What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-08 00:22:37 | Medusa Android Banking Trojan Spreading Through Flubot\'s Attacks Network (lien direct) | Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of "app names, package names, and similar icons," the Dutch mobile | |||
|
2022-02-07 23:45:20 | How Attack Surface Management Preempts Cyberattacks (lien direct) | The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen results of this expanded and attack surface with fragmented monitoring | |||
|
2022-02-07 20:38:37 | Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks (lien direct) | Microsoft on Monday said it's taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, | Malware | ||
|
2022-02-07 19:37:09 | Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse (lien direct) | Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows | Malware Vulnerability Threat | ||
|
2022-02-07 05:34:15 | New CapraRAT Android Malware Targets Indian Government and Military Personnel (lien direct) | A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth | Malware Threat | ||
|
2022-02-07 01:46:01 | Hackers Backdoored Systems at China\'s National Games Just Before Competition (lien direct) | Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web shells for remote access and achieve | |||
|
2022-02-07 01:20:20 | IoT/connected Device Discovery and Security Auditing in Corporate Networks (lien direct) | Today's enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. The current device discovery solutions have been mainly focused on identifying and monitoring servers, workstation PCs, laptops and infrastructure devices such as network firewalls, switches and routers, because the most valuable information assets of | |||
|
2022-02-06 23:15:33 | Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor (lien direct) | A Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a "persistent campaign" that lasted for at least 18 months. The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published | Threat | ||
|
2022-02-06 21:03:44 | CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 (CVSS score: 7.0) to the Known Exploited Vulnerabilities Catalog, necessitating that Federal | Vulnerability | ||
|
2022-02-05 21:48:25 | New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps (lien direct) | Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud security firm | Tool Vulnerability | Uber | |
|
2022-02-04 23:15:56 | Microsoft Uncovers New Details of Russian Hacking Campaign Targeting Ukraine (lien direct) | Microsoft on Friday shared more of the tactics, techniques, and procedures (TTPs) adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit | |||
|
2022-02-04 03:52:32 | Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (lien direct) | A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into | Hack Vulnerability | ||
|
2022-02-04 01:35:56 | U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans (lien direct) | A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for | |||
|
2022-02-04 01:01:31 | Russian Gamaredon Hackers Targeted \'Western Government Entity\' in Ukraine (lien direct) | The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "mapped out three large clusters of | Threat | ||
|
2022-02-04 00:34:02 | Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation (lien direct) | Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful | Vulnerability | ||
|
2022-02-03 22:25:09 | CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could | |||
|
2022-02-03 21:51:28 | Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (lien direct) | A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the | Vulnerability Threat | ||
|
2022-02-03 06:05:29 | Critical Flaws Discovered in Cisco Small Business RV Series Routers (lien direct) | Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest | |||
|
2022-02-03 02:49:41 | New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software (lien direct) | An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to | Malware Threat | ||
|
2022-02-03 02:19:10 | How SSPM Simplifies Your SOC2 SaaS Security Posture Audit (lien direct) | An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask | |||
|
2022-02-03 01:24:44 | New Variant of UpdateAgent Malware Infects Mac Computers with Adware (lien direct) | Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones | Malware Threat | ||
|
2022-02-03 00:14:56 | New Wave of Cyber Attacks Target Palestine with Political Bait and Malware (lien direct) | Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based | Malware | APT-C-23 | |
|
2022-02-02 04:09:19 | New Malware Used by SolarWinds Attackers Went Undetected for Years (lien direct) | The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted | Malware Threat | ||
|
2022-02-02 03:36:43 | Cynet\'s Keys to Extend Threat Visibility (lien direct) | We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 | Data Breach Threat | ||
|
2022-02-01 23:04:42 | Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors (lien direct) | As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface (UEFI) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company Binarly, | |||
|
2022-02-01 22:16:39 | Hacker Group \'Moses Staff\' Using New StrifeWater RAT in Ransomware Attacks (lien direct) | A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff | Ransomware | ||
|
2022-02-01 21:24:29 | Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations (lien direct) | A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows | Vulnerability | ||
|
2022-02-01 05:30:16 | Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems (lien direct) | In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted | Malware Threat | ||
|
2022-02-01 02:28:30 | Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks (lien direct) | An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's | Malware Threat Conference | APT 35 APT 35 | |
|
2022-02-01 01:11:07 | Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (lien direct) | Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013. In November 2021, | |||
|
2022-01-31 23:48:02 | Reasons Why Every Business is a Target of DDoS Attacks (lien direct) | DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were | |||
|
2022-01-31 23:13:54 | Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users (lien direct) | Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat (APT) group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target's enterprise," | Malware Threat | ||
|
2022-01-31 21:38:28 | New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks (lien direct) | A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. Cybersecurity firm Immersive Labs, in a technical write-up detailing the findings, said that 42Gears released a series of updates between November 2021 and January 2022 to close out | |||
|
2022-01-31 20:56:38 | Behind The Buzzword: Four Ways to Assess Your Zero Trust Security Posture (lien direct) | With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based | |||
|
2022-01-31 20:16:00 | New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root (lien direct) | Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "vfs_fruit" | Vulnerability | ||
|
2022-01-31 07:38:14 | Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web (lien direct) | Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to track users across the web persistently. Dubbed DrawnApart, the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper," adding " variations in speed among the multiple | |||
|
2022-01-31 01:00:09 | German Court Rules Websites Embedding Google Fonts Violates GDPR (lien direct) | A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data - i.e., IP address - to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the | |||
|
2022-01-30 22:45:11 | Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication (lien direct) | A group of academics at South Korea's Gwangju Institute of Science and Technology (GIST) have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "practically unbreachable." "The first natural physical unclonable function (PUF) […] takes advantage of the diffraction of light through natural microholes in native | |||
|
2022-01-30 22:07:04 | Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam (lien direct) | Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of | Hack | ||
|
2022-01-30 21:15:55 | DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering (lien direct) | An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He pleaded guilty to money laundering | Guideline | ||
|
2022-01-28 03:10:59 | Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing (lien direct) | Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take | Spam | ||
|
2022-01-28 02:48:25 | How Wazuh Can Improve Digital Security for Businesses (lien direct) | 2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh. Wazuh is a free and open source | Ransomware | ||
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2022-01-28 01:00:56 | North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (lien direct) | A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection | Malware | ||
|
2022-01-27 21:20:36 | Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers (lien direct) | Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 | |||
|
2022-01-27 20:58:02 | QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices (lien direct) | Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest | Ransomware | ||
|
2022-01-27 04:50:56 | Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (lien direct) | There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer | |||
|
2022-01-27 04:37:34 | Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions (lien direct) | A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest | Malware | ||
|
2022-01-27 02:15:12 | Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices (lien direct) | Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " | Malware | ||
|
2022-01-26 22:59:24 | Hackers Using New Evasive Technique to Deliver AsyncRAT Malware (lien direct) | A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted | Malware Threat |
To see everything:
Our RSS (filtrered)
