What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-14 04:13:23 | HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to |
Threat | ||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-02 02:07:03 | Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks (lien direct) | The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing |
Malware Threat | ||
|
2021-09-01 08:50:52 | Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns (lien direct) | Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious |
Malware Threat | ||
|
2021-08-26 05:57:02 | The Increased Liability of Local In-home Propagation (lien direct) | Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home.
In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the |
Threat | ||
|
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-24 04:10:57 | Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc (lien direct) | Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims.
"While the ransomware crisis appears poised to get worse |
Ransomware Threat | ||
|
2021-08-23 06:27:54 | Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems (lien direct) | Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top |
Hack Threat | ||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-20 03:38:09 | Cybercrime Group Asking Insiders for Help in Planting Ransomware (lien direct) | A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the |
Ransomware Threat | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 03:20:48 | Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks (lien direct) | IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients.
The attacks, which occurred in two waves in May and July 2021, have been linked |
Threat | ||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-13 02:46:09 | Hackers Actively Searching for Unpatched Microsoft Exchange Servers (lien direct) | Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year.
The remote code execution flaws have been collectively dubbed "ProxyShell." At least |
Threat | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-10 06:19:00 | Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel (lien direct) | A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world |
Threat | ||
|
2021-08-10 02:27:54 | Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers (lien direct) | Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.
Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers |
Vulnerability Threat | ||
|
2021-08-06 03:34:12 | New Amazon Kindle Bug Could\'ve Let Attackers Hijack Your eBook Reader (lien direct) | Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book.
"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from |
Vulnerability Threat | ||
|
2021-08-04 05:49:36 | Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus (lien direct) | An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.
The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called "Webdav-O" that was detected in the intrusions, with the cybersecurity firm observing similarities between |
Threat | ||
|
2021-08-04 03:28:13 | New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks (lien direct) | A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research.
The intrusions have been attributed to an advanced persistent threat named APT31 (FireEye), which is tracked by the |
Threat | APT 31 | |
|
2021-08-02 04:11:48 | New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits (lien direct) | A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks.
Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced, stealthy |
Threat | ||
|
2021-08-02 03:07:15 | Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild (lien direct) | Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar.
Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with |
Malware Threat | ||
|
2021-07-30 03:00:54 | Experts Uncover Several C&C Servers Linked to WellMess Malware (lien direct) | Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign.
More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said |
Malware Threat | APT 29 | |
|
2021-07-30 00:36:30 | A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System (lien direct) | A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."
The campaign - dubbed "MeteorExpress" - has not been linked to any previously identified threat group or to additional attacks, making it the first |
Malware Threat | ||
|
2021-07-29 08:18:26 | Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs (lien direct) | An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
The backdoor is distributed via a decoy document named "Manifest.docx" that |
Malware Threat | ||
|
2021-07-29 03:09:56 | New Ransomware Gangs - Haron and BlackMatter - Emerge on Cybercrime Forums (lien direct) | Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.
"The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the |
Ransomware Threat | ||
|
2021-07-29 01:21:39 | Top 30 Critical Security Vulnerabilities Most Exploited by Hackers (lien direct) | Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly.
"Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, |
Threat | ||
|
2021-07-28 03:58:14 | Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers (lien direct) | A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems.
Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team |
Threat | ★★★★ | |
|
2021-07-28 03:06:58 | Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees (lien direct) | An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider |
Malware Threat | ||
|
2021-07-27 05:39:47 | Hackers Turning to \'Exotic\' Programming Languages for Malware Development (lien direct) | Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of |
Malware Threat | ||
|
2021-07-23 04:23:38 | Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring (lien direct) | Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
The apprehended suspects, a 24-year-old software engineer, and a 15-year-old boy, are said to have been |
Threat | ||
|
2021-07-22 03:38:52 | APT Hackers Distributed Android Trojan via Syrian e-Government Portal (lien direct) | An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu |
Malware Threat | ||
|
2021-07-21 03:02:25 | Several New Critical Flaws Affect CODESYS Industrial Automation Software (lien direct) | Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely |
Threat | ||
|
2021-07-19 06:11:04 | Researchers Warn of Linux Cryptojacking Attackers Operating from Romania (lien direct) | A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to |
Tool Threat | ||
|
2021-07-16 02:15:28 | Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel (lien direct) | Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based |
Threat | ||
|
2021-07-15 05:57:59 | China\'s Cyberspies Targeting Southeast Asian Government Entities (lien direct) | A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a |
Threat | ||
|
2021-07-15 01:25:21 | Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild (lien direct) | Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an |
Threat | ||
|
2021-07-13 20:48:53 | Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms (lien direct) | Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322."
The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary |
Threat | ||
|
2021-07-08 02:58:54 | Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across |
Malware Threat | ||
|
2021-07-07 06:18:33 | WildPressure APT Emerges With New Malware Targeting Windows and macOS (lien direct) | A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as |
Malware Threat | ||
|
2021-07-07 05:58:28 | Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform (lien direct) | An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
In light of the growing number of cyber incidents that target the software supply chain, there is an urgent |
Threat | ||
|
2021-07-06 20:38:13 | Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability (lien direct) | Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. |
Vulnerability Threat | ★★★★ | |
|
2021-07-06 01:41:59 | Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (lien direct) | Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, |
Malware Threat | ★★★ | |
|
2021-07-05 02:48:45 | TrickBot Botnet Found Deploying A New Ransomware Called Diavol (lien direct) | Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.
TrickBot, a banking Trojan first |
Ransomware Threat | ||
|
2021-07-03 01:00:30 | Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware (lien direct) | The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA |
Ransomware Threat |
To see everything:
Our RSS (filtrered)
