What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-23 07:36:52 | Pakistan-linked hackers targeted Indian power company with ReverseRat (lien direct) | A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research.
"Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday |
Threat | ||
|
2021-06-17 05:09:16 | Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments (lien direct) | A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month.
Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it |
Threat | ||
|
2021-06-17 03:25:33 | A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran (lien direct) | Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015.
Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) |
Threat | ||
|
2021-06-16 02:14:53 | Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (lien direct) | As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.
"Ransomware operators often buy access from independent cybercriminal groups who infiltrate major |
Ransomware Hack Threat | ||
|
2021-06-15 06:05:51 | Experts Shed Light On Distinctive Tactics Used by Hades Ransomware (lien direct) | Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
"In many ways, the GOLD WINTER threat group is a typical post-intrusion ransomware threat group that pursues high-value targets to |
Ransomware Threat | ||
|
2021-06-13 23:59:46 | Chinese Hackers Believed to be Behind SITA, Air India Data Breach (lien direct) | The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41.
Group-IB dubbed the campaign "ColunmTK" based on the names of the command-and-control (C2) server domains that were used for communications. "The |
Data Breach Threat Guideline | APT 41 | |
|
2021-06-10 03:51:05 | Emerging Ransomware Targets Dozens of Businesses Worldwide (lien direct) | An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate.
First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle |
Ransomware Threat | ||
|
2021-06-09 03:17:22 | EBook – Creating a Large Company Security Stack on a Lean Company Budget (lien direct) | The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity.
Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex-a new eBook from XDR provider Cynet (read it here). |
Threat | ||
|
2021-06-02 05:55:31 | Researchers Uncover Hacking Operations Targeting Government Entities in South Korea (lien direct) | A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea |
Threat | ||
|
2021-06-02 02:55:03 | Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites (lien direct) | Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has |
Malware Vulnerability Threat | ||
|
2021-05-28 04:24:39 | SolarWinds Hackers Target Think Tanks With New Backdoor (lien direct) | Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.
"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's |
Threat | ||
|
2021-05-28 00:29:08 | Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices (lien direct) | Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat |
Threat | ||
|
2021-05-14 09:01:06 | Hackers Using Microsoft Build Engine to Deliver Malware Filelessly (lien direct) | Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.
The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, |
Malware Threat | ||
|
2021-05-10 05:44:59 | Over 25% Of Tor Exit Relays Spied On Users\' Dark Web Activities (lien direct) | An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.
"The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a |
Threat | ||
|
2021-05-07 01:58:18 | New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations (lien direct) | An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for |
Malware Threat | ||
|
2021-05-04 00:52:50 | Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack (lien direct) | Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.
Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to |
Vulnerability Threat | ||
|
2021-05-03 00:43:49 | New Chinese Malware Targeted Russia\'s Largest Nuclear Submarine Designer (lien direct) | A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) |
Malware Threat | ||
|
2021-04-30 06:01:07 | Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks (lien direct) | An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that |
Ransomware Threat | ||
|
2021-04-30 00:24:38 | Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach (lien direct) | Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
"We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an |
Data Breach Threat | ||
|
2021-04-29 07:46:57 | LuckyMouse Hackers Target Banks, Companies and Governments in 2020 (lien direct) | An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East.
The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical |
Threat | ||
|
2021-04-29 03:19:09 | Chinese Hackers Attacking Military Organizations With New Backdoor (lien direct) | Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia.
Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing |
Threat | APT 30 | |
|
2021-04-29 02:02:21 | Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years (lien direct) | A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems.
Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate |
Malware Threat | ||
|
2021-04-28 06:43:39 | Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware (lien direct) | Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.
The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.
"The biggest risk for the targeted |
Malware Threat | ||
|
2021-04-28 00:59:10 | Attention! FluBot Android Banking Malware Spreads Quickly Across Europe (lien direct) | Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been |
Malware Threat | ||
|
2021-04-22 22:52:36 | Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.
"The threat actor connected to the entity's network via a Pulse Secure virtual private network ( |
Malware Threat | ||
|
2021-04-22 06:18:25 | Researchers Find Additional Infrastructure Used By SolarWinds Hackers (lien direct) | The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, |
Threat | ||
|
2021-04-21 23:42:45 | Facebook Busts Palestinian Hackers\' Operation Spreading Mobile Spyware (lien direct) | Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware.
The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor is known as |
Threat | ||
|
2021-04-21 05:47:27 | Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn\'t paid (lien direct) | Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks |
Ransomware Threat | ||
|
2021-04-20 21:41:13 | WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations (lien direct) | If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet.
At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations |
Vulnerability Threat | ||
|
2021-04-20 03:50:31 | [eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR (lien direct) | For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing |
Vulnerability Threat | ||
|
2021-04-19 22:33:45 | Lazarus APT Hackers are now using BMP images to hide RAT malware (lien direct) | A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes |
Malware Threat Medical | APT 38 | |
|
2021-04-17 02:44:52 | SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence (lien direct) | A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday.
Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, |
Threat | ||
|
2021-04-14 00:37:44 | Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves (lien direct) | One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.
This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs.
The constant |
Threat Guideline | ||
|
2021-04-09 23:50:38 | Hackers Tampered With APKPure Store to Distribute Malware Apps (lien direct) | APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.
In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users |
Malware Threat | ||
|
2021-04-08 06:37:05 | Researchers uncover a new Iranian malware used in recent cyberattacks (lien direct) | An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
APT34 (aka OilRig) is |
Malware Threat | APT 34 | |
|
2021-03-31 23:58:40 | Hackers Set Up a Fake Cybersecurity Firm to Target Real Security Experts (lien direct) | A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and |
Malware Threat | ||
|
2021-03-29 04:49:07 | New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems (lien direct) | Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws - tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS |
Threat | ||
|
2021-03-23 04:24:24 | (Déjà vu) Critical Flaws Affecting GE\'s Universal Relay Pose Threat to Electric Utilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices.
"Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory |
Threat | ||
|
2021-03-17 04:20:39 | Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code (lien direct) | Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories.
"The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the |
Threat | ||
|
2021-03-12 01:53:41 | Researchers Spotted Malware Written in Nim Programming Language (lien direct) | Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.
Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
"Malware developers may choose to use a rare programming language |
Malware Threat | ||
|
2021-03-12 00:43:28 | Hackers Are Targeting Microsoft Exchange Servers With Ransomware (lien direct) | It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
Now it appears that threat actors have caught up.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server |
Ransomware Threat | ||
|
2021-03-10 08:31:56 | Researchers Unveil New Linux Malware Linked to Chinese Hackers (lien direct) | Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, |
Malware Threat | APT 17 | |
|
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 01:58:23 | SolarWinds Hack - New Evidence Suggests Potential Links to Chinese Hackers (lien direct) | A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second |
Hack Threat | ★★★★★ | |
|
2021-03-08 22:51:24 | Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices (lien direct) | Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability |
Vulnerability Threat | ||
|
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-02 23:56:35 | URGENT - 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange (lien direct) | Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access |
Threat | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-02-24 08:04:41 | Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (lien direct) | With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without |
Threat |
To see everything:
Our RSS (filtrered)
