What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-25 10:02:56 | Group-IB Hi-Tech Crime Trends 2020/2021 report (lien direct) | Group-IB, a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity. […] | Ransomware Threat | ||
|
2020-11-25 09:13:12 | UK NCSC\'s alert urges orgs to fix MobileIron CVE-2020-15505 RCE (lien direct) | The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of […] | Vulnerability | ||
|
2020-11-24 23:17:16 | (Déjà vu) 2FA bypass in cPanel potentially exposes tens of millions of websites to hack (lien direct) | 2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel, a popular […] | Hack | ||
|
2020-11-24 21:21:07 | Baidu Android apps removed from Play Store because caught collecting user details (lien direct) | Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive […] | |||
|
2020-11-24 17:56:35 | A new Stantinko Bot masqueraded as httpd targeting Linux servers (lien direct) | Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the […] | Threat | ||
|
2020-11-24 16:20:04 | TrickBot operators continue to update their malware to increase resilience to takedown (lien direct) | Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft's Defender team, FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Even if Microsoft and its partners have brought down the TrickBot […] | Malware | ||
|
2020-11-24 12:27:25 | Microsoft fixes Kerberos Authentication issues with an out-of-band Update (lien direct) | Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known […] | Vulnerability | ||
|
2020-11-24 10:03:37 | Crooks social-engineered GoDaddy staff to take over crypto-biz domains (lien direct) | Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings […] | Threat | ||
|
2020-11-24 08:38:37 | Credential stuffing attack targeted 300K+ Spotify users (lien direct) | Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million records, including login credentials and other data for […] | |||
|
2020-11-23 22:00:07 | VMware discloses critical zero-day CVE-2020-4006 in Workspace One (lien direct) | VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux […] | Vulnerability | ||
|
2020-11-23 18:33:02 | Computer Security and Data Privacy, the perfect alliance (lien direct) | Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats. Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of digital culture is needed […] | |||
|
2020-11-23 17:52:38 | Researchers show how to steal a Tesla Model X in a few minutes (lien direct) | Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car's keyless entry system. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven University in Belgium has demonstrated how to steal a Tesla Model X in minutes by […] | |||
|
2020-11-23 15:27:21 | TikTok fixed security issues that could have led one-click account takeover (lien direct) | TikTok has addressed a couple of security issues that could have been chained to led account takeover. The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affected the company […] | |||
|
2020-11-23 12:06:07 | VMware fixed SD-WAN flaws that could allow hackers to target enterprise networks (lien direct) | VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack. VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network. The following […] | |||
|
2020-11-23 09:06:14 | FBI issued an alert on Ragnar Locker ransomware activity (lien direct) | The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April […] | Ransomware | ||
|
2020-11-23 08:32:23 | Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware (lien direct) | Sonatype's deep dive research allowed to identify a new family of Discord malware called CursedGrabber. Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem. The malware called “xpc.js” […] | Malware Threat | ||
|
2020-11-22 18:07:39 | Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs (lien direct) | A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs. A threat actor, who goes online with the moniker “pumpedkicks,” has leaked online a list of exploits that could be exploited to steal VPN credentials from almost 50,000 Fortinet VPN devices. Researchers from Bank Security first […] | Threat | ||
|
2020-11-22 14:16:14 | Hundreds of female sports stars and celebrities have their naked photos and videos leaked online (lien direct) | Hackers have stolen naked photos and videos from hundreds of female sports stars and celebrities and leaked them online. Threat actors have stolen naked photos and videos from hundreds of female sports stars and celebrities and leaked them online. The attack took place in the same hours as hackers hit Manchester United and brings us back […] | Threat | ||
|
2020-11-22 11:07:17 | (Déjà vu) Romanians arrested for running underground malware services (lien direct) | Two Romanians arrested for running three malware services Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. Romanian police forces have arrested this week two individuals suspected of running two malware crypter services called CyberSeal and DataProtector, and a malware testing service called […] | Malware | ||
|
2020-11-22 11:04:07 | Security Affairs newsletter Round 290 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Chilean-based retail giant Cencosud hit by Egregor Ransomware ShinyHunters hacked Pluto TV service, 3.2M accounts exposed The North Face website suffered a credential stuffing attack Crooks use software skimmer that […] | Ransomware | ||
|
2020-11-22 10:25:47 | A cyberattack crippled the IT infrastructure of the City of Saint John (lien direct) | Officials confirm that the city of Saint John was hit by a massive cyberattack that has crippled the entire IT municipal infrastructure. The city of Saint John, Canada, was hit by a massive cyberattack that has crippled the entire IT municipal infrastructure, the incident was publicly disclosed on November 15. The cyberattack caused the shut […] | |||
|
2020-11-21 16:07:55 | Dutch tech reporter gatecrashes EU defence secret video conference (lien direct) | A Dutch tech reporter gatecrashed a video conference of EU defence ministers after the Dutch minister shared an image on Twitter. Dutch journalist Daniel Verlaan of RTL Nieuws broke into a secret video conference of EU defence ministers after the Dutch defence minister Ank Bijleveld posted on Twitter an image of the call that accidentally […] | |||
|
2020-11-21 14:27:56 | Experts warn of mass-scanning for ENV files left unsecured online (lien direct) | Threat actors are scanning the Internet for ENV files that usually contain API tokens, passwords, and database logins. Threat actors are scanning the internet for API tokens, passwords, and database logins that are usually used to store ENV files (Environment files) accidentally left exposed online. Environment files are configuration files that usually contain user environment […] | Threat | ||
|
2020-11-21 12:10:25 | Manchester United hit by \'sophisticated\' cyber attack (lien direct) | The Manchester United football club has been hit by a cyber attack on their systems, it is not aware of a breach of personal data for his fans. Manchester United disclosed a cyber attack, but according to the football club it is not “currently aware of any breach of personal data associated with our fans and customers”. […] | |||
|
2020-11-21 10:35:51 | UK reveals new National Cyber Force to improve offensive cyber capabilities (lien direct) | The new National Cyber Force (NCF) is working to improve UK's offensive cyber capabilities to disrupt adversaries and keep the UK safe. UK Prime Minister, in a speech on defence spending, announced the GCHQ and Ministry of Defence (MoD) partnership aimed at conducting offensive cyber operations to disrupt hostile nation-state operations, terrorists, and cyber criminal […] | |||
|
2020-11-20 21:12:27 | VMware addresses flaws exploited at recent Tianfu Cup (lien direct) | VMware has addressed two serious ESXi vulnerabilities that were demonstrated at the Tianfu Cup International PWN Contest. VMware has released patches for two serious ESXi vulnerabilities that were disclosed during the 2020 Tianfu Cup International PWN Contest. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest […] | |||
|
2020-11-20 17:46:05 | October Mumbai power outage may have been caused by a cyber attack (lien direct) | Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers. On October 13, a major power outage occurred in the metropolitan area of Mumbai causing the partial disruption of the traffic management systems and the paralysis of the rail traffic and also impacted work […] | |||
|
2020-11-20 15:11:07 | Mitsubishi Electric Corp. was hit by a new cyberattack (lien direct) | Mitsubishi Electric Corp. was hit by a new cyber attack that may have caused the leakage of information related to its business partners. Mitsubishi Electric Corp. was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. “Company officials on Nov. 20 said they were checking […] | |||
|
2020-11-20 11:51:15 | QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor (lien direct) | The QakBot banking trojan has dropped the ProLock ransomware, they are now opting for the Egregor ransomware in their operations. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered that QakBot (aka Qbot) operators have abandoned ProLock for Egregor ransomware. Egregor has been actively distributed since September 2020 and has so far hit […] | Ransomware Threat | ||
|
2020-11-20 11:23:40 | A flaw in Facebook Messenger could have allowed spying on users (lien direct) | Facebook has addressed a security vulnerability in its Messenger for Android app that could have allowed attackers to spy on users. Facebook has addressed a major security issue in its Messenger for Android app that could have allowed threat actors to spy on users by placing and connecting Messenger audio calls without their interaction. The […] | Vulnerability Threat | ||
|
2020-11-19 23:48:47 | (Déjà vu) A flaw in GO SMS Pro App allows accessing media messages (lien direct) | An unpatched security flaw in GO SMS Pro, a popular messaging app for Android with over 100 million installs, exposes media messages. GO SMS Pro is a popular Android messaging app with over 100 million installs, that has been found to be affected by an unpatched security flaw that publicly exposes media transferred between users. […] | |||
|
2020-11-19 20:49:21 | Nation-state actors from Russia, China, Iran, and North Korea target Canada (lien direct) | Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea. A report published by the Canadian Centre for Cyber Security, titled “National Cyber Threat Assessment 2020,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea. The report is based on both […] | Threat | ||
|
2020-11-19 17:36:59 | Drupal addressed CVE-2020-13671 Remote Code Execution flaw (lien direct) | Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has been classified as critical […] | Vulnerability | ||
|
2020-11-19 15:31:15 | We infiltrated an IRC botnet. Here\'s what we found (lien direct) | The CyberNews.com Investigation team carried out an infiltration operation against an IRC botnet and reported it to CERT Vietnam to help take it down. Original post @ https://cybernews.com/security/we-infiltrated-an-irc-botnet-heres-what-we-found/ In order to gather valuable information about the IRC botnet's activity, we joined its Command and Control channel where we met the botmaster who was responsible for […] | |||
|
2020-11-19 12:29:47 | New Grelos skimmer variant reveals murkiness in tracking Magecart operations (lien direct) | Security experts from RiskIQ discovered a new variant of the Grelos skimmer that presents overlap with Magecart group operations. Researchers from RiskIQ analyzed the increased overlap of a new variant of the skimmer dubbed Grelos and the operations of the groups under the Magecart umbrella. The analysis demonstrates the difficulty in associating new strains of skimmer to groups […] | |||
|
2020-11-19 09:20:23 | REvil ransomware demands 500K ransom to Managed.com hosting provider (lien direct) | Managed web hosting provider Managed.com was hit with REvil ransomware that forced it to take down their servers and web hosting systems. Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline. At the time of writing this post, Managed.com hosting […] | Ransomware | ||
|
2020-11-18 22:32:39 | Cisco fixed flaws in WebEx that allow ghost participants in meetings (lien direct) | Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. Cisco has addressed three vulnerabilities in Webex Meetings (CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. “A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server […] | Vulnerability | ||
|
2020-11-18 20:27:53 | China-linked APT10 leverages ZeroLogon exploits in recent attacks (lien direct) | Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. Symantec’s Threat Hunter Team, a Broadcom division, uncovered a global campaign conducted by a China-linked APT10 cyber-espionage group targeting businesses using the recently-disclosed ZeroLogon vulnerability. The group, also known as Cicada, Stone Panda, and Cloud Hopper, has been active at […] | Threat | APT 10 | |
|
2020-11-18 15:59:50 | Phishing campaign targets LATAM e-commerce users with Chaes Malware (lien direct) | Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users […] | Malware | ||
|
2020-11-18 13:28:54 | Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection (lien direct) | Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We're tracking an active credential phishing attack targeting enterprises […] | |||
|
2020-11-18 08:39:29 | (Déjà vu) The Defeated President Trump fired CISA chief Chris Krebs (lien direct) | President Trump has fired Chris Krebs, Director of the CISA, over his statement claiming the recent presidential election the most secure in US history. Former President Trump has fired Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), over his statement calling the 2020 presidential election the most secure in US history. Former President Trump […] | |||
|
2020-11-18 07:44:15 | Large-scale campaign targets vulnerable Epsilon Framework WordPress themes (lien direct) | Hackers are scanning the Internet for WordPress websites with Epsilon Framework themes installed to launch Function Injection attacks. Experts at the Wordfence Threat Intelligence team uncovered a large-scale wave of attacks targeting reported Function Injection vulnerabilities in themes using the Epsilon Framework. Below a list of themes and related versions that are vulnerable to the above […] | Threat | ||
|
2020-11-17 21:49:26 | Happy birthday, Security Affairs celebrates its ninth Anniversary today (lien direct) | Happy BirthDay Security Affairs! Nine years together! I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. Thank you! Nine year ago I launched Security Affairs, a blog that over the years obtained important successes in the cyber security community, but the greatest gift is your […] | |||
|
2020-11-17 21:14:25 | Expert publicly discloses PoC code for critical RCE issues in Cisco Security Manager (lien direct) | Cisco released multiple advisories related to security issues in Cisco Security Manager (CSM) that affect the recently released 4.22 version. Cisco published multiple security advisories related to critical vulnerabilities affecting the Cisco Security Manager (CSM), including the recently released version 4.22. Cisco Security Manager provides a comprehensive management solution for CISCO devices, including intrusion prevention systems […] | |||
|
2020-11-17 16:26:26 | (Déjà vu) Chinese APT FunnyDream targets a South East Asian government (lien direct) | Researchers spotted a new China-linked APT, tracked as FunnyDream that already infected more than 200 systems across Southeast Asia. Security experts at BitDefender have uncovered a new China-linked cyber espionage group, tracked as FunnyDream that has already infected more than 200 systems across Southeast Asia over the past two years. According to Kaspersky Lab, FunnyDream […] | |||
|
2020-11-17 14:11:12 | Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2 (lien direct) | Shellcode play an essential role in cyber attacks, the popular expert Unixfreaxjp explained how to utilize radare2 for variation of shellcode analysis Shellcode is having an important part in cyber intrusion activities and mostly spotted to be executed during the process/thread injection or during the exploitation of memory space that mostly related to a vulnerability. […] | |||
|
2020-11-17 12:03:51 | 246869 Windows systems are still vulnerable to the BlueKeep flaw (lien direct) | In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched. Over a year ago Microsoft Patch Tuesday updates for May 2019 addressed nearly 80 vulnerabilities, including the BlueKeep flaw. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that can be exploited by […] | |||
|
2020-11-17 09:18:15 | VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves (lien direct) | Boffins devised a new attack, dubbed VoltPillager, that can break the confidentiality and integrity of Intel SGX enclaves by controlling the CPU core voltage. A group of six researchers from the University of Birmingham has devised a new attack technique, dubbed VoltPillager, that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) […] | |||
|
2020-11-17 08:29:55 | “At-Risk Meeting Notifier Zoom” feature alerts meeting organizers of Zoombombing risk (lien direct) | The popular video conferencing application Zoom implemented the new “At-Risk Meeting Notifier” feature to warn of Zoombombing threat. Zoom announced the launch a new feature dubbed “At-Risk Meeting Notifier” to warn conference organizers of potential Zoombombing attacks. The feature scans the web for links to Zoom meetings that have been posted online and warn organizers […] | ★★ | ||
|
2020-11-16 21:31:43 | Unprotected database exposed a scam targeting 100K+ Facebook accounts (lien direct) | Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. The archive was used by crooks as part of a global hacking campaign against users of the social network. “We […] |
To see everything:
Our RSS (filtrered)
