What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-25 08:43:07 | Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 (lien direct) | Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 | Threat | ||
|
2022-07-25 07:05:54 | Experts Uncover New \'CosmicStrand\' UEFI Firmware Rootkit Used by Chinese Hackers (lien direct) | An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today. "This suggests that a common | Threat | ||
|
2022-07-25 02:13:38 | Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants (lien direct) | Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch | |||
|
2022-07-25 01:52:13 | Racoon Stealer is Back - How to Protect Your Organization (lien direct) | The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of | Malware | ||
|
2022-07-24 21:49:27 | Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (lien direct) | The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming | Malware Threat | ||
|
2022-07-22 11:39:32 | SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products (lien direct) | Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in | Vulnerability | ||
|
2022-07-22 05:17:13 | Microsoft Resumes Blocking Office VBA Macros by Default After \'Temporary Pause\' (lien direct) | Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios," the company said in an update on July | |||
|
2022-07-22 02:28:18 | An Easier Way to Keep Old Python Code Healthy and Secure (lien direct) | Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of | |||
|
2022-07-22 02:19:50 | Google Bringing the Android App Permissions Section Back to the Play Store (lien direct) | Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and | |||
|
2022-07-22 01:25:11 | Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy\'s Health (lien direct) | Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," | |||
|
2022-07-22 01:13:28 | Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists (lien direct) | The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed | Malware | ||
|
2022-07-21 06:23:20 | New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems (lien direct) | A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active | Malware | ||
|
2022-07-21 05:20:03 | Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms (lien direct) | The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade | Malware Threat | ||
|
2022-07-21 05:02:00 | Hackers Target Ukrainian Software Company Using GoMet Backdoor (lien direct) | A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be | |||
|
2022-07-21 05:01:54 | The New Weak Link in SaaS Security: Devices (lien direct) | Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so, | Threat | ||
|
2022-07-21 01:46:43 | Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability (lien direct) | Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username " | Vulnerability | ||
|
2022-07-21 01:25:01 | FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers (lien direct) | The U.S. Department of Justice (DoJ) has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. "The seized funds include ransoms paid by healthcare providers in Kansas and Colorado," the DoJ said in a press release issued Tuesday. The recovery of the bitcoin ransoms | Ransomware | ||
|
2022-07-21 01:23:57 | Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers (lien direct) | Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual | |||
|
2022-07-20 23:40:50 | Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities (lien direct) | Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is | |||
|
2022-07-20 21:58:18 | Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers (lien direct) | Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity. The most severe of the issues are CVE-2022-20857, CVE-2022-20858, | Vulnerability | ||
|
2022-07-20 06:41:04 | Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private (lien direct) | Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS (DoT), which was incorporated into the mobile operating system with Android 9.0. DoH3 is also an alternative to | |||
|
2022-07-20 05:00:44 | New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems (lien direct) | Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi | Ransomware Malware | ||
|
2022-07-20 04:44:31 | This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies (lien direct) | The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne | |||
|
2022-07-20 02:44:15 | Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of | Guideline | ||
|
2022-07-20 02:23:46 | Dealing With Alert Overload? There\'s a Guide For That (lien direct) | The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years. One of the biggest culprits? Alert overload. The average | |||
|
2022-07-19 22:58:36 | Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" (lien direct) | Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and | Malware Threat | ||
|
2022-07-19 21:03:48 | Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads (lien direct) | The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday | APT 29 | ||
|
2022-07-19 04:50:55 | Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users (lien direct) | Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the | |||
|
2022-07-19 04:23:38 | Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss (lien direct) | Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy | |||
|
2022-07-19 04:09:11 | New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals (lien direct) | A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use | |||
|
2022-07-18 23:58:55 | Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware (lien direct) | Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of | Malware | ||
|
2022-07-18 20:48:37 | FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors (lien direct) | The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals | |||
|
2022-07-18 08:33:57 | New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks (lien direct) | With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part | Vulnerability | ||
|
2022-07-18 07:50:10 | Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand (lien direct) | Thai activists involved in the country's pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their | Hack | ||
|
2022-07-18 07:12:55 | Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability (lien direct) | Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, | Vulnerability | ||
|
2022-07-18 05:13:46 | Mind the Gap – How to Ensure Your Vulnerability Detection Methods are up to Scratch (lien direct) | With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies' biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. But beware, they may not give you a full and continuous view of your | Vulnerability | ||
|
2022-07-18 02:59:54 | Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems (lien direct) | Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said. "Further, the software was a malware | Tool Vulnerability | ||
|
2022-07-17 21:02:45 | Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking (lien direct) | Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively. Chief among them is a collection of 31 bugs in the | |||
|
2022-07-15 22:59:18 | Google Removes "App Permissions" List from Play Store for New "Data Safety" Section (lien direct) | Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition | |||
|
2022-07-15 22:33:16 | Hackers Targeting VoIP Servers By Exploiting Digium Phone Software (lien direct) | VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo | Malware | ||
|
2022-07-15 21:07:41 | New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain (lien direct) | Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an | Vulnerability Guideline | ||
|
2022-07-15 08:05:13 | 5 Key Things We Learned from CISOs of Smaller Enterprises Survey (lien direct) | New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however “normal” may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021. | |||
|
2022-07-15 06:53:33 | New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (lien direct) | A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said. "The attacker knows this | |||
|
2022-07-15 02:22:07 | North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware (lien direct) | An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a | Ransomware Threat | ||
|
2022-07-14 21:16:56 | Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers (lien direct) | The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media, | |||
|
2022-07-14 07:06:07 | Former CIA Engineer Convicted of Leaking \'Vault 7\' Hacking Secrets to Wikileaks (lien direct) | Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to | |||
|
2022-07-14 04:29:54 | State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns (lien direct) | Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated | Malware | ||
|
2022-07-14 04:21:10 | A Simple Formula for Getting Your IT Security Budget Approved (lien direct) | Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of | |||
|
2022-07-14 02:54:07 | Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices (lien direct) | Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional | Vulnerability | ||
|
2022-07-14 01:15:16 | Pakistani Hackers Targeting Indian Students in Latest Malware Campaign (lien direct) | The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. | Malware Threat | APT 36 |
To see everything:
Our RSS (filtrered)
