What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-20 03:50:31 | [eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR (lien direct) | For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing |
Vulnerability Threat | ||
|
2021-04-19 22:33:45 | Lazarus APT Hackers are now using BMP images to hide RAT malware (lien direct) | A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes |
Malware Threat Medical | APT 38 | |
|
2021-04-17 02:44:52 | SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence (lien direct) | A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday.
Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, |
Threat | ||
|
2021-04-14 00:37:44 | Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves (lien direct) | One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves.
This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best fit for their needs.
The constant |
Threat Guideline | ||
|
2021-04-09 23:50:38 | Hackers Tampered With APKPure Store to Distribute Malware Apps (lien direct) | APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.
In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users |
Malware Threat | ||
|
2021-04-08 06:37:05 | Researchers uncover a new Iranian malware used in recent cyberattacks (lien direct) | An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
APT34 (aka OilRig) is |
Malware Threat | APT 34 | |
|
2021-03-31 23:58:40 | Hackers Set Up a Fake Cybersecurity Firm to Target Real Security Experts (lien direct) | A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and |
Malware Threat | ||
|
2021-03-29 04:49:07 | New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems (lien direct) | Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws - tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS |
Threat | ||
|
2021-03-23 04:24:24 | (Déjà vu) Critical Flaws Affecting GE\'s Universal Relay Pose Threat to Electric Utilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices.
"Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory |
Threat | ||
|
2021-03-17 04:20:39 | Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code (lien direct) | Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories.
"The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the |
Threat | ||
|
2021-03-12 01:53:41 | Researchers Spotted Malware Written in Nim Programming Language (lien direct) | Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.
Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
"Malware developers may choose to use a rare programming language |
Malware Threat | ||
|
2021-03-12 00:43:28 | Hackers Are Targeting Microsoft Exchange Servers With Ransomware (lien direct) | It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
Now it appears that threat actors have caught up.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server |
Ransomware Threat | ||
|
2021-03-10 08:31:56 | Researchers Unveil New Linux Malware Linked to Chinese Hackers (lien direct) | Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, |
Malware Threat | APT 17 | |
|
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 01:58:23 | SolarWinds Hack - New Evidence Suggests Potential Links to Chinese Hackers (lien direct) | A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second |
Hack Threat | ★★★★★ | |
|
2021-03-08 22:51:24 | Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices (lien direct) | Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability |
Vulnerability Threat | ||
|
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-02 23:56:35 | URGENT - 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange (lien direct) | Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access |
Threat | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-02-24 08:04:41 | Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (lien direct) | With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without |
Threat | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-24 04:32:23 | Everything You Need to Know About Evolving Threat of Ransomware (lien direct) | The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal-most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.
Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and |
Ransomware Threat | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-17 05:29:09 | Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (lien direct) | A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls.
That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and |
Vulnerability Threat | ||
|
2021-02-15 22:00:16 | Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities (lien direct) | Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.
The intrusion campaign - which breached "several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French |
Hack Tool Threat | ||
|
2021-02-10 23:43:10 | Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies (lien direct) | UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch |
Tool Threat | ||
|
2021-02-08 03:28:42 | Detailed: Here\'s How Iran Spies on Dissidents with the Help of Hackers (lien direct) | Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives.
Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten ( |
Threat | ||
|
2021-02-04 02:48:55 | Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices (lien direct) | A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks.
Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare |
Malware Threat | ||
|
2021-02-04 02:20:16 | Why Human Error is #1 Cyber Security Threat to Businesses in 2021 (lien direct) | Phishing and Malware
Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting |
Malware Threat | Wannacry Wannacry | |
|
2021-02-03 03:06:30 | Guide: How Security Consolidation Helps Small Cybersecurity Teams (lien direct) | The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions-from different vendors-creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones.
And yet, sophisticated attacks continue to bypass these advanced security |
Threat Guideline | ||
|
2021-02-01 03:15:16 | New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers (lien direct) | A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.
Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors |
Malware Threat | APT 32 | |
|
2021-01-28 02:26:43 | Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware (lien direct) | U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.
"We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom |
Ransomware Threat | ||
|
2021-01-25 21:10:52 | N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches (lien direct) | Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development.
The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, Twitter, LinkedIn |
Vulnerability Threat | ||
|
2021-01-21 03:59:10 | Here\'s How SolarWinds Hackers Stayed Undetected for Long Enough (lien direct) | Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history.
Calling the threat actor "skillful and methodic operators who follow |
Hack Threat | ||
|
2021-01-21 03:04:00 | Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet (lien direct) | A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees.
The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point |
Threat | ||
|
2021-01-19 03:05:29 | New Educational Video Series for CISOs with Small Security Teams (lien direct) | Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded.
Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities.
CISOs at SMEs are |
Threat | ||
|
2021-01-15 23:30:40 | NSA Suggests Enterprises Use \'Designated\' DNS-over-HTTPS\' Resolvers (lien direct) | The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) - if configured appropriately in enterprise environments - can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors.
"DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by |
Threat | ||
|
2021-01-15 03:31:43 | Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks (lien direct) | Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A |
Malware Threat Guideline | APT 41 | ★★★★★ |
|
2021-01-12 21:59:24 | Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365 (lien direct) | Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange.
The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate |
Threat | ||
|
2021-01-12 03:07:27 | Experts Sound Alarm On New Android Malware Sold On Hacking Forums (lien direct) | Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the |
Malware Threat | ||
|
2021-01-05 23:17:23 | FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack (lien direct) | The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month.
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and |
Threat | ||
|
2020-12-31 20:50:25 | (Déjà vu) Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code (lien direct) | Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.
The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.
"We detected |
Threat | ||
|
2020-12-29 00:38:45 | AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users (lien direct) | Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020.
Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, |
Threat | ||
|
2020-12-25 02:26:11 | Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers (lien direct) | New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email.
The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal |
Threat | ||
|
2020-12-23 23:24:40 | North Korean Hackers Trying to Steal COVID-19 Vaccine Research (lien direct) | Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting |
Threat Medical | APT 38 APT 28 | |
|
2020-12-22 01:50:07 | A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says (lien direct) | As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the |
Malware Threat | ||
|
2020-12-15 03:18:55 | Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices (lien direct) | A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.
Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as |
Threat | ||
|
2020-12-10 23:42:22 | Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam (lien direct) | Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.
Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for |
Hack Threat | APT 32 | |
|
2020-12-09 07:11:49 | Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware (lien direct) | A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the |
Malware Threat | APT 28 |
To see everything:
Our RSS (filtrered)
