What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-11 16:58:00 | Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox (lien direct) | A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The | Threat | ||
|
2022-10-11 16:38:00 | The Latest Funding News and What it Means for Cyber Security in 2023 (lien direct) | The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure | |||
|
2022-10-11 16:09:00 | Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals (lien direct) | Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing | |||
|
2022-10-11 11:51:00 | Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug (lien direct) | Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative | Vulnerability | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-10 14:55:00 | (Déjà vu) Intel Confirms Leak of Alder Lake BIOS Source Code (lien direct) | Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021. In a statement shared with | |||
|
2022-10-10 14:29:00 | Hackers Steal $100 Million Cryptocurrency from Binance Bridge (lien direct) | BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. "There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it said last week. "The exploit was through a sophisticated forging of | |||
|
2022-10-08 13:20:00 | Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (lien direct) | A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected | Vulnerability | ||
|
2022-10-08 10:43:00 | Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities (lien direct) | Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of | |||
|
2022-10-07 22:17:00 | Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (lien direct) | Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on | |||
|
2022-10-07 19:22:00 | Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials (lien direct) | Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the | |||
|
2022-10-07 18:34:00 | The essentials of GRC and cybersecurity - How they empower each other (lien direct) | Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the | Tool | ||
|
2022-10-07 18:29:00 | LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data (lien direct) | Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with | Threat | ||
|
2022-10-07 14:28:00 | Hackers Can Use \'App Mode\' in Chromium Browsers\' for Stealth Phishing Attacks (lien direct) | In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the | |||
|
2022-10-07 12:22:00 | BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (lien direct) | In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical | Ransomware Threat | ||
|
2022-10-06 18:27:00 | Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals (lien direct) | The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding | Malware Threat | ||
|
2022-10-06 17:50:00 | Details Released for Recently Patched new macOS Archive Utility Vulnerability (lien direct) | Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application | Vulnerability Guideline | ||
|
2022-10-06 17:34:00 | The Ultimate SaaS Security Posture Management Checklist, 2023 Edition (lien direct) | It's been a year since the release of The Ultimate SaaS Security Posture Management (SSPM) Checklist. If SSPM is on your radar, here's the 2023 checklist edition, which covers the critical features and capabilities when evaluating a solution. The ease with which SaaS apps can be deployed and adopted today is remarkable, but it has become a double-edged sword. On the one hand, apps are quickly | |||
|
2022-10-06 13:55:00 | 19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam (lien direct) | The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for | Data Breach | ||
|
2022-10-06 12:27:00 | Former Uber Security Chief Found Guilty of Data Breach Coverup (lien direct) | A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the | Data Breach | Uber Uber | |
|
2022-10-05 18:16:00 | Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices (lien direct) | A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with | Malware | ||
|
2022-10-05 18:00:00 | Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information (lien direct) | Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said. "And no customer account data was involved." It | Data Breach | ||
|
2022-10-05 13:42:00 | Want More Secure Software? Start Recognizing Security-Skilled Developers (lien direct) | Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable “digital gold”. Attackers are constantly | Threat | ||
|
2022-10-05 13:42:00 | FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization (lien direct) | U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the | |||
|
2022-10-05 11:43:00 | Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison (lien direct) | A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after the Canadian national pleaded guilty to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law | Ransomware Guideline | ||
|
2022-10-05 11:01:00 | Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds (lien direct) | Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year. | |||
|
2022-10-04 23:51:00 | Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam (lien direct) | India's Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary | |||
|
2022-10-04 21:09:00 | Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer (lien direct) | A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version | |||
|
2022-10-04 20:39:00 | Researchers Report Supply Chain Vulnerability in Packagist PHP Repository (lien direct) | Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager | Vulnerability | ||
|
2022-10-04 18:14:00 | Back to Basics: Cybersecurity\'s Weakest Link (lien direct) | A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver | |||
|
2022-10-04 17:53:00 | BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million (lien direct) | A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after | |||
|
2022-10-04 15:46:00 | CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability | |||
|
2022-10-04 13:35:00 | ProxyNotShell – the New Proxy Hell? (lien direct) | Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to | Vulnerability | ||
|
2022-10-04 12:36:00 | Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers (lien direct) | Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. The company also said it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it | Hack | Deloitte Deloitte | |
|
2022-10-03 20:05:00 | Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack (lien direct) | A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the | Malware Threat | ||
|
2022-10-03 18:26:00 | Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers (lien direct) | The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly | Ransomware Threat | ||
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-10-03 15:21:00 | Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (lien direct) | A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer | |||
|
2022-10-01 12:30:00 | Pay What You Want for This Collection of White Hat Hacking Courses (lien direct) | Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one video course, and | ★★★★ | ||
|
2022-10-01 12:06:00 | State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations (lien direct) | Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory | |||
|
2022-10-01 12:05:00 | CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary | Vulnerability | ||
|
2022-09-30 20:12:00 | New Malware Families Found Targeting VMware ESXi Hypervisors (lien direct) | Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access | Malware Threat | ||
|
2022-09-30 17:22:00 | Cyber Attacks Against Middle East Governments Hide Malware in Windows logo (lien direct) | An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 | Malware Threat | ||
|
2022-09-30 15:50:00 | New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons (lien direct) | A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains | Malware | ||
|
2022-09-30 15:40:00 | Why Organisations Need Both EDR and NDR for Complete Network Protection (lien direct) | Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones, | |||
|
2022-09-30 15:32:00 | North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks (lien direct) | A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is | Threat Medical | APT 38 | |
|
2022-09-30 14:31:00 | Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild (lien direct) | Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is | |||
|
2022-09-30 09:55:00 | (Déjà vu) WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation (lien direct) | Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The | |||
|
2022-09-29 19:45:00 | Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware (lien direct) | A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep | Malware Threat |
To see everything:
Our RSS (filtrered)
