Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-07-28 16:16:44 |
Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers (lien direct) |
A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks. A China-linked cyberespionage group tracked as PKPLUG (aka Mustang Panda and HoneyMyte), which is known for targeting Southeast Asia, exploited vulnerabilities in the Microsoft Exchange Server to deploy a previously undocumented variant of PlugX on compromised systems. Researchers […]
|
|
|
|
|
2021-07-28 14:26:36 |
IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M (lien direct) |
The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic. IBM Security presented today the annual study “Cost of Data Breach,” conducted by Ponemon Institute and sponsored and analyzed by IBM, which is based on data related to data […]
|
Data Breach
|
|
|
|
2021-07-28 07:16:58 |
BlackMatter ransomware group claims to be Darkside and REvil succesor (lien direct) |
BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its […]
|
Ransomware
Threat
|
|
★★★★★
|
|
2021-07-27 20:35:16 |
Flaws in Zimbra could allow to takeover webmail server of a targeted organization (lien direct) |
Researchers discovered flaws in Zimbra email collaboration software that could allow attackers to compromise email accounts by sending a malicious email. Cybersecurity researchers have discovered multiple security vulnerabilities, tracked as CVE-2021-35208 and CVE-2021-35208, in Zimbra email collaboration software. An unauthenticated attacker could chain these vulnerabilities to fully takeover a Zimbra webmail server of a targeted organization. An […]
|
|
|
|
|
2021-07-27 14:36:19 |
South Africa\'s logistics company Transnet SOC hit by a ransomware attack (lien direct) |
Transnet SOC Ltd, a large South African rail, port and pipeline company, announced it was hit by a disruptive cyber attack. South Africa's logistics company Transnet SOC was hit last week by a disruptive cyberattack that halted its operations at all the port's terminals. The attack took place on Thursday, 22 July. “Port terminals are operational across the system, with […]
|
Ransomware
|
|
|
|
2021-07-27 12:55:52 |
(Déjà vu) DIVD discloses three new unpatched Kaseya Unitrends zero-days (lien direct) |
Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities include remote code execution and authenticated privilege escalation on the client-side. Kaseya Unitrends is a cloud-based enterprise solution […]
|
|
|
|
|
2021-07-27 09:20:23 |
Hackers flooded the Babuk ransomware gang\'s forum with gay porn images (lien direct) |
The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. The Babuk Locker operators halted their operations at the end […]
|
Ransomware
Threat
|
|
|
|
2021-07-26 22:16:31 |
Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year (lien direct) |
Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices. The vulnerability resides in the IOMobileFramebuffer, which is a […]
|
Malware
Vulnerability
|
|
|
|
2021-07-26 19:31:06 |
No More Ransom helped ransomware victims to save almost €1B (lien direct) |
The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments. No More Ransom is celebrating its 5th anniversary, the initiative allowed more than 6 million ransomware victims to recover their files for free saving roughly $1 billion in […]
|
Ransomware
|
|
|
|
2021-07-26 14:15:15 |
Hiding Malware inside a model of a neural network (lien direct) |
Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network. Tests conducted by the experts […]
|
Malware
|
|
|
|
2021-07-26 07:22:09 |
Microsoft publishes mitigations for the PetitPotam attack (lien direct) |
Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. Microsoft has released mitigations for the recently discovered PetitPotam NTLM attack that could allow attackers to take over a domain controller. A few days ago, security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in […]
|
Vulnerability
|
|
|
|
2021-07-25 20:45:28 |
Threat actor offers Clubhouse secret database containing 3.8B phone numbers (lien direct) |
A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people. The audio-only app hosts live discussions, with opportunities to participate through speaking and listening. Conversations are prohibited by Clubhouse’s guidelines […]
|
Threat
|
|
|
|
2021-07-25 15:23:28 |
Crooks target Kubernetes installs via Argo Workflows to deploy miners (lien direct) |
Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. The experts discovered Argo Workflows instances with […]
|
|
Uber
|
|
|
2021-07-25 12:27:05 |
XCSSET MacOS malware targets Telegram, Google Chrome data and more (lien direct) |
XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and Google Chrome. Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants are able to steal login information from multiple apps, including Telegram and Google Chrome, and send […]
|
Malware
|
|
|
|
2021-07-25 11:19:39 |
Security Affairs newsletter Round 324 (lien direct) |
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. HelloKitty ransomware gang targets vulnerable SonicWall devices Instagram implements 'Security Checkup to help users recover compromised accounts Chinese […]
|
Ransomware
|
|
|
|
2021-07-24 17:06:50 |
Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics (lien direct) |
Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) […]
|
Malware
|
|
|
|
2021-07-24 05:05:57 |
Obtaining password hashes of Windows systems with PetitPotam attack (lien direct) |
A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with […]
|
Vulnerability
|
|
|
|
2021-07-23 18:34:58 |
(Déjà vu) Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet. (lien direct) |
Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse. According to court documents, Pavel Tsurkan (33) operated […]
|
Guideline
|
|
|
|
2021-07-23 13:59:38 |
Over 80 US Municipalities\' Sensitive Information, Including Resident\'s Personal Data, Left Vulnerable in Massive Data Breach (lien direct) |
WizCase's team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ This breach compromised citizens' physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types […]
|
Data Breach
|
|
|
|
2021-07-23 12:09:17 |
What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It? (lien direct) |
How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind. This article describes what an identity and access management solution is and how it can benefit your business. Identity Is the New […]
|
|
|
|
|
2021-07-23 10:03:07 |
Kaseya obtained a universal decryptor for REvil ransomware attack (lien direct) |
The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. The VSA tool is used by MSPs to perform […]
|
Ransomware
Tool
|
|
|
|
2021-07-23 06:59:17 |
(Déjà vu) Threat Report Portugal: Q2 2021 (lien direct) |
The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021 The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported […]
|
Threat
|
|
|
|
2021-07-23 06:14:15 |
Akamai software update triggered a bug that took offline major sites (lien direct) |
Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. “A software configuration update triggered a bug in the DNS (domain name […]
|
|
|
|
|
2021-07-22 17:58:49 |
Oracle fixes critical RCE vulnerabilities in Weblogic Server (lien direct) |
Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by […]
|
|
|
|
|
2021-07-22 15:33:27 |
Group-IB helps Dutch police identify members of phishing developer gang Fraud Family (lien direct) |
Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed ‘Fraud Family.’ Group-IB's […]
|
Threat
Guideline
|
|
|
|
2021-07-22 12:39:26 |
CISA analyzed stealthy malware found on compromised Pulse Secure devices (lien direct) |
U.S. CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products. Experts pointed out […]
|
Malware
|
|
|
|
2021-07-22 06:05:42 |
TicketClub Italy Database Offered in Dark Web (lien direct) |
A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald's, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs. The […]
|
|
|
★★★★
|
|
2021-07-22 05:42:10 |
Thousands of Humana customers have their medical data leaked online by threat actors (lien direct) |
Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. The author of the post claims that the data was acquired from […]
|
Threat
|
|
★★
|
|
2021-07-21 18:15:54 |
France ANSSI agency warns of APT31 campaign against French organizations (lien direct) |
French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers are hijacking home routers to set up a […]
|
|
APT 31
|
|
|
2021-07-21 14:49:49 |
XLoader, a $49 spyware that could target both Windows and macOS devices (lien direct) |
Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is […]
|
Malware
|
|
|
|
2021-07-21 05:34:12 |
Kelihos botmaster Peter Levashov gets time served (lien direct) |
A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet. The creator of the Kelihos Botnet, Peter Yuryevich Levashov (40), was sentenced to 33 months, time served, and three years of supervised release. Levashev used the pseudonym of […]
|
|
|
|
|
2021-07-21 05:27:50 |
LPE flaw in Linux kernel allows attackers to get root privileges on most distros (lien direct) |
Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]
|
|
|
|
|
2021-07-20 18:40:00 |
A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide (lien direct) |
Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox, and Samsung printers driver that can allow attackers to gain admin rights on systems running the flawed […]
|
Vulnerability
|
|
|
|
2021-07-20 13:38:27 |
(Déjà vu) A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root (lien direct) |
Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589, affecting FortiManager and FortiAnalyzer network management solutions. The CVE-2021-32589 vulnerability is a Use After Free issue that an attacker […]
|
Vulnerability
|
|
|
|
2021-07-20 11:27:26 |
Microsoft secured court order to take down domains used in BEC campaign (lien direct) |
Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft’s Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business email compromise (BEC) campaign aimed at its customers. The IT giant secured a court order that allowed it to take down “homoglyph” domains […]
|
|
|
|
|
2021-07-20 06:43:44 |
(Déjà vu) WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE (lien direct) |
A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users' WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot. Once an […]
|
|
|
|
|
2021-07-19 20:36:16 |
US DoJ indicts four members of China-linked APT40 cyberespionage group (lien direct) |
US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […]
|
Industrial
|
APT 40
|
|
|
2021-07-19 17:53:56 |
Experts disclose critical flaws in Advantech router monitoring tool (lien direct) |
Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure. The monitoring tool collects […]
|
Tool
|
|
|
|
2021-07-19 14:08:11 |
Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco (lien direct) |
A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco. Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale […]
|
Threat
|
|
|
|
2021-07-19 11:11:49 |
Pegasus Project – how governments use Pegasus spyware against journalists (lien direct) |
Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware. Pegasus is a surveillance malware developed by […]
|
Malware
|
|
|
|
2021-07-19 08:18:42 |
Experts show how to bypass Windows Hello feature to login on Windows 10 PCs (lien direct) |
Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS. […]
|
Vulnerability
|
|
|
|
2021-07-18 15:18:46 |
Chinese government issues new vulnerability disclosure regulations (lien direct) |
Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure regulation that requires white hat hackers uncovering critical zero-day flaws in computer systems to first report them to the government authorities within two […]
|
Vulnerability
|
|
|
|
2021-07-18 11:59:19 |
Instagram implements \'Security Checkup\' to help users recover compromised accounts (lien direct) |
Instagram introduced a new security feature dubbed “Security Checkup” to help users to recover their accounts that have been compromised. Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature named ‘Security Checkup‘ feature that aims to keep accounts safe and help users to recover them. […]
|
|
|
|
|
2021-07-18 08:46:50 |
(Déjà vu) HelloKitty ransomware gang targets vulnerable SonicWall devices (lien direct) |
BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […]
|
Ransomware
Threat
|
|
|
|
2021-07-18 08:36:46 |
Security Affairs newsletter Round 323 (lien direct) |
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Biden discussed Russian ransomware gangs with Putin in a phone call Hackers accessed Mint Mobile subscribers data and […]
|
Ransomware
|
|
|
|
2021-07-17 14:46:36 |
US govt offers $10 million reward for info on nation-state cyber operations (lien direct) |
The US government is offering a $10 million reward to everyone that provides information on operations conducted by nation-state actors. The US government is offering a $10 million reward for information on campaigns conducted by state-sponsored hackers. The move was announced by the U.S. Department of State, the US agency states that its Rewards for […]
|
|
|
|
|
2021-07-17 12:28:26 |
Cisco fixes high-risk DoS flaw in ASA, FTD Software (lien direct) |
Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. The flaw resides in the software cryptography module of both ASA and FTD […]
|
Vulnerability
Threat
|
|
|
|
2021-07-17 08:47:46 |
D-Link issues beta hotfix for multiple flaws in DIR-3040 routers (lien direct) |
Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. An attacker could exploit the flaws to execute arbitrary code on unpatched routers, crash the devices, or gain access […]
|
|
|
★★★★★
|
|
2021-07-16 14:15:57 |
Microsoft alerts about a new Windows Print Spooler vulnerability (lien direct) |
Microsoft published guidance to mitigate the impact of a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed today. Microsoft published a security advisory for a new Windows Print Spooler vulnerability, tracked as CVE-2021-34481, that was disclosed on Thursday. The flaw is a privilege elevation vulnerability that resides in the Windows Print Spooler, it was […]
|
Vulnerability
|
|
|
|
2021-07-16 11:58:43 |
(Déjà vu) Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild (lien direct) |
Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild. The CVE-2021-30563 is a “type confusion” issue that […]
|
|
|
|