Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-06-04 14:23:21 |
(Déjà vu) Attackers are scanning for vulnerable VMware servers, patch now! (lien direct) |
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-04 14:23:21 |
Attackers scan for unpatched VMware vCenter servers, PoC exploit available (lien direct) |
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] |
Vulnerability
Threat
|
|
|
|
2021-06-03 11:55:34 |
Chinese threat actors hacked NYC MTA using Pulse Secure zero-day (lien direct) |
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. [...] |
Threat
|
|
|
|
2021-06-01 15:33:46 |
US: Russian threat actors likely behind JBS ransomware attack (lien direct) |
The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. [...] |
Ransomware
Threat
|
|
★★★
|
|
2021-06-01 13:25:36 |
Critical WordPress plugin zero-day under active exploitation (lien direct) |
Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware. [...] |
Threat
|
|
★★★
|
|
2021-05-29 11:33:44 |
New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers (lien direct) |
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. [...] |
Ransomware
Threat
|
|
|
|
2021-05-28 13:14:20 |
Mexico walls off national lottery sites after ransomware DDoS threat (lien direct) |
Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. [...] |
Ransomware
Threat
|
|
|
|
2021-05-28 12:12:21 |
Chinese cyberspies are targeting US, EU orgs with new malware (lien direct) |
Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. [...] |
Malware
Threat
|
|
|
|
2021-05-28 08:08:16 |
Microsoft: SolarWinds hackers target govt agencies from 24 countries (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-based SolarWinds hackers are behind an ongoing phishing campaign targeting government agencies worldwide. [...] |
Threat
|
|
|
|
2021-05-27 13:37:01 |
(Déjà vu) New BazaFlix attack pushes BazarLoader malware via fake movie site (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-27 13:37:01 |
New BazaFlix phishing delivers BazarLoader malware via call center (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-25 14:37:16 |
Domino\'s India discloses data breach after hackers sell data online (lien direct) |
Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] |
Data Breach
Threat
|
|
|
|
2021-05-24 10:02:03 |
North Korean hackers behind CryptoCore multi-million dollar heists (lien direct) |
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. [...] |
Threat
|
APT 38
|
|
|
2021-05-19 08:57:01 |
Hackers scan for vulnerable devices minutes after bug disclosure (lien direct) |
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. [...] |
Threat
|
|
|
|
2021-05-17 20:57:51 |
Student health insurance carrier Guard.me suffers a data breach (lien direct) |
Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] |
Data Breach
Vulnerability
Threat
|
|
|
|
2021-05-17 15:01:35 |
FBI spots spear-phishing posing as Truist Bank bank to deliver malware (lien direct) |
Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. [...] |
Malware
Threat
|
|
|
|
2021-05-14 10:37:45 |
(Déjà vu) DarkSide ransomware servers reportedly seized, operation shuts down (lien direct) |
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] |
Ransomware
Threat
|
|
|
|
2021-05-14 10:37:45 |
DarkSide ransomware servers reportedly seized, REvil restricts targets (lien direct) |
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] |
Ransomware
Threat
|
|
|
|
2021-05-13 18:24:29 |
Chemical distributor pays $4.4 million to DarkSide ransomware (lien direct) |
Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. [...] |
Ransomware
Threat
|
|
|
|
2021-05-13 13:00:00 |
(Déjà vu) Microsoft build tool abused to deliver password-stealing malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-13 13:00:00 |
Attackers abuse Microsoft dev tool to deploy Windows malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-12 12:49:16 |
Microsoft: Threat actors target aviation orgs with new malware (lien direct) |
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. [...] |
Malware
Threat
|
|
|
|
2021-05-11 13:01:55 |
Microsoft Defender ATP now secures networked Linux, macOS devices (lien direct) |
Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). [...] |
Threat
|
|
|
|
2021-05-06 10:31:45 |
New Moriya rootkit used in the wild to backdoor Windows systems (lien direct) |
A new stealthy rootkit was used by an unknown threat actor to backdoor targeted Windows systems in a likely ongoing espionage campaign dubbed TunnelSnake and going back to at least 2018. [...] |
Threat
|
|
|
|
2021-04-30 02:43:43 |
(Déjà vu) Codecov starts notifying customers affected by supply-chain attack (lien direct) |
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] |
Threat
|
|
|
|
2021-04-30 02:43:43 |
Codecov begins notifying affected customers, discloses IOCs (lien direct) |
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] |
Threat
|
|
|
|
2021-04-29 18:00:00 |
New ransomware group uses SonicWall zero-day to breach networks (lien direct) |
A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. [...] |
Ransomware
Threat
|
|
|
|
2021-04-28 09:00:44 |
Cyberspies target military organizations with new Nebulae backdoor (lien direct) |
A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. [...] |
Threat
|
|
|
|
2021-04-27 10:46:26 |
(Déjà vu) MangaDex discloses data breach after stolen database shared online (lien direct) |
Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] |
Data Breach
Threat
|
|
|
|
2021-04-27 10:46:26 |
MangaDex discloses data breach after stolen data gets shared online (lien direct) |
Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] |
Data Breach
Threat
|
|
|
|
2021-04-26 12:54:01 |
Microsoft Defender now blocks cryptojacking malware using Intel TDT (lien direct) |
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [...] |
Malware
Threat
|
|
|
|
2021-04-25 16:28:55 |
Hacker leaks 20 million alleged BigBasket user records for free (lien direct) |
A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. [...] |
Threat
|
|
|
|
2021-04-19 18:27:46 |
Geico data breach exposed customers\' driver\'s license numbers (lien direct) |
Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. [...] |
Data Breach
Threat
|
|
|
|
2021-04-19 17:07:40 |
Google Alerts continues to be a hotbed of scams and malware (lien direct) |
Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. [...] |
Malware
Threat
|
|
|
|
2021-04-17 11:08:22 |
(Déjà vu) Microsoft fixes Windows 10 bug that can corrupt NTFS drives (lien direct) |
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...] |
Threat
|
|
|
|
2021-04-17 11:08:22 |
(Déjà vu) Microsoft fixes Windows 10 bug that marks drives as corrupted (lien direct) |
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. [...] |
Threat
|
|
|
|
2021-04-16 10:44:37 |
Popular Codecov code coverage tool hacked to steal dev credentials (lien direct) |
Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment. [...] |
Tool
Threat
|
|
|
|
2021-04-15 14:19:20 |
Popular NFT marketplace Rarible targeted by scammers and malware (lien direct) |
Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. [...] |
Malware
Threat
|
|
|
|
2021-04-13 09:04:11 |
Watch out for this W-2 phishing scam targeting the 2021 tax season (lien direct) |
With the United State tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal your login credentials. [...] |
Threat
|
|
|
|
2021-04-09 14:52:36 |
Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack (lien direct) |
Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today. [...] |
Ransomware
Threat
Guideline
|
|
|
|
2021-04-09 13:55:00 |
Attackers deliver legal threats, IcedID malware via contact forms (lien direct) |
Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware. [...] |
Malware
Threat
|
|
|
|
2021-04-07 17:18:42 |
VISA: Hackers increasingly using web shells to steal credit cards (lien direct) |
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. [...] |
Threat
|
|
|
|
2021-04-07 16:06:13 |
REvil ransomware now changes password to auto-login in Safe Mode (lien direct) |
A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords. [...] |
Ransomware
Threat
|
|
|
|
2021-04-07 11:36:59 |
Gigaset Android phones infected by malware via hacked update server (lien direct) |
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. [...] |
Malware
Threat
|
|
|
|
2021-04-06 18:00:33 |
Windows XP makes ransomware gangs work harder for their money (lien direct) |
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. [...] |
Ransomware
Threat
|
|
|
|
2021-04-06 09:00:00 |
Ongoing attacks are targeting unsecured mission-critical SAP apps (lien direct) |
Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. [...] |
Threat
|
|
|
|
2021-04-02 13:04:37 |
FBI and CISA warn of state hackers attacking Fortinet FortiOS servers (lien direct) |
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. [...] |
Threat
|
|
|
|
2021-04-02 07:03:11 |
Ransomware gang wanted $40 million in Florida schools cyberattack (lien direct) |
Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment. [...] |
Ransomware
Threat
|
|
|
|
2021-03-31 13:33:45 |
Google: North Korean hackers target security researchers again (lien direct) |
Google's Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. [...] |
Threat
|
|
|
|
2021-03-31 12:31:49 |
Malware hidden in game cheats and mods used to target gamers (lien direct) |
Threat actors target gamers with backdoored game tweaks and cheats hiding malware capable of stealing information from their systems after infection. [...] |
Malware
Threat
|
|
|