What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-12 04:33:57 | Crafting a Custom Dictionary for Your Password Policy (lien direct) | Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment.
Using custom dictionaries, organizations can significantly improve their cybersecurity posture |
|||
|
2021-07-12 04:04:33 | Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites (lien direct) | Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims to attackers.
The attack |
Malware | ||
|
2021-07-11 21:37:09 | Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack (lien direct) | Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack.
Following the incident, the company had urged on-premise VSA customers to shut |
Ransomware | ||
|
2021-07-09 07:23:44 | Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration (lien direct) | Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.
"One tactic that some Magecart actors employ is the dumping of |
Malware | ||
|
2021-07-09 04:59:03 | New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021 (lien direct) | For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire.
Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications |
|||
|
2021-07-09 00:00:25 | Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems (lien direct) | Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system.
"Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install |
|||
|
2021-07-08 22:39:48 | Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files (lien direct) | While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain in the background, new findings indicate that macro security warnings can be disabled entirely without requiring any user interaction.
In yet another instance of malware authors continue to evolve their techniques to evade |
Malware | ||
|
2021-07-08 04:26:09 | Critical Flaws Reported in Sage X3 Enterprise Management Software (lien direct) | Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor |
|||
|
2021-07-08 02:58:54 | Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across |
Malware Threat | ||
|
2021-07-08 02:43:32 | Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix (lien direct) | Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour.
In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce.
Don't be fooled...
Businesses are investing more than ever into strengthening their employee security awareness |
|||
|
2021-07-08 02:32:24 | How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (lien direct) | This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality.
This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.
As we reported earlier, Microsoft already released a patch in June 2021, but it wasn't enough to stop |
Vulnerability | ||
|
2021-07-08 02:31:04 | SideCopy Hackers Target Indian Government Officials With New Malware (lien direct) | A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations."
Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file |
Malware | ||
|
2021-07-07 21:41:19 | Microsoft\'s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability (lien direct) | Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the patch for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary |
Vulnerability | ||
|
2021-07-07 06:18:33 | WildPressure APT Emerges With New Malware Targeting Windows and macOS (lien direct) | A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as |
Malware Threat | ||
|
2021-07-07 05:58:28 | Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform (lien direct) | An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
In light of the growing number of cyber incidents that target the software supply chain, there is an urgent |
Threat | ||
|
2021-07-07 05:53:11 | [Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe? (lien direct) | Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis (NTA) or network detection and response (NDR) tool or an endpoint detection and response (EDR) tool to supplement their existing stacks.
On the other hand, some organizations are getting the best of both options by switching |
Tool | ||
|
2021-07-06 20:38:13 | Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability (lien direct) | Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. |
Vulnerability Threat | ★★★★ | |
|
2021-07-06 01:41:59 | Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (lien direct) | Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, |
Malware Threat | ★★★ | |
|
2021-07-06 00:03:08 | Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly (lien direct) | U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware.
While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious |
Ransomware | ||
|
2021-07-05 05:44:29 | Getting Started with Security Testing: A Practical Guide for Startups (lien direct) | A common misconception among startup founders is that cybercriminals won't waste time on them, because they're not big or well known enough yet.
But just because you are small doesn't mean you're not in the firing line. The size of a startup does not exempt it from cyber-attacks – that's because hackers constantly scan the internet looking for flaws that they can exploit; one slip up, and your |
|||
|
2021-07-05 02:48:45 | TrickBot Botnet Found Deploying A New Ransomware Called Diavol (lien direct) | Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.
TrickBot, a banking Trojan first |
Ransomware Threat | ||
|
2021-07-04 23:42:47 | Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw (lien direct) | Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core.
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. |
Tool Vulnerability | ||
|
2021-07-04 22:22:23 | REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom (lien direct) | Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack.
The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities |
Ransomware Vulnerability | ||
|
2021-07-03 07:57:39 | Android Apps with 5.8 million Installs Caught Stealing Users\' Facebook Passwords (lien direct) | Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials.
"The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users |
|||
|
2021-07-03 01:00:30 | Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware (lien direct) | The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA |
Ransomware Threat | ||
|
2021-07-03 00:37:20 | Learn to Code - Get 2021 Master Bundle of 13 Online Courses @ 99% OFF (lien direct) | Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup.
Featuring 13 courses, The Master Learn to Code 2021 Certification Bundle is a great way to get |
|||
|
2021-07-02 06:01:32 | New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks (lien direct) | Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active |
Vulnerability | ||
|
2021-07-02 05:54:06 | Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software (lien direct) | In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries.
The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a report published Thursday. |
|||
|
2021-07-02 02:56:26 | New Google Scorecards Tool Scans Open-Source Software for More Security Risks (lien direct) | Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis.
"With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open |
Tool | ||
|
2021-07-01 23:23:24 | NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers (lien direct) | An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S.
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.'s National |
|||
|
2021-07-01 23:01:04 | Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild (lien direct) | Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.
The company is tracking the security weakness under the |
Vulnerability | ||
|
2021-07-01 03:00:21 | IndigoZebra APT Hacking Campaign Targets the Afghan Government (lien direct) | Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014.
Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed |
Threat | ||
|
2021-07-01 02:58:54 | Rethinking Application Security in the API-First Era (lien direct) | Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and processes in the API-first era. Securing tomorrow's applications begins with assessing the business |
|||
|
2021-07-01 02:34:36 | Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud (lien direct) | Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies.
"In the first case, the defendants are a California marketing company and its agents responsible for a bait-and-switch advertising scheme on Facebook," the social media giant's Director of |
|||
|
2021-07-01 02:14:34 | 3 Steps to Strengthen Your Ransomware Defenses (lien direct) | The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines.
For the industry experts who track the evolution of this threat, the increased frequency, sophistication, and destructiveness of ransomware |
Ransomware | ||
|
2021-06-30 23:05:39 | Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers (lien direct) | Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access.
The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since |
|||
|
2021-06-30 22:36:49 | (Déjà vu) Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia (lien direct) | Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012.
Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia said.
Paunescu was previously |
|||
|
2021-06-30 05:56:19 | Authorities Seize DoubleVPN Service Used by Cybercriminals (lien direct) | A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks.
"On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal |
|||
|
2021-06-30 05:56:11 | [Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web (lien direct) | Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems.
Today, there are hundreds of groups devoted to infiltrating almost every industry, |
Ransomware Spam | ||
|
2021-06-30 04:28:07 | Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability (lien direct) | A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down.
Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading |
Vulnerability | ||
|
2021-06-30 00:10:13 | GitHub Launches \'Copilot\' - AI-Powered Code Completion Tool (lien direct) | GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go.
Copilot, as the code synthesizer is called, has been developed in collaboration with OpenAI, and leverages Codex, a new AI system that's trained on |
Tool | ||
|
2021-06-29 06:06:56 | Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine (lien direct) | An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network.
"This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves |
Vulnerability | ||
|
2021-06-29 02:51:18 | New API Lets App Developers Authenticate Users via SIM Cards (lien direct) | Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts.
The Problem with Identity Verification
The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor |
|||
|
2021-06-29 02:39:55 | Google now requires app developers to verify their address and use 2FA (lien direct) | Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year.
The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and |
|||
|
2021-06-28 06:08:38 | Microsoft Edge Bug Could\'ve Let Hackers Steal Your Secrets for Any Site (lien direct) | Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website.
Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically |
Vulnerability | ||
|
2021-06-28 00:56:30 | Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware (lien direct) | Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.
The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal |
Malware | ||
|
2021-06-28 00:02:48 | DMARC: The First Line of Defense Against Ransomware (lien direct) | There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action.
The FBI IC3 report of 2020 classified Ransomware as the most financially damaging cybercrime of the year, with no major |
Ransomware | ||
|
2021-06-27 23:39:50 | Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online (lien direct) | A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code.
The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers |
Vulnerability | ||
|
2021-06-27 20:32:04 | SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (lien direct) | In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts.
"This recent activity was mostly unsuccessful, and |
Threat | ||
|
2021-06-25 06:32:08 | Google Extends Support for Tracking Party Cookies Until 2023 (lien direct) | Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years.
"While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Chrome's |
To see everything:
Our RSS (filtrered)
