What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-12 08:48:32 | Malspam campaign uses icon files to delivers NanoCore RAT (lien direct) | Researchers at Trustwave spotted a new malspam campaign that is abusing icon files to trick victims into installing the NanoCore Trojan. Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan. The emails use a .zipx file attachment, a .zipx file is a […] | |||
|
2021-03-11 21:33:36 | (Déjà vu) Expert publishes PoC exploit code for Microsoft Exchange flaws (lien direct) | This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant […] | Hack Tool | ||
|
2021-03-11 14:38:14 | Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws (lien direct) | Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway ‘s parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting the recently disclosed vulnerabilities in Microsoft Exchange, collectively tracked as ProxyLogon. On March 2nd, Microsoft has released emergency out-of-band security updates that […] | Threat | ★★★ | |
|
2021-03-11 11:26:25 | RedXOR, a new powerful Linux backdoor in Winnti APT arsenal (lien direct) | Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. […] | Malware | APT 41 | |
|
2021-03-11 08:22:38 | F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ (lien direct) | Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as “critical” severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that run the F5 TMOS operating system and provides load balancing, firewall, access control, threat protection capabilities. The vendor has released security updates for seven […] | Threat | ||
|
2021-03-10 19:47:06 | White hat hackers gained access more than 150,000 surveillance cameras (lien direct) | A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. The news was first reported by […] | |||
|
2021-03-10 15:45:39 | OVH data centers suffered a fire, many popular sites are offline (lien direct) | OVH, the largest hosting provider in Europe, has suffered a terrible fire that destroyed the data centers located in Strasbourg. OVH, one of the largest hosting providers in the world, has suffered a terrible fire that destroyed its data centers located in Strasbourg. The news was also confirmed by OVH founder Octave Klaba via Twitter, he also provided […] | |||
|
2021-03-10 09:20:38 | A flaw in The Plus Addons for Elementor WordPress plugin allows sites takeover (lien direct) | Researchers from the Wordfence team found a critical vulnerability in The Plus Addons for Elementor WordPress plugin that could be exploited to take over a website. Researchers at the Wordfence team of the security firm Defiant have spotted a critical flaw in The Plus Addons for Elementor WordPress plugin that could be exploited by attackers […] | Vulnerability | ||
|
2021-03-10 08:16:18 | Microsoft\'s March Patch Tuesday fixes 14 Critical flaws (lien direct) | Microsoft’s March Patch Tuesday security updates address 89 vulnerabilities in its products, 14 are listed as Critical and 75 are listed as Important in severity. Microsoft’s March Patch Tuesday security updates address 89 vulnerabilities in its products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office […] | |||
|
2021-03-09 21:45:56 | Another French hospital hit by a ransomware attack (lien direct) | A ransomware attack hit the Oloron-Sainte-Marie hospital in southwest France, it is the third such attack in the last month. A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The incident took place on Monday, the ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin. The […] | Ransomware | ||
|
2021-03-09 17:11:32 | (Déjà vu) Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions (lien direct) | Microsoft released ProxyLogon security updates for Microsoft Exchange servers running vulnerable unsupported Cumulative Update versions. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. Now Microsoft has released security updates for Microsoft Exchange […] | |||
|
2021-03-09 14:57:45 | (Déjà vu) Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari (lien direct) | Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari web browser. Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by Clément Lecigne of […] | Vulnerability | ||
|
2021-03-09 08:48:19 | SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors (lien direct) | Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks Supernova malware spotted on compromised SolarWinds Orion installs exposed on the Internets is likely linked to a China-linked espionage group. Researchers at Secureworks’ counter threat unit (CTU) were investigating the exploit of SolarWinds servers to deploy the Supernova web shell when collected evidence […] | Malware Hack Threat | ★★★★ | |
|
2021-03-08 17:58:38 | UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign (lien direct) | Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507) Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & […] | Malware Vulnerability Threat | ||
|
2021-03-08 15:17:33 | Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA (lien direct) | The European Banking Authority (EBA) disclosed a cyberattack that resulted in the hack of its Microsoft Exchange email system. The European Banking Authority announced that it was the victim of a cyber attack against its email system that exploited recently disclosed zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft has released emergency out-of-band security updates that […] | Hack | ||
|
2021-03-08 13:11:43 | (Déjà vu) Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs (lien direct) | Microsoft updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks. Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that […] | Tool | ||
|
2021-03-08 07:40:33 | The launch of Williams new FW43B car ruined by hackers (lien direct) | The presentation of Williams’s new Formula One car was ruined by hackers that forced the team to abandon the launch through an augmented reality app. The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch by hacking an “augmented reality” app that was designed to show the new […] | |||
|
2021-03-07 21:51:48 | Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange (lien direct) | Thousands of organizations may have been victims of cyberattacks on Microsoft Exchange servers conducted by China-linked threat actors since January. At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies. The attacks started in January, but the attackers’ activity intensified in […] | Threat | ||
|
2021-03-07 14:54:02 | Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks (lien direct) | Russia-linked APT groups leveraged the Lithuanian nation's technology infrastructure to launch cyber-attacks against targets worldwide. The annual national security threat assessment report released by Lithuania's State Security Department states that Russia-linked APT groups conducted cyber-attacks against top Lithuanian officials and decision-makers last in 2020. APT29 state-sponsored hackers also exploited Lithuania's information technology infrastructure to carry […] | Threat | APT 29 | |
|
2021-03-07 12:33:19 | Security Affairs newsletter Round 304 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. EU leaders aim at boosting defense and security, including cybersecurity New Zealand-based cryptocurrency exchange Cryptopia hacked again ByteDance […] | Guideline | ||
|
2021-03-07 09:48:53 | REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims (lien direct) | The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims to pay the ransom. The REvil/Sodinokibi ransomware operators announced that they are using DDoS attacks and voice calls to victim’s business partners and journalists to force the victims into pay the ransom. The announcement shows […] | Ransomware | ||
|
2021-03-06 21:43:11 | (Déjà vu) Multiple Cisco products exposed to DoS attack due to a Snort issue (lien direct) | Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks. Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine. The vulnerability resides in the Ethernet Frame Decoder of the Snort detection […] | Vulnerability | ||
|
2021-03-06 18:32:04 | Hackers breached four prominent underground cybercrime forums (lien direct) | A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March, […] | Hack Threat | ★★ | |
|
2021-03-06 16:50:08 | (Déjà vu) Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws (lien direct) | After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. In response to the […] | Tool | ★★★ | |
|
2021-03-05 23:13:44 | Millions of travelers of several airlines impacted by SITA data breach (lien direct) | SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly […] | Data Breach | ||
|
2021-03-05 20:00:25 | GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (lien direct) | Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads. Microsoft announced the discovery of three new pieces of malware that the threat actors behind the SolarWinds attack, tracked by the IT giant as Nobelium, used as second-stage payloads. Microsoft’s initial investigation revealed the existence of […] | Malware Threat | ||
|
2021-03-05 11:03:13 | Managed Services provider CompuCom by Darkside ransomware (lien direct) | US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations. Even if the company initially did not provide technical details about […] | Ransomware | ||
|
2021-03-05 08:11:51 | Five privilege escalation flaws fixed in Linux Kernel (lien direct) | Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that could lead to local privilege escalation. The Linux kernel vulnerabilities are race conditions that reside in AF_VSOCK implementation, they were implicitly introduced in November […] | Guideline | ||
|
2021-03-04 21:52:36 | (Déjà vu) Sunshuttle, the fourth malware allegedly linked to SolarWinds hack (lien direct) | FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle, and it was […] | Malware Hack Threat | ||
|
2021-03-04 16:39:12 | VMware addresses Remote Code Execution issue in View Planner (lien direct) | VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […] | Tool Vulnerability | ||
|
2021-03-04 14:41:21 | CISA emergency directive urges to fix Microsoft Exchange zero-days (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange. This week Microsoft has released emergency out-of-band security updates that address four […] | |||
|
2021-03-04 11:52:48 | Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150% (lien direct) | Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players' TTPs (tactics, techniques, and procedures). By […] | Ransomware Threat | ||
|
2021-03-04 10:20:55 | GRUB2 boot loader maintainers fixed hundreds of flaws (lien direct) | Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer […] | |||
|
2021-03-03 23:14:44 | Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys (lien direct) | Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A couple of weeks ago, security experts […] | Ransomware Vulnerability Threat | ||
|
2021-03-03 21:57:33 | The Ursnif Trojan has hit over 100 Italian banks (lien direct) | Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators in targeting Italian banks. Operators behind this attacks have stolen financial data and credential from targeted financial institutions. “Among the […] | Malware | ||
|
2021-03-03 17:53:49 | (Déjà vu) Cyber Defense Magazine – March 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 110 pages of excellent content. 110 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached. CLICK HERE AND GRAB THIS VERSION AND […] | |||
|
2021-03-03 15:55:30 | (Déjà vu) Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw (lien direct) | A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent. According to the expert, the vulnerability only impacts consumer accounts. […] | Vulnerability | ||
|
2021-03-03 10:53:19 | Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak (lien direct) | WizCase experts found a major breach in phone-tracking service Ringostat 's database, millions of Phone Numbers, Recordings, and Call Logs Compromised WizCase security team has found a major breach in phone-tracking service Ringostat 's database. This leak left vulnerable phone numbers, call recordings, call logs, and more to potential attack. The leaked data numbers in the millions and […] | |||
|
2021-03-03 09:51:43 | Attackers took over the Perl.com domain in September 2020 (lien direct) | The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy, senior editor of Perl.com, the attack took place months before, in September 2020. Attackers have taken over the […] | |||
|
2021-03-03 01:22:57 | Four zero-days in Microsoft Exchange actively exploited in the wild (lien direct) | Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one […] | |||
|
2021-03-03 00:03:04 | (Déjà vu) Google fixes Critical Remote Code Execution issue in Android System component (lien direct) | Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component. Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as […] | |||
|
2021-03-02 20:24:44 | Pwn20wnd released the unc0ver v 6.0 jailbreaking tool (lien direct) | The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now includes the exploit code […] | Tool | ||
|
2021-03-02 15:24:20 | French multinational dairy Lactalis hit by a cyber attack (lien direct) | French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence of a data breach. Lactalis employs more than 80,000 people worldwide, at more than 230 production […] | |||
|
2021-03-02 13:01:14 | (Déjà vu) Alleged China-linked APT41 group targets Indian critical infrastructures (lien direct) | Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting critical infrastructure operators in India. The list of targets includes power plants, electricity distribution centers, and seaports in the country. The attacks surged while relations between […] | Guideline | APT 41 | |
|
2021-03-02 08:37:23 | Distributor of Asian food JFC International hit by Ransomware (lien direct) | JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International's Europe Group, the malware caused the disruption of some of its IT […] | Ransomware Malware | ||
|
2021-03-01 22:15:13 | Gootkit delivery platform Gootloader used to deliver additional payloads (lien direct) | The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost […] | Ransomware | ||
|
2021-03-01 15:08:48 | Intern caused \'solarwinds123\' password leak, former SolarWinds CEO says (lien direct) | Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Initial […] | |||
|
2021-03-01 09:34:50 | ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection (lien direct) | ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved by a federal judge. The Chinese firm was accused to have failed […] | |||
|
2021-03-01 08:20:04 | NSA embraces the Zero Trust Security Model (lien direct) | The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. Modern infrastructure are complex environments that combine multiple technologies and that are exposed to […] | |||
|
2021-02-28 17:52:36 | EU leaders aim at boosting defense and security, including cybersecurity (lien direct) | During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting defense and security. During the recent video conference of the members of the European Council (25-26 February 2021), NATO chief Jens Stoltenberg highlighted the importance to define a strategy to boost defense and security. “We […] | Guideline |
To see everything:
