What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-05 16:00:00 | North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (lien direct) | The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," | Malware Threat Medical | APT 38 | ★★★ |
|
2022-12-05 13:10:00 | Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (lien direct) | The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. " | Vulnerability Vulnerability | ★★★ | |
|
2022-12-02 23:41:00 | Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability (lien direct) | Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion | Vulnerability Threat | ★★★ | |
|
2022-12-02 08:56:00 | Hackers Sign Android Malware Apps with Compromised Platform Certificates (lien direct) | Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the | Malware | ★★ | |
|
2022-12-02 08:32:00 | CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server | Industrial | ★★ | |
|
2022-12-02 08:00:00 | The Value of Old Systems (lien direct) | Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went | ★★ | ||
|
2022-12-02 06:29:00 | Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL (lien direct) | IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a | Vulnerability | ★★ | |
|
2022-12-02 06:09:00 | Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers (lien direct) | A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua. | Malware Vulnerability | ★★ | |
|
2022-12-02 05:35:00 | What the CISA Reporting Rule Means for Your IT Security Protocol (lien direct) | The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and | ★★ | ||
|
2022-12-02 02:48:00 | Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely (lien direct) | Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website. | ★★ | ||
|
2022-12-02 01:04:00 | Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities (lien direct) | The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of... | Ransomware Threat | ★★ | |
|
2022-12-01 20:02:00 | Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days (lien direct) | A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to | ★★★ | ||
|
2022-12-01 18:47:00 | Hackers Leak Another Set of Medibank Customer Data on the Dark Web (lien direct) | Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said. "While our investigation continues there | Threat | ★★★ | |
|
2022-12-01 17:14:00 | Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework (lien direct) | A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by | Vulnerability | ★★★ | |
|
2022-12-01 16:43:00 | What Developers Need to Fight the Battle Against Common Vulnerabilities (lien direct) | Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best | Threat | ★★★ | |
|
2022-12-01 15:37:00 | Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users (lien direct) | More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them. The apps, which were available for download from the official Google Play Store, have now been | Malware Threat | ★★ | |
|
2022-12-01 15:18:00 | Researchers \'Accidentally\' Crash KmsdBot Cryptocurrency Mining Botnet Network (lien direct) | An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of | ★★★★ | ||
|
2022-12-01 15:05:00 | LastPass Suffers Another Security Breach; Exposed Some Customers Information (lien direct) | Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass | LastPass | ★★ | |
|
2022-12-01 00:00:00 | North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets (lien direct) | The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing | Threat Cloud | APT 37 | ★★ |
|
2022-11-30 19:14:00 | Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection (lien direct) | New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for | Malware Vulnerability | ★★★ | |
|
2022-11-30 17:45:00 | This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms (lien direct) | A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service. | ★★★ | ||
|
2022-11-30 17:27:00 | French Electricity Provider Fined for Storing Users\' Passwords with Weak MD5 Algorithm (lien direct) | The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 | ★★★★ | ||
|
2022-11-30 15:11:58 | (Déjà vu) 3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS (lien direct) | Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an | Guideline | ★★★ | |
|
2022-11-30 15:03:00 | Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches (lien direct) | The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, | ★★ | ||
|
2022-11-30 12:51:00 | 3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies (lien direct) | Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an | Guideline | ★★★★ | |
|
2022-11-30 11:51:00 | Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines (lien direct) | A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September | Threat | ★★★ | |
|
2022-11-29 22:09:00 | New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection (lien direct) | Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as | Vulnerability | ★★★ | |
|
2022-11-29 17:29:00 | Hackers Using Trending TikTok \'Invisible Challenge\' to Spread Malware (lien direct) | Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter called Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a | Malware Threat | ★★★★ | |
|
2022-11-29 17:00:00 | 7 Cyber Security Tips for SMBs (lien direct) | When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort? Unfortunately, when it comes to cyber security, size doesn't matter. Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple | Guideline | ★★★ | |
|
2022-11-29 13:55:00 | Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users\' Data (lien direct) | Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated | Legislation | ★★★★ | |
|
2022-11-29 09:50:00 | CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. | Vulnerability | ★★★ | |
|
2022-11-28 17:26:00 | Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services (lien direct) | Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported | Vulnerability | ★★★ | |
|
2022-11-28 17:15:00 | The 5 Cornerstones for an Effective Cyber Security Awareness Training (lien direct) | It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information. The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including: | ★★★ | ||
|
2022-11-28 15:37:00 | Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks (lien direct) | Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including | ★★★★ | ||
|
2022-11-28 10:55:00 | Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages (lien direct) | Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for | ★★★ | ||
|
2022-11-26 17:19:00 | All You Need to Know About Emotet in 2022 (lien direct) | For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. | Malware | ★★★ | |
|
2022-11-26 10:22:00 | U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk (lien direct) | The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. "The FCC is committed to protecting our national | ★★★★ | ||
|
2022-11-26 09:58:00 | Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations (lien direct) | Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is | Ransomware Malware | ★★ | |
|
2022-11-25 18:42:00 | (Déjà vu) Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be | Vulnerability Threat | ||
|
2022-11-25 16:45:00 | Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions (lien direct) | An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in | ★★★ | ||
|
2022-11-25 11:36:00 | U.K. Police Arrest 142 in Global Crackdown on \'iSpoof\' Phone Spoofing Service (lien direct) | A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to "impersonate trusted corporations or contacts to access sensitive information from victims," Europol said in a press statement. Worldwide losses exceeded €115 million ($ | ★★★ | ||
|
2022-11-25 10:28:00 | Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation (lien direct) | Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives | Legislation | ★★ | |
|
2022-11-24 18:55:00 | New RansomExx Ransomware Variant Rewritten in the Rust Programming Language (lien direct) | The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will | Ransomware Threat | ||
|
2022-11-24 16:47:00 | Millions of Android Devices Still Don\'t Have Patches for Mali GPU Flaws (lien direct) | A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, | ★★★ | ||
|
2022-11-24 16:33:00 | Boost Your Security with Europe\'s Leading Bug Bounty Platform (lien direct) | As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling businesses to protect themselves against every emerging cybersecurity threat. Join the likes of Intel, | Guideline | ★★★ | |
|
2022-11-24 16:25:00 | Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps (lien direct) | The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new | Bahamut | ★★★ | |
|
2022-11-24 11:49:00 | This Android File Manager App Infected Thousands of Devices with Sharkbot Malware (lien direct) | The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards | Malware | ||
|
2022-11-24 11:36:00 | Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware (lien direct) | Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and | Ransomware Malware Guideline | ||
|
2022-11-23 18:38:00 | 34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware (lien direct) | As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting | Malware | ★★★★ | |
|
2022-11-23 18:09:00 | Ducktail Malware Operation Evolves with New Malicious Capabilities (lien direct) | The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem | Malware | ★★★★ |
To see everything:
Our RSS (filtrered)
