Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-12-14 13:24:00 |
Microsoft patches Windows zero-day used to drop ransomware (lien direct) |
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] |
Ransomware
Malware
Vulnerability
Threat
|
|
★★
|
|
2022-12-12 13:30:18 |
Uber suffers new data breach after attack on vendor, info leaked online (lien direct) |
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [...] |
Data Breach
Threat
|
Uber
Uber
|
★
|
|
2022-12-08 15:27:11 |
CommonSpirit Health ransomware attack exposed data of 623,000 patients (lien direct) |
CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack. [...] |
Ransomware
Threat
|
|
★★★
|
|
2022-12-08 05:00:00 |
New \'Zombinder\' platform binds Android malware with legitimate apps (lien direct) |
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. [...] |
Malware
Threat
|
|
★★★
|
|
2022-12-05 15:08:49 |
Sneaky hackers reverse defense mitigations when detected (lien direct) |
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. [...] |
Threat
|
|
★★★
|
|
2022-12-01 21:43:44 |
Compromised OEM Android platform certificates used to sign malware (lien direct) |
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. [...] |
Malware
Threat
|
|
★★★
|
|
2022-12-01 13:45:32 |
(Déjà vu) New Redigo malware drops stealthy backdoor on Redis servers (lien direct) |
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. [...] |
Malware
Threat
|
|
★★★
|
|
2022-11-30 19:14:39 |
GoTo says hackers breached its dev environment, cloud storage (lien direct) |
Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service. [...] |
Threat
|
|
★★★
|
|
2022-11-30 12:00:00 |
Google discovers Windows exploit framework used to deploy spyware (lien direct) |
Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. [...] |
Threat
|
|
★★★★★
|
|
2022-11-25 12:18:23 |
Vice Society ransomware claims attack on Cincinnati State college (lien direct) |
The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack. [...] |
Ransomware
Threat
|
|
★★
|
|
2022-11-24 10:29:49 |
Hackers modify popular OpenVPN Android app to include spyware (lien direct) |
A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN. [...] |
Threat
|
|
|
|
2022-11-10 14:17:25 |
Worok hackers hide new malware in PNGs using steganography (lien direct) |
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [...] |
Malware
Threat
|
|
|
|
2022-11-03 15:36:50 |
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (lien direct) |
The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. [...] |
Malware
Threat
|
|
|
|
2022-11-02 16:35:15 |
(Déjà vu) Hundreds of U.S. news sites push malware in supply-chain attack (lien direct) |
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] |
Malware
Threat
|
|
|
|
2022-11-02 16:35:15 |
Hundreds of U.S. news sites hit in SocGholish supply-chain attack (lien direct) |
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] |
Malware
Threat
|
|
|
|
2022-11-01 17:15:20 |
Dropbox discloses breach after hacker stole 130 GitHub repositories (lien direct) |
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [...] |
Threat
|
|
|
|
2022-11-01 11:29:25 |
New SandStrike spyware infects Android devices via malicious VPN app (lien direct) |
Threat actors are using a newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Persian-speaking Android users. [...] |
Threat
|
|
|
|
2022-10-18 17:49:08 |
Ransom Cartel linked to notorious REvil ransomware operation (lien direct) |
Threat analysts have connected the pieces that link the Ransom Cartel RaaS (ransomware-as-a-service) to the REvil gang, one of the most notorious and prolific ransomware groups in recent years. [...] |
Ransomware
Threat
|
|
|
|
2022-10-17 16:51:38 |
Malware dev claims to sell new BlackLotus Windows UEFI bootkit (lien direct) |
A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups. [...] |
Tool
Threat
|
|
|
|
2022-10-16 10:07:14 |
New PHP information-stealing malware targets Facebook accounts (lien direct) |
Threat analysts have spotted a new Ducktail campaign using a new infostealer variant and novel TTPs (tactics, techniques, and procedures), while the Facebook users it targets are no longer limited to holders of business accounts. [...] |
Malware
Threat
|
|
|
|
2022-10-13 10:05:10 |
What the Uber Hack can teach us about navigating IT Security (lien direct) |
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...] |
Hack
Threat
|
Uber
Uber
|
|
|
2022-10-12 11:16:30 |
New npm timing attack could lead to supply chain attacks (lien direct) |
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. [...] |
Threat
|
|
|
|
2022-10-11 05:30:00 |
Hacking group POLONIUM uses \'Creepy\' malware against Israel (lien direct) |
Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively. [...] |
Malware
Threat
|
|
|
|
2022-10-10 16:24:51 |
Hackers behind IcedID malware attacks diversify delivery tactics (lien direct) |
The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets. [...] |
Malware
Threat
|
|
|
|
2022-10-08 11:18:09 |
ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach (lien direct) |
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting the company's stolen files on their data leak site. [...] |
Threat
|
|
|
|
2022-09-23 07:17:34 |
Train to become an ethical hacker with this $35 course deal (lien direct) |
The point is, if you want to advance your career in IT and get a better handle on cyber threat mitigation, then The 2023 Complete Cyber Security Ethical Hacking Certification Bundle is a great place to start. It's convenient, it's fun, and since it's on sale, it's very easy to afford. [...] |
Threat
|
|
|
|
2022-09-21 14:44:10 |
FBI: Iranian hackers lurked in Albania\'s govt network for 14 months (lien direct) |
The Federal Bureau of Investigation (FBI) and CISA said that one of the Iranian threat groups behind the destructive attack on the Albanian government's network in July lurked inside its systems for roughly 14 months. [...] |
Threat
|
|
|
|
2022-09-20 10:06:03 |
Top 8 takeaways from the VMWare Cybersecurity Threat Report (lien direct) |
VMware has recently released the 2022 edition of its annual Global Incident Response Threat Report. It is critically important for IT professionals to understand these trends and what they could mean for your organization's cyber security efforts. Let's break down VMware's 8 key findings and offer meaningful insights into each. [...] |
Threat
|
|
|
|
2022-09-09 10:00:00 |
Lampion malware returns in phishing attacks abusing WeTransfer (lien direct) |
The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns. [...] |
Malware
Threat
|
|
|
|
2022-09-08 15:28:21 |
GIFShell attack creates reverse shell using Microsoft Teams GIFs (lien direct) |
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs. [...] |
Threat
|
|
|
|
2022-09-07 07:00:00 |
Google says former Conti ransomware members now attack Ukraine (lien direct) |
Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs). [...] |
Ransomware
Threat
|
|
|
|
2022-08-30 18:08:01 |
Hackers hide malware in James Webb telescope images (lien direct) |
Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [...] |
Malware
Threat
|
|
|
|
2022-08-30 13:26:40 |
Chinese hackers target Australian govt with ScanBox malware (lien direct) |
China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. [...] |
Malware
Threat
|
|
|
|
2022-08-28 13:15:05 |
(Déjà vu) Okta one-time MFA passcodes exposed in Twilio cyberattack (lien direct) |
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company. [...] |
Hack
Threat
|
|
|
|
2022-08-28 13:15:05 |
Twilio breach let hackers see Okta\'s one-time MFA passwords (lien direct) |
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company. [...] |
Hack
Threat
|
|
|
|
2022-08-25 18:33:35 |
How \'Kimsuky\' hackers ensure their malware only reach valid targets (lien direct) |
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. [...] |
Malware
Threat
|
|
|
|
2022-08-25 16:59:05 |
LastPass developer systems hacked to steal source code (lien direct) |
Password management firm LastPass was hacked last week, allowing threat actors to steal the company's source code and proprietary technical information. [...] |
Threat
|
LastPass
|
|
|
2022-08-25 10:53:16 |
Twilio hackers hit over 130 orgs in massive Okta phishing attack (lien direct) |
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [...] |
Threat
|
|
|
|
2022-08-14 10:12:24 |
Over 9,000 VNC servers exposed online without a password (lien direct) |
Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. [...] |
Threat
|
|
★★
|
|
2022-08-08 14:17:51 |
Email marketing firm hacked to steal crypto-focused mailing lists (lien direct) |
Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers. [...] |
Data Breach
Threat
|
|
|
|
2022-08-05 12:00:00 |
Twitter confirms zero-day used to expose data of 5.4 million accounts (lien direct) |
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [...] |
Data Breach
Vulnerability
Threat
|
|
|
|
2022-08-05 10:40:33 |
Facebook finds new Android malware used by APT hackers (lien direct) |
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware. [...] |
Malware
Threat
|
APT 36
|
|
|
2022-08-03 16:35:51 |
Windows 11 Smart App Control blocks files used to push malware (lien direct) |
Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several new file types threat actors have recently adopted to infect targets with malware in phishing attacks. [...] |
Malware
Threat
|
|
|
|
2022-08-01 18:33:54 |
Over 3,200 apps leak Twitter API keys, some allowing account hijacks (lien direct) |
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. [...] |
Threat
|
|
|
|
2022-07-27 11:09:43 |
Microsoft: Windows, Adobe zero-days used to deploy Subzero malware (lien direct) |
Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit (aka private-sector offensive actor) named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. [...] |
Malware
Threat
|
|
|
|
2022-07-23 12:08:04 |
North Korean hackers attack EU targets with Konni RAT malware (lien direct) |
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. [...] |
Malware
Threat
Cloud
|
APT 37
|
|
|
2022-07-22 18:00:35 |
Hacker selling Twitter account data of 5.4 million users for $30k (lien direct) |
Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. [...] |
Data Breach
Vulnerability
Threat
|
|
|
|
2022-07-19 13:06:41 |
Google catches Turla hackers deploying Android malware in Ukraine (lien direct) |
Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. [...] |
Malware
Threat
|
|
|
|
2022-07-19 05:30:00 |
New CloudMensis malware backdoors Macs to steal victims\' data (lien direct) |
Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. [...] |
Malware
Threat
|
|
|
|
2022-07-16 11:07:04 |
Hackers pose as journalists to breach news media org\'s networks (lien direct) |
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. [...] |
Threat
|
|
|