Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-03-24 07:57:47 |
92% of worldwide Microsoft Exchange IPs are now patched or mitigated (lien direct) |
Microsoft revealed that 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues collectively tracked as ProxyLogon (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. At […]
|
|
|
|
|
2021-03-23 19:09:33 |
Sierra Wireless halted production at its manufacturing sites due to ransomware attack (lien direct) |
This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. The company sells mobile computing and machine-to-machine (M2M) communications products that work over cellular […]
|
Ransomware
|
|
|
|
2021-03-23 15:24:35 |
Google fixes an Android vulnerability actively exploited in the wild (lien direct) |
Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm chipsets. According to the IT giant, threat actors are actively exploiting the vulnerability in attacks in the wild. The CVE-2020-11261 flaw, is […]
|
Vulnerability
Threat
|
|
|
|
2021-03-23 13:07:20 |
CISA is warning of vulnerabilities in GE Power Management Devices (lien direct) |
U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities […]
|
|
|
|
|
2021-03-23 09:06:06 |
Energy giant Shell discloses data breach caused by Accellion FTA hack (lien direct) |
Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company. Shell is an Anglo-Dutch multinational oil and […]
|
Data Breach
Hack
|
|
|
|
2021-03-22 22:14:08 |
Ministry of Defence academy hit by state-sponsored hackers (lien direct) |
The Ministry of Defence academy was hit by a major cyber attack, Russia and China state-sponsored hackers are suspected to be behind the offensive The Ministry of Defence academy was hit by a major cyber attack, according to the British tabloid newspaper The Sun, Russia and China state-sponsored hackers are suspected to be behind the […]
|
|
|
|
|
2021-03-22 20:42:43 |
Adobe addresses a critical vulnerability in ColdFusion product (lien direct) |
Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead to arbitrary code execution. Adobe has released security patches to address a critical vulnerability in Adobe ColdFusion that could be exploited by attackers to execute arbitrary code on vulnerable systems. The issue, tracked as CVE-2021-21087 is […]
|
Vulnerability
Guideline
|
|
|
|
2021-03-22 17:11:15 |
Abusing distance learning software to hack into student PCs (lien direct) |
Experts uncovered critical flaws in the Netop Vision Pro distance learning software used by many schools to control remote learning sessions. McAfee discovered multiple security vulnerabilities in the Netop Vision Pro popular distance learning software which is used by several teachers to control remote learning sessions. The distance learning software implements multiple features, including viewing student […]
|
Hack
|
|
|
|
2021-03-22 09:42:12 |
RCE flaw in Apache OFBiz could allow to take over the ERP system (lien direct) |
The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers to take over the ERP system. The Apache Software Foundation addressed last week a high severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the […]
|
Vulnerability
|
|
|
|
2021-03-22 08:14:13 |
Which is the Threat landscape for the ICS sector in 2020? (lien direct) |
The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. The experts gathered data related to the cyberthreats that […]
|
Threat
|
|
|
|
2021-03-21 14:47:05 |
CISA releases CHIRP, a tool to detect SolarWinds malicious activity (lien direct) |
US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based tool, that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows environments. Below […]
|
Tool
|
|
|
|
2021-03-21 13:50:07 |
Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft (lien direct) |
Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity theft. A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. Hackers also posted images captured from the hacked […]
|
|
|
|
|
2021-03-21 11:33:33 |
Security Affairs newsletter Round 306 (lien direct) |
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE Google releases Spectre PoC code exploit […]
|
|
|
|
|
2021-03-21 10:58:29 |
(Déjà vu) Microsoft Defender can now protect servers against ProxyLogon attacks (lien direct) |
Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. Microsoft announced this week that Defender Antivirus and System Center Endpoint Protection now provide automatic protection against attacks exploiting the recently disclosed ProxyLogon vulnerabilities in Microsoft Exchange. “Today, we have taken an additional step to […]
|
|
|
|
|
2021-03-20 20:11:03 |
A threat actor exploited 11 zero-day flaws in 2020 campaigns (lien direct) |
A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google's Project Zero security team published a report about the activity of a mysterious hacking group that operated over the course of 2020 and exploited at least 11 […]
|
Threat
|
|
|
|
2021-03-20 15:01:53 |
REvil ransomware gang hacked Acer and is demanding a $50 million ransom (lien direct) |
Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment of a $50,000,000 ransom, the largest one to date. Acer is the world’s 6th-largest PC vendor by unit sales as of […]
|
Ransomware
|
|
|
|
2021-03-19 23:30:18 |
(Déjà vu) Russian National pleads guilty to conspiracy to plant malware on Tesla systems (lien direct) |
The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company's computers, has pleaded guilty. “A Russian national pleaded guilty in federal court […]
|
Malware
Guideline
|
|
|
|
2021-03-19 21:42:59 |
Threat actors are attempting to exploit CVE-2021-22986 in F5 BIG-IP devices in the wild (lien direct) |
Cybersecurity experts warn of ongoing attacks aimed at exploiting a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. Cybersecurity experts from NCC Group and Bad Packets security firm this week detected a wave of attacks exploiting a recently patched critical vulnerability, tracked as CVE-2021-22986, in F5 BIG-IP and BIG-IQ networking devices. “After seeing lots […]
|
Vulnerability
|
|
|
|
2021-03-19 20:23:13 |
Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads? (lien direct) |
Amazon Elastic Kubernetes Service (EKS), a platform which gives customers the ability to run Kubernetes apps in the AWS cloud or on premises. Organizations are increasingly turning to Kubernetes to manage their containers. In the 2020 Cloud Native Survey, 91% of respondents told the Cloud Native Computing Foundation (CNCF) that they were using Kubernetes-an increase […]
|
|
Uber
|
|
|
2021-03-19 16:40:48 |
Millions of sites could be hacked due to flaws in popular WordPress plugins (lien direct) |
Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website. Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited to run arbitrary code and take over a website under certain circumstances. The flaws were uncovered in the Elementor […]
|
|
|
|
|
2021-03-19 12:30:12 |
CISA and FBI warn of ongoing TrickBot attacks (lien direct) |
CISA and FBI are warning of ongoing TrickBot attacks despite security firms took down the C2 infrastructure of the infamous botnet in October. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation. On […]
|
|
|
|
|
2021-03-19 07:21:15 |
Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports (lien direct) |
According to a report published by researchers at PrivacySavvy, many travel companies expose users’ data through their booking apps. In a report published on the 16th of March by PrivacySavvy, many travel companies expose users’ data through their booking apps. PrivacySavvy is a digital security company on a mission to educate internet users on issues […]
|
|
|
|
|
2021-03-18 22:31:29 |
(Déjà vu) XcodeSpy Mac malware targets Xcode Developers with a backdoor (lien direct) |
Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple's Xcode integrated development environment. Researchers at SentinelOne uncovered a series of attacks involving a new XcodeSpy used to deliver a custom variant of a backdoor tracked as EggShell. The EggShell allows threat actors to spy on users, capture […]
|
Malware
Threat
|
|
|
|
2021-03-18 16:21:29 |
China-linked APT31 group was behind the attack on Finnish Parliament (lien direct) |
China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. According to the government experts, the hackers breached some parliament email […]
|
|
APT 31
|
|
|
2021-03-18 12:57:13 |
WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS (lien direct) |
Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but in a selective way Throughout my life, my daily job has been purely related to cybersecurity. But the branch I like the most is Incident Response and Forensics. So, I work as DFIRer. For many […]
|
Tool
|
|
|
|
2021-03-18 12:38:21 |
Expert found a 1-Click RCE in the TikTok App for Android (lien direct) |
Egyptian security researcher Sayed Abdelhafiz discovered multiple bugs in TikTok Android Application that can be chained to achieve Remote code execution. Egyptian security researcher Sayed Abdelhafiz discovered multiple vulnerabilities in the TikTok Android Application that can be chained to achieve Remote code execution. “While testing TikTok for Android Application, I identified multiple bugs that can […]
|
|
|
|
|
2021-03-18 10:50:36 |
Reading the FBI IC3\'s \'2020 Internet Crime Report\' (lien direct) |
The FBI's Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report, which includes data from 791,790 complaints of suspected cybercrimes. The FBI's Internet Crime Complaint Center (IC3) has published its annual report, the 2020 Internet Crime Report, which provides information from 791,790 complaints of suspected cybercrimes affecting victims in the U.S.. Data that […]
|
|
|
|
|
2021-03-18 08:31:34 |
Prime Minister Boris Johnson wants to enhance UK cyber capabilities (lien direct) |
Prime Minister Boris Johnson declared that Britain needs to boost its cyber capability to conduct cyber attacks on foreign hostile actors. Prime Minister Boris Johnson said that his government needs to boost its capability to conduct cyber attacks on foreign threat actors. “Cyber power is revolutionising the way we live our lives and fight our […]
|
Threat
|
|
|
|
2021-03-17 20:56:27 |
Data Breaches Tracker monitor unsecured ElasticSearch servers online (lien direct) |
Cybersecurity research at WizCase, an online security and privacy portal, built a tool to track accessible ElasticSearch servers on the internet. Cybersecurity research at WizCase, an online security and privacy portal, developed a tool that allows track accessible ElasticSearch servers on the Internet. The tool scans the web for accessible ElasticSearch servers and displays different variables […]
|
Tool
|
|
|
|
2021-03-17 19:06:24 |
China-linked hackers target telcos to steal 5G secrets (lien direct) |
Chinese APT groups are targeting telecom companies in cyberespionage campaigns collectively tracked as Operation Diànxùn, to steal 5G secrets. Chinese-language threat actors are targeting telecom companies, as part of a cyber espionage campaign tracked as ‘Operation Diànxùn,’ to steal sensitive data and trade secrets tied to 5G technology. Hackers behind these campaigns are targering people […]
|
Threat
|
|
|
|
2021-03-17 15:11:13 |
New ZHtrap botnet uses honeypot to find more victims (lien direct) |
Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. Researchers from Netlab 360 discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. ZHtrap propagates using four vulnerabilities, experts pointed out that the botnet mainly used to conduct DDoS attacks and scanning activities, […]
|
|
|
|
|
2021-03-17 12:01:31 |
(Déjà vu) FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK (lien direct) |
The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. In March 2020, CERT France cyber-security […]
|
Ransomware
|
|
|
|
2021-03-17 08:27:54 |
SolarWinds hackers stole some of Mimecast source code (lien direct) |
Cybersecurity firm Mimecast confirmed that SolarWinds hackers who breached its network stole some of its source code. Back in December, the SolarWinds supply chain attack made the headlines when a Russian cyber espionage group tampered with updates for SolarWinds' Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices. Mimecast was […]
|
|
|
|
|
2021-03-16 21:54:31 |
New Mirai variant appears in the threat landscape (lien direct) |
Palo Alto researchers uncovered a series of ongoing attacks to spread a variant of the infamous Mirai bot exploiting multiple vulnerabilities. Security experts at Palo Alto Networks disclosed a series of attacks aimed at delivering a Mirai variant leveraging multiple vulnerabilities. Below the list of vulnerabilities exploited in the attacks, three of which were unknown issues: […]
|
Threat
|
|
|
|
2021-03-16 17:04:45 |
Magecart hackers hide captured credit card data in JPG file (lien direct) |
Crooks devised a new method to hide credit card data siphoned from compromised e-stores, experts observed hackers hiding data in JPG files. Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores, experts from Sucuri observed Magecart hackers hiding data in JPG files to avoid detection and storing them […]
|
|
|
|
|
2021-03-16 08:27:36 |
(Déjà vu) Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues (lien direct) |
Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. The IT giant reported that at least one […]
|
Tool
|
|
|
|
2021-03-16 07:48:09 |
Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms? (lien direct) |
Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a partner security firm. According to a report published by The Wall Street Journal, Microsoft is investigating whether the threat actors behind the recent wave of attacks on Microsoft Exchange servers worldwide may have obtained sensitive […]
|
Threat
|
|
|
|
2021-03-15 18:14:42 |
US DoJ indicted the CEO of Sky Global encrypted chat platform (lien direct) |
The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap, has been indicted in the US on charges of facilitating international drug trafficking. The Justice Department indicted Jean-Francois Eap […]
|
|
|
|
|
2021-03-15 12:56:27 |
ProxyLogon Microsoft Exchange exploit is completely out of the bag by now (lien direct) |
A security researcher released a new PoC exploit for ProxyLogon issues that could be adapted to install web shells on vulnerable Microsoft Exchange servers. A security researcher has released a new proof-of-concept exploit that could be adapted to install web shells on Microsoft Exchange servers vulnerable ProxyLogon issues. Since the disclosure of the flaw, security […]
|
|
|
|
|
2021-03-15 08:54:11 |
NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs (lien direct) |
The UK’s National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in Microsoft Exchange. The UK’s National Cyber Security Centre is urging UK organizations to install security patches for their Microsoft Exchange installs. The UK agency revealed to have helped UK organisations to secure their installs, around […]
|
Ransomware
|
|
|
|
2021-03-15 08:13:41 |
Google fixes the third actively exploited Chrome 0-Day since January (lien direct) |
Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the second one within a month Google has fixed a new actively exploited zero-day in its Chrome browser, this is the second zero-day issue addressed by the IT giant within a month. The flaw, tracked as […]
|
|
|
|
|
2021-03-14 15:08:30 |
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE (lien direct) |
Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE Ethernet switch, including an unauthenticated remote code execution flaw rated as critical. The flaws were discovered by researchers […]
|
|
|
|
|
2021-03-14 13:36:46 |
Security Affairs newsletter Round 305 (lien direct) |
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange REvil Ransomware gang uses DDoS attacks and voice […]
|
Ransomware
|
|
|
|
2021-03-14 09:49:49 |
Google releases Spectre PoC code exploit for Chrome browser (lien direct) |
Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser on GitHub. The experts decided to publish the proof of concept code to demonstrate the feasibility of a web-based Spectre exploit. The PoC […]
|
|
|
|
|
2021-03-13 21:07:34 |
Experts found three new 15-year-old bugs in a Linux kernel module (lien direct) |
Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface) component of the Linux kernel, the issues could be exploited by local attackers with basic user privileges to gain root privileges […]
|
|
|
|
|
2021-03-13 14:44:46 |
The fire in the OVH datacenter also impacted APTs and cybercrime groups (lien direct) |
The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 […]
|
|
|
|
|
2021-03-13 10:13:04 |
New variant for Mac Malware XCSSET compiled for M1 Chips (lien direct) |
Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware […]
|
Ransomware
Malware
|
|
|
|
2021-03-12 20:57:04 |
10,000+ WeLeakInfo customer records leaked (lien direct) |
An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo’ s customers, and leaked it. WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over […]
|
Data Breach
|
|
|
|
2021-03-12 14:18:32 |
Internet disruption in Russia coincided with the introduction of restrictions (lien direct) |
Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed the disruption of internet service provided by the Russian operator Rostelecom. The partial disruption of the service coincided with […]
|
|
|
|
|
2021-03-12 11:21:06 |
Researchers warn of a surge in cyber attacks against Microsoft Exchange (lien direct) |
Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently disclosed ProxyLogon zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) […]
|
Threat
|
|
|