What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-15 19:19:00 | Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service (lien direct) | Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk | Threat | ||
|
2022-11-15 18:28:00 | Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions (lien direct) | Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when | |||
|
2022-11-15 16:33:00 | Researchers Say China State-backed Hackers Breached a Digital Certificate Authority (lien direct) | A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor. The | |||
|
2022-11-15 11:41:00 | Google to Pay $391 Million Privacy Fine for Secretly Tracking Users\' Location (lien direct) | Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen | ★★★★ | ||
|
2022-11-14 18:33:00 | New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders (lien direct) | Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims | Threat Guideline | APT 41 | ★★ |
|
2022-11-14 16:15:00 | Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign (lien direct) | A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." The search engine poisoning technique | ★★★ | ||
|
2022-11-14 16:00:00 | What is an External Penetration Test? (lien direct) | A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also | |||
|
2022-11-14 12:44:00 | New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks (lien direct) | A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to | Malware | ||
|
2022-11-14 11:35:00 | Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images (lien direct) | A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using | Malware Threat | ||
|
2022-11-11 19:56:00 | Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs (lien direct) | Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's | Malware | ||
|
2022-11-11 18:03:00 | These Two Google Play Store Apps Spotted Distributing Xenomorph Banking Trojan (lien direct) | Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday. | |||
|
2022-11-11 18:00:00 | VPN vs. DNS Security (lien direct) | When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by redirecting your traffic via a server run by a VPN host. It establishes a | |||
|
2022-11-11 15:43:00 | Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software (lien direct) | Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report. | |||
|
2022-11-11 14:49:00 | Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks (lien direct) | The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been | Ransomware | ||
|
2022-11-11 14:49:00 | ESET Antivirus: Advanced Protection Solutions for Home Users and Businesses (lien direct) | It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are | |||
|
2022-11-11 11:44:00 | Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland (lien direct) | Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place | Ransomware Malware Threat | ||
|
2022-11-10 21:20:00 | Warning: New Massive Malicious Campaigns Targeting Top Indian Banks\' Customers (lien direct) | Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the | Malware | ||
|
2022-11-10 20:37:00 | Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones\' Lock Screens (lien direct) | Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022. "The issue allowed an attacker with physical access to bypass | |||
|
2022-11-10 18:14:00 | Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File (lien direct) | A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core lib for REST API," according to Israeli cybersecurity firm Check Point. It has since been taken | ★★★ | ||
|
2022-11-10 17:43:00 | Is Cybersecurity Awareness Month Anything More Than PR? (lien direct) | Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things | ★★ | ||
|
2022-11-10 15:56:00 | Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products (lien direct) | Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under | |||
|
2022-11-10 13:19:00 | High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies (lien direct) | Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root | Vulnerability | ★★★ | |
|
2022-11-10 13:00:00 | Re-Focusing Cyber Insurance with Security Validation (lien direct) | The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance | Guideline | ||
|
2022-11-10 12:06:00 | New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models (lien direct) | PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets. UEFI | |||
|
2022-11-09 19:17:00 | APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network (lien direct) | The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. | APT 29 | ||
|
2022-11-09 18:36:00 | Several Cyber Attacks Observed Leveraging IPFS Decentralized Network (lien direct) | A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. | Malware | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-09 15:48:00 | Top 5 API Security Myths That Are Crushing Your Business (lien direct) | There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bear financial losses. But there are other consequences too: Reputational damage Customer attrition | |||
|
2022-11-09 15:45:00 | New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide (lien direct) | An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said | Malware | ||
|
2022-11-09 11:34:00 | VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (lien direct) | VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an | Vulnerability | ||
|
2022-11-09 10:46:00 | Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days (lien direct) | Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately | |||
|
2022-11-08 20:22:00 | Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines (lien direct) | The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a | Ransomware Malware | ||
|
2022-11-08 19:10:00 | New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader (lien direct) | Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in | Malware | ||
|
2022-11-08 17:07:00 | U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web (lien direct) | The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value | Hack | ||
|
2022-11-08 17:00:00 | 5 Reasons to Consolidate Your Tech Stack (lien direct) | The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending heading into 2023, while Gartner recently projected that 2022 IT spending will only grow by 3%, | |||
|
2022-11-07 20:54:00 | Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack (lien direct) | Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not | Ransomware Hack | ||
|
2022-11-07 20:16:00 | This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others (lien direct) | Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." | Tool | ||
|
2022-11-07 16:19:00 | Experts Find Urlscan Security Scanner Inadvertently Leaks Sensitive URLs and Data (lien direct) | Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The | |||
|
2022-11-07 13:06:00 | Robin Banks Phishing Service for Cybercriminals Returns with Russian Server (lien direct) | A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was | |||
|
2022-11-05 14:05:00 | Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer (lien direct) | Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain | Malware | ★★ | |
|
2022-11-05 11:30:00 | Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities (lien direct) | Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that | Vulnerability | ||
|
2022-11-04 19:13:00 | Researchers Detail New Malware Campaign Targeting Indian Government Employees (lien direct) | The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said | Malware Threat | APT 36 | |
|
2022-11-04 18:42:00 | Your OT Is No Longer Isolated: Act Fast to Protect It (lien direct) | Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning. As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the | |||
|
2022-11-04 15:31:00 | CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and | |||
|
2022-11-03 23:10:00 | Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers (lien direct) | A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black | Ransomware Threat | ||
|
2022-11-03 16:04:00 | Why Identity & Access Management Governance is a Core Part of Your SaaS Security (lien direct) | Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Since enterprises have thousands to tens of thousands of users, and hundreds to thousands of different apps, ensuring each entrance point and | |||
|
2022-11-03 15:51:00 | OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa (lien direct) | A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as | Threat | ||
|
2022-11-03 14:50:00 | Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT (lien direct) | The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that | |||
|
2022-11-03 12:18:00 | New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users\' Data (lien direct) | Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee | |||
|
2022-11-02 18:41:00 | Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software (lien direct) | Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher |
To see everything:
Our RSS (filtrered)
