What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-29 01:21:39 | Top 30 Critical Security Vulnerabilities Most Exploited by Hackers (lien direct) | Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly.
"Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, |
Threat | ||
|
2021-07-28 03:58:14 | Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers (lien direct) | A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems.
Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team |
Threat | ★★★★ | |
|
2021-07-28 03:06:58 | Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees (lien direct) | An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider |
Malware Threat | ||
|
2021-07-27 05:39:47 | Hackers Turning to \'Exotic\' Programming Languages for Malware Development (lien direct) | Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of |
Malware Threat | ||
|
2021-07-23 04:23:38 | Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring (lien direct) | Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
The apprehended suspects, a 24-year-old software engineer, and a 15-year-old boy, are said to have been |
Threat | ||
|
2021-07-22 03:38:52 | APT Hackers Distributed Android Trojan via Syrian e-Government Portal (lien direct) | An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu |
Malware Threat | ||
|
2021-07-21 03:02:25 | Several New Critical Flaws Affect CODESYS Industrial Automation Software (lien direct) | Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely |
Threat | ||
|
2021-07-19 06:11:04 | Researchers Warn of Linux Cryptojacking Attackers Operating from Romania (lien direct) | A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to |
Tool Threat | ||
|
2021-07-16 02:15:28 | Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel (lien direct) | Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform.
The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based |
Threat | ||
|
2021-07-15 05:57:59 | China\'s Cyberspies Targeting Southeast Asian Government Entities (lien direct) | A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.
Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as "LuminousMoth," which it connected with medium to high confidence to a |
Threat | ||
|
2021-07-15 01:25:21 | Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild (lien direct) | Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.
What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an |
Threat | ||
|
2021-07-13 20:48:53 | Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms (lien direct) | Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322."
The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary |
Threat | ||
|
2021-07-08 02:58:54 | Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across |
Malware Threat | ||
|
2021-07-07 06:18:33 | WildPressure APT Emerges With New Malware Targeting Windows and macOS (lien direct) | A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as |
Malware Threat | ||
|
2021-07-07 05:58:28 | Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform (lien direct) | An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
In light of the growing number of cyber incidents that target the software supply chain, there is an urgent |
Threat | ||
|
2021-07-06 20:38:13 | Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability (lien direct) | Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. |
Vulnerability Threat | ★★★★ | |
|
2021-07-06 01:41:59 | Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (lien direct) | Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, |
Malware Threat | ★★★ | |
|
2021-07-05 02:48:45 | TrickBot Botnet Found Deploying A New Ransomware Called Diavol (lien direct) | Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research.
Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.
TrickBot, a banking Trojan first |
Ransomware Threat | ||
|
2021-07-03 01:00:30 | Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware (lien direct) | The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack.
"Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA |
Ransomware Threat | ||
|
2021-07-01 03:00:21 | IndigoZebra APT Hacking Campaign Targets the Afghan Government (lien direct) | Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014.
Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed |
Threat | ||
|
2021-06-27 20:32:04 | SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers (lien direct) | In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts.
"This recent activity was mostly unsuccessful, and |
Threat | ||
|
2021-06-25 03:37:08 | Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack (lien direct) | Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.
Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running |
Threat | ||
|
2021-06-23 07:36:52 | Pakistan-linked hackers targeted Indian power company with ReverseRat (lien direct) | A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research.
"Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday |
Threat | ||
|
2021-06-17 05:09:16 | Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments (lien direct) | A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month.
Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it |
Threat | ||
|
2021-06-17 03:25:33 | A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran (lien direct) | Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015.
Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) |
Threat | ||
|
2021-06-16 02:14:53 | Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (lien direct) | As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets.
"Ransomware operators often buy access from independent cybercriminal groups who infiltrate major |
Ransomware Hack Threat | ||
|
2021-06-15 06:05:51 | Experts Shed Light On Distinctive Tactics Used by Hades Ransomware (lien direct) | Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
"In many ways, the GOLD WINTER threat group is a typical post-intrusion ransomware threat group that pursues high-value targets to |
Ransomware Threat | ||
|
2021-06-13 23:59:46 | Chinese Hackers Believed to be Behind SITA, Air India Data Breach (lien direct) | The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41.
Group-IB dubbed the campaign "ColunmTK" based on the names of the command-and-control (C2) server domains that were used for communications. "The |
Data Breach Threat Guideline | APT 41 | |
|
2021-06-10 03:51:05 | Emerging Ransomware Targets Dozens of Businesses Worldwide (lien direct) | An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate.
First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle |
Ransomware Threat | ||
|
2021-06-09 03:17:22 | EBook – Creating a Large Company Security Stack on a Lean Company Budget (lien direct) | The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity.
Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex-a new eBook from XDR provider Cynet (read it here). |
Threat | ||
|
2021-06-02 05:55:31 | Researchers Uncover Hacking Operations Targeting Government Entities in South Korea (lien direct) | A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information.
Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea |
Threat | ||
|
2021-06-02 02:55:03 | Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites (lien direct) | Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has |
Malware Vulnerability Threat | ||
|
2021-05-28 04:24:39 | SolarWinds Hackers Target Think Tanks With New Backdoor (lien direct) | Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.
"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's |
Threat | ||
|
2021-05-28 00:29:08 | Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices (lien direct) | Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks.
FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat |
Threat | ||
|
2021-05-14 09:01:06 | Hackers Using Microsoft Build Engine to Deliver Malware Filelessly (lien direct) | Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.
The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, |
Malware Threat | ||
|
2021-05-10 05:44:59 | Over 25% Of Tor Exit Relays Spied On Users\' Dark Web Activities (lien direct) | An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.
"The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a |
Threat | ||
|
2021-05-07 01:58:18 | New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations (lien direct) | An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for |
Malware Threat | ||
|
2021-05-04 00:52:50 | Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack (lien direct) | Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.
Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to |
Vulnerability Threat | ||
|
2021-05-03 00:43:49 | New Chinese Malware Targeted Russia\'s Largest Nuclear Submarine Designer (lien direct) | A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) |
Malware Threat | ||
|
2021-04-30 06:01:07 | Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks (lien direct) | An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that |
Ransomware Threat | ||
|
2021-04-30 00:24:38 | Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach (lien direct) | Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
"We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an |
Data Breach Threat | ||
|
2021-04-29 07:46:57 | LuckyMouse Hackers Target Banks, Companies and Governments in 2020 (lien direct) | An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East.
The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical |
Threat | ||
|
2021-04-29 03:19:09 | Chinese Hackers Attacking Military Organizations With New Backdoor (lien direct) | Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia.
Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing |
Threat | APT 30 | |
|
2021-04-29 02:02:21 | Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years (lien direct) | A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems.
Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate |
Malware Threat | ||
|
2021-04-28 06:43:39 | Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware (lien direct) | Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.
The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.
"The biggest risk for the targeted |
Malware Threat | ||
|
2021-04-28 00:59:10 | Attention! FluBot Android Banking Malware Spreads Quickly Across Europe (lien direct) | Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been |
Malware Threat | ||
|
2021-04-22 22:52:36 | Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.
"The threat actor connected to the entity's network via a Pulse Secure virtual private network ( |
Malware Threat | ||
|
2021-04-22 06:18:25 | Researchers Find Additional Infrastructure Used By SolarWinds Hackers (lien direct) | The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, |
Threat | ||
|
2021-04-21 23:42:45 | Facebook Busts Palestinian Hackers\' Operation Spreading Mobile Spyware (lien direct) | Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware.
The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor is known as |
Threat | ||
|
2021-04-21 05:47:27 | Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn\'t paid (lien direct) | Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks |
Ransomware Threat |
To see everything:
Our RSS (filtrered)
