What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-28 13:06:31 | A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online (lien direct) | An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild. VMware recently addressed the critical arbitrary file upload vulnerability CVE-2021-22005, it […] | Vulnerability Threat | ||
|
2021-09-28 07:26:24 | (Déjà vu) Russia-linked Nobelium APT group uses custom backdoor to target Windows domains (lien direct) | Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft Threat Intelligence Center (MSTIC) researchers have discovered a new custom malware, dubbed FoggyWeb used by the Nobelium APT group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. […] | Threat | ||
|
2021-09-28 06:27:03 | ERMAC, a new banking Trojan that borrows the code from Cerberus malware (lien direct) | ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. Researchers from Threatfabric found in July a new Android banking trojan dubbed ERMAC that is almost fully based on the popular banking trojan Cerberus. The source code of Cerberus was released in September 2020 on underground hacking […] | Malware | ||
|
2021-09-28 05:20:26 | (Déjà vu) New BloodyStealer malware is targeting the gaming sector (lien direct) | Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. Researchers from Kaspersky have spotted a new malware dubbed BloodyStealer that is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, GOG Galaxy, EA Origin, and more. The infostealer is available […] | Malware Threat | ||
|
2021-09-27 18:39:54 | Expert found RCE flaw in Visual Studio Code Remote Development Extension (lien direct) | Researchers from the Italian cybersecurity firm Shielder found a remote code execution vulnerability in Visual Studio Code Remote Development Extension. Visual Studio Code Remote Development allows users to adopt a container, remote machine, or the Windows Subsystem for Linux (WSL) as a full-featured development environment. Users can: Develop on the same operating system you deploy to or use […] | Vulnerability | ||
|
2021-09-27 13:54:50 | Jupyter infostealer continues to evolve and is distributed via MSI installers (lien direct) | Cybersecurity researchers spotted a new version of the Jupyter infostealer which is distributed via MSI installers. Cybersecurity researchers from Morphisec have spotted a new version of the Jupyter infostealer that continues to be highly evasive. In November 2020, researchers at Morphisec have spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, […] | Threat | ||
|
2021-09-27 07:56:11 | Telegram is becoming the paradise of cyber criminals (lien direct) | Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Many experts believe that the popular Telegram app is an efficient alternative to dark web marketplaces, its channels are used by hacking communities and cybercriminals to buy and sell stolen data, accesses […] | |||
|
2021-09-27 06:17:21 | German Federal Office for Information Security (BSI) investigates Chinese mobile phones (lien direct) | German Federal Office for Information Security is launching an investigation into the cybersecurity of certain Chinese mobile phones. German Federal Office for Information Security (BSI) is launching an investigation into the cybersecurity of mobile phones of certain Chinese manufacturers. The investigation was requested by both the SPD politician Jens Zimmermann and the CDU digital politician […] | ★★ | ||
|
2021-09-26 13:31:46 | Port of Houston was hit by an alleged state-sponsored attack (lien direct) | Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems. “The Port of […] | |||
|
2021-09-26 11:23:54 | JSC GREC Makeyev and other Russian entities under attack (lien direct) | A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian organizations, including JSC GREC Makeyev, a company that develops liquid and solid fuel for Russia's ballistic missiles and space rocket program. Threat actors behind the cyberespionage […] | Threat | ||
|
2021-09-26 08:26:12 | Security Affairs newsletter Round 333 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GSS, one of the major European call center providers, suffered a ransomware attack Threat actors are attempting […] | Ransomware Threat | ★★ | |
|
2021-09-26 08:08:14 | Google TAG spotted actors using new code signing tricks to evade detection (lien direct) | Researchers from Google's TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google's Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the […] | Threat | ||
|
2021-09-25 16:58:57 | GSS, one of the major European call center providers, suffered a ransomware attack (lien direct) | The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system and paralyzed call centers serving its Spanish-speaking customers. GSS is the Spanish and Latin America division of […] | Ransomware | ||
|
2021-09-25 12:09:20 | Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw (lien direct) | Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. The CVE-2021-22005 issue is a critical arbitrary file upload vulnerability […] | Vulnerability Threat | ||
|
2021-09-25 11:04:44 | (Déjà vu) Google addressed the eleventh Chrome zero-day flaw this year (lien direct) | Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. An attacker can exploit this flaw to execute arbitrary code on systems running vulnerable Chrome versions. This vulnerability […] | Vulnerability | ||
|
2021-09-25 07:42:28 | European Union formally blames Russia for the GhostWriter operation (lien direct) | European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states. EU high representative said that Russia-linked threat actors were behind a recent operation tracked as Ghostwriter. The officials […] | Threat | ||
|
2021-09-24 20:32:56 | CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! (lien direct) | SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034, that impacting several Secure Mobile Access (SMA) 100 series products. The vulnerability is an improper access control vulnerability that can be […] | Vulnerability | ||
|
2021-09-24 15:17:08 | Researcher released PoC exploit code for 3 iOS zero-day issues (lien direct) | Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him. An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw addressed by Apple in July. The experts discovered the four zero-day issues between March 10 and May […] | |||
|
2021-09-24 12:12:01 | Cisco addresses 3 critical vulnerabilities in IOS XE Software (lien direct) | Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote Code Execution Vulnerability, tracked as CVE-2021-34770, […] | |||
|
2021-09-24 08:02:18 | 3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online (lien direct) | A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records. Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/ A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records. The database was allegedly compiled by combining 3.8 billion phone numbers from […] | |||
|
2021-09-24 05:04:08 | (Déjà vu) New FamousSparrow APT group used ProxyLogon exploits in its attacks (lien direct) | Researchers spotted a new cyberespionage group, dubbed FamousSparrow, that used ProxyLogon exploits to target hotels worldwide. Researchers from ESET discovered a new cyberespionage group, tracked as FamousSparrow, that has been targeting hotels worldwide around the world since at least 2019. The group also hit higher-profile targets such as law firms, governments, and private companies worldwide. According […] | |||
|
2021-09-23 20:49:28 | Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware (lien direct) | Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of […] | Threat | ||
|
2021-09-23 18:54:53 | A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials (lien direct) | A flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Microsoft Autodiscover protocol feature of Exchange email servers provides an […] | |||
|
2021-09-23 13:26:29 | BulletProofLink, a large-scale phishing-as-a-service active since 2018 (lien direct) | Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers have uncovered a large-scale phishing-as-a-service (PHaaS) operation, dubbed BulletProofLink (aka Anthrax), that offers to its customers phishing kits, email templates, and hosting and automated services to carry out phishing attacks. BulletProofLink service was very cheap […] | Threat | ||
|
2021-09-23 08:31:19 | (Déjà vu) Crystal Valley hit by ransomware attack, it is the second farming cooperative shut down in a week (lien direct) | Minnesota-based farming supply cooperative Crystal Valley was hit by a ransomware attack, it is the second attack against the agriculture business in a few days. Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, this is the second farming cooperative that was hit by ransomware operators in a few days. At this time, […] | Ransomware | ||
|
2021-09-23 06:35:44 | (Déjà vu) CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution (lien direct) | CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root The flaw, tracked as CVE-2021-40847, […] | Vulnerability | ||
|
2021-09-22 21:42:16 | (Déjà vu) US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks (lien direct) | CISA, FBI, and the NSA warned today of an escalation of the attacks of the Conti ransomware gang targeting US organizations. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) are warning of an increased number of Conti ransomware attacks against US organizations. The advisory urges organizations to take supplementary measures […] | Ransomware | ||
|
2021-09-22 17:31:10 | Hikvision cameras could be remotely hacked due to critical flaw (lien direct) | A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability […] | Vulnerability | ★★★ | |
|
2021-09-22 14:48:10 | Flaws in Nagios Network Management systems pose risk to companies (lien direct) | Researchers found multiple flaws in widely used network management products from Nagios that pose serious risk to organizations. Researchers from industrial cybersecurity firm Claroty have discovered eleven vulnerabilities in widely used network management products from Nagios. Nagios XI provides monitoring of all mission-critical infrastructure components including applications, services, operating systems, network protocols, systems metrics, and […] | |||
|
2021-09-22 09:16:11 | VMware addressed a critical flaw in vCenter Server. Patch it now! (lien direct) | VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments. VMware addressed a critical arbitrary file upload vulnerability, tracked as CVE-2021-22005, that impacts appliances running default vCenter Server 6.7 and 7.0 deployments. vCenter Server is the centralized management utility for VMware, and is used to manage […] | Vulnerability | ||
|
2021-09-21 22:46:57 | A zero-day flaw allows to run arbitrary commands on macOS systems (lien direct) | Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version. The flaw is due […] | Vulnerability | ||
|
2021-09-21 19:56:59 | Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US (lien direct) | Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla, in a series of attacks against the US, Germany, and Afghanistan. The threat actors are using […] | Threat | ||
|
2021-09-21 06:49:08 | Apache OpenOffice is currently impacted by a remote code execution flaw (lien direct) | Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release. Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about a remote code execution flaw, tracked as CVE-2021-33035, (CVE-2021-33035) that impacts OpenOffice (AOO). The experts disclosed the flaw at HackerOne’s […] | |||
|
2021-09-21 05:45:40 | Black Matter gang demanded a $5.9M ransom to NEW Cooperative (lien direct) | U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom. BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom. The ransomware gang claims to have stolen 1,000 GB of data including the source code for […] | Ransomware | ||
|
2021-09-21 04:28:21 | Data of 106 million visitors to Thailand leaked online (lien direct) | Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand. The expert discovered the unsecured database on August […] | |||
|
2021-09-20 17:50:06 | Large phishing campaign targets EMEA and APAC governments (lien direct) | Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. The phishing campaign has been ongoing since spring 2020 when the domains were first transferred to their current host. At […] | |||
|
2021-09-20 13:24:11 | Europol arrested 106 fraudsters, members of a major crime ring (lien direct) | Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds. Europol, along with law enforcement agencies in Italy and Spain, has dismantled a major crime group linked to the Italian Mafia that was involved in online fraud, drug trafficking, money laundering, and property […] | |||
|
2021-09-20 06:33:10 | Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme (lien direct) | A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary role in a seven-year scheme to illegally unlock nearly […] | |||
|
2021-09-19 16:25:25 | Numando, a new banking Trojan that abuses YouTube for remote configuration (lien direct) | Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since […] | Threat | ||
|
2021-09-19 11:57:41 | Why Edward Snowden is urging users to stop using ExpressVPN? (lien direct) | The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than […] | Guideline | ||
|
2021-09-19 08:14:09 | Security Affairs newsletter Round 332 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The Biden administration plans to target exchanges supporting ransomware operations with sanctions Threat actor has been targeting the aviation industry since at least 2018 Expert discloses details and PoC […] | Ransomware Threat | ||
|
2021-09-18 17:46:15 | (Déjà vu) The Biden administration plans to target exchanges supporting ransomware operations with sanctions (lien direct) | US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware gangs, and according to the Wall Street Journal, it is now planning to target the digital […] | Ransomware | ||
|
2021-09-18 16:48:46 | Threat actor has been targeting the aviation industry since at least 2018 (lien direct) | Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected. The experts believe that the threat actor behind this campaign is […] | Threat | ||
|
2021-09-18 12:21:49 | Expert discloses details and PoC code for Netgear Seventh Inferno bug (lien direct) | A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take […] | Vulnerability | ||
|
2021-09-17 22:17:31 | (Déjà vu) CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data (lien direct) | Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. […] | Vulnerability | ||
|
2021-09-17 20:22:21 | Experts warn that Mirai Botnet starts exploiting OMIGOD flaw (lien direct) | The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […] | Vulnerability Threat | ||
|
2021-09-17 14:10:41 | German Election body hit by a cyber attack (lien direct) | A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP. According to a spokesman for the organization, the attack took place at the end of August and […] | Threat | ||
|
2021-09-17 10:21:58 | New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems (lien direct) | A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […] | Malware | ||
|
2021-09-17 07:51:34 | A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection (lien direct) | Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen's Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […] | Malware | ||
|
2021-09-16 22:07:26 | FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug (lien direct) | The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively exploiting a critical vulnerability, tracked as CVE-2021-40539, in the Zoho ManageEngine ADSelfService Plus software. ManageEngine ADSelfService Plus […] |
To see everything:
Our RSS (filtrered)
