What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-05 13:13:27 | Cyber mercenaries group DeathStalker uses a new backdoor (lien direct) | The group of cyber mercenaries tracked as DeathStalker has been using a new PowerShell backdoor in recent attacks. The cyber mercenaries group known as DeathStalker has been using a new PowerShell backdoor in recent attacks. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, […] | |||
|
2020-12-04 23:42:42 | Iranian hackers access unsecured HMI at Israeli Water Facility (lien direct) | A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. The threat actors accessed […] | Threat | ||
|
2020-12-04 20:11:30 | (Déjà vu) Recently disclosed CVE-2020-4006 VMware zero-day was reported by NSA (lien direct) | VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. At the end of November, VMware only has released a workaround to address the critical […] | |||
|
2020-12-04 15:25:08 | Islamic imprisoned hacker Ardit Ferizi ordered to be deported (lien direct) | The Islamic hacker Ardit Ferizi, who is serving 20 years for giving his support to Islamic State group has been granted compassionate release. Ardit Ferizi, aka Th3Dir3ctorY, is the hacker that supported the ISIS organization by handing over data for 1,351 US government and military personnel. Ferizi is the first man charged with cyber terrorism that was extradited to the […] | |||
|
2020-12-04 12:39:59 | Hundreds of millions of Android users exposed to hack due to CVE-2020-8913 (lien direct) | Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913 The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out […] | Hack Vulnerability | ||
|
2020-12-04 08:26:07 | Egregor ransomware attack paralyzed for 3 days payment systems at Metro Vancouver\'s transportation agency TransLink (lien direct) | The Egregor ransomware operators hit Metro Vancouver's transportation agency TransLink disrupting services and payment systems. Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver's transportation agency TransLink causing the disruption of its services and payment systems. The news was also confirmed by Global News which has obtained the ransom letter sent […] | Ransomware | ||
|
2020-12-04 00:56:17 | Hackers hide software skimmer in social media sharing icons (lien direct) | Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages. E-skimming took place when hackers compromise an e-commerce site and plant a malicious […] | Malware | ||
|
2020-12-03 22:29:33 | Hackers are targeting COVID-19 vaccine cold chain (lien direct) | IBM X-Force experts warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. Researchers from IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating a […] | Threat | ||
|
2020-12-03 14:32:15 | TrickBoot feature allows TrickBot bot to run UEFI attacks (lien direct) | TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature. The infamous TrickBot gets a new improvement, authors added a new feature dubbed “TrickBoot” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. The TrickBoot functionality was documented […] | |||
|
2020-12-03 10:33:32 | Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land (lien direct) | E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business. It has operations […] | Ransomware | ★★ | |
|
2020-12-03 08:44:31 | A scan of 4 Million Docker images reveals 51% have critical flaws (lien direct) | Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having critical flaws. Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prevasio Analyzer […] | |||
|
2020-12-02 22:40:23 | (Déjà vu) K12 education giant paid the ransom to the Ryuk gang (lien direct) | Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak. The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November. K12 Inc. is a for-profit education company that sells online schooling […] | Ransomware | ||
|
2020-12-02 19:24:29 | Russia-linked APT Turla used a new malware toolset named Crutch (lien direct) | Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active […] | Malware | ||
|
2020-12-02 16:06:14 | APT groups targets US Think Tanks, CISA, FBI warn (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks. APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a […] | Threat | ★★ | |
|
2020-12-02 14:15:09 | Google discloses a zero-click Wi-Fi exploit to hack iPhone devices (lien direct) | Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over […] | Hack | ||
|
2020-12-02 08:53:55 | Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement (lien direct) | Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @BadPackets 5 days ago and it is still active as of now, December 1, 2020. The botnet carries two […] | |||
|
2020-12-01 22:44:33 | French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data (lien direct) | The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @ https://cybernews.com/security/french-pharmaceuticals-distribution-platform-leaking-1-7-tb-confidential-data/ The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma, a software company based in France. Apodis Pharma is a company that offers […] | |||
|
2020-12-01 21:07:28 | Malicious npm packages spotted delivering njRAT Trojan (lien direct) | npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and […] | |||
|
2020-12-01 18:41:39 | DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882 (lien direct) | The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system […] | Vulnerability | ||
|
2020-12-01 15:39:53 | Baltimore County Schools close after a ransomware attack (lien direct) | Baltimore County Schools were hit by a ransomware attack that forced them to close leaving more than 100,000 students out. Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume. School officials notified state and federal law enforcement […] | Ransomware | ||
|
2020-12-01 11:56:54 | Vietnam-linked Bismuth APT leverages coin miners to stay under the radar (lien direct) | Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus, Cobalt Kitty, or APT32, is deploying cryptocurrency miners while continues its cyberespionage campaigns. Cryptocurrency miners are typically associated with financially motivated attacks, but BISMUTH is attempting to take […] | APT 32 | ||
|
2020-12-01 10:27:43 | UK gov bans new Huawei equipment installs after Sept 2021 (lien direct) | The British government will ban the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. The British government will not allow the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. The decision to ban the Chinese giant from the building of the […] | |||
|
2020-12-01 08:50:18 | Talos reported WebKit flaws in WebKit that allow Remote Code Execution (lien direct) | Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites. Cisco's Talos team discovered security flaws in the WebKit browser engine, including flaws that can be exploited by a remote attacker to gain code execution by tricking the user into visiting a malicious […] | |||
|
2020-11-30 22:35:29 | Exclusive: Experts from TIM\'s Red Team Research (RTR) found 6 zero-days (lien direct) | TIM's Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare. Today, TIM's Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020. Schneider Electric is a vendor specialized […] | |||
|
2020-11-30 21:18:38 | Exploring malware to bypass DNA screening and lead to \'biohacking\' attacks (lien direct) | Boffins from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. Scientists play a crucial role in modern society, especially during […] | Malware | ||
|
2020-11-30 09:56:10 | University of Vermont Medical Center has yet to fully recover from October cyber attack (lien direct) | The University of Vermont Medical Center has yet to fully recover from a cyber attack that crippled systems at the Burlington hospital. In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack took place on October 28 and disrupted services at the UVM Medical Center and […] | Ransomware | ||
|
2020-11-30 08:08:10 | (Déjà vu) Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang (lien direct) | Delaware County, Pennsylvania opted to pay a $500,000 ransom after it was the victim of a DoppelPaymer ransomware attack last weekend. During the last weekend Delaware County, Pennsylvania, was the victim of a DoppelPaymer ransomware attack that brought down part of its network. According to local media, the ransomware operators have compromised systems containing sensitive information, […] | Ransomware | ||
|
2020-11-29 22:54:35 | Crooks stole 800,000€ from ATMs in Italy with Black Box attack (lien direct) | A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique. A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the […] | |||
|
2020-11-29 15:41:12 | A critical flaw in industrial automation systems opens to remote hack (lien direct) | Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […] | Hack Vulnerability | ||
|
2020-11-29 14:05:28 | Security Affairs newsletter Round 291 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for […] | |||
|
2020-11-29 12:15:37 | (Déjà vu) Sopra Steria estimates financial Impact of ransomware attack could reach €50 Million (lien direct) | IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40M and €50M. At the end of October, French IT outsourcer Sopra Steria has been hit by a ransomware attack. While the company did not reveal the family of malware that infected its systems, local media speculate the involvement […] | Ransomware Malware | ||
|
2020-11-29 10:40:11 | Operators behind Dark Caracal are still alive and operational (lien direct) | The Dark Caracal APT group has carried out a series of attacks against multiple sectors using a new variant of a 13-year-old backdoor Trojan. The Dark Caracal cyberespionage group is back, researchers from Check Point uncovered a new series of attack against multiple industries. The Dark Caracal is an APT group associated with the Lebanese […] | |||
|
2020-11-28 18:57:23 | Chip maker Advantech hit by Conti ransomware gang (lien direct) | The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen […] | Ransomware | ||
|
2020-11-28 16:52:11 | Office 365 phishing campaign leverages Oracle and Amazon cloud services (lien direct) | Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure. The campaign has been active for more […] | Threat | ||
|
2020-11-28 09:21:36 | Hundreds of C-level executives credentials available for $100 to $1500 per account (lien direct) | A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in is a popular closed-access underground forum for Russian-speaking hackers, and it […] | Threat | ||
|
2020-11-27 22:55:20 | (Déjà vu) Drupal emergency updates fix critical arbitrary PHP code execution (lien direct) | Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses the PEAR […] | Vulnerability | ||
|
2020-11-27 18:21:11 | North Korean hackers allegedly behind cyberattacks on AstraZeneca (lien direct) | The Reuters agency revealed in an exclusive that the COVID vaccine maker AstraZeneca was targeted by alleged North Korea-linked hackers. According to a report published by Reuters, suspected North Korea-linked hackers targeted AstraZeneca, one of the companies that are developing a COVID vaccine. The attack attempts took place in recent weeks, two people with knowledge […] | |||
|
2020-11-27 14:32:37 | A week later, Manchester United has yet to recover after a cyberattack (lien direct) | Manchester United is still facing problems after the cyber attack that suffered last week, it has yet to fully restore its systems. Last week Manchester United was hit by a sophisticated cyber attack, the attack took place on Friday evening and the football club shut down its systems to prevent the malware from spreading within. […] | Malware | ||
|
2020-11-27 10:09:05 | Details of 16 million Brazilian COVID-19 patients exposed online (lien direct) | The personal and health details of more than 16 million Brazilian COVID-19 patients, including Government representatives, have been exposed online. Personal and health details of more than 16 million Brazilian COVID-19 patients has been accidentally exposed online due to an error of an employee of a Brazilian hospital. An employee of Albert Einstein Hospital in Sao Paolo […] | |||
|
2020-11-27 08:23:46 | Canon publicly confirms August ransomware attack and data breach (lien direct) | Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, ZDNet first revealed […] | Ransomware Data Breach Threat | ||
|
2020-11-26 18:51:47 | Ransomware hits US Fertility the largest US fertility network (lien direct) | US Fertility, the largest network of fertility centers in the U.S., discloses a ransomware attack that took place in September 2020. US Fertility, the largest network of fertility centers in the U.S., revealed that a ransomware attack hit its systems in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that […] | Ransomware | ||
|
2020-11-26 16:49:09 | Danish news agency Ritzau hit by ransomware, but did not pay the ransom (lien direct) | Ritzau, the biggest Danish news agency, was hit by a ransomware attack that brought it offline but refused to pay the ransom. Ritzau, the biggest Danish news agency, was hit by a ransomware attack that brought it offline. The cyber attack hit a quarter of Ritzau 's 100 servers that have been damaged. The agency […] | Ransomware | ||
|
2020-11-26 15:41:01 | Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million (lien direct) | Carding Action 2020 targeted crooks selling/purchasing compromised card data on sites selling stolen cred itcard data and darkweb marketplaces Group-IB, a global threat hunting and intelligence company, has supported Carding Action 2020 – a cross-border operation led by Europol's European Cyber Crime Centre (EC3) with the support from law enforcement agencies including The Dedicated Card and Payment Crime Unit of the London […] | Threat | ||
|
2020-11-26 13:21:59 | Sophos notifies data leak after a misconfiguration (lien direct) | The cyber-security firm Sophos is notifying customers via email about a security breach that took place earlier this week. ZDNet reported that the cyber-security firm Sophos is notifying customers via email about a security breach, the company became aware ot the incident on November 24. “On November 24, 2020, Sophos was advised of an access […] | |||
|
2020-11-26 11:53:10 | (Déjà vu) A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed (lien direct) | Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. The French security researcher Clément Labro discovered a zero-day vulnerability was discovered while the security researcher was working on an update Windows security tool. The researcher was developing his own Windows privilege escalation enumeration […] | Vulnerability | ||
|
2020-11-26 09:12:48 | SSH-backdoor Botnet With \'Research\' Infection Technique (lien direct) | Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting 'Research' infection technique. In a recent tweet, the malware researcher @0xrb shared a list containing URLs of recently captured IoT botnet samples. Among the links, there was an uncommon example, a URL behind a Discord CDN, which as pointed by the IoT malware researcher @_lubiedo, may be difficult […] | Malware | ||
|
2020-11-25 23:09:03 | Belden discloses data breach as a result of a cyber attack (lien direct) | Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information […] | Data Breach Threat | ||
|
2020-11-25 20:40:13 | Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members (lien direct) | Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL's Cybercrime Directorate, Nigerian Police Force, and Group-IB's APAC Cyber Investigations Team has resulted in the […] | Threat | ||
|
2020-11-25 14:24:15 | Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach (lien direct) | Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers […] | Data Breach | ||
|
2020-11-25 12:09:08 | Watch out, WAPDropper malware could subscribe you to premium services (lien direct) | Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from legitimate telecommunications […] | Malware |
To see everything:
Our RSS (filtrered)
