What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-16 16:44:19 | Red Cross Hack Linked to Iranian Influence Operation? (lien direct) | A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran. | Hack | ||
 |
2022-02-15 21:25:36 | Android 13 virtualization hack runs Windows (and Doom) in a VM on Android (lien direct) | Android 13's KVM support is for enhanced security, but you can also hijack it for fun. | Hack | ||
 |
2022-02-15 20:55:25 | How to hack the Registry File to change the size of the Windows 11 taskbar (lien direct) | Normally, Microsoft does not allow users to modify the relative size of the Windows 11 taskbar. But with a hack of the Registry File, we can make that possible. | Hack | ||
 |
2022-02-15 19:09:31 | Horizontall HackTheBox Walkthrough (lien direct) | Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and | Hack Vulnerability | ||
|
2022-02-11 12:17:53 | On the Irish Health Services Executive Hack (lien direct) | A detailed report of the 2021 ransomware attack against Ireland's Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack). ... | Ransomware Hack Guideline | ||
 |
2022-02-10 14:11:02 | (Déjà vu) Apple patches new zero-day exploited to hack iPhones, iPads, Macs (lien direct) | Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. [...] | Hack | ||
 |
2022-02-10 13:25:37 | (Déjà vu) Mass Hack Of 500 Stores Running Magento 1 (lien direct) | Breaking story – Analysts at Sancec have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered 374 infections on […] | Hack | ||
|
2022-02-10 12:57:00 | $100K Bounty To Hack ExpressVPN – YouAttest Comments (lien direct) | Express VPN is challenging researchers to crack into their TrustedServer challenging researchers to crack into their TrustedServer system with a $100K bug bounty. $100K Ground Rules: The first person to submit a valid vulnerability will receive an additional US$100,000 bonus bounty. This bonus will be valid until the prize has been claimed. Avoid violating the […] | Hack Vulnerability | ||
 |
2022-02-09 07:58:43 | Hack In Paris lance un call for papers pour son édition de 2022 (lien direct) | Après 2 ans de restrictions dues à la pandémie et une édition 2021 réalisée en ligne, Hack in Paris, l'événement cyber organisé par Sysdream, filiale de Hub One spécialisée en cybersécurité, opérateur de technologies digitales pour les entreprises, revient en physique du 27 juin au 1er juillet prochains à la Maison de la Chimie. Hack In Paris vient de lancer son " call for papers " et Sysdream est à la recherche d'experts cyber pour s'exprimer à l'occasion de différentes formations, conférences et workshops. The post Hack In Paris lance un call for papers pour son édition de 2022 first appeared on UnderNews. | Hack | ||
 |
2022-02-09 05:53:03 | U.S. Arrests Two and Seizes $3.6 Million in Cryptocurrency Stolen in 2016 Bitfinex Hack (lien direct) | The U.S. Justice Department (DoJ) on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency | Hack | ||
 |
2022-02-08 22:30:26 | US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack (lien direct) | The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. Law enforcement also seized over $3.6 billion in cryptocurrency […] | Hack | ||
 |
2022-02-08 17:56:38 | Justice Dept. Announces $3.6B Crypto Seizure, 2 Arrests (lien direct) | The Justice Department announced Tuesday its largest-ever financial seizure - more than $3.5 billion - and the arrests of a New York couple accused of conspiring to launder billions of dollars in cryptocurrency stolen from the 2016 hack of a virtual currency exchange. | Hack | ||
 |
2022-02-08 14:23:51 | CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams (lien direct) |
![CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams](https://blog.knowbe4.com/hubfs/Stu_Headshot_2021_resize.png)
[Heads Up] Beware of New QuickBooks Payment Scams
Email not displaying? |
CyberheistNews Vol 12 #06 | Feb. 8th., 2022
[Heads Up] Beware of New QuickBooks Payment Scams
Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email.
The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell.
Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer.
Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good.
Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting.
CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots:
https://blog.knowbe4.com/beware-of-quickbooks-payment-scams
|
Malware Hack Threat Conference | APT 35 | |
|
2022-02-08 12:51:37 | US seizes $3.6 billion stolen in 2016 Bitfinex cryptoexchange hack (lien direct) | The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. [...] | Hack | ||
|
2022-02-07 11:55:33 | New Report Alleges Widespread Pegasus Spying by Israel Police (lien direct) | Police used Pegasus spyware to hack phones of dozens of prominent Israelis, including a son of former premier Benjamin Netanyahu, activists and senior government officials, an Israeli newspaper reported Monday. | Hack | ||
|
2022-02-04 09:03:26 | News Corp discloses hack from "persistent" nation state cyber attacks (lien direct) | American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists. [...] | Hack | ||
|
2022-02-04 03:52:32 | Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (lien direct) | A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into | Hack Vulnerability | ||
|
2022-02-03 14:27:31 | Over $300 Million in Cryptocurrency Stolen in Wormhole Hack (lien direct) | Blockchain bridge Wormhole has confirmed that roughly $320 million worth of cryptocurrency has been stolen following a hack discovered on Wednesday. | Hack | ||
|
2022-02-03 10:46:23 | Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform (lien direct) | Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday. This is the second-biggest hack of a DeFi platform ever, just after the $600 […] | Hack | ||
|
2022-02-01 14:37:29 | CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
|
Ransomware Malware Hack Tool Threat Guideline | NotPetya NotPetya Wannacry Wannacry APT 27 APT 27 | |
 |
2022-01-31 18:18:41 | Apple Pays $100.5K Bug Bounty for Mac Webcam Hack (lien direct) | The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited." | Hack | ||
|
2022-01-31 15:33:06 | Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform (lien direct) | Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million in cryptocurrency last week. The hack took place at around 5PM ET […] | Hack Threat | ||
|
2022-01-31 12:19:57 | Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone (lien direct) | Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received […] | Hack Threat | ||
|
2022-01-30 22:07:04 | Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam (lien direct) | Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of | Hack | ||
 |
2022-01-28 15:52:38 | A 19 year old security researcher was able to hack 25+ Teslas. Here\'s what happened (lien direct) | A 19-year-old security researcher named David Colombo detailed how he was able to remotely unlock the doors, open the windows, blast music, and start keyless driving for dozens of Teslas, WIRED reported. The vulnerabilities he exploited to do so aren’t in Tesla software itself, but in a third-party app. Salt Security‘s Michael Isbitsky, technical evangelist, […] | Hack | ||
|
2022-01-26 22:25:35 | Apple fixed the first two zero-day vulnerabilities of 2022 (lien direct) | Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices. One of the zero-day flaws addressed […] | Hack Threat | ||
|
2022-01-26 14:39:31 | Apple fixes new zero-day exploited to hack macOS, iOS devices (lien direct) | Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. [...] | Hack | ||
|
2022-01-24 16:16:45 | CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild (lien direct) | Researchers discovered that the Control Web Panel (CWP) web hosting panel is affected by two serious vulnerabilities that can allow attackers to remotely hack servers, and it's possible that they may have already been exploited in the wild. | Hack | ||
|
2022-01-22 16:29:21 | Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack (lien direct) | Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially expose Linux servers to remote code execution attacks. Control Web Panel is a popular open-source Linux control panel for servers and VPS that allows easy […] | Hack | ||
|
2022-01-20 15:05:32 | Crypto.com hack impacted 483 accounts and resulted in a $34 million theft (lien direct) | Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts […] | Hack Guideline | ||
|
2022-01-20 13:03:39 | Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom (lien direct) | OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation. | Hack | ||
|
2022-01-20 10:54:37 | Red Cross Hack exposes data of 515,000 (lien direct) | It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers […] | Hack | ||
 |
2022-01-20 09:56:17 | Multichain token hack losses reach $3 million: report (lien direct) | Multichain messaging seems confusing, at best. | Hack | ||
|
2022-01-20 04:10:00 | 483 Crypto.com accounts compromised in $34 million hack (lien direct) | Crypto.com has confirmed that a multi-million dollar cyberattack led to the compromise of 483 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform. [...] | Hack | ||
 |
2022-01-20 01:17:58 | Red Cross implores hackers not to leak data for 515k “highly vulnerable people” (lien direct) | Hack on Red Cross storage contractor follows a separate hacking incident last year. | Hack | ||
 |
2022-01-18 08:00:00 | Yi Hack – Pour débrider les caméras Xiaomi et profiter gratuitement du RTSP (lien direct) | Yi Hack - Pour débrider les caméras Xiaomi et profiter gratuitement du RTSP | Hack | ||
|
2022-01-17 11:40:12 | Personal Information Compromised in Goodwill Website Hack (lien direct) | Nonprofit organization Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach. | Hack | ||
|
2022-01-16 14:19:42 | Ukraine Says Has \'Evidence\' Russia Behind Cyberattack (lien direct) | Ukraine said Sunday it had evidence that Russia was behind a massive cyberattack that knocked out key government websites this past week, as Microsoft warned the hack could be far worse than first thought. | Hack | ||
|
2022-01-13 20:42:20 | Microwave hack replaces flat keypad with mechanical keyboard switches (lien direct) | Keyboard switches give this microwave a more tactile feel. | Hack | ||
|
2022-01-11 14:52:46 | Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers (lien direct) | Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and […] | Ransomware Hack Vulnerability | ||
|
2022-01-11 06:24:43 | Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (lien direct) | The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...] | Ransomware Hack Vulnerability | ||
|
2022-01-07 15:47:57 | Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns (lien direct) | A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web shells. The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has […] | Hack Vulnerability Threat | ||
|
2022-01-07 01:00:47 | Rights Group Verifies Polish Senator Was Hacked With Spyware (lien direct) | Amnesty International said Thursday it has independently confirmed that powerful spyware from the Israeli surveillance software maker NSO Group was used to hack a Polish senator multiple times in 2019 when he was running the opposition's parliamentary election campaign. | Hack | ||
 |
2022-01-05 19:55:00 | Anomali Cyber Watch: $5 Million Breach Extortion, APTs Using DGA Subdomains, Cyberespionage Group Incorporates A New Tool, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Data breach, DGA, Infostealer, Phishing, Rootkit, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom
(published: December 29, 2021)
The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD).
Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: ONUS, Log4Shell, CVE-2021-44228,
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
(published: December 29, 2021)
Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified.
Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats.
MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: DGA , Pegasus, Phishing
Implant.ARM.iLOBleed.a
(published: December 28, 2021)
Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen |
Malware Hack Tool Vulnerability Threat | LastPass | |
|
2022-01-04 21:05:11 | UScellular discloses the second data breach in a year (lien direct) | UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over […] | Data Breach Hack | ||
|
2022-01-04 12:07:08 | UScellular discloses data breach after billing system hack (lien direct) | UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. [...] | Data Breach Hack | ||
|
2021-12-31 12:01:41 | (Déjà vu) PIT HackTheBox Walkthrough (lien direct) | Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. | Hack | ||
|
2021-12-29 17:21:27 | Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (lien direct) | China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike's Falcon OverWatch team reports. | Hack Vulnerability | ||
|
2021-12-29 13:03:09 | BountyHunter HackTheBox Walkthrough (lien direct) | Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a | Hack | ||
|
2021-12-29 07:07:07 | Fintech firm hit by log4j hack refuses to pay $5 million ransom (lien direct) | One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply. [...] | Hack |
To see everything:
Our RSS (filtrered)
