What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-18 10:36:00 | W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack (lien direct) | An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker | Malware Threat | ||
|
2022-11-17 18:06:00 | Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign (lien direct) | A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, | Threat | ★★ | |
|
2022-11-17 15:41:00 | FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva (lien direct) | A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online pseudonyms "tank" and "father," is said to have been involved in the day-to-day operations of the group | Malware | ★★★★ | |
|
2022-11-17 15:30:00 | 100 Apps, Endless Security Checks (lien direct) | On average, organizations report using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how robust the app is.Without visibility and control over a critical mass of an organization's entire SaaS | |||
|
2022-11-17 12:28:00 | High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (lien direct) | Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows - | |||
|
2022-11-17 11:52:00 | Iranian Hackers Compromised a U.S. Federal Agency\'s Network Using Log4Shell Exploit (lien direct) | Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022 | Vulnerability Threat | ||
|
2022-11-17 11:26:00 | North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor (lien direct) | Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel | |||
|
2022-11-16 18:34:00 | Researchers Discover Hundreds of Amazon RDS Instances Leaking Users\' Personal Data (lien direct) | Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel | Threat | ||
|
2022-11-16 17:49:00 | 7 Reasons to Choose an MDR Provider (lien direct) | According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look | Threat | ||
|
2022-11-16 13:05:00 | Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers (lien direct) | Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet | Malware | ||
|
2022-11-16 10:54:00 | Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023 (lien direct) | Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said. To that end, developers will need to complete an enrollment process in order | |||
|
2022-11-15 22:31:00 | Critical RCE Flaw Reported in Spotify\'s Backstage Software Catalog and Developer Platform (lien direct) | Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last | Vulnerability | ||
|
2022-11-15 22:03:00 | PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft (lien direct) | Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of academics and researchers from the University of Michigan, the University of Pennsylvania, and the NASA | Vulnerability | ||
|
2022-11-15 19:19:00 | Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service (lien direct) | Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk | Threat | ||
|
2022-11-15 18:28:00 | Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions (lien direct) | Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when | |||
|
2022-11-15 16:33:00 | Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (lien direct) | A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor. The | |||
|
2022-11-15 11:41:00 | Google to Pay $391 Million Privacy Fine for Secretly Tracking Users\' Location (lien direct) | Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen | ★★★★ | ||
|
2022-11-14 18:33:00 | New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders (lien direct) | Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims | Threat Guideline | APT 41 | ★★ |
|
2022-11-14 16:15:00 | Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign (lien direct) | A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." The search engine poisoning technique | ★★★ | ||
|
2022-11-14 16:00:00 | What is an External Penetration Test? (lien direct) | A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also | |||
|
2022-11-14 12:44:00 | New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks (lien direct) | A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to | Malware | ||
|
2022-11-14 11:35:00 | Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images (lien direct) | A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using | Malware Threat | ||
|
2022-11-11 19:56:00 | Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs (lien direct) | Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's | Malware | ||
|
2022-11-11 18:03:00 | These Two Google Play Store Apps Spotted Distributing Xenomorph Banking Trojan (lien direct) | Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday. | |||
|
2022-11-11 18:00:00 | VPN vs. DNS Security (lien direct) | When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a | |||
|
2022-11-11 15:43:00 | Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software (lien direct) | Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report. | |||
|
2022-11-11 14:49:00 | Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks (lien direct) | The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been | Ransomware | ||
|
2022-11-11 14:49:00 | ESET Antivirus: Advanced Protection Solutions for Home Users and Businesses (lien direct) | It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are | |||
|
2022-11-11 11:44:00 | Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland (lien direct) | Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place | Ransomware Malware Threat | ||
|
2022-11-10 21:20:00 | Warning: New Massive Malicious Campaigns Targeting Top Indian Banks\' Customers (lien direct) | Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the | Malware | ||
|
2022-11-10 20:37:00 | Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones\' Lock Screens (lien direct) | Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass | |||
|
2022-11-10 18:14:00 | Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File (lien direct) | A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core lib for REST API," according to Israeli cybersecurity firm Check Point. It has since been taken | ★★★ | ||
|
2022-11-10 17:43:00 | Is Cybersecurity Awareness Month Anything More Than PR? (lien direct) | Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things | ★★ | ||
|
2022-11-10 15:56:00 | Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products (lien direct) | Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under | |||
|
2022-11-10 13:19:00 | High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies (lien direct) | Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root | Vulnerability | ★★★ | |
|
2022-11-10 13:00:00 | Re-Focusing Cyber Insurance with Security Validation (lien direct) | The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance | Guideline | ||
|
2022-11-10 12:06:00 | New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models (lien direct) | PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets. UEFI | |||
|
2022-11-09 19:17:00 | APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network (lien direct) | The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. | APT 29 | ||
|
2022-11-09 18:36:00 | Several Cyber Attacks Observed Leveraging IPFS Decentralized Network (lien direct) | A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. | Malware | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-09 15:48:00 | Top 5 API Security Myths That Are Crushing Your Business (lien direct) | There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: Reputational damage Customer attrition | |||
|
2022-11-09 15:45:00 | New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide (lien direct) | An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said | Malware | ||
|
2022-11-09 11:34:00 | VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (lien direct) | VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an | Vulnerability | ||
|
2022-11-09 10:46:00 | Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days (lien direct) | Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately | |||
|
2022-11-08 20:22:00 | Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines (lien direct) | The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a | Ransomware Malware | ||
|
2022-11-08 19:10:00 | New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader (lien direct) | Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in | Malware | ||
|
2022-11-08 17:07:00 | U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web (lien direct) | The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value | Hack | ||
|
2022-11-08 17:00:00 | 5 Reasons to Consolidate Your Tech Stack (lien direct) | The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, | |||
|
2022-11-07 20:54:00 | Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack (lien direct) | Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not | Ransomware Hack | ||
|
2022-11-07 20:16:00 | This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others (lien direct) | Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." | Tool |
To see everything:
Our RSS (filtrered)
