What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 01:58:23 | SolarWinds Hack - New Evidence Suggests Potential Links to Chinese Hackers (lien direct) | A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group.
In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral.
Back on December 22, 2020, Microsoft disclosed that a second |
Hack Threat | ★★★★★ | |
|
2021-03-08 22:51:24 | Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices (lien direct) | Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability |
Vulnerability Threat | ||
|
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-02 23:56:35 | URGENT - 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange (lien direct) | Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access |
Threat | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-02-24 08:04:41 | Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (lien direct) | With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.
Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without |
Threat | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-24 04:32:23 | Everything You Need to Know About Evolving Threat of Ransomware (lien direct) | The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal-most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.
Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and |
Ransomware Threat | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-17 05:29:09 | Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping (lien direct) | A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls.
That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and |
Vulnerability Threat | ||
|
2021-02-15 22:00:16 | Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities (lien direct) | Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.
The intrusion campaign - which breached "several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French |
Hack Tool Threat | ||
|
2021-02-10 23:43:10 | Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies (lien direct) | UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch |
Tool Threat | ||
|
2021-02-08 03:28:42 | Detailed: Here\'s How Iran Spies on Dissidents with the Help of Hackers (lien direct) | Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives.
Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten ( |
Threat | ||
|
2021-02-04 02:48:55 | Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices (lien direct) | A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks.
Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare |
Malware Threat | ||
|
2021-02-04 02:20:16 | Why Human Error is #1 Cyber Security Threat to Businesses in 2021 (lien direct) | Phishing and Malware
Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting |
Malware Threat | Wannacry Wannacry | |
|
2021-02-03 03:06:30 | Guide: How Security Consolidation Helps Small Cybersecurity Teams (lien direct) | The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions-from different vendors-creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones.
And yet, sophisticated attacks continue to bypass these advanced security |
Threat Guideline | ||
|
2021-02-01 03:15:16 | New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers (lien direct) | A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.
Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors |
Malware Threat | APT 32 | |
|
2021-01-28 02:26:43 | Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware (lien direct) | U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.
"We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom |
Ransomware Threat | ||
|
2021-01-25 21:10:52 | N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches (lien direct) | Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development.
The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, Twitter, LinkedIn |
Vulnerability Threat | ||
|
2021-01-21 03:59:10 | Here\'s How SolarWinds Hackers Stayed Undetected for Long Enough (lien direct) | Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history.
Calling the threat actor "skillful and methodic operators who follow |
Hack Threat | ||
|
2021-01-21 03:04:00 | Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet (lien direct) | A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees.
The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point |
Threat | ||
|
2021-01-19 03:05:29 | New Educational Video Series for CISOs with Small Security Teams (lien direct) | Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded.
Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities.
CISOs at SMEs are |
Threat | ||
|
2021-01-15 23:30:40 | NSA Suggests Enterprises Use \'Designated\' DNS-over-HTTPS\' Resolvers (lien direct) | The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) - if configured appropriately in enterprise environments - can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors.
"DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by |
Threat | ||
|
2021-01-15 03:31:43 | Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks (lien direct) | Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A |
Malware Threat Guideline | APT 41 | ★★★★★ |
|
2021-01-12 21:59:24 | Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365 (lien direct) | Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange.
The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate |
Threat | ||
|
2021-01-12 03:07:27 | Experts Sound Alarm On New Android Malware Sold On Hacking Forums (lien direct) | Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the |
Malware Threat | ||
|
2021-01-05 23:17:23 | FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack (lien direct) | The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month.
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and |
Threat | ||
|
2020-12-31 20:50:25 | (Déjà vu) Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code (lien direct) | Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.
The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.
"We detected |
Threat | ||
|
2020-12-29 00:38:45 | AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users (lien direct) | Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020.
Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, |
Threat | ||
|
2020-12-25 02:26:11 | Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers (lien direct) | New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email.
The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal |
Threat | ||
|
2020-12-23 23:24:40 | North Korean Hackers Trying to Steal COVID-19 Vaccine Research (lien direct) | Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting |
Threat Medical | APT 38 APT 28 | |
|
2020-12-22 01:50:07 | A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says (lien direct) | As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the |
Malware Threat | ||
|
2020-12-15 03:18:55 | Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices (lien direct) | A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers.
Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as |
Threat | ||
|
2020-12-10 23:42:22 | Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam (lien direct) | Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.
Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for |
Hack Threat | APT 32 | |
|
2020-12-09 07:11:49 | Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware (lien direct) | A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the |
Malware Threat | APT 28 | |
|
2020-12-09 01:09:50 | Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen (lien direct) | FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers.
The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI) |
Threat | ||
|
2020-12-07 21:44:01 | NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks (lien direct) | The US National Security Agency (NSA) on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data.
Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.
The development comes two weeks after the |
Malware Vulnerability Threat | ||
|
2020-12-07 06:57:40 | Iranian RANA Android Malware Also Spies On Instant Messengers (lien direct) | A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.
In September, the US Department of the Treasury |
Malware Threat | ||
|
2020-12-01 00:54:36 | Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners (lien direct) | A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research.
Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both |
Threat | ||
|
2020-12-01 00:24:40 | 4 Free Online Cyber Security Testing Tools For 2021 (lien direct) | Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning.
In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape.
Incomplete visibility of external Attack surfaces led to the dramatic |
Threat | ||
|
2020-11-24 06:56:39 | Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies (lien direct) | An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.
According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor |
Malware Threat | ||
|
2020-11-16 02:29:40 | Trojanized Security Software Hits South Korea Users in Supply-Chain Attack (lien direct) | Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems.
Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the |
Threat Medical | APT 38 | |
|
2020-11-13 00:17:13 | Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs (lien direct) | Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises (SMEs) with limited budgets and staff are significantly impacted.
On average, SMEs manage more than a |
Threat Guideline | ||
|
2020-11-09 23:35:03 | Watch Out! New Android Banking Trojan Steals From 112 Financial Apps (lien direct) | Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware.
According to Kaspersky's Global Research and Analysis Team (GReAT), the Brazil-based threat group Guildma |
Threat | ||
|
2020-11-05 02:19:16 | Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies (lien direct) | Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months.
According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an |
Hack Threat | ||
|
2020-11-05 00:35:31 | If You Don\'t Have A SASE Cloud Service, You Don\'t Have SASE At All (lien direct) | The Secure Access Service Edge (or SASE) has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform.The capabilities that SASE delivers aren't new and include SD-WAN, threat prevention, remote access, and others that were |
Threat | ||
|
2020-11-03 03:49:37 | New Kimsuky Module Makes North Korean Spyware More Powerful (lien direct) | A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities.
The APT - dubbed "Kimsuky" (aka Black Banshee or Thallium) and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, |
Threat Cloud | APT 37 | |
|
2020-10-23 03:50:27 | New Framework Released to Protect Machine Learning Systems From Adversarial Attacks (lien direct) | Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.
Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems.
Just |
Threat |
To see everything:
Our RSS (filtrered)
