What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-30 11:02:00 | CISA Warns of Active exploitation of JasperReports Vulnerabilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, | ★★★ | ||
|
2022-12-29 15:13:00 | Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities (lien direct) | Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively. While CVE-2022-27510 | ★★ | ||
|
2022-12-29 13:18:00 | New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software (lien direct) | Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific | ★★ | ||
|
2022-12-28 15:46:00 | BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies (lien direct) | Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a " | Threat | ★★★ | |
|
2022-12-28 12:42:00 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (lien direct) | Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. | Malware Threat | ★ | |
|
2022-12-27 20:27:00 | BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (lien direct) | BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. "BlueNoroff | Medical | APT 38 | ★★★ |
|
2022-12-27 11:48:00 | Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak (lien direct) | Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those, including Cambridge Analytica to access users' personal information without their consent for political | ★★ | ||
|
2022-12-26 17:57:00 | GuLoader Malware Utilizing New Techniques to Evade Security Software (lien direct) | Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a | Malware | ★★★ | |
|
2022-12-26 17:50:00 | 2022 Top Five Immediate Threats in Geopolitical Context (lien direct) | As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and | ★★★ | ||
|
2022-12-26 17:42:00 | PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (lien direct) | The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, | Malware | ★★ | |
|
2022-12-24 18:21:00 | W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names (lien direct) | Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum | Malware Threat | ★★★ | |
|
2022-12-23 19:07:00 | FrodoPIR: New Privacy-Focused Database Querying System (lien direct) | The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR | ★★★ | ||
|
2022-12-23 16:44:00 | Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials (lien direct) | A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK files are used to initiate code execution which eventually downloads and runs a | Threat | ★★ | |
|
2022-12-23 16:30:00 | Accelerate Your Incident Response (lien direct) | Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.” As much of the workforce signs off for the holidays, hackers are stepping up their game. We'll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick end | ★★ | ||
|
2022-12-23 15:35:00 | Vice Society Ransomware Attackers Adopt Robust Encryption Methods (lien direct) | The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the | Ransomware | ★★★ | |
|
2022-12-23 13:16:00 | France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent (lien direct) | France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL) noted that users visiting the home page of its Bing search engine did not | ★★★★★ | ||
|
2022-12-23 09:37:00 | LastPass Admits to Severe Data Breach, Encrypted Password Vaults Compromised (lien direct) | The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data siphoned from the break-in. Also stolen is "basic customer account information | LastPass | ★ | |
|
2022-12-22 18:43:00 | FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape (lien direct) | An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as Carbanak, | Ransomware Threat | ★★★ | |
|
2022-12-22 18:09:00 | The Era of Cyber Threat Intelligence Sharing (lien direct) | We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them. Cybercriminals don't reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of | Threat | ★★★ | |
|
2022-12-22 17:32:00 | Critical Security Flaw Reported in Passwordstate Enterprise Password Manager (lien direct) | Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within | ★★★ | ||
|
2022-12-22 15:39:00 | Two New Security Flaws Reported in Ghost CMS Blogging Software (lien direct) | Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability that allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. | Vulnerability | ★★★ | |
|
2022-12-22 15:09:00 | Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities (lien direct) | The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters. Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, | Threat | ★★★ | |
|
2022-12-22 09:19:00 | Hackers Breach Okta\'s GitHub Repositories, Steal Source Code (lien direct) | Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public statement. "No action is required by customers." The security event, which was first | ★★ | ||
|
2022-12-21 17:53:00 | (Déjà vu) Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems (lien direct) | The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So | Prediction | ★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ | |
|
2022-12-21 14:46:00 | GodFather Android Banking Trojan Targeting Users of Over 400 Banking and Crypto Apps (lien direct) | An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries. This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, Canada, and Canada, among others, Singapore-headquartered Group-IB said in a report shared with The Hacker | ★ | ||
|
2022-12-21 13:11:00 | (Déjà vu) Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations (lien direct) | Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, | Ransomware Threat | ★★★★ | |
|
2022-12-21 12:42:00 | Ukraine\'s DELTA Military System Users Under Attack from Info Stealing Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed UAC-0142, aimed to infect systems with two pieces of data-stealing malware referred to as FateGrab and | Malware Threat | ★★★ | |
|
2022-12-20 20:03:00 | Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users (lien direct) | The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, | Malware Threat | ★★ | |
|
2022-12-20 18:25:00 | Russian Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War (lien direct) | The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple attacks orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service (FSB). Gamaredon, | Threat | ★★★★ | |
|
2022-12-20 18:12:00 | A Guide to Efficient Patch Management with Action1 (lien direct) | It's no secret that keeping software up to date is one of the key best practices in cybersecurity. Software vulnerabilities are being discovered almost weekly these days. The longer it takes IT teams to apply updates issued by developers to patch these security flaws, the more time attackers have to exploit the underlying vulnerability. Once threat actors gain access to corporate IT ecosystems, | Threat | ★★ | |
|
2022-12-20 17:54:00 | KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service (lien direct) | An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as | Threat | ★★★ | |
|
2022-12-20 12:03:00 | FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children\'s Privacy Law (lien direct) | Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act (COPPA) by | ★ | ||
|
2022-12-20 11:22:00 | Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (lien direct) | Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic | Vulnerability | ★★ | |
|
2022-12-19 23:35:00 | Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data (lien direct) | Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen | ★ | ||
|
2022-12-19 18:39:00 | Glupteba Botnet Continues to Thrive Despite Google\'s Attempts to Disrupt It (lien direct) | The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "upscaled" campaign, months after Google disrupted the malicious activity. The ongoing attack is suggestive of the malware's resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a write-up. "In addition, there was a tenfold increase in TOR hidden services being used as C2 servers | ★★ | ||
|
2022-12-19 18:22:00 | Cybercrime (and Security) Predictions for 2023 (lien direct) | Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws-and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead. Increase in digital supply chain attacks With the | Threat | ★★★ | |
|
2022-12-19 15:35:00 | New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure (lien direct) | A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across | Ransomware Malware | ★★ | |
|
2022-12-19 15:16:00 | Facebook Cracks Down on Spyware Vendors from U.S., China, Russia, Israel, and India (lien direct) | Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages. The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. "The global | ★★ | ||
|
2022-12-18 10:11:00 | Google Takes Gmail Security to the Next Level with Client-Side Encryption (lien direct) | Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it is certainly welcomed by users who value the protection of their personal data. To that end, | ★★★ | ||
|
2022-12-17 12:24:00 | Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities (lien direct) | Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows | ★★★★ | ||
|
2022-12-16 19:30:00 | Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities (lien direct) | Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as UNC4166 | Threat | ★★ | |
|
2022-12-16 18:38:00 | Ex-Twitter employee Gets 3.5 Years Jail for Spying on Behalf of Saudi Arabia (lien direct) | A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo was | ★ | ||
|
2022-12-16 18:16:00 | Cyber Security Is Not a Losing Game – If You Start Right Now (lien direct) | Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late. | ★★★ | ||
|
2022-12-16 17:54:00 | GitHub Announces Free Secret Scanning for All Public Repositories (lien direct) | GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023. Secret scanning is designed to examine repositories for access tokens, private keys, | ★★ | ||
|
2022-12-16 13:09:00 | Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm (lien direct) | The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks. While hashes are designed to be | ★★★★ | ||
|
2022-12-16 12:40:00 | Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet (lien direct) | Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by | ★★★ | ||
|
2022-12-16 11:15:00 | CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to | ★★ | ||
|
2022-12-15 19:28:00 | Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities (lien direct) | A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential stealer | Threat | ★★ | |
|
2022-12-15 19:12:00 | Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as \'Critical\' (lien direct) | Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO, | Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
