What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-03 23:10:00 | Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers (lien direct) | A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black | Ransomware Threat | ||
|
2022-11-03 15:51:00 | OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa (lien direct) | A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as | Threat | ||
|
2022-11-02 15:09:00 | Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App (lien direct) | A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group. "SandStrike is distributed as a means to access resources about the Bahá'í religion | Threat | ||
|
2022-11-02 12:40:00 | Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories (lien direct) | File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the | Threat | ||
|
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-10-31 19:58:00 | Fodcha DDoS Botnet Resurfaces with New Capabilities (lien direct) | The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to | Threat | ||
|
2022-10-29 15:55:00 | Twilio Reveals Another Breach from the Same Hackers Behind the August Hack (lien direct) | Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in | Hack Threat | ||
|
2022-10-28 15:48:00 | Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints (lien direct) | The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC | Malware Threat | ||
|
2022-10-27 19:49:00 | Researchers Expose Over 80 ShadowPad Malware C2 Servers (lien direct) | As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular | Malware Threat | ||
|
2022-10-26 19:07:00 | Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (lien direct) | The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on | Threat | ||
|
2022-10-26 13:43:00 | Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector (lien direct) | A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using | Ransomware Threat | ||
|
2022-10-25 19:28:00 | Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (lien direct) | The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises | Ransomware Threat | ||
|
2022-10-25 17:03:00 | Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards (lien direct) | Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at | Malware Threat | ||
|
2022-10-20 17:03:00 | Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens (lien direct) | The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said | Malware Threat | ||
|
2022-10-20 14:09:00 | New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft (lien direct) | The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor | Ransomware Malware Threat | ||
|
2022-10-19 18:03:00 | Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware (lien direct) | An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of | Malware Threat | ||
|
2022-10-19 15:39:00 | Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update (lien direct) | Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at | Tool Threat | ||
|
2022-10-18 15:41:00 | Chinese \'Spyder Loader\' Malware Spotted Targeting Organizations in Hong Kong (lien direct) | The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly | Malware Threat Guideline | APT 41 | |
|
2022-10-17 18:24:00 | Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4 (lien direct) | The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The | Ransomware Threat | ||
|
2022-10-17 15:50:00 | Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter (lien direct) | Don't let the ongoing “crypto winter” lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use | Threat | ||
|
2022-10-14 18:57:00 | (Déjà vu) New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos (lien direct) | Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all | Threat | ||
|
2022-10-14 15:31:00 | How To Build a Career as a Freelance Cybersecurity Analyst - From Scratch (lien direct) | With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide - and that number is still growing. The situation means that | Threat | ||
|
2022-10-13 17:30:00 | New Timing Attack Against NPM Registry API Could Expose Private Packages (lien direct) | A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them," | Threat | ||
|
2022-10-13 15:38:00 | Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization (lien direct) | An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other intrusions mounted over the past six months were directed against | Threat | APT 27 | |
|
2022-10-13 12:48:00 | Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers (lien direct) | A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity | Threat | ||
|
2022-10-11 16:58:00 | Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox (lien direct) | A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The | Threat | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-07 18:29:00 | LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data (lien direct) | Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with | Threat | ||
|
2022-10-07 12:22:00 | BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions (lien direct) | In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical | Ransomware Threat | ||
|
2022-10-06 18:27:00 | Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals (lien direct) | The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding | Malware Threat | ||
|
2022-10-05 13:42:00 | Want More Secure Software? Start Recognizing Security-Skilled Developers (lien direct) | Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable “digital gold”. Attackers are constantly | Threat | ||
|
2022-10-03 20:05:00 | Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack (lien direct) | A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the | Malware Threat | ||
|
2022-10-03 18:26:00 | Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers (lien direct) | The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor Dragonfly, which is also known as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). "Emperor Dragonfly | Ransomware Threat | ||
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-09-30 20:12:00 | New Malware Families Found Targeting VMware ESXi Hypervisors (lien direct) | Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access | Malware Threat | ||
|
2022-09-30 17:22:00 | Cyber Attacks Against Middle East Governments Hide Malware in Windows logo (lien direct) | An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 | Malware Threat | ||
|
2022-09-30 15:32:00 | North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks (lien direct) | A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is | Threat Medical | APT 38 | |
|
2022-09-29 19:45:00 | Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware (lien direct) | A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep | Malware Threat | ||
|
2022-09-29 15:42:00 | Swachh City Platform Suffers Data Breach Leaking 16 Million User Records (lien direct) | A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK | Data Breach Threat | ||
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-09-26 20:03:00 | Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (lien direct) | At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn | Threat | ||
|
2022-09-26 17:44:00 | Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor (lien direct) | A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan | Threat | ||
|
2022-09-23 18:55:00 | Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities (lien direct) | A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security | Threat | ||
|
2022-09-23 10:44:00 | Hackers Using Malicious OAuth Apps to Take Over Email Servers (lien direct) | Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain | Threat | ★★ | |
|
2022-09-22 22:33:00 | Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs (lien direct) | A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were | Threat | ||
|
2022-09-22 20:31:00 | Malicious NPM Package Caught Mimicking Material Tailwind CSS Package (lien direct) | A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an "easy to use components library for Tailwind CSS and Material Design." "The | Threat | ||
|
2022-09-21 16:24:00 | U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List (lien direct) | The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could | Threat | ||
|
2022-09-21 10:50:00 | Product Review: Stellar Cyber Open XDR Platform (lien direct) | Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. Stellar Cyber delivers an Open XDR solution that allows organizations to use | Threat | ||
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat |
To see everything:
Our RSS (filtrered)
