What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-04 16:17:00 | Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws (lien direct) | Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of | ★★★★ | ||
|
2023-01-04 15:54:00 | The FBI\'s Perspective on Ransomware (lien direct) | Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, | Ransomware Threat Medical | ★★★ | |
|
2023-01-04 14:02:00 | New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner (lien direct) | A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC) said in a report published | Malware | ★★ | |
|
2023-01-04 09:58:00 | Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (lien direct) | Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the | Vulnerability | ★★★ | |
|
2023-01-03 19:39:00 | Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust (lien direct) | Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization. Most organizations exclusively use enforcement-based security controls, usually carried | ★★★ | ||
|
2023-01-03 17:02:00 | Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (lien direct) | A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery | Malware | ★★★ | |
|
2023-01-03 15:43:00 | Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (lien direct) | Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday. The intrusions, observed against | Malware | ★★★ | |
|
2023-01-02 21:40:00 | RedZei Chinese Scammers Targeting Chinese Students in the U.K. (lien direct) | Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief). "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation," cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up | ★★ | ||
|
2023-01-02 19:57:00 | PyTorch Machine Learning Framework Compromised with Malicious Dependency (lien direct) | The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package | ★★★ | ||
|
2023-01-02 13:20:00 | WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws (lien direct) | WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week. "As a result, | Malware | ★★★ | |
|
2023-01-02 09:45:00 | Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking (lien direct) | Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its "deceptive" location tracking practices. The search and advertising giant is required to pay $9.5 million to D.C. and $20 million to Indiana after the states sued the company for charges that the company tracked users' locations without their express consent. The | ★★★ | ||
|
2022-12-30 14:55:00 | Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers (lien direct) | A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to send commands to it remotely over the internet, access its microphone | ★★★ | ||
|
2022-12-30 11:02:00 | CISA Warns of Active exploitation of JasperReports Vulnerabilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, | ★★★ | ||
|
2022-12-29 15:13:00 | Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities (lien direct) | Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 | ★★ | ||
|
2022-12-29 13:18:00 | New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software (lien direct) | Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific | ★★ | ||
|
2022-12-28 15:46:00 | BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies (lien direct) | Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a " | Threat | ★★★ | |
|
2022-12-28 12:42:00 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (lien direct) | Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. | Malware Threat | ★ | |
|
2022-12-27 20:27:00 | BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (lien direct) | BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. "BlueNoroff | Medical | APT 38 | ★★★ |
|
2022-12-27 11:48:00 | Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak (lien direct) | Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those, including Cambridge Analytica to access users' personal information without their consent for political | ★★ | ||
|
2022-12-26 17:57:00 | GuLoader Malware Utilizing New Techniques to Evade Security Software (lien direct) | Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a | Malware | ★★★ | |
|
2022-12-26 17:50:00 | 2022 Top Five Immediate Threats in Geopolitical Context (lien direct) | As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and | ★★★ | ||
|
2022-12-26 17:42:00 | PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (lien direct) | The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, | Malware | ★★ | |
|
2022-12-24 18:21:00 | W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names (lien direct) | Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum | Malware Threat | ★★★ | |
|
2022-12-23 19:07:00 | FrodoPIR: New Privacy-Focused Database Querying System (lien direct) | The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR | ★★★ | ||
|
2022-12-23 16:44:00 | Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials (lien direct) | A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK files are used to initiate code execution which eventually downloads and runs a | Threat | ★★ | |
|
2022-12-23 16:30:00 | Accelerate Your Incident Response (lien direct) | Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.” As much of the workforce signs off for the holidays, hackers are stepping up their game. We'll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick end | ★★ | ||
|
2022-12-23 15:35:00 | Vice Society Ransomware Attackers Adopt Robust Encryption Methods (lien direct) | The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the | Ransomware | ★★★ | |
|
2022-12-23 13:16:00 | France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent (lien direct) | France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL) noted that users visiting the home page of its Bing search engine did not | ★★★★★ | ||
|
2022-12-23 09:37:00 | LastPass Admits to Severe Data Breach, Encrypted Password Vaults Compromised (lien direct) | The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data siphoned from the break-in. Also stolen is "basic customer account information | LastPass | ★ | |
|
2022-12-22 18:43:00 | FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape (lien direct) | An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as Carbanak, | Ransomware Threat | ★★★ | |
|
2022-12-22 18:09:00 | The Era of Cyber Threat Intelligence Sharing (lien direct) | We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of | Threat | ★★★ | |
|
2022-12-22 17:32:00 | Critical Security Flaw Reported in Passwordstate Enterprise Password Manager (lien direct) | Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within | ★★★ | ||
|
2022-12-22 15:39:00 | Two New Security Flaws Reported in Ghost CMS Blogging Software (lien direct) | Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability that allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. | Vulnerability | ★★★ | |
|
2022-12-22 15:09:00 | Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities (lien direct) | The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, | Threat | ★★★ | |
|
2022-12-22 09:19:00 | Hackers Breach Okta\'s GitHub Repositories, Steal Source Code (lien direct) | Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public statement. "No action is required by customers." The security event, which was first | ★★ | ||
|
2022-12-21 17:53:00 | (Déjà vu) Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems (lien direct) | The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So | Prediction | ★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ | |
|
2022-12-21 14:46:00 | GodFather Android Banking Trojan Targeting Users of Over 400 Banking and Crypto Apps (lien direct) | An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries. This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, Canada, and Canada, among others, Singapore-headquartered Group-IB said in a report shared with The Hacker | ★ | ||
|
2022-12-21 13:11:00 | (Déjà vu) Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations (lien direct) | Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, | Ransomware Threat | ★★★★ | |
|
2022-12-21 12:42:00 | Ukraine\'s DELTA Military System Users Under Attack from Info Stealing Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed UAC-0142, aimed to infect systems with two pieces of data-stealing malware referred to as FateGrab and | Malware Threat | ★★★ | |
|
2022-12-20 20:03:00 | Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users (lien direct) | The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, | Malware Threat | ★★ | |
|
2022-12-20 18:25:00 | Russian Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War (lien direct) | The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple attacks orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service (FSB). Gamaredon, | Threat | ★★★★ | |
|
2022-12-20 18:12:00 | A Guide to Efficient Patch Management with Action1 (lien direct) | It's no secret that keeping software up to date is one of the key best practices in cybersecurity. Software vulnerabilities are being discovered almost weekly these days. The longer it takes IT teams to apply updates issued by developers to patch these security flaws, the more time attackers have to exploit the underlying vulnerability. Once threat actors gain access to corporate IT ecosystems, | Threat | ★★ | |
|
2022-12-20 17:54:00 | KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service (lien direct) | An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as | Threat | ★★★ | |
|
2022-12-20 12:03:00 | FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children\'s Privacy Law (lien direct) | Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act (COPPA) by | ★ | ||
|
2022-12-20 11:22:00 | Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (lien direct) | Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic | Vulnerability | ★★ | |
|
2022-12-19 23:35:00 | Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data (lien direct) | Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen | ★ | ||
|
2022-12-19 18:39:00 | Glupteba Botnet Continues to Thrive Despite Google\'s Attempts to Disrupt It (lien direct) | The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "upscaled" campaign, months after Google disrupted the malicious activity. The ongoing attack is suggestive of the malware's resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a write-up. "In addition, there was a tenfold increase in TOR hidden services being used as C2 servers | ★★ | ||
|
2022-12-19 18:22:00 | Cybercrime (and Security) Predictions for 2023 (lien direct) | Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws-and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead. Increase in digital supply chain attacks With the | Threat | ★★★ | |
|
2022-12-19 15:35:00 | New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure (lien direct) | A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across | Ransomware Malware | ★★ |
To see everything:
Our RSS (filtrered)
