North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA) […] | Malware Medical | APT 38 | |
|
2020-05-09 12:39:40 | North Korean hackers infect real 2FA app to compromise Macs (lien direct) | Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. [...] | Malware Medical | APT 38 | |
 |
2020-05-08 20:31:00 | Digital Ocean says it exposed customer data after it left an internal document online (lien direct) | Digital Ocean says no customer servers were accessed following this security lapse. | APT 32 | ||
 |
2020-05-08 15:16:23 | (Déjà vu) Comment: Lazarus Group Hides macOS Spyware In 2FA Application (lien direct) | The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor … The ISBuzz Post: This Post Comment: Lazarus Group Hides macOS Spyware In 2FA Application | Medical | APT 38 | |
|
2020-05-08 15:03:00 | DigitalOcean Data Leak Incident Exposed Some of Its Customers Data (lien direct) | DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties.
Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.
According to the breach notification |
APT 32 | ||
 |
2020-05-07 10:00:09 | Report: Chinese-linked hacking group has been infiltrating APAC governments for years (lien direct) | Newly released evidence points to the Naikon APT being at the head of a 5-year espionage campaign that has phished information from countries all around the Asia-Pacific region. | APT 30 | ||
|
2020-05-07 09:56:52 | Lazarus macOS Spyware hidden in Two-Factor Authentication Application (lien direct) | The Dacls RAT has been ported from an existing Linux version. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. […] | Medical | APT 38 | |
|
2020-05-07 02:59:30 | This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years (lien direct) | An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei-which went undetected for at least five years and is still an ongoing threat.
The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, |
APT 30 | ||
 |
2020-05-06 15:59:36 | New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app (lien direct) |
The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.
Categories:
Mac
Malware
Threat analysis
Tags: APTDaclsLazarusmacmalwarerattinkaOTP
(Read more...)
|
Medical | APT 38 | |
|
2020-05-04 15:17:37 | (Déjà vu) A week in security (April 27 – May 3) (lien direct) |
A roundup of the previous week's security news, including cloud data protection, Troldesh, VPNs, the cybercrime economy, and more.
Categories:
Malwarebytes news
Tags: AppleAPTawisbluetoothbluetooth attackBluetooth vulnerabilitiesCivicSmartcloud securitycoronaviruscovid-19hackedhospitalsJITjust in timeoceanlotuspandemic survival bookPhantomLancephishing scamransomwarerecapscadaSMBTroldesh ransomwarevpnweekly blog roundupzoomzoom phishing
(Read more...)
|
APT 32 | ||
|
2020-04-29 14:00:00 | 6 Best Board Games You Can Play With Friends Over Zoom (Video Chat) (lien direct) | Don't let the Covid-19 quarantine turn you into a hermit. Video chat with some friends and play a game together. | Cloud | APT 37 | |
|
2020-04-29 09:49:08 | Android Spyware Spread by Google Play (lien direct) | The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia - and could be the work of the OceanLotus APT. A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign […] | Threat | APT 32 | |
|
2020-04-28 16:30:00 | 5-Year-Long Cyber Espionage Campaign Hid in Google Play (lien direct) | OceanLotus targeted Android devices in the so-called PhantomLance campaign. | APT 32 | ||
 |
2020-04-28 15:19:37 | PhantomLance, une campagne APT Android visant l\'Asie du Sud-Est (lien direct) | Les chercheurs de Kaspersky ont mis au jour l'existence d'une campagne APT (menace persistante avancée) visant les utilisateurs d'appareils Android. Baptisée PhantomLance, cette campagne semble être attribuable au groupe OceanLotus. Lancée depuis au moins 2015, PhantomLance est toujours active à ce jour. Elle est construite à partir de plusieurs versions d'un logiciel espion - un programme créé pour recueillir les données des victimes - et utilise des tactiques intelligentes de distribution, notamment (...) - Malwares | APT 32 | ||
|
2020-04-23 18:29:49 | Vietnam-linked APT32 group launches COVID-19-themed attacks against China (lien direct) | The Vietnam-linked cyberespionage group tracked as APT32 carried out hacking campaigns against Chinese entities to collect intelligence on the COVID-19 crisis. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on the COVID-19 crisis. The APT32 group has been active since at least 2012, […] | APT 32 | ||
 |
2020-04-22 09:00:00 | Acteurs de menace vietnamiens APT32 ciblant le gouvernement de Wuhan et le ministère chinois de la gestion des urgences dans le dernier exemple de l'espionnage lié à Covid-19 Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage (lien direct) |
De Janvier à avril 2020, des acteurs vietnamiens présumés APT32 ont mené des campagnes d'intrusion contre les cibles chinoises qui, selon Maniant, mention, ont été conçues pour collecter des renseignements sur la crise de Covid-19.Les messages de phishing de lance ont été envoyés par l'acteur au ministère de la gestion des urgences de la Chine ainsi que par le gouvernement de la province de Wuhan, où Covid-19 a été identifié pour la première fois.Bien que le ciblage de l'Asie de l'Est soit cohérent avec les activité que nous avons précédemment signalée sur APT32 , cet incidentet d'autres intrusions publiquement signalées font partie d'une augmentation mondiale du cyber
From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China\'s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 was first identified. While targeting of East Asia is consistent with the activity we\'ve previously reported on APT32, this incident, and other publicly reported intrusions, are part of a global increase in cyber |
Threat | APT 32 APT 32 | ★★★★ |
|
2020-04-07 13:00:00 | How to Escape From a Sunken Submarine (lien direct) | First of all, you can't just open the hatch when you're trapped at the bottom of the ocean. But there is a way out-it requires physics and some audacity. | APT 32 | ||
|
2020-03-23 16:44:58 | A week in security (March 16 – 22) (lien direct) |
A roundup of the previous week's most notable security stories and events, including COVID-19-themed threats, child identity theft, and securely working from home.
Categories:
A week in security
Tags: APT36awiscovid-19emotetfake newsmoney muleMonitorMinorphishing scamromance scamshadow IoTSlackstalkerwaretrickbotweek in securityweekly blog roundupWHOWorld Health Organization
(Read more...)
|
APT 36 | ||
|
2020-03-22 12:00:00 | An Ancient Magma Flood Offers Clues About Global Warming (lien direct) | 4 million years ago, a burst of hot rock heated the planet, causing ocean acidification, massive storms, and extinctions. What can we learn from this early example? | APT 32 | ||
|
2020-03-18 10:48:32 | (Déjà vu) Crimson RAT spread via Coronavirus Phishing (lien direct) | A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and […] | Tool Threat | APT 36 | ★★ |
|
2020-03-16 15:00:00 | APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT (lien direct) |
We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.
Categories:
Threat analysis
Tags: APTAPT36coronaviruscoronavirus malwarecovid-19credential stealercrimson ratexploitexploitsinfo-stealermacromalicious macromalwarenation-state attackratremote administration toolSocial Engineeringspear phishingspear phishing attacktransparent tribe
(Read more...)
|
Threat | APT 36 | |
|
2020-03-08 10:23:46 | Security Affairs newsletter Round 254 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs 49 million unique email addresses of Straffic Marketing firm exposed online Russian spies are attempting to tap transatlantic undersea cables $1B to help telecom carriers to rip and replace Huawei and ZTE equipment Karkoff 2020: a new APT34 […] | APT 34 | ||
|
2020-03-07 13:00:00 | Dolphins Are Still Accidental Casualties of Tuna Fishing (lien direct) | A new study estimates that about 80,000 cetaceans are swept up every year by tuna-fishing nets in the Indian Ocean. | APT 32 | ||
|
2020-03-04 09:00:00 | Zero-Day Bug Allowed Attackers to Register Malicious Domains (lien direct) | A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean could have allowed attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations. [...] | Vulnerability | APT 32 | |
|
2020-03-03 18:48:42 | The North Korean Kimsuky APT threatens South Korea evolving its TTPs (lien direct) | Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […] | Threat | APT 34 APT 36 | |
|
2020-03-02 19:19:39 | Karkoff 2020: a new APT34 espionage operation involves Lebanon Government (lien direct) | Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group.Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Introduction In November 2018, researchers from Cisco Talos […] | APT 34 | ||
|
2020-03-02 17:35:17 | US Charges Two With Laundering $100M for North Korean Hackers (lien direct) | Two Chinese nationals were charged today by the US Dept of Justice and sanctioned by the US Treasury for allegedly laundering over $100 million worth of cryptocurrency out of the nearly $250 million stolen by North Korean actors known as Lazarus Group after hacking a cryptocurrency exchange in 2018. [...] | Medical | APT 38 | |
|
2020-02-25 12:00:00 | North Korea Is Recycling Mac Malware. That\'s Not the Worst Part (lien direct) | Lazarus Group hackers have long plagued the internet-using at least one tool they picked up just by looking around online. | Tool Medical | APT 38 | |
|
2020-02-21 13:48:11 | Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later (lien direct) | Exclusive: Pakistan and India to armaments. Researchers from Cybaze-Yoroi ZLab gathered intelligence on the return of Operation Transparent Tribe is back 4 years later Introduction The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. […] | APT 36 | ||
|
2020-02-21 13:00:00 | \'Environmental DNA\' Lets Scientists Probe Underwater Life (lien direct) | With the help of a new kind of drone, marine biologists can sequence DNA found in the ocean to reveal what's living in an ecosystem-and what's missing. | APT 32 | ||
|
2020-02-18 13:00:00 | The Atlantic Ocean\'s \'Conveyor Belt\' Stirs Up a Science Fight (lien direct) | Researchers are debating the best way to monitor the ocean currents that sweep through the Labrador Sea-and may foretell the planet's climate future. | APT 32 | ||
|
2020-02-14 21:07:17 | US Govt agencies detail North Korea-linked HIDDEN COBRA malware (lien direct) | The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation. The government experts released new and updated Malware Analysis Reports (MARs) […] | Malware Medical | APT 38 | |
|
2020-02-07 10:59:52 | Iran-linked APT group Charming Kitten targets journalists, political and human rights activists (lien direct) | Iran-linked APT group Charming Kitten has been targeting journalists, political and human rights activists in a new campaign. Researchers from Certfa Lab reports have spotted a new cyber espionage campaign carried out by Iran-linked APT group Charming Kitten that has been targeting journalists, political and human rights activists. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the […] | Conference | APT 35 | |
|
2020-02-05 12:57:16 | (Déjà vu) Charming Kitten Hackers Impersonate Journalist in Phishing Attacks (lien direct) | A hacker group linked with the Iranian government attempted to steal email login information from their targets through fake interview requests and impersonating a New York Times journalist. [...] | APT 35 | ||
|
2020-01-31 07:53:00 | Iran-linked APT34 group is targeting US federal workers (lien direct) | Iran-linked APT34 group has targeted a U.S.-based research company that provides services to businesses and government organizations. Security experts from Intezer observed targeted attacks on a US-based research company that provides services to businesses and government organizations. “Our researchers Paul Litvak and Michael Kajilolti have discovered a new campaign conducted by APT34 employing an updated toolset. Based […] | APT 34 | ||
 |
2020-01-16 11:11:35 | Lazarus renforce les capacités de son attaque AppleJeus contre les cryptomonnaies (lien direct) |  En 2018 l'équipe GReAT (Global Research & Analysis Team) de Kaspersky publiait les résultats de son enquête sur AppleJeus, une opération visant à dérober des cryptomonnaies et menée par le prolifique groupe malveillant Lazarus. |
APT 38 | ||
|
2020-01-10 13:00:00 | Gadget Lab Podcast: Wrapping Up CES 2020 (lien direct) | The hosts look back at a show filled with fake-meat sliders, AI everything, and an ocean of electric scooters. | APT 32 | ||
|
2020-01-10 06:23:08 | North Korea-linked Lazarus APT continues to target cryptocurrency exchanges (lien direct) | In the last 18 months, North Korea-linked Lazarus APT group has continued to target cryptocurrency exchanges evolving its TTPs. Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges. In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency […] | APT 38 | ||
|
2020-01-09 18:59:03 | Iranian Hackers Have Been \'Password-Spraying\' the US Grid (lien direct) | A state-sponsored group called Magnallium has been probing American electric utilities for the past year. | APT 33 | ||
|
2020-01-03 10:40:14 | Microsoft helps shutter domains run by North Korean cybergang Thallium (lien direct) | A U.S. district court issued an order enabling Microsoft to take over 50 domains used by a North Korea-based cybercrime gang to conduct spear phishing campaigns. Microsoft's Digital Crimes Unit and the Microsoft Threat Intelligence Center took down the domains controlled by a group it named Thallium after researching the malicious actors activity and filing […] | Threat Cloud | APT 37 | |
 |
2019-12-31 02:39:43 | Microsoft élimine 50 noms de domaine exploités par de redoutables hackers nord-coréens (lien direct) | Le groupe Thallium s'en servait pour infiltrer des institutions américaines, japonaises et sud-coréennes. Pour y parvenir, Microsoft a reçu une ordonnance des autorités américaines.  |
Cloud | APT 37 |
To see everything:
Our RSS (filtrered)
