What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-09 17:43:03 | FlyTrap malware hijacks thousands of Facebook accounts (lien direct) | A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. [...] | Malware Threat | ||
|
2021-08-07 12:53:34 | Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now (lien direct) | Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. [...] | Threat | ||
|
2021-08-07 10:10:05 | Actively exploited bug bypasses authentication on millions of routers (lien direct) | Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...] | Vulnerability Threat | ||
|
2021-08-06 17:16:56 | The Week in Ransomware - August 6th 2021 - Insider threat edition (lien direct) | If there is one thing we learned this week, it's that not only are corporations vulnerable to insider threats but so are ransomware operations. [...] | Ransomware Threat | ||
|
2021-08-06 12:09:58 | Computer hardware giant GIGABYTE hit by RansomEXX ransomware (lien direct) | Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid. [...] | Ransomware Threat | ||
|
2021-07-30 19:43:44 | The Week in Ransomware - July 30th 2021 - €1 billion saved (lien direct) | Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...] | Ransomware Threat | ||
|
2021-07-23 16:54:03 | New PetitPotam attack allows take over of Windows domains (lien direct) | A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [...] | Threat | ||
|
2021-07-23 11:27:27 | Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows (lien direct) | Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters. [...] | Threat | Uber | |
|
2021-07-20 07:27:09 | FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics (lien direct) | The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [...] | Threat | ||
|
2021-07-18 16:02:20 | New Windows print spooler zero day exploitable via remote print servers (lien direct) | Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...] | Vulnerability Threat | ||
|
2021-07-17 11:44:22 | HelloKitty ransomware is targeting vulnerable SonicWall devices (lien direct) | CISA is warning of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware. [...] | Ransomware Threat | ||
|
2021-07-15 14:57:54 | (Déjà vu) Windows print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-15 14:57:54 | Microsoft\'s print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-14 08:33:00 | Chinese cyberspies\' wide-scale APT campaign hits Asian govt entities (lien direct) | Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. [...] | Threat | ||
|
2021-07-14 03:32:00 | Trickbot updates its VNC module for high-value targets (lien direct) | The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. [...] | Ransomware Malware Threat | ||
|
2021-07-13 15:32:23 | Microsoft fixes Windows Hello authentication bypass vulnerability (lien direct) | Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. [...] | Vulnerability Threat | ||
|
2021-07-12 10:17:12 | SolarWinds patches critical Serv-U vulnerability exploited in the wild (lien direct) | SolarWinds is urging customers to patch a remote code execution vulnerability that was exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. [...] | Vulnerability Threat | ||
|
2021-07-09 14:04:20 | FBI warns cryptocurrency owners, exchanges of ongoing attacks (lien direct) | The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. [...] | Threat Guideline | ||
|
2021-07-07 08:50:19 | Fake Kaseya VSA security update backdoors networks with Cobalt Strike (lien direct) | Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. [...] | Ransomware Spam Threat | ||
|
2021-07-02 02:56:48 | Microsoft shares mitigations for Windows PrintNightmare zero-day bug (lien direct) | Microsoft says in a newly released security advisory that the Windows Print Spooler zero-day vulnerability known as PrintNightmare has already been exploited in the wild by threat actors. [...] | Vulnerability Threat | ||
|
2021-06-30 19:01:14 | Leaked Babuk Locker ransomware builder used in new attacks (lien direct) | A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. [...] | Ransomware Tool Threat | ||
|
2021-06-29 17:28:58 | Hackers use zero-day to mass-wipe My Book Live devices (lien direct) | A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. [...] | Vulnerability Threat Guideline | ★★★★ | |
|
2021-06-29 12:23:47 | DoubleVPN servers, logs, and account info seized by law enforcement (lien direct) | Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. [...] | Threat | ||
|
2021-06-24 08:00:00 | Phishing attack\'s unusual file attachment is a double-edged sword (lien direct) | A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them. [...] | Threat | ||
|
2021-06-19 13:59:31 | (Déjà vu) South Korea\'s Nuclear Research agency hacked using VPN flaw (lien direct) | South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] | Threat | ||
|
2021-06-19 13:59:31 | South Korea\'s Nuclear Research agency breached using VPN flaw (lien direct) | South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] | Threat | ||
|
2021-06-18 12:48:23 | Fake DarkSide gang targets energy, food industry in extortion emails (lien direct) | Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. [...] | Ransomware Threat | ||
|
2021-06-17 17:47:15 | (Déjà vu) Eggfree Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-17 17:47:15 | Egg free Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-16 00:19:02 | Peloton Bike+ vulnerability allowed complete takeover of devices (lien direct) | A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. [...] | Vulnerability Threat | ||
|
2021-06-15 17:53:16 | Avaddon ransomware\'s exit sheds light on victim landscape (lien direct) | A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation. [...] | Ransomware Threat | ||
|
2021-06-08 14:20:52 | Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days (lien direct) | Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. [...] | Threat | ||
|
2021-06-04 14:51:32 | Phishing uses Colonial Pipeline ransomware lures to infect victims (lien direct) | The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files. [...] | Ransomware Threat | ||
|
2021-06-04 14:23:21 | (Déjà vu) Attackers are scanning for vulnerable VMware servers, patch now! (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-04 14:23:21 | Attackers scan for unpatched VMware vCenter servers, PoC exploit available (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-03 11:55:34 | Chinese threat actors hacked NYC MTA using Pulse Secure zero-day (lien direct) | Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. [...] | Threat | ||
|
2021-06-01 15:33:46 | US: Russian threat actors likely behind JBS ransomware attack (lien direct) | The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. [...] | Ransomware Threat | ★★★ | |
|
2021-06-01 13:25:36 | Critical WordPress plugin zero-day under active exploitation (lien direct) | Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware. [...] | Threat | ★★★ | |
|
2021-05-29 11:33:44 | New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers (lien direct) | A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. [...] | Ransomware Threat | ||
|
2021-05-28 13:14:20 | Mexico walls off national lottery sites after ransomware DDoS threat (lien direct) | Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. [...] | Ransomware Threat | ||
|
2021-05-28 12:12:21 | Chinese cyberspies are targeting US, EU orgs with new malware (lien direct) | Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. [...] | Malware Threat | ||
|
2021-05-28 08:08:16 | Microsoft: SolarWinds hackers target govt agencies from 24 countries (lien direct) | The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-based SolarWinds hackers are behind an ongoing phishing campaign targeting government agencies worldwide. [...] | Threat | ||
|
2021-05-27 13:37:01 | (Déjà vu) New BazaFlix attack pushes BazarLoader malware via fake movie site (lien direct) | Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] | Malware Threat | ||
|
2021-05-27 13:37:01 | New BazaFlix phishing delivers BazarLoader malware via call center (lien direct) | Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] | Malware Threat | ||
|
2021-05-25 14:37:16 | Domino\'s India discloses data breach after hackers sell data online (lien direct) | Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] | Data Breach Threat | ||
|
2021-05-24 10:02:03 | North Korean hackers behind CryptoCore multi-million dollar heists (lien direct) | Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. [...] | Threat | APT 38 | |
|
2021-05-19 08:57:01 | Hackers scan for vulnerable devices minutes after bug disclosure (lien direct) | Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. [...] | Threat | ||
|
2021-05-17 20:57:51 | Student health insurance carrier Guard.me suffers a data breach (lien direct) | Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] | Data Breach Vulnerability Threat | ||
|
2021-05-17 15:01:35 | FBI spots spear-phishing posing as Truist Bank bank to deliver malware (lien direct) | Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. [...] | Malware Threat | ||
|
2021-05-14 10:37:45 | (Déjà vu) DarkSide ransomware servers reportedly seized, operation shuts down (lien direct) | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] | Ransomware Threat |
To see everything:
