What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-14 04:29:54 | State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns (lien direct) | Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated | Malware | ||
|
2022-07-14 04:21:10 | A Simple Formula for Getting Your IT Security Budget Approved (lien direct) | Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of | |||
|
2022-07-14 02:54:07 | Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices (lien direct) | Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional | Vulnerability | ||
|
2022-07-14 01:15:16 | Pakistani Hackers Targeting Indian Students in Latest Malware Campaign (lien direct) | The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. | Malware Threat | APT 36 | |
|
2022-07-13 06:22:23 | New \'Retbleed\' Speculative Execution Attack Affects AMD and Intel CPUs (lien direct) | Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing | Vulnerability | ||
|
2022-07-13 03:55:05 | U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens\' Sensitive Data (lien direct) | The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently about having their thinly-disguised online | |||
|
2022-07-13 03:47:54 | New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models (lien direct) | Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity | |||
|
2022-07-13 02:26:33 | Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations (lien direct) | Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC) | |||
|
2022-07-13 02:23:38 | 5 Questions You Need to Ask About Your Firewall Security (lien direct) | Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are "good to go" without investigating whether or not these solutions are actually protecting their systems in the best way possible. "Set it and forget it!" Instead of just relying on firewalls and assuming that they will always protect their businesses from cyber | |||
|
2022-07-13 00:51:34 | Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware (lien direct) | Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter | Malware | ||
|
2022-07-12 22:04:21 | Researchers Uncover New Attempts by Qakbot Malware to Evade Detection (lien direct) | The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz | Malware Threat | ||
|
2022-07-12 20:15:40 | Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout (lien direct) | Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one | Vulnerability | ||
|
2022-07-12 05:04:41 | TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach (lien direct) | Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the | |||
|
2022-07-12 03:28:41 | Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies (lien direct) | Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script on your web applications. Automated content security | |||
|
2022-07-11 21:33:48 | Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems (lien direct) | Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education | |||
|
2022-07-11 09:13:13 | Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs (lien direct) | GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency | |||
|
2022-07-11 03:50:45 | What It Takes to Tackle Your SaaS Security (lien direct) | It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization | |||
|
2022-07-10 22:43:38 | Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity (lien direct) | The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing | Hack | ||
|
2022-07-10 21:23:51 | PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects (lien direct) | The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a | |||
|
2022-07-09 00:49:23 | Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (lien direct) | A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the | Malware Vulnerability | ||
|
2022-07-08 10:53:03 | Researchers Warn of Raspberry Robin\'s Worm Targeting Windows Users (lien direct) | Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing | Malware Threat | ||
|
2022-07-08 05:30:27 | Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (lien direct) | LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools and techniques to achieve their goal," Cybereason security analysts Loïc Castel and Gal Romano said. | Ransomware Tool | ||
|
2022-07-08 03:42:36 | Microsoft Quietly Rolls Back Plan to Block Office VBA Macros by Default (lien direct) | Five months after announcing plans to disable Visual Basic for Applications (VBA) macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment. "An update about the rollback is in progress. I apologize for any inconvenience of the rollback | |||
|
2022-07-08 03:08:46 | Why Developers Hate Changing Language Versions (lien direct) | Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that | |||
|
2022-07-08 02:50:19 | Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign (lien direct) | A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security | Malware | ||
|
2022-07-07 21:15:45 | TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (lien direct) | In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such | Malware | ||
|
2022-07-07 04:23:53 | North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations (lien direct) | In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services-including electronic health | Ransomware | ||
|
2022-07-07 04:10:13 | Over 1200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign (lien direct) | Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was done using automation which includes the | Threat | ||
|
2022-07-07 01:51:46 | Cisco and Fortinet Release Security Patches for Multiple Products (lien direct) | Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite | |||
|
2022-07-07 01:35:34 | The Age of Collaborative Security: What Tens of Thousands of Machines Witness (lien direct) | Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any | Threat | ||
|
2022-07-06 22:50:27 | Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow (lien direct) | Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands ("/tmp/.orbit"), according to cybersecurity firm Intezer. "It can be installed | Malware Threat | ||
|
2022-07-06 19:23:14 | Apple\'s New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (lien direct) | Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies | Threat | ||
|
2022-07-06 05:38:14 | OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks (lien direct) | The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on | Guideline | ||
|
2022-07-06 04:40:27 | Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection (lien direct) | Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint | Tool | ||
|
2022-07-06 03:31:58 | The End of False Positives for Web and API Security Scanning? (lien direct) | July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. Today, ImmuniWeb | |||
|
2022-07-06 01:51:17 | Bitter APT Hackers Continue to Target Bangladesh Military Entities (lien direct) | Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA said in a new write-up published on July 5. The findings from the | Malware Threat | ||
|
2022-07-05 23:09:04 | Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (lien direct) | The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat | Ransomware | ||
|
2022-07-05 06:12:16 | Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms (lien direct) | A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest | |||
|
2022-07-05 05:34:17 | Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies (lien direct) | A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a | Threat | ||
|
2022-07-05 01:58:36 | As New Clues Emerges, Experts Wonder: Is REvil Back? (lien direct) | Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia. The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In | |||
|
2022-07-04 23:10:09 | Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web (lien direct) | Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks | Ransomware | ||
|
2022-07-04 18:55:41 | Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild (lien direct) | Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native | Vulnerability | ||
|
2022-07-04 05:07:22 | Some Worms Use Their Powers for Good (lien direct) | Gardeners know that worms are good. Cybersecurity professionals know that worms are bad. Very bad. In fact, worms are literally the most devasting force for evil known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware ever – responsible for some $52 billion in damage. In second place… Sobig, another worm. It turns out, however, that there are | |||
|
2022-07-04 04:58:51 | Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH (lien direct) | The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict. "Criminals created more than 400 phishing links to obtain bank card data of citizens and | |||
|
2022-07-03 22:38:18 | HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains (lien direct) | Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the | Vulnerability | ||
|
2022-07-01 20:22:24 | TikTok Assures U.S. Lawmakers it\'s Working to Safeguard User Data From Chinese Staff (lien direct) | Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the | |||
|
2022-07-01 08:18:59 | Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps (lien direct) | Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent | Malware | ||
|
2022-07-01 08:03:02 | Google Improves Its Password Manager to Boost Security Across All Platforms (lien direct) | Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to automatically | |||
|
2022-07-01 03:06:34 | Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree (lien direct) | Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start? | Vulnerability | ||
|
2022-07-01 02:03:44 | New \'SessionManager\' Backdoor Targeting Microsoft IIS Servers in the Wild (lien direct) | A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after | Malware Tool |
To see everything:
Our RSS (filtrered)
