What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-30 16:01:41 | Google Docs bug could have allowed hackers to hijack screenshots (lien direct) | Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by […] | Tool | ||
|
2020-12-30 06:53:44 | US Treasury warns of ransomware attacks on COVID-19 vaccine research (lien direct) | The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a noticed to warn financial institutions of ransomware attacks aimed at COVID-19 vaccine research organizations. “The Financial Crimes Enforcement Network (FinCEN) is issuing this Notice to alert […] | Ransomware | ||
|
2020-12-29 21:55:38 | SolarWinds hackers aimed at access to victims\' cloud assets (lien direct) | Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst/Solorigate backdoor. “With […] | Threat Mobile | Solardwinds | |
|
2020-12-29 16:31:02 | Japanese Kawasaki Heavy Industries discloses security breach (lien direct) | Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company server from multiple overseas offices. Information from its overseas offices might have been stolen as a result of a security breach that […] | |||
|
2020-12-29 11:31:47 | (Déjà vu) CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365 (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments. The tool was developed to […] | Tool | ||
|
2020-12-28 23:35:07 | Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile (lien direct) | Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Threat intelligence analyst @Bank_Security first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile. Ho mobile is an […] | Threat | ||
|
2020-12-28 22:14:51 | Finland confirms that hackers breached MPs\' emails accounts (lien direct) | The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs). “Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament technical surveillance. Some parliament e-mail accounts may have been compromised as a result of the attack, […] | Threat | ||
|
2020-12-28 19:09:00 | Nefilim ransomware operators leak data stolen from Whirlpool (lien direct) | The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom. The leak comes after failed […] | Ransomware | ||
|
2020-12-28 09:29:25 | E-commerce app 21 Buttons exposes millions of users\' data (lien direct) | Researchers discovered that the popular e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. Researchers from cybersecurity firm vpnMentor discovered that the e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. 21 Buttons allows users to shares photos of their outfits with links to the brands they're […] | |||
|
2020-12-27 16:06:09 | Vermont Hospital confirmed the ransomware attack (lien direct) | The Burlington-based University of Vermont Health Network has finally admitted that ransomware was behind the October attack. In October, threat actors hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The cyber attack took place on October 28 and disrupted services at the UVM Medical Center and affiliated facilities. A […] | Ransomware Threat | ||
|
2020-12-27 14:24:33 | Security Affairs newsletter Round 294 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A massive fraud operation used mobile device emulators to steal millions from online bank accounts SolarWinds hackers also breached the US NNSA nuclear agency Clop ransomware gang paralyzed flavor and […] | Ransomware | ||
|
2020-12-27 11:08:10 | (Déjà vu) HackerOne announces first bug hunter to earn more than $2M in bug bounties (lien direct) | White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty program HackerOne. Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. HackerOne announced that the bug bounty hunter Cosmin Iordache (@inhibitor181) […] | Vulnerability | ||
|
2020-12-27 09:37:20 | (Déjà vu) SolarWinds releases updated advisory for SUPERNOVA backdoor (lien direct) | SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. SolarWinds has released an updated advisory for the SuperNova backdoor that was discovered while investigating the recent SolarWinds Orion supply-chain attack. The SuperNova backdoor was likely used by a separate threat actor. After the initial disclosure of the […] | Malware Threat | ||
|
2020-12-26 19:09:41 | GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus (lien direct) | GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber security test […] | |||
|
2020-12-26 14:27:33 | The Emotet botnet is back and hits 100K recipients per day (lien direct) | Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. The recent Emotet campaign uses updated payloads and is targeting over 100,000 […] | Spam | ||
|
2020-12-26 12:12:40 | REvil gang threatens to release intimate pictures of celebs who are customers of The Hospital Group (lien direct) | REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital Group has 11 clinics and has a celebrity clientele, but it made the headlines because the REvil ransomware gang, aka Sodinokibi, claims to have hacked its systems and threatens to release before-and-after pictures of celebrity […] | Ransomware | ||
|
2020-12-25 23:53:44 | CrowdStrike releases free Azure tool to review assigned privileges (lien direct) | CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike that threat actors attempted to read CrowdStrike’s emails by using a compromised Microsoft Azure reseller’s account. “Specifically, they […] | Tool Threat | ||
|
2020-12-25 18:45:15 | (Déjà vu) North Korea-linked Lazarus APT targets the COVID-19 research (lien direct) | The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […] | Malware | APT 38 APT 28 | |
|
2020-12-25 14:21:56 | The Russian cryptocurrency exchange Livecoin hacked on Christmas Eve (lien direct) | Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its servers. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services. “Dear clients, we ask you to stop using our service in […] | |||
|
2020-12-25 01:45:22 | DDoS amplify attack targets Citrix Application Delivery Controllers (ADC) (lien direct) | Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram […] | Threat | ||
|
2020-12-24 19:15:27 | Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye (lien direct) | Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. As a result […] | |||
|
2020-12-24 13:08:03 | Google reported that Microsoft failed to fix a Windows zero-day flaw (lien direct) | Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat […] | Vulnerability Threat | ||
|
2020-12-23 14:11:57 | Cellebrite claims to be able to access Signal messages (lien direct) | Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages. […] | |||
|
2020-12-23 06:46:45 | Research: nearly all of your messaging apps are secure (lien direct) | CyberNews Investigation team analyzed the 13 most popular messaging apps to see if the apps are really safe. Source: https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/ In recent research, the CyberNews Investigation team discovered that a chat service, most likely based in China, had leaked more than 130,000 extremely NSFW images, video and audio recordings of their users. While this messaging […] | |||
|
2020-12-22 21:52:57 | Researchers shared the lists of victims of SolarWinds hack (lien direct) | Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that […] | Hack Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-22 15:15:02 | Bulletproof VPN services took down in a global police operation (lien direct) | A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. A joint operation conducted by law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands resulted in the seizure of the infrastructure used by three VPN bulletproof services. VPN bulletproof services are […] | |||
|
2020-12-22 07:30:38 | VMware and Cisco also impacted by the SolarWinds hack (lien direct) | The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack. A recent advisory published by the NSA is warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from […] | Hack | ||
|
2020-12-21 21:57:13 | (Déjà vu) Dell Wyse ThinOS flaws allow hacking think clients (lien direct) | Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files. In computer […] | |||
|
2020-12-21 18:26:13 | SUPERNOVA, a backdoor found while investigating SolarWinds hack (lien direct) | While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […] | Hack Threat | ||
|
2020-12-21 11:05:23 | Zero-day exploit used to hack iPhones of Al Jazeera employees (lien direct) | Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an […] | Hack Vulnerability | ||
|
2020-12-21 08:25:41 | Clop ransomware gang paralyzed flavor and fragrance producer Symrise (lien direct) | Flavor and fragrance producer Symrise is the last victim of the Clop ransomware gang that claims to have stolen 500 GB of unencrypted files. Symrise AG, a major producer of flavours and fragrances, was hit by Clop ransomware operators. The threat actors claim to have stolen 500 GB of unencrypted files. The attack was reported […] | Ransomware Threat | ||
|
2020-12-20 22:46:20 | A massive fraud operation used mobile device emulators to steal millions from online bank accounts (lien direct) | Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. Researchers from IBM Trusteer have uncovered a massive fraud operation that leveraged a network of mobile device emulators to steal millions of dollars from online bank accounts in a few days. The […] | |||
|
2020-12-20 18:19:23 | SolarWinds hackers also breached the US NNSA nuclear agency (lien direct) | US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised the networks of the US National Nuclear Security Administration (NNSA) agency. “The Department of Energy […] | Threat | ||
|
2020-12-20 10:54:15 | COVID-19 themed attacks December 6 – December 19, 2020 (lien direct) | This post includes the details of the COVID-19 themed attacks launched from December 6 – December 19, 2020. December 6 – Drug dealers are selling Pfizer COVID-19 vaccines on the darkweb While the United Kingdom announced the distribution of the COVID19 vaccine to the population drug dealers is selling 'Pfizer COVID Vaccines.' December 10 – […] | |||
|
2020-12-19 23:25:40 | NATO is checking its systems to determine the impact of SolarWinds hack (lien direct) | NATO announced it is assessing its systems after the SolarWinds supply chain attack that impacted multiple US government agencies. NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected with a backdoor. “At this time, no evidence of compromise has been found on any NATO networks. […] | Hack | ||
|
2020-12-19 13:53:36 | (Déjà vu) NSA warns of cloud attacks on authentication mechanisms (lien direct) | The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate […] | Threat | ||
|
2020-12-19 09:12:22 | FBI and Interpol shut down some servers of Joker\'s Stash carding marketplace (lien direct) | Joker’s Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker’s Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted by the FBI and the Interpol. The Joker’s Stash carding platform has been active since October […] | |||
|
2020-12-18 20:52:55 | Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb (lien direct) | Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the […] | |||
|
2020-12-18 12:26:17 | All-source intelligence: reshaping an old tool for future challenges (lien direct) | An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source intelligence discipline could serve the purpose. Today's society hinges on technologies and they will have most likely an ever-increasing clout in […] | Tool | ★★★★ | |
|
2020-12-18 10:50:22 | (Déjà vu) Microsoft confirms breach in SolarWinds hack, but denies its clients were affected (lien direct) | Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its […] | |||
|
2020-12-18 08:20:42 | (Déjà vu) Fake mobile version of Cyberpunk 2077 spreads ransomware (lien direct) | A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077. Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that is delivering the CoderWare ransomware. Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it […] | Ransomware Threat | ||
|
2020-12-17 20:44:29 | 5 million WordPress sites potentially impacted by a Contact Form 7 flaw (lien direct) | The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability. The WordPress plugin allows users to add multiple contact forms on their site. “By exploiting this vulnerability, attackers could simply upload files of […] | Vulnerability | ||
|
2020-12-17 17:21:20 | (Déjà vu) DoppelPaymer ransomware gang now cold-calling victims, FBI warns (lien direct) | FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. FBI is warning of a new escalation in the extortion activities of the DoppelPaymer ransomware gang, the operators have been calling victims, threatening to send individuals to their homes if they don’t pay the ransom. According […] | Ransomware | ||
|
2020-12-17 13:17:15 | Experts spotted browser malicious extensions for Instagram, Facebook and others (lien direct) | Avast researchers reported that three million users installed 28 malicious Chrome or Edge extensions that could perform several malicious operations. Avast Threat Intelligence researchers spotted malicious Chrome and Edge browser extensions that were installed by over 3 million users. The extensions were designed to steal user’s data (i.e. birth dates, email addresses, and active devices) and […] | Threat | ||
|
2020-12-17 10:16:47 | Launched OSSISNa, the Observatory for the Protection of the National Strategic Industrial System (lien direct) | On 11th December 2020, the Observatory for the Protection of the National Strategic Industrial System (OSSISNa) was officially announced. On 11th December 2020, during the international scientific conference on CBRNe events “SICC 2020”, the Observatory for the Protection of the National Strategic Industrial System (OSSISNa) was officially presented. OSSISNa is a project created within the […] | |||
|
2020-12-17 09:27:17 | Digging the recently leaked Chinese Communist Party database (lien direct) | KELA researchers analyzed a database recently leaked online that contains data for 1.9 million Chinese Communist Party members in Shanghai. After the announcement of the leak of the database which contains the personal information of 1.9 million Chinese Communist Party (CCP) members in Shanghai, KELA researchers have obtained it. This database includes the members' name, […] | |||
|
2020-12-17 00:31:32 | FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor (lien direct) | Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had used a trojanized […] | Mobile | Solardwinds | ★★★ |
|
2020-12-16 21:32:27 | (Déjà vu) HPE discloses critical zero-day in Systems Insight Manager (lien direct) | HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux. HPE SIM is a […] | Vulnerability | ||
|
2020-12-16 15:29:26 | EU Digital Services and Digital Markets Acts aim at setting new rules for tech giants (lien direct) | The European Union is going to unveil two laws, the Digital Services and Digital Markets Acts, that will impose new rules for tech giants. The European Union is set to unveil two laws, the Digital Services and Digital Markets Acts, that aim at defining new rules for the digital market, especially for the operations of […] | |||
|
2020-12-16 13:37:06 | Sextortion campaign uses Goontact spyware to target Android and iOS users (lien direct) | Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. Goontact implement common spyware features, including the ability to gather data from the infected devices and […] | Malware |
To see everything:
Our RSS (filtrered)
