What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-14 14:11:00 | Malware Attack on CircleCI Engineer\'s Laptop Leads to Recent Security Incident (lien direct) | DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus | Malware Threat | ★★★ | |
|
2023-01-14 13:41:00 | Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability (lien direct) | A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti (1.2.23 and 1.3.0). The issue in question relates to | Vulnerability | ★★★ | |
|
2023-01-14 10:31:00 | TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws (lien direct) | Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a | ★★★ | ||
|
2023-01-14 09:41:00 | Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers (lien direct) | Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious | ★★★★ | ||
|
2023-01-13 22:09:00 | Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (lien direct) | Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in | Malware | ★★★ | |
|
2023-01-13 16:56:00 | Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar (lien direct) | Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher | Malware Threat | ★★★ | |
|
2023-01-13 15:30:00 | Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023! (lien direct) | As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the new year by securing your business with Uptycs. Starting now, for just $1, you can get | ★★ | ||
|
2023-01-13 15:11:00 | FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations (lien direct) | A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The | Vulnerability | ★★★ | |
|
2023-01-12 20:16:00 | IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (lien direct) | A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in | Malware Threat | ★★ | |
|
2023-01-12 19:57:00 | Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover (lien direct) | Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6), with the low severity | ★★★ | ||
|
2023-01-12 15:12:00 | Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk (lien direct) | Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said. "Specifically, the browser did not properly check | Vulnerability | ★★ | |
|
2023-01-12 15:10:00 | Patch where it Hurts: Effective Vulnerability Management in 2023 (lien direct) | A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct | Vulnerability Patching | ★★★ | |
|
2023-01-12 12:51:00 | Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (lien direct) | Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company said in a statement. "The data | Vulnerability | ★★★ | |
|
2023-01-12 12:18:00 | Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability (lien direct) | Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control | Vulnerability | ★★★ | |
|
2023-01-11 23:05:00 | New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (lien direct) | A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance, | Malware Threat | ★★ | |
|
2023-01-11 19:54:00 | Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks (lien direct) | A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords | Malware | ★★ | |
|
2023-01-11 16:05:00 | Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99 (lien direct) | Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just $49.99. Yes, you heard me right. Instead of paying the full price of $ | ★★ | ||
|
2023-01-11 15:02:00 | Dark Pink APT Group Targets Governments and Military in APAC Region (lien direct) | Government and military organizations in the Asia Pacific region are being targeted by a previously unknown advanced persistent threat (APT) actor, per the latest research. Singapore-headquartered Group-IB, in a report shared with The Hacker News, said it's tracking the ongoing campaign under the name Dark Pink and attributed seven successful attacks to the adversarial collective between June | Threat | ★★★ | |
|
2023-01-11 11:02:00 | Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit (lien direct) | The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release | ★★★ | ||
|
2023-01-10 22:10:00 | (Déjà vu) StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users (lien direct) | The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report. "The app is | Malware Threat | ★ | |
|
2023-01-10 19:29:00 | Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App (lien direct) | A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, | Threat | ★★ | |
|
2023-01-10 18:24:00 | Italian Users Warned of Malware Attack Targeting Sensitive Information (lien direct) | A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a report. | Malware | ★★ | |
|
2023-01-10 14:24:00 | Critical Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects (lien direct) | A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh | Guideline | ★★ | |
|
2023-01-09 19:33:00 | Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL (lien direct) | The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week. Kinsing has a storied history of | Threat | Uber | ★★★ |
|
2023-01-09 19:07:00 | New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (lien direct) | A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. "To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely Text-to-SQL)," Xutan Peng, a | ★★★ | ||
|
2023-01-09 18:27:00 | Why Do User Permissions Matter for SaaS Security? (lien direct) | Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp's customers' end users. Three months later, Mailchimp was hit with another attack. Once again, an | Threat | ★★★ | |
|
2023-01-09 16:00:00 | Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands (lien direct) | Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in | ★★ | ||
|
2023-01-09 14:17:00 | Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls (lien direct) | In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. The malicious code, as is increasingly | ★★★ | ||
|
2023-01-09 13:26:00 | Top SaaS Cybersecurity Threats in 2023: Are You Ready? (lien direct) | Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 - Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some of | ★★★ | ||
|
2023-01-09 12:51:00 | Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions (lien direct) | A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay Goldman said in a report published last week. VS Code extensions, | ★★★ | ||
|
2023-01-08 11:45:00 | Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors (lien direct) | The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called | Malware | ★★★★★ | |
|
2023-01-06 23:12:00 | Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub (lien direct) | A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 | Threat | ★★★ | |
|
2023-01-06 19:45:00 | Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS (lien direct) | Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these | Ransomware Malware Threat | ★★★ | |
|
2023-01-06 19:16:00 | Dridex Malware Now Attacking macOS Systems with Novel Infection Method (lien direct) | A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel | Malware Prediction | ★★★ | |
|
2023-01-06 14:31:00 | Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach (lien direct) | Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based | Ransomware | ★★ | |
|
2023-01-06 14:00:00 | WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship (lien direct) | Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the | ★★ | ||
|
2023-01-05 20:25:00 | Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (lien direct) | A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the | Threat | APT-C-36 | ★★★ |
|
2023-01-05 18:04:00 | Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations (lien direct) | A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a | Malware | ★★ | |
|
2023-01-05 16:35:00 | SpyNote Strikes Again: Android Spyware Targeting Financial Institutions (lien direct) | Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric said in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the | Malware | ★★ | |
|
2023-01-05 16:21:00 | Mitigate the LastPass Attack Surface in Your Environment with this Free Tool (lien direct) | The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there | Tool | LastPass | ★★★ |
|
2023-01-05 14:42:00 | CircleCI Urges Customers to Rotate Secrets Following Security Incident (lien direct) | DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI," | ★★ | ||
|
2023-01-05 14:18:00 | The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (lien direct) | The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a | ★★★ | ||
|
2023-01-05 13:22:00 | Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (lien direct) | Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP | Vulnerability Guideline | ★★★ | |
|
2023-01-05 10:03:00 | Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads (lien direct) | The Irish Data Protection Commission (DPC) has fined Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection | ★★★★ | ||
|
2023-01-04 16:17:00 | Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws (lien direct) | Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of | ★★★★ | ||
|
2023-01-04 15:54:00 | The FBI\'s Perspective on Ransomware (lien direct) | Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, | Ransomware Threat Medical | ★★★ | |
|
2023-01-04 14:02:00 | New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner (lien direct) | A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC) said in a report published | Malware | ★★ | |
|
2023-01-04 09:58:00 | Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (lien direct) | Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the | Vulnerability | ★★★ | |
|
2023-01-03 19:39:00 | Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust (lien direct) | Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an organization. Most organizations exclusively use enforcement-based security controls, usually carried | ★★★ | ||
|
2023-01-03 17:02:00 | Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (lien direct) | A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery | Malware | ★★★ |
To see everything:
Our RSS (filtrered)
