What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-19 14:17:14 | Hacking the infotainment system used in Mercedes-Benz cars (lien direct) | Security researchers identified five vulnerabilities in the infotainment system in Mercedes-Benz cars, four of them are remotely exploitable. Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) […] | |||
|
2021-05-19 11:33:28 | Conti ransomware gang also breached Ireland Department of Health (DoH) (lien direct) | Conti ransomware also breached the network of Ireland’s Department of Health (DoH) but the ransomware failed to encrypt the systems. Last week, Conti ransomware gang targeted the Ireland's Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack. The Health Service Executive opted to […] | Ransomware | ||
|
2021-05-19 05:53:29 | DarkSide ransomware made $90 million since October 2020 (lien direct) | Researchers from blockchain analysis firm Elliptic estimated that Darkside ransomware gang has made over $90 million from its attacks. Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million from ransom payments from its victims since October 2020. The researchers examined the Bitcoin wallets used by ransomware gang […] | Ransomware | ||
|
2021-05-18 17:53:47 | (Déjà vu) European Council extends sanctions against foreign threat actors (lien direct) | European Council extended for one year the sanctions against foreign threat actors that threaten the European Union and its member states. The European Council announced that it will extend for one year the framework for sanctions against threat actors that launched cyberattacks against the infrastructure of the European Union and its member states. The Council Decision […] | Threat | ||
|
2021-05-18 09:22:59 | Analysis of NoCry ransomware: A variant of the Judge ransomware (lien direct) | Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative. Our decryptor has been helping […] | Ransomware | ||
|
2021-05-18 08:36:03 | Discovery of Simps Botnet Leads To Ties to Keksec Group (lien direct) | Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs’ threat research team has discovered a new Botnet named 'Simps' attributed to Keksec group primarily focussed on DDOS activities. We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code […] | Threat | ★★★ | |
|
2021-05-18 06:26:29 | Bizarro banking Trojan targets banks in Brazil and abroad (lien direct) | Bizarro is a new sophisticated Brazilian banking trojan that is targeting customers of tens of banks in Europe and South America. Researchers from Kaspersky have spotted a new sophisticated Brazilian banking trojan dubbed Bizarro that is targeting customers of tens of 70 banks in Europe and South America. Bizarro banking Trojan allows to capture online […] | |||
|
2021-05-17 16:40:06 | Android stalkerware, a danger for victims and stalkers (lien direct) | ESET research shows that Android stalkerware apps are affected by vulnerabilities that further threaten victims. ESET research reveals that common Android stalkerware apps are affected with vulnerabilities that could expose the privacy and security of the victims. Mobile stalkerware, also known as spouseware, is used by a stalker to spy on a victim, it allows […] | |||
|
2021-05-17 13:45:30 | Expert released PoC exploit code for Windows CVE-2021-31166 bug (lien direct) | A security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166. Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166. The flaw could be exploited by an unauthenticated attacker by […] | Vulnerability | ||
|
2021-05-17 09:02:23 | Bitcoin down: 51% attack? No, put the blame on Elon Musk (lien direct) | The price of Bitcoin falls after Elon Musk declared that its company, Tesla, may have sold holdings of the cryptocurrency We have a long-debated about the possibility that the Bitcoin price could be influenced by threat actors through 51% attacks, but recent events demonstrate that it could be easier to manipulate its value. A simple […] | Threat | ||
|
2021-05-17 06:19:59 | Conti ransomware demanded $20M ransom to Ireland Health Service Executive (lien direct) | Ireland Health Service Executive (HSE) refuses to pay a $20 million ransom demand after its systems were hit by the Conti ransomware gang. Ireland's Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack. The Health Service Executive opted to shut down its infrastructure as a […] | Ransomware | ||
|
2021-05-16 17:44:58 | Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia (lien direct) | Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance operates as an investment management company. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves […] | Ransomware | ★★★★★ | |
|
2021-05-16 15:35:13 | Two flaws could allow bypassing AMD SEV protection system (lien direct) | The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology. Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure Encrypted Virtualization) technology implemented to prevent rogue operating systems on virtual machines. The chipmaker is aware of two research papers, respectively titled […] | |||
|
2021-05-16 11:31:28 | MSBuild tool used to deliver RATs filelessly (lien direct) | Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and RedLine Stealer password-stealing malware on targeted Windows systems. “Anomali Threat Research discovered a campaign in which threat actors used […] | Malware Tool Threat | ||
|
2021-05-16 09:51:58 | Security Affairs newsletter Round 314 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. CISA MAR report provides technical details of FiveHands Ransomware SQL injection issue in Anti-Spam WordPress Plugin exposes User Data TsuNAME flaw exposes DNS servers to DDoS attacks City of Tulsa, […] | Ransomware | ||
|
2021-05-16 08:39:52 | Pakistan-linked Transparent Tribe APT expands its arsenal (lien direct) | Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets. The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic […] | Malware | APT 36 | |
|
2021-05-15 16:41:42 | European police dismantle major online investment fraud ring that causes €30 Million in losses (lien direct) | A joint operation of European law enforcement agencies and coordinated by Europol dismantled a criminal ring involved in investment fraud. A joint investigation of European law enforcement agencies supported by Europol and Eurojust dismantled a large criminal network involved in investment fraud and money laundering. The operation, led by Germany, involved authorities from Bulgaria, Israel, Latvia, […] | |||
|
2021-05-15 12:31:40 | Major hacking forums XSS and Exploit ban ads from ransomware gangs (lien direct) | XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published by ransomware gangs. The forum is one the most important places of […] | Ransomware | ||
|
2021-05-15 08:41:55 | QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks (lien direct) | QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that […] | Ransomware Threat | ||
|
2021-05-14 22:19:02 | Scheme flooding fingerprint technique may deanonymize Tor users (lien direct) | FingerprintJS experts devised a fingerprinting technique, named scheme flooding, that could allow identifying users across different desktop browsers, including the Tor Browser. FingerprintJS experts devised a new fingerprinting technique, named scheme flooding, that could allow identifying users while browsing websites using different desktop browsers, including the Tor Browser. The technique allows to profile users while […] | |||
|
2021-05-14 19:29:43 | Darkside gang lost control of their servers and funds (lien direct) | The operators of the Darkside ransomware announced that they have lost control of their infrastructure and part of the funds the gang obtained from the victims. Darkside ransomware operators say they have lost control of their servers and funds resulting from their extortion activity, the funds were transferred to an unknown wallet. “The funds, which […] | Ransomware | ||
|
2021-05-14 14:08:55 | Magecart gang hides PHP-based web shells in favicons (lien direct) | Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information. Researchers from Malwarebytes observed threat actors, likely Magecart […] | Threat | ||
|
2021-05-14 11:30:06 | (Déjà vu) Ireland\'s Health Service Executive hit by ransomware attack (lien direct) | Ireland's Health Service Executive service shut down its IT systems after they were hit with a “significant ransomware attack.” Another major ransomware attack made the headlines, this time the victim is Ireland's Health Service Executive that was forced to shut down its IT systems on Friday. After being targeted with a significant ransomware attack the Health Service […] | Ransomware | ||
|
2021-05-14 10:13:31 | Colonial Pipeline likely paid a $5M ransom to DarkSide (lien direct) | DarkSide demanded a $5 million ransom to Colonial Pipeline, which has quickly recovered operations, did it pay? The Colonial Pipeline facility in Pelham, Alabama, was hit by a cybersecurity attack on Friday and its operators were forced to shut down its systems. The pipeline allows carrying 2.5 million barrels of refined gasoline and jet fuel […] | |||
|
2021-05-14 06:19:58 | (Déjà vu) Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack (lien direct) | Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for […] | |||
|
2021-05-13 20:16:55 | Security at Bay: Critical Infrastructure Under Attack (lien direct) | The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape, The attack took place on May 7th where hackers used ransomware […] | Ransomware | ||
|
2021-05-13 18:38:28 | Please vote Security Affairs – 1 day left (lien direct) | Hi GuysI need your support. I became aware only not that we can nominate SecurityAffairs as Best Personal Blog. I need your support. Please vote Security Affairs as Best Personal cybersecurity Blog at the following link https://docs.google.com/forms/d/e/1FAIpQLSer_6yOZrL8OO6XjJ9yj3Mlq9LvuOakdTZN9ZmhkFCy1aQLdw/viewform The URL is https://securityaffairs.co/ and indicate me Pierluigi Paganini as reference Thank you!Pierluigi Follow me on Twitter: @securityaffairs […] | |||
|
2021-05-13 17:27:24 | Organizations in aerospace and travel sectors under attack, Microsoft warns (lien direct) | Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […] | Threat | ||
|
2021-05-13 15:53:29 | Cisco fixes AnyConnect Client VPN zero-day disclosed in November (lien direct) | Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that was disclosed in November. The availability of a proof-of-concept exploit code for the zero-day was confirmed by the Cisco Product Security […] | Vulnerability | ★★★★★ | |
|
2021-05-13 12:18:11 | Biden signed executive order to improve the Nation\'s Cybersecurity (lien direct) | President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […] | |||
|
2021-05-13 09:17:43 | US CISA and FBI publish joint alert on DarkSide ransomware (lien direct) | FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […] | Ransomware | ||
|
2021-05-12 22:29:49 | How Companies Need to Treat User Data and Manage Their Partners (lien direct) | After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. As per these regulations, organizations can be held responsible […] | |||
|
2021-05-12 21:39:41 | Microsoft Patch Tuesday for May 2021 fix 4 critical flaws (lien direct) | Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities, four are rated as Critical. Microsoft Patch Tuesday for May 2021 security updates address 55 vulnerabilities in Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server. Four […] | |||
|
2021-05-12 16:32:21 | FragAttacks vulnerabilities expose all WiFi devices to hack (lien direct) | Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […] | Hack | ||
|
2021-05-12 14:19:26 | Maybe don\'t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities (lien direct) | Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many inventions of the 20th century, the internet has drastically changed using the phone. Once a vital necessity […] | |||
|
2021-05-12 12:54:13 | TeaBot Android banking Trojan targets banks in Europe (lien direct) | Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […] | Malware | ||
|
2021-05-12 07:14:43 | NSA and ODNI analyze potential risks to 5G networks (lien direct) | U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have analyzed the risks and vulnerabilities associated with […] | |||
|
2021-05-11 21:37:37 | Hackers target Windows users exploiting a Zero-Day in Reader (lien direct) | Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, Medium, and Animate. Five of the […] | Vulnerability | ||
|
2021-05-11 18:28:49 | Researcher hacked Apple AirTag two weeks after its launch (lien direct) | Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them. The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. “The German security researcher Stack Smashing tweeted today (via The 8-bit) that […] | |||
|
2021-05-11 15:49:24 | Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 (lien direct) | Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted 128 million iOS users. Epic Games filed a lawsuit against Apple in a California court over its violation of terms of […] | |||
|
2021-05-11 12:29:05 | (Déjà vu) Google open sources cosign tool for verifying containers (lien direct) | Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed to make signatures invisible infrastructure. Cosign supports: Hardware and KMS signing Bring-your-own PKI Our free OIDC PKI […] | Tool | ||
|
2021-05-11 10:23:45 | (Déjà vu) FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks (lien direct) | The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […] | Ransomware | ||
|
2021-05-10 20:46:58 | FBI confirmed that Darkside ransomware gang hit Colonial Pipeline (lien direct) | The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is […] | Ransomware | ||
|
2021-05-10 13:05:57 | City of Tulsa, is the last US city hit by ransomware attack (lien direct) | The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government's network and shut down its websites. One of the biggest cities in the US by population size, the City of Tulsa, was victim of a ransomware attack that affected its government's network and forced the shutdown […] | Ransomware | ||
|
2021-05-10 07:31:28 | Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks (lien direct) | Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The […] | Threat | ||
|
2021-05-10 06:26:07 | WhatsApp will not deactivate accounts for not accepting new privacy terms (lien direct) | WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don’t accept its new privacy policy that will be rolled out on May 15. The company will only […] | |||
|
2021-05-09 18:12:06 | CISA MAR report provides technical details of FiveHands Ransomware (lien direct) | U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye's Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye's Mandiant. At the end of April, researchers […] | Ransomware Malware | ||
|
2021-05-09 14:12:51 | SQL injection issue in Anti-Spam WordPress Plugin exposes User Data (lien direct) | 'Spam protection, AntiSpam, FireWall by CleanTalk' anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in 'Spam protection, AntiSpam, FireWall by CleanTalk' WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw could be exploited by an attack to […] | |||
|
2021-05-09 08:50:25 | Security Affairs newsletter Round 313 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attack Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle WeSteal, a shameless commodity cryptocurrency […] | Ransomware | ||
|
2021-05-09 07:58:43 | TsuNAME flaw exposes DNS servers to DDoS attacks (lien direct) | A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named […] |
To see everything:
Our RSS (filtrered)
