What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-16 09:21:08 | New enhanced Joker Malware samples appear in the threat landscape (lien direct) | The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and […] | Malware Threat | ||
|
2021-07-15 21:23:20 | Israeli surveillance firm Candiru used Windows zero-days to deploy spyware (lien direct) | Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue. According to the experts, at least 100 activists, journalists […] | |||
|
2021-07-15 18:28:16 | Exploit broker Zerodium is looking for VMware vCenter Server exploits (lien direct) | Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The company will […] | |||
|
2021-07-15 17:34:17 | (Déjà vu) SpearTip Finds New Diavol Ransomware Does Steal Data (lien direct) | Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly identical command-line parameters for the same functionality. There may be some similarities, but as they've explained and SpearTip […] | Ransomware Threat | ||
|
2021-07-15 17:07:34 | HelloKitty ransomware now targets VMware ESXi servers (lien direct) | HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms. Targeting VMware ESXi […] | Ransomware Malware | ||
|
2021-07-15 14:29:47 | SonicWall warns of \'imminent ransomware\' attacks on its EOL products (lien direct) | SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […] | Ransomware Threat | ||
|
2021-07-15 05:50:17 | macOS: Bashed Apples of Shlayer and Bundlore (lien direct) | Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […] | Malware Threat | ||
|
2021-07-14 21:25:36 | Google: four zero-day flaws have been exploited in the wild (lien direct) | Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser […] | |||
|
2021-07-14 18:21:17 | China-linked LuminousMoth APT targets entities from Southeast Asia (lien direct) | LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. Kaspersky experts uncovered an ongoing and large-scale cyber espionage campaign, tracked as LuminousMoth, aimed at government entities from Southeast Asia, including Myanmar and the Philippines government entities. The LuminousMoth campaign has been linked by […] | |||
|
2021-07-14 12:42:53 | Trickbot improve its VNC module in recent attacks (lien direct) | Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The Trickbot botnet continues to evolve despite the operations conducted by law enforcement aimed at dismantling it. The authors recently implemented an update for the VNC module used for remote control over infected systems. In October, Microsoft's […] | |||
|
2021-07-14 08:48:48 | China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks (lien direct) | Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322. Microsoft said that the recent attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322. This week SolarWinds addressed a zero-day remote code execution flaw (CVE-2021-35211) in Serv-U products which […] | |||
|
2021-07-14 04:56:17 | The infrastructure and websites used by REvil ransomware gang are not reachable (lien direct) | The infrastructure and leak sites used by the REvil ransomware gang for its operations went offline last night. Starting last night, the infrastructure and the websites used by the REvil ransomware gang were mysteriously unreachable, BleepingComputer first reported. “The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as […] | Ransomware | ||
|
2021-07-13 20:12:12 | This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto (lien direct) | A CyberNews investigation uncovered a network of wallet addresses used by a scammer group to store and cash out millions in crypto stolen from thousands of victims. Original post @ https://cybernews.com/crypto/millions-of-stolen-crypto-found-investigation/ Mindaugas (who wished his last name not to be disclosed publicly), an executive at a UK-based company, unknowingly fell for a scam when he […] | |||
|
2021-07-13 19:41:18 | Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator (lien direct) | Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems. The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories […] | |||
|
2021-07-13 14:20:26 | ModiPwn flaw in Modicon PLCs bypasses security mechanisms (lien direct) | ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric's Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric 's Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […] | |||
|
2021-07-13 10:19:18 | Social media partially disrupted in Cuba amid anti-government protests (lien direct) | NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. Security experts from NetBlocks are observing partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to […] | |||
|
2021-07-13 07:04:18 | (Déjà vu) American retailer Guess discloses data breach after ransomware attack (lien direct) | American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In February, American fashion brand Guess was hit by a ransomware attack, now the company is disclosing a data breach and is notifying affected customers. The attack was likely carried out by the DarkSide ransomware gang […] | Ransomware Data Breach | ||
|
2021-07-12 21:01:19 | SolarWinds fixes critical Serv-U zero-day exploited in the wild (lien direct) | SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor. SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer […] | Vulnerability Threat | ||
|
2021-07-12 17:18:57 | Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again (lien direct) | Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/ For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from […] | Threat | ||
|
2021-07-12 14:15:12 | BIOPASS malware abuses OBS Studio to spy on victims (lien direct) | Researchers spotted a new malware, dubbed BIOPASS, that sniffs victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Researchers from Trend Micro spotted a new malware, dubbed BIOPASS, that sniffs the victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Threat actors behind the new malware planted a malicious JavaScript code on support […] | Malware Threat | ||
|
2021-07-12 08:22:15 | (Déjà vu) Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack (lien direct) | Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software that were exploited by the REvil ransomware gang in the massive ransomware supply chain attack. […] | Ransomware | ||
|
2021-07-12 07:15:03 | Magecart hackers hide stolen credit card data into images and bogus CSS files (lien direct) | Magecart hackers continuously improve their exfiltration techniques to evade detection, they are hiding stolen credit card data into images. Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with […] | Malware | ||
|
2021-07-11 18:24:53 | Biden discussed Russian ransomware gangs with Putin in a phone call (lien direct) | President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities and was discussed by Presidents Biden and Putin during a phone call. The ransomware attacks against […] | Ransomware | ||
|
2021-07-11 05:21:09 | (Déjà vu) Hackers accessed Mint Mobile subscribers\' data and ported some numbers (lien direct) | Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile's cellular network in the United States. BleepingComputer reported that Mint Mobile has disclosed a data breach that […] | Data Breach | ||
|
2021-07-11 05:15:07 | Security Affairs newsletter Round 322 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack Hackers spread backdoor after compromising the […] | Ransomware | ||
|
2021-07-10 18:20:34 | Iran\'s railroad system was hit by a cyberattack, hackers posted fake delay messages (lien direct) | Iran’s railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country. Iran’s railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, […] | Threat | ||
|
2021-07-10 05:09:35 | Kaseya warns customers of ongoing malspam campaign posing as security updates (lien direct) | Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […] | Ransomware Spam Malware Threat | ||
|
2021-07-09 14:10:50 | Insurance firm CNA discloses data breach after March ransomware attack (lien direct) | Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. […] | Ransomware Data Breach | ||
|
2021-07-09 11:02:40 | (Déjà vu) Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs (lien direct) | Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Now experts from McAfee Labs warn of a novel technique used by threat actors that […] | Threat | ||
|
2021-07-09 11:02:40 | Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs (lien direct) | Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Now experts from McAfee Labs warn of a novel technique used by threat actors that […] | Threat | ||
|
2021-07-09 07:42:57 | Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw (lien direct) | Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the emergency security patches released early this week correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527) for all supported Windows versions. Immediately after the release of the updates (KB5004945) multiple researchers questioned its efficiency and explained […] | Vulnerability | ||
|
2021-07-09 06:17:38 | (Déjà vu) Cisco fixes High Severity issue in BPA and WSA (lien direct) | Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. The IT giant fixed two flaws […] | |||
|
2021-07-08 22:58:05 | Multiple Sage X3 vulnerabilities expose systems to hack (lien direct) | Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from Rapid7 discovered a total of four security vulnerabilities in the Sage X3 enterprise resource planning (ERP) solution. Chaining two of the vulnerabilities discovered by the expert, an attacker could execute malicious commands and take control of vulnerable […] | Hack | ||
|
2021-07-08 19:30:40 | Morgan Stanley discloses data breach after the hack of a third-party vendor (lien direct) | The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than […] | Data Breach Hack Threat | ||
|
2021-07-08 12:43:55 | Tor Browser 10.5 is out, it includes a new anti-censorship feature (lien direct) | The Tor Project has released Tor Browser 10.5 which enhances an anti-censorship feature and warns of V2 onion URL deprecation. The Tor Project has released Tor Browser 10.5 which implements an improved anti-censorship feature and warns users of V2 onion URL deprecation in favor of the newer V3 URLs. The first version supporting V3 URLs […] | |||
|
2021-07-08 09:47:35 | Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits (lien direct) | A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the […] | Threat | ||
|
2021-07-08 07:34:54 | Experts bypassed Microsoft\'s emergency patch for the PrintNightmare (lien direct) | The emergency patch for the PrintNightmare vulnerability released by Microsoft is incomplete and still allows RCE. Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately, the patch is incomplete and still allows remote code execution. Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution […] | Vulnerability | ||
|
2021-07-07 21:33:50 | Wiregrass Electric Cooperative hit by a ransomware attack (lien direct) | Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack. The cyberattack temporarily blocked the customers’ access to their account information, the cooperative is working to restore the impacted system. According to […] | Ransomware | ||
|
2021-07-07 18:28:35 | WildPressure APT expands operations targeting the macOS platform (lien direct) | WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems. The WildPressure was spotted for the first time […] | Malware | ||
|
2021-07-07 12:11:21 | Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya (lien direct) | Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain 'decoder[.]re' in addition to a ransomware page available in the TOR network. […] | Ransomware Threat | ||
|
2021-07-07 07:47:57 | Microsoft rolled out emergency update for Windows PrintNightmare zero-day (lien direct) | Microsoft rolled out KB5004945 emergency update to address the actively exploited PrintNightmare zero-day vulnerability (CVE-2021-34527) in Print Spooler service. Microsoft has released the KB5004945 emergency security update to address the actively exploited CVE-2021-34527 zero-day vulnerability, aka PrintNightmare. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An […] | Vulnerability | ||
|
2021-07-07 07:01:52 | Hacker leaks info of pro-Trump GETTR members online (lien direct) | A hacker has leaked claims to have breached pro-Trump GETTR and leaked the private information of almost 90,000 members on a hacking forum. GETTR is a new pro-Trump social media platform created by Jason Miller, a former Trump advisor, the Twitter-like platform suffered a data breach. The security breach comes a few hours after its […] | |||
|
2021-07-06 17:31:42 | (Déjà vu) SonicWall addresses critical CVE-2021-20026 flaw in NSM devices (lien direct) | Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall's Network Security Manager (NSM) product. At the end of May, SonicWall urged its customers to 'immediately' address a post-authentication vulnerability, tracked […] | Vulnerability | ||
|
2021-07-06 12:47:07 | Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya (lien direct) | Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […] | Ransomware | ||
|
2021-07-06 09:14:54 | Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide (lien direct) | Group-IB supported INTERPOL in its Operation Lyrebird that allowed to identify a threat actor presumably responsible for multiple attacks. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has supported INTERPOL in its Operation Lyrebird that resulted in the identification and apprehension of a threat actor presumably responsible for multiple attacks, […] | Guideline | ||
|
2021-07-06 08:52:50 | QNAP addressed a critical flaw that allows compromising NAS devices (lien direct) | Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809, that could be exploited by attackers to compromise vulnerable NAS devices. The vulnerability affects certain legacy versions of HBS 3 Hybrid Backup Sync, it was reported to […] | Vulnerability | ||
|
2021-07-06 07:03:53 | ENISA publishes Cybersecurity guide for SMEs (lien direct) | ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks. The surface of attack for SMEs was enlarged, many of them took business continuity measures, such as adopting cloud services, improving their […] | |||
|
2021-07-05 20:35:47 | (Déjà vu) CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack (lien direct) | CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform. The US agencies provides instructions to affected MSPs and their customers […] | Ransomware | ||
|
2021-07-05 13:44:27 | Revil ransomware gang hit Spanish telecom giant MasMovil (lien direct) | Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We have downloaded databases and other important […] | Ransomware | ||
|
2021-07-05 11:17:19 | REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims (lien direct) | REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack. On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The […] | Ransomware |
To see everything:
Our RSS (filtrered)
