What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-08 11:11:04 | (Déjà vu) Google discloses Windows zero-day actively exploited in targeted attacks (lien direct) | Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation […] | Vulnerability | ||
|
2019-03-08 09:09:00 | Zerodium $500,000 for VMware ESXi, Microsoft Hyper-V Exploits (lien direct) | Zero-day broker firm Zerodium is offering up to $500,000 for VMware ESXi (vSphere) and Microsoft Hyper-V vulnerabilities. Exploit acquisition firm Zerodium is offering up to $500,000 for VMware ESXi and Microsoft Hyper-V vulnerabilities. The company is looking for exploits that allow guest-to-host escapes in default configurations to gain full access to the host. The overall […] | |||
|
2019-03-08 07:35:01 | Research confirms rampant sale of SSL/TLS certificates on darkweb (lien direct) | A study conducted by academics discovered that SSL and TLS certificates and associated services can be easily acquired from dark web marketplaces. A study sponsored by Venafi and conducted by researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. discovered that SSL and TLS certificates and associated services […] | |||
|
2019-03-07 20:39:05 | Cisco security updates fix dozens of flaws in Nexus Switches (lien direct) | Cisco released security updates to address over two dozen serious vulnerabilities affecting the Cisco Nexus switches. Cisco released security updates to address over two dozen serious vulnerabilities affecting the Cisco Nexus switches, including denial-of-service (DoS) issues, arbitrary code execution and privilege escalation flaws. Cisco published security advisories for most of the vulnerabilities, many of them impact the […] | |||
|
2019-03-07 11:55:05 | Microsoft warns of economic damages caused by Iran-linked hackers (lien direct) | Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups. Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide. According to Microsoft, the attackers already caused hundreds of millions of dollars in […] | |||
|
2019-03-07 09:56:01 | Too much UPnP-enabled connected devices still vulnerable to cyber attacks (lien direct) | UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. A broad range of UPnP-enabled devices running outdated software are exposed to attacks exploiting known flaws in UPnP libraries, Tony Yang, Home Network Researcher, has found 1,648,769 devices using the Shodan search engine, 35% were using […] | |||
|
2019-03-07 07:39:03 | (Déjà vu) Whitefly espionage group was linked to SingHealth Singapore Healthcare Breach (lien direct) | Security experts at Symantec linked the massive Singapore Healthcare breach suffered by SingHealth to the ‘Whitefly’ cyberespionage group. In 2018, the largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5 million patients who visited the clinics of the company between May 2015 and July 2018. Stolen […] | Data Breach | ||
|
2019-03-06 18:57:05 | Cybaz-Yoroi ZLAB shed the light on Op. \'Pistacchietto\': An Italian Job (lien direct) | In the past weeks, a new strange campaign emerged in the cyber threat Italian landscape, it has been tracked as “Operation Pistacchietto.” Introduction In the past weeks, a new strange campaign emerged in the Italian landscape. It has been baptized “Operation Pistacchietto” from a username extracted from a Github account used to serve some part […] | Threat | ||
|
2019-03-06 15:34:05 | Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild (lien direct) | A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […] | Vulnerability Threat | ||
|
2019-03-06 13:47:00 | Coinbase CEO confirms that Ex-Hacking Team members will \'Transition Out\' of Neutrino (lien direct) | Coinbase CEO Brian Armstrong announced that all the three former members of the controversial Hacking Team will “transition out” of Neutrino. Coinbase, the largest US-based cryptocurrency exchange and wallet announced in February the acquisition of the Italian blockchain intelligence startup Neutrino. Neutrino was founded in 2016 by Giancarlo Russo, Marco Valleri, and Alberto Ornaghi. The […] | |||
|
2019-03-06 09:13:04 | NSA released Ghidra, its multi-platform reverse engineering framework (lien direct) | The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major […] | |||
|
2019-03-06 08:26:00 | [SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users (lien direct) | Over the last few days, a new ransomware campaign infected several users around the world as part of the #OpJerusalem campaign. SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to […] | Ransomware Malware | ||
|
2019-03-06 07:59:00 | APT40 cyberespionage group supporting growth of China\'s naval sector (lien direct) | A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country's Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan), apparently linked to the Chinese government, is focused on targeting countries important to the country's Belt and Road Initiative […] | Industrial | APT 40 | |
|
2019-03-05 21:23:03 | Iran-Linked Chafer APT recently used python-based backdoor (lien direct) | The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […] | Malware Prediction | APT 39 | |
|
2019-03-05 15:22:01 | Huawei HCSTC centre opens in Brussels opens to build digital trust through verification standards (lien direct) | The Chinese Telco giant presents the Brussels Huawei HCSTC (Cyber Security Transparency Centre) that will also work on the definition of global security standards. Huawei is urging the adoption of a global framework for technical and legal verification with the intent of building trust. While the tech giant is in the middle of a heated […] | |||
|
2019-03-05 12:13:03 | Hundreds of Docker Hosts compromised in cryptojacking campaigns (lien direct) | Poorly protected Docker hosts exposed online continue to be a privileged target of crooks that abuse their computational resources in cryptojacking campaigns. Security experts have recently discovered hundreds of exposed Docker hosts that have been compromised by hackers exploiting the CVE-2019-5736 runc vulnerability in February. The flaw was discovered by the security researchers Adam Iwaniuk […] | Vulnerability | ||
|
2019-03-05 09:56:04 | Google Chronicle announced Backstory to protect businesses (lien direct) | Google Chronicle launched Backstory, the first global security telemetry platform designed to allow companies monitoring cyber threats. Google Chronicle announced Backstory, a cloud-based enterprise-level threat analytics platform that allows companies quickly investigate incidents, discover vulnerabilities and hunt for cyber threats. Google aims at analyzing network data and logs generated by enterprises on a daily basis […] | Threat | ||
|
2019-03-05 07:44:00 | (Déjà vu) Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10 (lien direct) | Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […] | |||
|
2019-03-04 21:50:03 | Annual RSA Conference Exclusive 2019 Edition of Cyber Defense Magazine is arrived (lien direct) | We're honored to bring you our 7th Annual edition of Cyber Defense Magazine (CDM), exclusively in print at the RSA Conference (RSAC) 2019. Cyber Defense eMagazine – Annual RSA Conference 2019 Edition. Sponsored by: Regent University’s Institute for Cybersecurity Setting the Standard in Cyber Training & Education and by the RSA Conference 2019 Team! RSA […] | |||
|
2019-03-04 20:57:05 | Google Project Zero discloses zero-day in Apple macOS Kernel (lien direct) | Cybersecurity expert at Google Project Zero has publicly disclosed details and proof-of-concept exploit for a high-severity security vulnerability in macOS operating system. Google Project Zero white hat hacker Jann Horn disclosed the flaw according to the 90-days disclosure policy of the company because Apple failed to address the issue within 90 days of being notified. […] | Vulnerability | ||
|
2019-03-04 14:46:03 | German police storing bodycam footage on Amazon servers (lien direct) | Privacy advocates and cyber security experts raised concerns on the choice of German police to store bodycam footage, which may be used as evidence, on Amazon servers. The choice of the German police of storing bodycam footage on Amazon cloud storage has raised privacy and security concerns. The news was first reported by the Neue […] | |||
|
2019-03-04 12:42:03 | Experts collect more evidence that link Op \'Sharpshooter\' to North Korea (lien direct) | Security researchers at McAfee have linked the Op. Sharpshooter with the North Korea-linked Lazarus APT group after analyzing code from a command and control (C2) server. Security experts at McAfee analyzed the code of a C2 server involved in the cyber espionage campaign tracked as Op. Sharpshooter and linked it with the North Korea-linked APT […] | APT 38 | ||
|
2019-03-04 10:16:03 | Necurs Botnet adopts a new strategy to evade detection (lien direct) | The Necurs Botnet continues to evolve, a new strategy aims at hiding in the shadows, and leverages new payloads to recruits new bots. Necurs botnet is currently the second largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, […] | Spam Malware | ||
|
2019-03-04 07:39:04 | Threat actors using FrameworkPOS malware in POS attacks (lien direct) | Security experts at Morphisec observed a wave of attacks against point-of-sale (PoS) thin clients using card data scraping malware and the Cobalt Strike beacon. Over the past 8-10 weeks, security experts at Morphisec observed multiple sophisticated attacks targeting PoS thin clients worldwide. Most of the indicators collected by the experts point to the FIN6 hacking […] | Malware Threat | ||
|
2019-03-03 18:37:04 | The Wireshark Foundation released Wireshark 3.0.0 (lien direct) | The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features. The most important changes is […] | |||
|
2019-03-03 13:49:02 | Security Affairs newsletter Round 203 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! 70000 Pakistani banks cards with PINs go on sale on the dark web. CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER) Duo Labs presents CRXcavator Service that analyzes […] | |||
|
2019-03-03 13:17:00 | A Cobalt Strike flaw exposed attackers\' infrastructure (lien direct) | According to security experts at Fox-IT, a recently addressed flaw in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. Security experts at Fox-IT discovered that a recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. The vulnerability was addressed in Cobalt Strike […] | Vulnerability | ||
|
2019-03-03 09:38:01 | The operator of DDoS-for-hire service pleads guilty (lien direct) | Sergiy P. Usatyuk (20), from Orland Park, Illinois pleaded guilty for owning, administrating, and supporting an illegal DDo-for-hire service. According to the U.S. Department of Justice, the booting service operated by Sergiy P. Usatyuk (20) was used to carry out millions of distributed denial of service attacks. Usatyuk developed and operated other DDoS-for-hire services with […] | Guideline | ||
|
2019-03-02 18:45:05 | [SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle (lien direct) | SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user's devices. In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 macro, also known as XLM macro, and used to download and execute a final […] | Malware | ||
|
2019-03-02 15:18:02 | Cyber Defense Magazine – March 2019 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine October 2018 Edition has arrived. MARCH 2019 EDITION (RSA CONFERENCE PRINT EDITION & E-MAG COMING NEXT WEEK) Cyber Defense eMagazine March 2019 Edition has arrived. Sponsored by: Aristotle Insight HelpSystems Inky Regent University White Hat Security We hope you enjoy this month’s edition…packed with 157 pages of excellent content. InfoSec Knowledge is Power. We have 7 […] | |||
|
2019-03-02 14:59:01 | 2 HackerOne members received each over $1M via Bug programs (lien direct) | Bug bounty platform HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs. Bug bounty programs could be a profitable activity, the popular bug bounty platform HackerOne announced that two of its members have each earned more than $1 million by helping companies in discovering flaws […] | |||
|
2019-03-02 08:23:04 | (Déjà vu) Adobe releases patches to address ColdFusion 0day exploited in the Wild (lien direct) | Adobe has released out-of-band updates to address a critical flaw in ColdFusion web application development platform that has been exploited in the wild. Adobe has released out-of-band updates to address a zero-day vulnerability in the ColdFusion web application development platform that has been exploited in the wild. The vulnerability, tracked as CVE-2019-7816, has been described by […] | Vulnerability | ||
|
2019-03-01 22:32:01 | Cisco addressed CVE-2019-1663 RCE flaw in wireless routers (lien direct) | Cisco addressed CVE-2019-1663critical flaw in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. Cisco released security updates to address a critical flaw (CVE-2019-1663) in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. The CVE-2019-1663 flaw received a […] | |||
|
2019-03-01 19:17:03 | Emissary Panda updated its weapons for attacks in the past 2 years (lien direct) | Experts analyzed tools and intrusion methods used by theChina-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. This morning I wrote about a large-scale cyber attack that hit the International Civil Aviation Organization (ICAO) in November 2016, Emissary Panda was suspected to be the culprit. Experts at Secureworks reports who investigated the […] | APT 27 | ||
|
2019-03-01 13:24:03 | Cybaze-Yoroi ZLab analyze GoBrut: A new GoLang Botnet (lien direct) | Cybaze-Yoroi ZLab analyze a new GoLang botnet named GoBrut, the investigation allowed to discover that the bot supports a lot more features Introduction Malware written in Go programming language has roots almost a decade ago, few years after its first public release back in 2009: starting from InfoStealer samples discovered since 2012 and abused in […] | Malware | ||
|
2019-03-01 11:19:03 | Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016 (lien direct) | Canadian media revealed that in November 2016, the International Civil Aviation Organization (ICAO) was a hit by a large-scale cyberattack. The security breach was discovered by an analyst at Lockheed Martin that immediately informed the organization. The expert discovered that hackers took control of two of its servers to carry out a so-called watering hole […] | |||
|
2019-03-01 09:30:01 | Analyzing the evolution of MageCart cybercrime groups\' TTPs (lien direct) | Researchers from RiskIQ and FlashPoint analyzed the evolution of Magecart groups, in particular of a gang tracked as Group 4 that appears to be very sophisticated. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to […] | |||
|
2019-02-28 17:11:00 | CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019 (lien direct) | The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. The service made the headlines across the years because it was used by crooks to abuse computational resources of the victims that were visiting compromised websites hosting the Coinhive script. Coinhive was initially launched as a legitimate […] | |||
|
2019-02-28 14:09:05 | Ransomware, Trojan and Miner together against “PIK-Group” (lien direct) | Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware, Trojan, and Miner capabilities. When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it's getting the next targeted attack on a huge company, […] | Malware | ||
|
2019-02-28 07:22:02 | Cisco WebEx Meetings affected by a new elevation of privilege flaw (lien direct) | A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows could allow elevation of privilege A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows tracked as CVE-2019-1674 could be exploited by an unprivileged local attacker to elevate privileges and run arbitrary commands using the […] | Vulnerability | ||
|
2019-02-28 04:15:03 | PDF zero-day samples harvest user data when opened in Chrome (lien direct) | Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data. Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the […] | Vulnerability | ||
|
2019-02-27 19:00:01 | Multiple threat actors are targeting Elasticsearch Clusters (lien direct) | Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks thatleverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. At least six different threat actors are targeting installs running older […] | Threat | ||
|
2019-02-27 14:57:00 | Thunderclap vulnerabilities allows to hack most of moder computers (lien direct) | Researchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacksResearchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacks Security experts from Rice University in the United […] | Hack | ||
|
2019-02-27 12:25:01 | U.S. Cyber Command disrupted blocked Russian troll factory during 2018 midterms (lien direct) | The U.S. Cyber Command blocked the Internet access to the Russian troll factory while it was attempting to interfere with 2018 midterm. According to the Washington Post, that cites several U.S. officials, the operation conducted by the U.S. Cyber Command hit the Internet Research Agency in St. Petersburg, the company used by the Russian Government […] | |||
|
2019-02-27 11:12:01 | (Déjà vu) Experts devised 3 attacks Show Signed PDF Documents Cannot Be Trusted (lien direct) | Experts found several flaws in popular PDF viewers and online validation services that allow to deceive the digital signature validation process. Several PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating their digital signature. A group of academics from the German Ruhr-University […] | |||
|
2019-02-26 22:06:02 | Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild (lien direct) | Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads. Last week, Drupal core team […] | Threat | ||
|
2019-02-26 15:27:00 | The Arsenal Behind the Australian Parliament Hack (lien direct) | Cybaze-Yoroi ZLab investigated artefacts behind Australian Parliament attack to have an insight of Tools and Capabilities associated with the attackers. Introduction In the past days, a cyber attack targeted a high profile target on the APAC area: the Australian Parliament House. As reported by the Australian prime minister there was no evidence of any information theft […] | Hack | ||
|
2019-02-26 14:56:01 | (Déjà vu) Author of NeverQuest botnet pleads guilty to bank fraud (lien direct) | The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years. The Russian hacker Stanislav Vitaliyevich Lisov, aka “Black,” “Blackf,” is accused of using the NeverQuest banking Trojan to steal login information from victims. The man has pled guilty to one count of conspiracy […] | Malware Guideline | ||
|
2019-02-26 06:32:00 | Malware spam campaign exploits WinRAR flaw to deliver Backdoor (lien direct) | Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a […] | Spam Malware Vulnerability | ||
|
2019-02-26 05:36:05 | ToRPEDO attack allows intercepting calls and track locations on 4G/5G (lien direct) | ToRPEDO attacks – A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols. A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols. […] |
To see everything:
Our RSS (filtrered)
