What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-18 09:00:32 | Why Database Patching Best Practice Just Doesn\'t Work and How to Fix It (lien direct) | Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions.
But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done.
Yes, in some instances, you can just run a command line to install |
Patching | ||
|
2021-10-18 01:21:01 | Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting (lien direct) | Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."
"From malign operations against local health providers that endanger patient care, to |
Ransomware Threat | ||
|
2021-10-18 00:24:49 | Is Your Data Safe? Check Out Some Cybersecurity Master Classes (lien direct) | Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series.
According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity |
Studies | ||
|
2021-10-18 00:17:42 | REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised (lien direct) | REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus.
The development, first spotted by Recorded Future's Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking |
Ransomware | ||
|
2021-10-17 23:50:17 | Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021 (lien direct) | Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China.
Targets this year included Google Chrome running on Windows 10 21H1, Apple Safari running on Macbook Pro, Adobe |
|||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-15 07:23:58 | Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages (lien direct) | A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva.
The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers connected to an |
|||
|
2021-10-15 07:10:54 | CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems (lien direct) | The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.
"This activity-which includes attempts to compromise system integrity via unauthorized access-threatens the ability of WWS facilities to provide |
Ransomware | ||
|
2021-10-14 09:30:34 | Google: We\'re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries (lien direct) | Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an |
Malware Threat | ||
|
2021-10-14 09:16:01 | Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones (lien direct) | Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call.
The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been |
|||
|
2021-10-14 07:49:36 | The Ultimate SaaS Security Posture Management (SSPM) Checklist (lien direct) | Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security |
|||
|
2021-10-14 07:48:00 | VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples (lien direct) | As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed.
Google's cybersecurity arm VirusTotal attributed a |
Ransomware | ||
|
2021-10-14 07:27:19 | Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information (lien direct) | A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.
"Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled |
|||
|
2021-10-13 06:06:30 | Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets (lien direct) | A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation.
The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following |
Vulnerability | ★★★★ | |
|
2021-10-13 05:52:17 | [eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams (lien direct) | The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today's business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It's not an overstatement to say that most companies today run on SaaS. This poses an |
|||
|
2021-10-12 22:49:10 | Update Your Windows PCs Immediately to Patch 4 New 0-Days Under Active Attack (lien direct) | Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.
Two of the addressed security flaws are rated Critical, 68 are rated Important |
Vulnerability | ||
|
2021-10-12 08:18:15 | Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice (lien direct) | The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source.
The list of the three flaws is as follows -
CVE-2021-41830 / CVE-2021-25633 - Content and Macro Manipulation with |
|||
|
2021-10-12 00:57:12 | GitHub Revoked Insecure SSH Keys Generated by a Popular git Client (lien direct) | Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys.
As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated |
Vulnerability | ||
|
2021-10-12 00:16:09 | Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers (lien direct) | Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020.
"This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure, |
|||
|
2021-10-11 23:32:49 | Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms (lien direct) | An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East.
Microsoft is tracking the hacking crew under the |
Threat | ||
|
2021-10-11 20:02:40 | Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices (lien direct) | Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers.
The unnamed individual, from the Ivano-Frankivsk region of the country, is also said to have |
Spam | ★★★★ | |
|
2021-10-11 19:41:34 | Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability (lien direct) | Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.'
The weakness, assigned the identifier CVE-2021-30883, concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an |
Vulnerability | ||
|
2021-10-11 07:20:37 | Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack (lien direct) | Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks.
Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot. There are many different types of social engineering |
Threat | ||
|
2021-10-11 02:21:02 | Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo (lien direct) | A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa.
Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team" (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also |
Threat | ||
|
2021-10-08 06:41:27 | Ransomware Group FIN12 Aggressively Going After Healthcare Targets (lien direct) | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks.
Cybersecurity firm Mandiant attributed the intrusions to a |
Ransomware Threat | ||
|
2021-10-08 00:25:34 | Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems (lien direct) | Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.
The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature "well-designed modules" that |
Malware | ||
|
2021-10-07 21:47:57 | New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks (lien direct) | The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week.
CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running |
Vulnerability | ||
|
2021-10-07 04:50:04 | Code Execution Bug Affects Yamale Python Package - Used by Over 200 Projects (lien direct) | A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.
The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the |
Tool Vulnerability | ||
|
2021-10-07 03:41:30 | Penetration Testing Your AWS Environment - A CTO\'s Guide (lien direct) | So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly?
There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS:
Your externally accessible cloud |
|||
|
2021-10-07 02:47:19 | New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity (lien direct) | The U.S. government on Wednesday announced the formation of a new Civil Cyber-Fraud Initiative that aims to hold contractors accountable for failing to meet required cybersecurity requirements in order to safeguard public sector information and infrastructure.
"For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward |
|||
|
2021-10-07 01:32:24 | Apple now requires all apps to make it easy for users to delete their accounts (lien direct) | All third-party iOS, iPadOS, and macOS apps that allow users to create an account should also provide a method for terminating their accounts from within the apps beginning next year, Apple said on Wednesday.
"This requirement applies to all app submissions starting January 31, 2022," the iPhone maker said, urging developers to "review any laws that may require you to maintain certain types of |
|||
|
2021-10-06 23:54:03 | Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration (lien direct) | Interactive livestreaming platform Twitch acknowledged a "breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools.
The Amazon-owned service said it's "working with urgency to understand the extent of this," adding the |
|||
|
2021-10-06 23:30:12 | Cyber Security WEBINAR - How to Ace Your InfoSec Board Deck (lien direct) | Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of |
Guideline | ||
|
2021-10-06 05:31:33 | Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms (lien direct) | Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions.
Boston-based cybersecurity company Cybereason dubbed |
|||
|
2021-10-06 02:05:06 | Google to turn on 2-factor authentication by default for 150 million users (lien direct) | Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.
In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV), |
|||
|
2021-10-06 00:17:39 | Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions.
"A Control Component Library (CCL) may be modified |
|||
|
2021-10-05 09:58:29 | Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (lien direct) | Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the |
Threat | ||
|
2021-10-05 07:53:29 | Apache Warns of Zero-Day Exploit in the Wild - Patch You Web Servers Now! (lien direct) | Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild.
"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source |
|||
|
2021-10-05 06:16:08 | New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (lien direct) | Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.
"The image we uncovered was that of a state-sponsored campaign that plays on |
Malware Guideline | APT 41 | |
|
2021-10-05 00:36:08 | Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine (lien direct) | Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents.
The joint exercise was undertaken on September 28 by officials from the French National |
Ransomware | ||
|
2021-10-04 07:29:11 | Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems (lien direct) | A newly discovered data exfiltration mechanism employs Ethernet cables as a "transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research.
"It's interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center |
Vulnerability | ||
|
2021-10-04 07:00:00 | Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services (lien direct) | Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe.
"These unsecured |
|||
|
2021-10-04 05:48:16 | A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (lien direct) | A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.
Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang - referring to their |
Threat | ★★★★ | |
|
2021-10-04 05:48:04 | The Shortfalls of Mean Time Metrics in Cybersecurity (lien direct) | Security teams at mid-sized organizations are constantly faced with the question of "what does success look like?". At ActZero, their continued data-driven approach to cybersecurity invites them to grapple daily with measuring, evaluating, and validating the work they do on behalf of their customers.
Like most, they initially turned toward the standard metrics used in cybersecurity, built |
|||
|
2021-10-01 07:15:24 | Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones (lien direct) | Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet.
"An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge," a group |
|||
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat | ||
|
2021-10-01 00:21:43 | Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware (lien direct) | In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks |
Malware Threat | ||
|
2021-09-30 20:55:27 | Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws (lien direct) | Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone.
The issues, designated as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, and concern a use-after-free flaw in V8 JavaScript |
|||
|
2021-09-30 06:49:19 | New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught (lien direct) | Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
"This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization's |
Vulnerability Threat | ||
|
2021-09-30 06:32:43 | Incentivizing Developers is the Key to Better Security Practices (lien direct) | Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow.
The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win |
Threat |
To see everything:
Our RSS (filtrered)
