Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-07-16 11:07:04 |
Hackers pose as journalists to breach news media org\'s networks (lien direct) |
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. [...] |
Threat
|
|
|
|
2022-07-16 10:11:12 |
(Déjà vu) Elastix VoIP systems hacked in massive campaign to install PHP web shells (lien direct) |
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] |
Malware
Threat
|
|
|
|
2022-07-16 10:11:12 |
Massive campaign hits Elastix VoIP systems with 500,000 unique malware samples (lien direct) |
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] |
Malware
Threat
|
|
|
|
2022-07-15 13:46:43 |
Password recovery tool infects industrial systems with Sality malware (lien direct) |
A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [...] |
Malware
Tool
Threat
|
|
|
|
2022-07-13 16:50:18 |
Bandai Namco confirms hack after ALPHV ransomware data leak threat (lien direct) |
Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. [...] |
Ransomware
Hack
Threat
|
|
|
|
2022-07-11 15:24:40 |
Ransomware gang now lets you search their stolen data (lien direct) |
Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data. [...] |
Ransomware
Threat
|
|
|
|
2022-07-06 12:52:48 |
(Déjà vu) Marriott confirms another data breach after hotel got hacked (lien direct) |
Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] |
Data Breach
Threat
|
|
|
|
2022-07-06 12:52:48 |
(Déjà vu) Marriott hit by new data breach and a failed extortion attempt (lien direct) |
Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] |
Data Breach
Threat
|
|
|
|
2022-07-06 12:52:48 |
Marriott confirms data breach and a failed extortion attempt (lien direct) |
Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] |
Data Breach
Threat
|
|
|
|
2022-07-06 10:47:32 |
US govt warns of Maui ransomware attacks against healthcare orgs (lien direct) |
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations. [...] |
Ransomware
Threat
|
|
|
|
2022-07-01 15:35:53 |
The Week in Ransomware - July 1st 2022 - Bug Bounties (lien direct) |
It has been relatively busy this week with new ransomware attacks unveiled, a bug bounty program introduced, and new tactics used by the threat actors to distribute their encryptors. [...] |
Ransomware
Threat
|
|
|
|
2022-06-30 19:05:11 |
Toll fraud malware disables your WiFi to force premium subscriptions (lien direct) |
Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. [...] |
Malware
Threat
|
|
|
|
2022-06-30 08:19:10 |
Google blocked dozens of domains used by hack-for-hire groups (lien direct) |
Google's Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide. [...] |
Threat
|
|
|
|
2022-06-30 08:12:24 |
AstraLocker 2.0 infects users directly from Word attachments (lien direct) |
A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments. [...] |
Ransomware
Threat
|
|
|
|
2022-06-29 06:48:22 |
(Déjà vu) Microsoft Azure FabricScape bug let hackers hijack Linux clusters (lien direct) |
Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric (SF) application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. [...] |
Threat
|
|
|
|
2022-06-29 06:48:22 |
Microsoft fixes bug that let hackers hijack Azure Linux clusters (lien direct) |
Microsoft has fixed a container escape vulnerability in the Service Fabric (SF) application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. [...] |
Vulnerability
Threat
|
|
|
|
2022-06-28 13:18:14 |
AMD investigates RansomHouse hack claims, theft of 450GB data (lien direct) |
Chip manufacturer AMD says they are investigating a cyberattack after threat actors claimed to have stolen 450 GB of data from the company last year. [...] |
Hack
Threat
|
|
|
|
2022-06-27 11:39:17 |
Microsoft Exchange bug abused to hack building automation systems (lien direct) |
A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. [...] |
Hack
Threat
|
|
|
|
2022-06-26 10:12:06 |
Clever phishing method bypasses MFA using Microsoft WebView2 apps (lien direct) |
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. [...] |
Threat
|
|
|
|
2022-06-23 15:28:48 |
CISA: Log4Shell exploits still being used to hack VMware servers (lien direct) |
CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [...] |
Hack
Threat
|
|
|
|
2022-06-23 13:07:15 |
Spyware vendor works with ISPs to infect iOS and Android users (lien direct) |
Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. [...] |
Threat
|
|
|
|
2022-06-21 07:46:03 |
(Déjà vu) Microsoft Exchange servers hacked by new ToddyCat APT gang (lien direct) |
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. [...] |
Threat
|
|
|
|
2022-06-21 07:46:03 |
(Déjà vu) New ToddyCat APT group targets Exchange servers in Asia, Europe (lien direct) |
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. [...] |
Threat
|
|
|
|
2022-06-19 10:15:23 |
Android-wiping BRATA malware is evolving into a persistent threat (lien direct) |
The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware. [...] |
Malware
Threat
|
|
★★★
|
|
2022-06-16 15:43:57 |
New MaliBot Android banking malware spreads as a crypto miner (lien direct) |
Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. [...] |
Malware
Threat
|
|
|
|
2022-06-16 06:07:20 |
Microsoft Office 365 feature can help cloud ransomware attacks (lien direct) |
Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. [...] |
Ransomware
Threat
|
|
|
|
2022-06-15 15:05:10 |
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike (lien direct) |
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [...] |
Threat
|
|
|
|
2022-06-09 08:00:24 |
New Symbiote malware infects all running processes on Linux systems (lien direct) |
Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access. [...] |
Malware
Threat
|
|
★★
|
|
2022-06-09 07:00:00 |
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade (lien direct) |
A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013. [...] |
Threat
|
|
|
|
2022-06-07 18:43:21 |
US: Chinese govt hackers breached telcos to snoop on network traffic (lien direct) |
Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. [...] |
Threat
|
|
|
|
2022-06-06 12:56:10 |
Ransomware gangs now give victims time to save their reputation (lien direct) |
Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...] |
Ransomware
Threat
|
|
|
|
2022-06-03 11:24:11 |
Microsoft disrupts Bohrium hackers\' spear-phishing operation (lien direct) |
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. [...] |
Threat
|
|
|
|
2022-06-02 08:08:11 |
Clipminer malware gang stole $1.7M by hijacking crypto payments (lien direct) |
Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. [...] |
Malware
Threat
|
|
|
|
2022-06-01 09:10:12 |
SideWinder hackers plant fake Android VPN app in Google Play Store (lien direct) |
Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. [...] |
Tool
Threat
|
APT-C-17
|
|
|
2022-05-31 18:00:17 |
Windows MSDT zero-day now exploited by Chinese APT hackers (lien direct) |
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...] |
Vulnerability
Threat
|
|
|
|
2022-05-31 11:45:04 |
New XLoader botnet uses probability theory to hide its servers (lien direct) |
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...] |
Malware
Threat
|
|
|
|
2022-05-26 15:11:03 |
OAS platform vulnerable to critical RCE and API access flaws (lien direct) |
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution. [...] |
Threat
Guideline
|
|
★★★
|
|
2022-05-25 07:21:30 |
BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) |
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] |
Malware
Vulnerability
Threat
|
|
|
|
2022-05-24 14:44:22 |
Microsoft: Credit card stealers are getting much stealthier (lien direct) |
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...] |
Threat
|
|
|
|
2022-05-24 12:09:07 |
Trend Micro fixes bug Chinese hackers exploited for espionage (lien direct) |
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...] |
Threat
|
|
|
|
2022-05-23 16:12:01 |
Fake Windows exploits target infosec community with Cobalt Strike (lien direct) |
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...] |
Threat
|
|
|
|
2022-05-23 12:26:19 |
New RansomHouse group sets up extortion market, adds first victims (lien direct) |
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. [...] |
Threat
|
|
|
|
2022-05-22 12:15:10 |
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware (lien direct) |
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...] |
Malware
Threat
|
|
|
|
2022-05-22 10:00:00 |
Google: Predator spyware infected Android devices using zero-days (lien direct) |
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...] |
Threat
|
|
|
|
2022-05-20 14:02:19 |
Backdoor baked into premium school management plugin for WordPress (lien direct) |
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...] |
Threat
|
|
|
|
2022-05-19 09:00:00 |
Phishing websites now use chatbots to steal your credentials (lien direct) |
Threat analysts have observed a new trend in the phishing space which is to incorporate interactive chatbots on sites that guide visitors through the process of losing their sensitive data. [...] |
Threat
|
|
★★★
|
|
2022-05-18 10:54:14 |
Fake crypto sites lure wannabe thieves by spamming login credentials (lien direct) |
Threat actors are luring potential thieves by spamming login credentials for other people account's on fake crypto trading sites, illustrating once again, that there is no honor among thieves. [...] |
Threat
|
|
|
|
2022-05-17 11:33:32 |
Cybersecurity agencies reveal top initial access attack vectors (lien direct) |
A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks. [...] |
Threat
|
|
|
|
2022-05-16 14:33:32 |
Apple emergency update fixes zero-day used to hack Macs, Watches (lien direct) |
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] |
Hack
Vulnerability
Threat
|
|
|
|
2022-05-16 14:05:30 |
Ukraine supporters in Germany targeted with PowerShell RAT malware (lien direct) |
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...] |
Malware
Threat
|
|
|