What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-30 11:42:00 | FBI Warns Investors to Take Precautions with Decentralized Financial Platforms (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification. Attackers are said to have used | |||
|
2022-08-30 09:05:00 | FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones (lien direct) | The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients. "Kochava then sells | |||
|
2022-08-29 22:55:00 | New Golang-based \'Agenda Ransomware\' Can Be Customized For Each Victim (lien direct) | A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last week. Qilin, the threat | Ransomware | ||
|
2022-08-29 15:45:00 | Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software (lien direct) | A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News. "They can | |||
|
2022-08-29 15:36:00 | A CISO\'s Ultimate Security Validation Checklist (lien direct) | If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – the office, our Security Validation Checklist can help make sure your security posture is in good | |||
|
2022-08-29 12:37:00 | Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users (lien direct) | Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts. It has since | Threat | ||
|
2022-08-29 09:53:00 | CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful | |||
|
2022-08-27 08:53:00 | Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations (lien direct) | Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence | Threat | ||
|
2022-08-27 01:09:00 | Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center (lien direct) | Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An | Vulnerability Guideline | ||
|
2022-08-26 14:40:00 | Hackers Breach LastPass Developer System to Steal Source Code (lien direct) | Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed. “An unauthorized party gained access to portions of the LastPass development | LastPass | ||
|
2022-08-26 12:22:00 | Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework (lien direct) | Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. “Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time,” Microsoft security experts said. “Sliver thus presents an attractive alternative for actors looking for a | Threat | ||
|
2022-08-25 20:19:00 | Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations (lien direct) | The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from | Threat | ||
|
2022-08-25 18:54:00 | U.S. Government Spending Billions on Cybersecurity (lien direct) | In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house allocate a staggering $15.6 billion to cybersecurity spending. As you | |||
|
2022-08-25 18:54:00 | Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (lien direct) | The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech | Malware Threat | ||
|
2022-08-25 15:55:00 | Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats (lien direct) | The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web | Malware Guideline | ||
|
2022-08-25 10:15:00 | PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks (lien direct) | The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets. The social engineering attack entails sending | |||
|
2022-08-24 23:29:00 | Crypto Miners Using Tox P2P Messenger as Command and Control Server (lien direct) | Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact ("72client") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox | Ransomware Threat | ||
|
2022-08-24 21:06:00 | Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs (lien direct) | A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards (NICs). The approach, codenamed ETHERLED, comes from Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the | |||
|
2022-08-24 18:28:00 | Guide: How Service Providers can Deliver vCISO Services at Scale (lien direct) | From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure | Ransomware | ★★★★★ | |
|
2022-08-24 05:12:00 | Hackers Using Fake DDoS Protection Pages to Distribute Malware (lien direct) | WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week | Malware Guideline | ||
|
2022-08-24 02:29:00 | Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users (lien direct) | The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu | Threat | ||
|
2022-08-23 23:21:00 | GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software (lien direct) | DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, | Vulnerability Guideline | ||
|
2022-08-23 07:50:00 | Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts (lien direct) | The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known | Malware Tool Threat Conference | Yahoo APT 35 | |
|
2022-08-23 06:46:00 | XCSSET Malware Updates with Python 3 to Target macOS Monterey Users (lien direct) | The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers | Malware | ||
|
2022-08-23 04:59:00 | The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware (lien direct) | Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation. Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that | Ransomware Threat | ||
|
2022-08-23 04:44:00 | Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage (lien direct) | A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized moniker UNC3890, which is believed to conduct operations that align with Iranian interests. "The collected | Threat | ||
|
2022-08-22 21:23:00 | New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data (lien direct) | A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by | |||
|
2022-08-22 20:03:00 | CISA Warns of Active Exploitation of Palo Alto Networks\' PAN-OS Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to | Vulnerability | ||
|
2022-08-22 07:28:00 | Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts (lien direct) | Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was "These | Hack | ||
|
2022-08-22 06:05:00 | "As Nasty as Dirty Pipe" - 8 Year Old Linux Kernel Vulnerability Uncovered (lien direct) | Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged | Vulnerability | ||
|
2022-08-22 05:32:00 | Meet Borat RAT, a New Unique Triple Threat (lien direct) | Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and | Malware Threat | ||
|
2022-08-22 02:19:00 | RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering (lien direct) | Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks disclosed in a technical write-up last week. " | Threat | ||
|
2022-08-21 22:54:00 | Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability (lien direct) | Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration | Vulnerability | ||
|
2022-08-20 09:33:00 | New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers (lien direct) | Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute ' | Malware Threat | ||
|
2022-08-20 09:30:00 | Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF (lien direct) | With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white hat hacking? Enter the All-In-One 2022 Super-Sized Ethical Hacking Bundle. This collection of 18 | |||
|
2022-08-20 07:19:00 | CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch | Vulnerability | ||
|
2022-08-19 07:04:21 | DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (lien direct) | The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold | Malware Threat | ||
|
2022-08-19 06:35:28 | Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations (lien direct) | A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, | Malware Threat | ||
|
2022-08-19 03:15:07 | Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second (lien direct) | Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this | |||
|
2022-08-19 01:23:06 | New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (lien direct) | Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm | Vulnerability | ||
|
2022-08-18 10:11:07 | Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware (lien direct) | A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It | Malware Threat | ||
|
2022-08-18 06:33:50 | China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year (lien direct) | The Chinese advanced persistent threat (APT) actor tracked as Winnti (aka APT41) has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and | Threat Guideline | APT 41 | ★★ |
|
2022-08-18 02:26:20 | Penetration Testing or Vulnerability Scanning? What\'s the Difference? (lien direct) | Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an | Vulnerability | ||
|
2022-08-18 02:20:52 | Hackers Using Bumblebee Loader to Compromise Active Directory Services (lien direct) | The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and | Malware Threat | ||
|
2022-08-17 21:08:45 | Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities (lien direct) | Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An | Threat Guideline | ||
|
2022-08-17 06:59:58 | Cybercriminals Developing BugDrop Malware to Bypass Android Security Features (lien direct) | In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals | Malware | ||
|
2022-08-17 05:02:28 | New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild (lien direct) | Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on | Vulnerability Threat | ||
|
2022-08-17 03:59:13 | Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers (lien direct) | A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new | Threat | ||
|
2022-08-17 03:50:14 | Lean Security 101: 3 Tips for Building Your Framework (lien direct) | Cobalt, Lazarus, MageCart, Evil, Revil - cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and | APT 38 | ||
|
2022-08-17 01:44:47 | Malicious Browser Extensions Targeted Over a Million Users So Far This Year (lien direct) | More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said. As many as |
To see everything:
