What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-21 01:30:33 | Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus? (lien direct) | 2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. The rise in volumes |
|||
|
2021-09-20 04:58:52 | Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters (lien direct) | Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year.
"The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such |
|||
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 | |
|
2021-09-19 22:35:42 | Google to Auto-Reset Unused Android App Permissions for Billions of Devices (lien direct) | Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above.
The expansion is expected to go live later this year in December 2021 and enabled on Android phones with Google Play services running Android 6.0 (API level 23) or higher, which the company said should cover " |
|||
|
2021-09-19 22:07:28 | Numando: A New Banking Trojan Targeting Latin American Users (lien direct) | A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro.
The threat actor |
Threat | ||
|
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-16 06:38:16 | Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects (lien direct) | Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
The issue - tracked as CVE-2021-41077 - concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the |
|||
|
2021-09-16 02:48:22 | Third Critical Bug Affects Netgear Smart Switches - Details and PoC Released (lien direct) | New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.
The flaw - dubbed "Seventh Inferno" (CVSS score: 9.8) - is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8) |
Vulnerability | ||
|
2021-09-16 00:19:46 | Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks (lien direct) | Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
"These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon |
|||
|
2021-09-16 00:03:09 | You Can Now Sign-in to Your Microsoft Accounts Without a Password (lien direct) | Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
The change is expected to be rolled out in the coming weeks.
"Except for auto-generated passwords that are nearly impossible to remember, we largely create our own |
|||
|
2021-09-15 11:36:41 | Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs (lien direct) | Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.
The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure |
|||
|
2021-09-15 04:03:55 | 3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company (lien direct) | The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company.
The trio in question - Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 - are accused of "knowingly and willfully combine, conspire, confederate, and |
|||
|
2021-09-14 22:00:22 | Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability (lien direct) | A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.
Of the 66 flaws, three are rated |
Vulnerability | ||
|
2021-09-14 06:43:34 | New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads (lien direct) | Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
"The malware is downloaded from a Google advertisement published through Google |
Malware | ||
|
2021-09-14 04:13:23 | HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to |
Threat | ||
|
2021-09-14 03:26:36 | Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment (lien direct) | Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. "Zero Trust" may have reached this threshold.
In some ways, we understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere. Zero Trust deployment - moving all your apps and data to the cloud and assuming |
|||
|
2021-09-13 22:26:33 | Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware (lien direct) | Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system.
The list of two flaws is as follows -
CVE-2021-30858 (WebKit) - A use after free issue that could result in arbitrary code execution when processing maliciously crafted web |
|||
|
2021-09-13 21:08:50 | Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack (lien direct) | Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.
Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous |
|||
|
2021-09-13 20:42:07 | Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide (lien direct) | Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild.
The as-yet undetected version of the penetration testing tool - codenamed "Vermilion Strike" - marks one of the rare Linux ports, which has been |
Tool | ||
|
2021-09-13 06:48:50 | Critical Bug Reported in NPM Package With Millions of Downloads Weekly (lien direct) | A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.
The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects |
Vulnerability | ||
|
2021-09-13 02:25:17 | New SpookJS Attack Bypasses Google Chrome\'s Site Isolation Protection (lien direct) | A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack.
Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv |
|||
|
2021-09-11 04:18:02 | Mēris Botnet Hit Russia\'s Yandex With Massive 22 Million RPS DDoS Attack (lien direct) | Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris.
The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month, bombarding |
|||
|
2021-09-11 03:30:56 | WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud (lien direct) | WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner.
The feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary |
|||
|
2021-09-10 04:14:40 | Moving Forward After CentOS 8 EOL (lien direct) | The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it's cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021.
It created a peculiar situation where CentOS 7 users that did the right thing and upgraded quickly to CentOS 8 were |
|||
|
2021-09-10 03:24:59 | SOVA: New Android Banking Trojan Emerges With Growing Capabilities (lien direct) | A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud.
Dubbed S.O.V.A. (referring to the Russian word for owl), the current version of the |
|||
|
2021-09-10 01:18:43 | Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group (lien direct) | A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather |
Malware Guideline | APT 41 | |
|
2021-09-09 22:07:33 | Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances (lien direct) | Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud."
An attacker exploiting the weakness could execute malicious commands on other users' containers, |
Vulnerability | ||
|
2021-09-09 02:57:24 | Russian Ransomware Group REvil Back Online After 2-Month Hiatus (lien direct) | The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4.
Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, |
Ransomware | ||
|
2021-09-09 01:28:49 | Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge (lien direct) | There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety.
Software is all around us, and it's very easy to forget just how much we're relying on lines of code |
|||
|
2021-09-09 00:33:52 | Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices (lien direct) | Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.
"These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain |
|||
|
2021-09-08 22:45:14 | CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus |
Vulnerability Guideline | ||
|
2021-09-08 05:38:12 | 3 Ways to Secure SAP SuccessFactors and Stay Compliant (lien direct) | The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more.
SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. |
Guideline | ||
|
2021-09-08 05:33:28 | HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack (lien direct) | A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
Tracked as CVE-2021-40346, the Integer Overflow vulnerability |
Vulnerability | ||
|
2021-09-08 01:08:36 | Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group (lien direct) | Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps.
Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to provide news, two of which were aimed at Android users while the other |
|||
|
2021-09-08 00:27:48 | [Ebook] The Guide for Speeding Time to Response for Lean IT Security Teams (lien direct) | Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack.
Security teams with copious resources can quickly shift between these two modes. They have enough resources to |
|||
|
2021-09-07 20:48:34 | New 0-Day Attack Targeting Windows Users With Microsoft Office Documents (lien direct) | Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in |
|||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-06 05:17:38 | ProtonMail Shares Activist\'s IP Address With Authorities Despite Its "No Log" Policy (lien direct) | End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.
The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for |
Guideline | ||
|
2021-09-06 04:13:41 | Traffic Exchange Networks Distributing Malware Disguised as Cracked Software (lien direct) | An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications.
"These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said in a |
Malware | ||
|
2021-09-06 03:33:18 | Critical Auth Bypass Bug Affect NETGEAR Smart Switches - Patch and PoC Released (lien direct) | Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device.
The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models -
GC108P (fixed in firmware |
|||
|
2021-09-04 02:08:38 | Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash (lien direct) | Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users.
"Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the |
Tool | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-04 00:19:02 | U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw (lien direct) | The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National |
Vulnerability | ||
|
2021-09-03 03:40:42 | This New Malware Family Using CLFS Log Files to Avoid Detection (lien direct) | Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms.
FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the |
Malware | ||
|
2021-09-03 01:44:10 | FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor (lien direct) | A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.
The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "moderate confidence" to a |
|||
|
2021-09-02 23:20:20 | Cisco Issues Patch for Critical Enterprise NFVIS Flaw - PoC Exploit Available (lien direct) | Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system.
Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent |
Vulnerability | ||
|
2021-09-02 08:48:58 | What is AS-REP Roasting attack, really? (lien direct) | Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data.
A key authentication technology that underpins Microsoft Active Directory is Kerberos. Unfortunately, hackers use many |
|||
|
2021-09-02 05:29:55 | New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable (lien direct) | A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.
Collectively dubbed "BrakTooth" (referring to the Norwegian word "Brak" which translates to "crash"), the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such |
|||
|
2021-09-02 03:07:25 | WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers (lien direct) | A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory.
Tracked as CVE-2020-1910 (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to |
Vulnerability |
To see everything:
Our RSS (filtrered)
