What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-03 07:24:18 | Evolution and rise of the Avaddon Ransomware-as-a-Service (lien direct) | The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that […] | Ransomware Malware Threat | ||
|
2021-04-02 21:19:54 | (Déjà vu) FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers (lien direct) | FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint alert to warn of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The […] | Threat | ||
|
2021-04-02 18:24:53 | TIM\'s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product (lien direct) | Researchers from TIM's Red Team Research discovered five new vulnerabilities affecting the CA eHealth Performance Manager product. Researchers from TIM's Red Team Research led by Massimiliano Brolli, discovered 5 new vulnerabilities affecting the CA eHealth Performance Manager product. CA Technologies is an American multinational corporation specialized in business-to-business (B2B) software with a product portfolio focused […] | |||
|
2021-04-02 17:28:27 | (Déjà vu) Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs (lien direct) | Unpatched vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices could be exploited by remote attackers to remotely execute arbitrary code. Security researchers at SAM Seamless Network discovered a couple of critical unpatched flawsin QNAP small office/home office (SOHO) network-attached storage (NAS) devices that could allow remote attackers to execute arbitrary code on […] | |||
|
2021-04-02 14:26:47 | Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools (lien direct) | Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts particularly exposed to these malicious campaigns. Recently the Broward County Public Schools district announced that it was victim […] | Ransomware | ||
|
2021-04-02 12:37:02 | Airlift Express Fixes Vulnerabilities in Its E-commerce Store (lien direct) | PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. Fortunately, the company has successfully fixed the security loopholes, but the […] | Vulnerability Guideline | ||
|
2021-04-02 10:58:10 | (Déjà vu) DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5 (lien direct) | The DHS CISA has issued a supplemental directive that requires all federal agencies to identify vulnerable Microsoft Exchange servers in their infrastructure within five days. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify Microsoft Exchange servers in their environments impacted by […] | |||
|
2021-04-02 07:44:50 | Man indicted for tampering with public water system in Kansas (lien direct) | The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering with the computer system of the Ellsworth County Rural Water District. Travnichek accessed the computer system of […] | |||
|
2021-04-01 19:46:24 | VMware fixes authentication bypass in Carbon Black Cloud Workload appliance (lien direct) | VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance that could be exploited by attackers to bypass authentication. Carbon Black Cloud Workload is a data center security product that protects customers’ workloads […] | Vulnerability | ★★★★ | |
|
2021-04-01 15:30:50 | DeepDotWeb admin pleads guilty to money laundering conspiracy (lien direct) | One of the administrators for the DeepDotWeb dark web portal pleads guilty to receiving kickbacks from the operators of the marketplaces. One of the administrators for the DeepDotWeb dark web portal, Tal Prihar (37), pleads guilty to receiving kickbacks from the operators of the marketplaces for the sale of illegals products. Tal Prihar is a […] | Guideline | ||
|
2021-04-01 14:39:54 | VMware fixed flaws in vROps that can be chained to compromise organizations (lien direct) | VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform. Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 […] | Vulnerability | ||
|
2021-04-01 11:53:10 | Akamai dealt with an 800Gbps ransom DDoS against a gambling company (lien direct) | Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps. CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year. The company recently mitigated three of the six biggest volumetric DDoS attacks it […] | |||
|
2021-04-01 09:58:40 | Ubiquiti security breach may be a catastrophe (lien direct) | The data breach disclosed by Ubiquiti in January could be just the tip of the iceberg, a deeper incident could have hit the company. In January, American technology vendor Ubiquiti Networks suffered a data breach, it sent out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. […] | Data Breach | ||
|
2021-04-01 07:45:39 | US CISA warns of DoS flaws in Citrix Hypervisor (lien direct) | Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to trigger a denial of service condition on the host. US CISA warns that Citrix has released security updates to address flaws in Hypervisor that could be exploited by threat actors to execute code in a […] | Threat | ||
|
2021-03-31 21:53:31 | North Korea-linked hackers target security experts again (lien direct) | Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The cyberspies used fake Twitter and LinkedIn social media accounts to get in contact with the victims. Experts identified two accounts impersonating recruiters for antivirus and security companies. Social media profiles were quickly removed after Google […] | Threat | ||
|
2021-03-31 20:03:55 | President Biden extended Executive Order 13694 regarding cyberattack sanctions (lien direct) | President Joe Biden has extended Executive Order 13694, issued in 2015 by President Obama, regarding sanctions issued in response to cyberattacks. President Joe Biden this week has extended Executive Order 13694 regarding sanctions issued in response to cyberattacks. Executive Order 13694 was issued by President Barack Obama in 2015, it allows the government to block […] | |||
|
2021-03-31 15:17:15 | 5-star customer service: fraudsters launch massive campaign against Indonesia\'s major banks on Twitter (lien direct) | Experts warn that cybercriminals are targeting Indonesia's major banks posing as bank representatives or customer support team members on Twitter. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, warns of an ongoing fraudulent campaign targeting Indonesia's largest banks that cybercriminals run on social media with the ultimate goal of stealing bank customers' money. […] | Threat | ||
|
2021-03-31 14:48:52 | (Déjà vu) Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape (lien direct) | Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000. Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability (CVE-2021-21194) affecting the Chrome web browser. The tech giant awarded the researchers Leecraso and Guang Gong from the 360 Alpha […] | Vulnerability | ||
|
2021-03-31 09:28:27 | Email accounts of DHS members were compromised in the SolarWinds hack (lien direct) | Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack. Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack. “Suspected Russian hackers gained access to email accounts belonging to the […] | Hack | ||
|
2021-03-31 08:00:44 | IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions (lien direct) | IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […] | |||
|
2021-03-30 19:59:37 | VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials (lien direct) | VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […] | Threat | ||
|
2021-03-30 15:30:14 | Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites (lien direct) | Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions […] | Vulnerability Threat | ||
|
2021-03-30 14:28:13 | (Déjà vu) Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations (lien direct) | Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White […] | |||
|
2021-03-30 11:16:20 | Hundreds of thousands of projects affected by a flaw in netmask npm package (lien direct) | A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of attacks. A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could expose private networks to multiple attacks. The flaw is caused by the improper input validation of octal strings in netmask npm package, it […] | Vulnerability | ||
|
2021-03-30 07:57:31 | 30 Docker images downloaded 20M times in cryptojacking attacks (lien direct) | Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining […] | |||
|
2021-03-29 19:56:31 | London-based academies Harris Federation hit by ransomware attack (lien direct) | Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware attack. A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday, March 27. Harris Federation is a multi-academy trust of 50 primary and secondary academies in and around London […] | Ransomware | ||
|
2021-03-29 17:54:29 | China-linked RedEcho APT took down part of its C2 domains (lien direct) | China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by security researchers. China-linked APT group RedEcho has taken down its attack infrastructure after security experts have exposed it. At the end of February, experts at Recorded Future have uncovered a suspected Chinese APT actor targeting […] | |||
|
2021-03-29 14:22:36 | Hackers breached the PHP \'s Git Server and inserted a backdoor in the source code (lien direct) | Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. On March 28, the attackers pushed two […] | |||
|
2021-03-29 08:32:59 | Ziggy ransomware admin announced it will refund victims who paid the ransom (lien direct) | Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have back their money. In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation now is promising that they will give back their money. Ziggy ransomware ceased the […] | Ransomware | ||
|
2021-03-29 06:52:58 | New Purple Fox version includes Rootkit and implements wormable propagation (lien direct) | Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers from Guardicore have discovered a new version of the Purple Fox Windows malware that implements worm-like propagation capabilities.Up until recently, Purple Fox's operators infected machines by using exploit kits and phishing emails. Previous versions of […] | Malware | ||
|
2021-03-28 20:56:24 | Experts found two flaws in Facebook for WordPress Plugin (lien direct) | A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers at Wordfence have discovered two vulnerabilities in the Facebook for WordPress plugin, which has more than 500,000 active installations. The plugin allows administrators to capture the actions people take while interacting with their page, such […] | |||
|
2021-03-28 16:01:16 | Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation? (lien direct) | A cyber attack has disrupted the Australian Channel Nine’s live broadcasts, the company was unable to transmit its Sunday morning news program. A cyber attack has hit the Australian Channel Nine’s live broadcasts causing the disruption of its operations. The broadcaster was unable to air its Sunday morning news program, which runs from 7:00 am to 1:00 […] | |||
|
2021-03-28 09:53:41 | Security Affairs newsletter Round 307 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. CISA releases CHIRP, a tool to detect SolarWinds malicious activity Microsoft Defender can now protect servers against ProxyLogon […] | Tool | ||
|
2021-03-28 08:55:19 | US Gov Executive Order would oblige to disclose security breach impacting gov users (lien direct) | According to a proposed executive order of the Biden administration, software vendors would have to disclose breaches to U.S. government users. The Reuters agency revealed that an executive order proposed by the Biden administration will oblige software vendors to notify their federal government customers in case they will suffer a security breach. The executive order […] | |||
|
2021-03-27 20:43:09 | Clop Ransomware gang now contacts victims\' customers to force victims into pay a ransom (lien direct) | Clop ransomware operators now email victim’s customers and ask them to demand a ransom payment to protect their privacy to force victims into paying the ransom. Clop ransomware operators are switching to a new tactic to force victims into paying the ransom by emailing their customers and asking them to demand a ransom payment to […] | Ransomware | ||
|
2021-03-27 17:32:20 | Experts spotted a new advanced Android spyware posing as “System Update” (lien direct) | Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware that masquerades itself as a System Update application. The malware is able to collect system data, messages, images and take over the infected Android […] | Malware | ||
|
2021-03-27 10:25:23 | (Déjà vu) Apple released out-of-band updates for a new Zero‑Day actively exploited (lien direct) | Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively exploited. Apple has released a new set of out-of-band patches for iOS, iPadOS, macOS and watchOS to address a critical zero-day vulnerability, tracked as CVE-2021-1879, that is being actively exploited in the wild. The vulnerability resides […] | Vulnerability | ||
|
2021-03-26 22:15:44 | German Parliament Bundestag targeted again by Russia-linked hackers (lien direct) | Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […] | Threat | ||
|
2021-03-26 18:37:31 | Hades ransomware gang targets big organizations in the US (lien direct) | Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. Experts discovered that threat actors targeted […] | Ransomware Threat | ||
|
2021-03-26 14:35:18 | Solarwinds Orion Platform updates fix two remote code execution issues (lien direct) | Solarwinds released security updates that address multiple vulnerabilities, including two flaws that be exploited by attackers for remote code execution. Solarwinds has released a major security update to address multiple security vulnerabilities affecting the Orion Platform, the one that was involved in the Solarwinds supply chain attack. The software vendors released the Orion Platform version 2020.2.5 […] | ★★ | ||
|
2021-03-26 08:17:18 | FBI published a flash alert on Mamba Ransomware attacks (lien direct) | The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives. […] | Ransomware Tool | ||
|
2021-03-25 21:57:01 | OpenSSL Project released 1.1.1k version to fix two High-severity flaws (lien direct) | The OpenSSL Project addresses two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can trigger a DoS condition. The OpenSSL Project this week released version 1.1.1k to address two high-severity vulnerabilities, respectively tracked as CVE-2021-3450 and CVE-2021-3449. The CVE-2021-3449 vulnerability could be exploited to trigger a DoS condition by sending a […] | |||
|
2021-03-25 18:03:48 | 62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered (lien direct) | The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. A number of entities in the US and worldwide remain vulnerable to software bugs that were reported by Microsoft weeks ago. The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. The vulnerability is still being actively exploited, most famously by […] | Vulnerability | ||
|
2021-03-25 17:04:26 | Facebook took action against China-linked APT targeting Uyghur activists (lien direct) | Facebook has closed accounts used by a China-linked APT to distribute malware to spy on Uyghurs activists, journalists, and dissidents living outside China. Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living […] | Malware | ||
|
2021-03-25 15:15:53 | The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web (lien direct) | Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web. While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark Web started offering fake COVID-19 test results and vaccination certificates. Multiple research teams, including mine, are monitoring these […] | Threat | ||
|
2021-03-25 13:38:55 | 30 million Americans affected by the Astoria Company data breach (lien direct) | Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even […] | Data Breach Guideline | ||
|
2021-03-24 23:03:44 | Cisco Jabber for Windows, macOS, Android and iOS is affected by a critical issue (lien direct) | Cisco has addressed a critical arbitrary program execution flaw in its Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco has addressed a critical arbitrary program execution issue, tracked as CVE-2021-1411, that affects several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber delivers instant messaging, voice and video […] | |||
|
2021-03-24 14:52:08 | Billions of FBS Records Exposed in Online Trading Broker Data Leak (lien direct) | Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS' websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to […] | |||
|
2021-03-24 13:37:27 | Black Kingdom ransomware is targeting Microsoft Exchange servers (lien direct) | Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. Last crew […] | Ransomware Threat | ||
|
2021-03-24 09:16:08 | A day before elections, hackers leaked details of millions of Israeli voters (lien direct) | Hackers have exposed personal and voter registration details of over 6.5 million Israeli voters, less than 24 hours before the election. A few hours before the election in Israel, hackers exposed the voter registration and personal details of millions of citizens. The source of the data seems to be the app Elector developed by the […] |
To see everything:
Our RSS (filtrered)
