What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-19 18:48:00 | Researchers Detail Azure SFX Flaw That Could\'ve Allowed Attackers to Gain Admin Access (lien direct) | Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week. Orca | |||
|
2022-10-19 18:03:00 | Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware (lien direct) | An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of | Malware Threat | ||
|
2022-10-19 18:00:00 | A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance (lien direct) | In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy? For small security teams, this is particularly challenging as they contend with limited resources. Luckily, | |||
|
2022-10-19 15:39:00 | Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update (lien direct) | Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at | Tool Threat | ||
|
2022-10-19 14:21:00 | CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the | |||
|
2022-10-18 18:25:00 | Сryptocurrency and Ransomware - The Ultimate Friendship (lien direct) | Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended. No one can argue that 2020 was the year of ransomware in the cyber world | Ransomware | ★★★★★ | |
|
2022-10-18 15:41:00 | Chinese \'Spyder Loader\' Malware Spotted Targeting Organizations in Hong Kong (lien direct) | The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly | Malware Threat Guideline | APT 41 | |
|
2022-10-18 15:17:00 | European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars (lien direct) | Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement. The coordinated | Tool | ||
|
2022-10-18 10:59:00 | Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software (lien direct) | HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware | Vulnerability | ★★★ | |
|
2022-10-17 18:24:00 | Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4 (lien direct) | The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The | Ransomware Threat | ||
|
2022-10-17 16:03:00 | Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages (lien direct) | New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation," Finnish cybersecurity company WithSecure said in a report published last week. Office 365 | Vulnerability | ||
|
2022-10-17 15:50:00 | Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter (lien direct) | Don't let the ongoing “crypto winter” lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use | Threat | ||
|
2022-10-17 15:45:00 | New Prestige Ransomware Targeting Polish and Ukrainian Organizations (lien direct) | A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft | Ransomware | ||
|
2022-10-17 15:20:00 | Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite (lien direct) | Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract | Vulnerability | ||
|
2022-10-17 08:25:00 | INTERPOL-led Operation Takes Down \'Black Axe\' Cyber Crime Organization (lien direct) | The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cybercrime syndicate called Black Axe. "'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish | |||
|
2022-10-15 10:18:00 | Indian Energy Company Tata Power\'s IT Infrastructure Hit By Cyber Attack (lien direct) | Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place | ★★★★ | ||
|
2022-10-14 23:04:00 | Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month (lien direct) | Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. " | Vulnerability | ★★★ | |
|
2022-10-14 18:57:00 | (Déjà vu) New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos (lien direct) | Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all | Threat | ||
|
2022-10-14 15:42:00 | New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts (lien direct) | A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, | Malware | ||
|
2022-10-14 15:31:00 | How To Build a Career as a Freelance Cybersecurity Analyst - From Scratch (lien direct) | With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide - and that number is still growing. The situation means that | Threat | ||
|
2022-10-14 12:44:00 | Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack (lien direct) | Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.5 Tbps attack lasted about 2 minutes, | |||
|
2022-10-14 09:05:00 | PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks (lien direct) | A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can | |||
|
2022-10-13 17:47:00 | New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems (lien direct) | A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run | Malware | ||
|
2022-10-13 17:30:00 | New Timing Attack Against NPM Registry API Could Expose Private Packages (lien direct) | A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them," | Threat | ||
|
2022-10-13 17:20:00 | Does the OWASP Top 10 Still Matter? (lien direct) | What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are | |||
|
2022-10-13 15:38:00 | Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization (lien direct) | An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other intrusions mounted over the past six months were directed against | Threat | APT 27 | |
|
2022-10-13 13:09:00 | Modified WhatsApp App Caught Infecting Android Devices with Malware (lien direct) | An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." | Malware | ||
|
2022-10-13 12:48:00 | Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers (lien direct) | A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity | Threat | ||
|
2022-10-12 20:32:00 | Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (lien direct) | Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as | Malware | ||
|
2022-10-12 19:58:00 | Scribe Platform: End-to-end Software Supply Chain Security (lien direct) | As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply | |||
|
2022-10-12 19:53:00 | Google Rolling Out Passkey Passwordless Login Support to Android and Chrome (lien direct) | Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first | ★★★ | ||
|
2022-10-12 16:33:00 | 64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan? (lien direct) | In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000. Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time. Explore the impact of | Data Breach | ||
|
2022-10-12 16:11:00 | Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys (lien direct) | A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity | Vulnerability | ||
|
2022-10-12 12:37:00 | Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs (lien direct) | Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server | |||
|
2022-10-11 22:11:00 | BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics (lien direct) | The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest | Malware | ||
|
2022-10-11 16:58:00 | Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox (lien direct) | A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The | Threat | ||
|
2022-10-11 16:38:00 | The Latest Funding News and What it Means for Cyber Security in 2023 (lien direct) | The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure | |||
|
2022-10-11 16:09:00 | Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals (lien direct) | Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing | |||
|
2022-10-11 11:51:00 | Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug (lien direct) | Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative | Vulnerability | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-10 14:55:00 | (Déjà vu) Intel Confirms Leak of Alder Lake BIOS Source Code (lien direct) | Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021. In a statement shared with | |||
|
2022-10-10 14:29:00 | Hackers Steal $100 Million Cryptocurrency from Binance Bridge (lien direct) | BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. "There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it said last week. "The exploit was through a sophisticated forging of | |||
|
2022-10-08 13:20:00 | Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (lien direct) | A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected | Vulnerability | ||
|
2022-10-08 10:43:00 | Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities (lien direct) | Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of | |||
|
2022-10-07 22:17:00 | Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (lien direct) | Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on | |||
|
2022-10-07 19:22:00 | Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials (lien direct) | Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the | |||
|
2022-10-07 18:34:00 | The essentials of GRC and cybersecurity - How they empower each other (lien direct) | Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the | Tool | ||
|
2022-10-07 18:29:00 | LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data (lien direct) | Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with | Threat | ||
|
2022-10-07 14:28:00 | Hackers Can Use \'App Mode\' in Chromium Browsers\' for Stealth Phishing Attacks (lien direct) | In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the |
To see everything:
Our RSS (filtrered)
