What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-12 13:27:00 | Royal Ransomware Threat Takes Aim at U.S. Healthcare System (lien direct) | The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity | Ransomware Threat | ★★★ | |
|
2022-12-08 13:29:00 | Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers (lien direct) | An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is | Vulnerability Threat Cloud | APT 37 | ★★★ |
|
2022-12-08 13:26:00 | Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (lien direct) | An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022. Victims | Malware Threat | ★★★ | |
|
2022-12-07 17:28:00 | Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier (lien direct) | A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53, and is broadly known by the cybersecurity community as Callisto, | Threat | ★★★ | |
|
2022-12-07 14:52:00 | Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks (lien direct) | Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups | Threat Medical | APT 38 | ★★★ |
|
2022-12-06 21:38:00 | Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (lien direct) | A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries | Threat | ★★★ | |
|
2022-12-05 16:00:00 | North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (lien direct) | The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," | Malware Threat Medical | APT 38 | ★★★ |
|
2022-12-02 23:41:00 | Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability (lien direct) | Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion | Vulnerability Threat | ★★★ | |
|
2022-12-02 01:04:00 | Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities (lien direct) | The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of... | Ransomware Threat | ★★ | |
|
2022-12-01 18:47:00 | Hackers Leak Another Set of Medibank Customer Data on the Dark Web (lien direct) | Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said. "While our investigation continues there | Threat | ★★★ | |
|
2022-12-01 16:43:00 | What Developers Need to Fight the Battle Against Common Vulnerabilities (lien direct) | Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best | Threat | ★★★ | |
|
2022-12-01 15:37:00 | Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users (lien direct) | More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them. The apps, which were available for download from the official Google Play Store, have now been | Malware Threat | ★★ | |
|
2022-12-01 00:00:00 | North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets (lien direct) | The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing | Threat Cloud | APT 37 | ★★ |
|
2022-11-30 11:51:00 | Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines (lien direct) | A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September | Threat | ★★★ | |
|
2022-11-29 17:29:00 | Hackers Using Trending TikTok \'Invisible Challenge\' to Spread Malware (lien direct) | Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter called Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a | Malware Threat | ★★★★ | |
|
2022-11-25 18:42:00 | (Déjà vu) Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw (lien direct) | Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be | Vulnerability Threat | ||
|
2022-11-24 18:55:00 | New RansomExx Ransomware Variant Rewritten in the Rust Programming Language (lien direct) | The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will | Ransomware Threat | ||
|
2022-11-23 11:10:00 | Nighthawk Likely to Become Hackers\' New Post-Exploitation Tool After Cobalt Strike (lien direct) | A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there are no | Tool Threat | ★★★★ | |
|
2022-11-22 17:37:00 | Here\'s How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers (lien direct) | The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to | Threat | ★★ | |
|
2022-11-22 15:15:00 | Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns (lien direct) | The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures. Palo Alto | Threat | ★★★ | |
|
2022-11-21 20:46:00 | Daixin Ransomware Gang Steals 5 Million AirAsia Passengers\' and Employees\' Data (lien direct) | The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the personal data associated with five million | Ransomware Threat | ★★★ | |
|
2022-11-21 11:12:00 | Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild (lien direct) | Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt | Tool Threat | ||
|
2022-11-19 12:54:00 | Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware (lien direct) | A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with | Ransomware Malware Threat | ||
|
2022-11-19 10:30:00 | Chinese \'Mustang Panda\' Hackers Actively Targeting Governments Worldwide (lien direct) | A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world. The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro | Threat | ||
|
2022-11-18 18:23:00 | LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (lien direct) | The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped | Malware Tool Threat | ★★★ | |
|
2022-11-18 17:37:00 | Threat hunting with MITRE ATT&CK and Wazuh (lien direct) | Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right | Threat | ||
|
2022-11-18 13:17:00 | Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide (lien direct) | The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information | Ransomware Threat | ||
|
2022-11-18 10:36:00 | W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack (lien direct) | An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker | Malware Threat | ||
|
2022-11-17 18:06:00 | Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign (lien direct) | A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, | Threat | ★★ | |
|
2022-11-17 11:52:00 | Iranian Hackers Compromised a U.S. Federal Agency\'s Network Using Log4Shell Exploit (lien direct) | Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022 | Vulnerability Threat | ||
|
2022-11-16 18:34:00 | Researchers Discover Hundreds of Amazon RDS Instances Leaking Users\' Personal Data (lien direct) | Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel | Threat | ||
|
2022-11-16 17:49:00 | 7 Reasons to Choose an MDR Provider (lien direct) | According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look | Threat | ||
|
2022-11-15 19:19:00 | Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service (lien direct) | Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk | Threat | ||
|
2022-11-14 18:33:00 | New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders (lien direct) | Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims | Threat Guideline | APT 41 | ★★ |
|
2022-11-14 11:35:00 | Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images (lien direct) | A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using | Malware Threat | ||
|
2022-11-11 11:44:00 | Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland (lien direct) | Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place | Ransomware Malware Threat | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-04 19:13:00 | Researchers Detail New Malware Campaign Targeting Indian Government Employees (lien direct) | The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said | Malware Threat | APT 36 | |
|
2022-11-03 23:10:00 | Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers (lien direct) | A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black | Ransomware Threat | ||
|
2022-11-03 15:51:00 | OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa (lien direct) | A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as | Threat | ||
|
2022-11-02 15:09:00 | Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App (lien direct) | A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group. "SandStrike is distributed as a means to access resources about the Bahá'í religion | Threat | ||
|
2022-11-02 12:40:00 | Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories (lien direct) | File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the | Threat | ||
|
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-10-31 19:58:00 | Fodcha DDoS Botnet Resurfaces with New Capabilities (lien direct) | The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to | Threat | ||
|
2022-10-29 15:55:00 | Twilio Reveals Another Breach from the Same Hackers Behind the August Hack (lien direct) | Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in | Hack Threat | ||
|
2022-10-28 15:48:00 | Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints (lien direct) | The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC | Malware Threat | ||
|
2022-10-27 19:49:00 | Researchers Expose Over 80 ShadowPad Malware C2 Servers (lien direct) | As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular | Malware Threat | ||
|
2022-10-26 19:07:00 | Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (lien direct) | The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on | Threat | ||
|
2022-10-26 13:43:00 | Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector (lien direct) | A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using | Ransomware Threat | ||
|
2022-10-25 19:28:00 | Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (lien direct) | The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises | Ransomware Threat |
To see everything:
Our RSS (filtrered)
