Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-14 14:04:10 |
(Déjà vu) White House reminds tech giants open source is a national security issue (lien direct) |
The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks. [...] |
Threat
|
|
|
|
2022-01-13 15:14:32 |
BlueNoroff hackers steal crypto using fake MetaMask extension (lien direct) |
The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. [...] |
Threat
|
|
|
|
2022-01-13 13:08:36 |
Microsoft Defender weakness lets hackers bypass malware detection (lien direct) |
Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. [...] |
Threat
Malware
|
|
|
|
2022-01-12 11:36:26 |
TellYouThePass ransomware returns as a cross-platform Golang threat (lien direct) |
TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target major platforms beyond Windows, like macOS and Linux. [...] |
Threat
Ransomware
|
|
|
|
2022-01-10 12:39:58 |
Microsoft: powerdir bug gives access to protected macOS user data (lien direct) |
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data. [...] |
Threat
Vulnerability
|
|
|
|
2022-01-07 09:29:26 |
NHS warns of hackers exploiting Log4Shell in VMware Horizon (lien direct) |
UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. [...] |
Threat
|
|
|
|
2022-01-06 09:00:00 |
Google Docs commenting feature exploited for spear-phishing (lien direct) |
A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. [...] |
Threat
|
|
|
|
2021-12-23 12:47:14 |
AvosLocker ransomware reboots in Safe Mode to bypass security tools (lien direct) |
Recent AvosLocker ransomware attacks are characterized by a focus on disabling endpoint security solutions that stand in the way of threat actors. [...] |
Threat
Ransomware
|
|
|
|
2021-12-21 17:37:20 |
PYSA ransomware behind most double extortion attacks in November (lien direct) |
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. [...] |
Threat
Ransomware
Tool
|
|
|
|
2021-12-20 11:33:11 |
Log4j vulnerability now used to install Dridex banking malware (lien direct) |
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. [...] |
Threat
Malware
Vulnerability
|
|
|
|
2021-12-20 06:00:00 |
Phishing attacks impersonate Pfizer in fake requests for quotation (lien direct) |
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. [...] |
Threat
|
|
|
|
2021-12-17 18:37:23 |
The Week in Ransomware - December 17th 2021 - Enter Log4j (lien direct) |
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks. [...] |
Threat
Ransomware
Vulnerability
|
|
|
|
2021-12-17 15:25:06 |
TellYouThePass ransomware revived in Linux, Windows Log4j attacks (lien direct) |
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library. [...] |
Threat
Ransomware
|
|
|
|
2021-12-17 14:06:08 |
Credit card info of 1.8 million people stolen from sports gear sites (lien direct) |
Four affiliated online sports gear sites have disclosed a cyberattack where threat actors stole credit cards for 1,813,224 customers. [...] |
Threat
|
|
|
|
2021-12-17 13:32:30 |
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM (lien direct) |
CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information. [...] |
Threat
Vulnerability
|
|
|
|
2021-12-16 16:12:45 |
Log4j attackers switch to injecting Monero miners via RMI (lien direct) |
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success. [...] |
Threat
Vulnerability
|
|
|
|
2021-12-16 13:39:13 |
Google Calendar now lets you block invitation phishing attempts (lien direct) |
Google now makes it easy to block unwanted calendar invitations, commonly used by threat actors in phishing and malicious campaigns, from being added to your Google Calendar. [...] |
Threat
|
|
|
|
2021-12-15 12:32:55 |
State-sponsored hackers abuse Slack API to steal airline data (lien direct) |
A suspected Iranian state-supported threat actor is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications. [...] |
Threat
|
|
|
|
2021-12-15 10:28:32 |
Sites hacked with credit card stealers undetected for months (lien direct) |
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers. [...] |
Threat
|
|
|
|
2021-12-14 12:16:08 |
Hackers steal Microsoft Exchange credentials using IIS module (lien direct) |
Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. [...] |
Threat
|
|
|
|
2021-12-12 18:07:20 |
Hackers start pushing malware in worldwide Log4Shell attacks (lien direct) |
Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability. [...] |
Threat
Malware
Vulnerability
|
|
|
|
2021-12-07 18:21:46 |
Emotet now drops Cobalt Strike, fast forwards ransomware attacks (lien direct) |
In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent. [...] |
Threat
Ransomware
Malware
|
|
|
|
2021-12-04 12:06:12 |
Malicious KMSPico installers steal your cryptocurrency wallets (lien direct) |
Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. [...] |
Threat
Malware
|
|
|
|
2021-12-03 12:40:10 |
Fake support agents call victims to install Android banking malware (lien direct) |
The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. [...] |
Threat
Malware
|
|
|
|
2021-11-29 09:40:21 |
Panasonic discloses data breach after network hack (lien direct) |
Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month. [...] |
Threat
Data Breach
Hack
|
|
|
|
2021-11-26 15:41:42 |
IKEA email systems hit by ongoing cyberattack (lien direct) |
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. [...] |
Threat
|
|
|
|
2021-11-24 13:42:37 |
Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds (lien direct) |
A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs. [...] |
Threat
|
|
|
|
2021-11-23 16:35:51 |
Threat actors find and compromise exposed services in 24 hours (lien direct) |
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. [...] |
Threat
|
|
|
|
2021-11-20 12:55:47 |
Microsoft Exchange servers hacked in internal reply-chain attacks (lien direct) |
Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. [...] |
Threat
Malware
|
|
|
|
2021-11-18 09:47:45 |
North Korean cyberspies target govt officials with custom malware (lien direct) |
A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. [...] |
Threat
Malware
|
|
|
|
2021-11-18 08:46:51 |
FBI warns of APT group exploiting FatPipe VPN zero-day since May (lien direct) |
The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets' networks. [...] |
Threat
|
|
|
|
2021-11-17 03:33:33 |
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service (lien direct) |
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. [...] |
Threat
Vulnerability
|
|
|
|
2021-11-16 13:11:31 |
Microsoft warns of the evolution of six Iranian hacking groups (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks. [...] |
Threat
|
|
|
|
2021-11-12 12:14:17 |
FTC shares ransomware defense tips for small US businesses (lien direct) |
The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology. [...] |
Threat
Ransomware
|
|
|
|
2021-11-12 11:04:02 |
These are the top-level domains threat actors like the most (lien direct) |
Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites. [...] |
Threat
|
|
|
|
2021-11-10 17:19:06 |
HPE says hackers breached Aruba Central using stolen access key (lien direct) |
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations. [...] |
Threat
|
|
|
|
2021-11-10 16:30:44 |
FBI warns of Iranian hackers looking to buy US orgs\' stolen data (lien direct) |
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. [...] |
Threat
|
|
|
|
2021-11-10 10:52:26 |
TrickBot teams up with Shatak phishers for Conti ransomware attacks (lien direct) |
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems. [...] |
Threat
Ransomware
|
|
|
|
2021-11-10 10:36:47 |
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait (lien direct) |
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. [...] |
Threat
Vulnerability
|
|
|
|
2021-11-08 16:40:29 |
Robinhood discloses data breach impacting 7 million customers (lien direct) |
Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers. [...] |
Threat
Data Breach
|
|
|
|
2021-11-05 10:59:33 |
US defense contractor Electronic Warfare hit by data breach (lien direct) |
US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information. [...] |
Threat
Data Breach
|
|
|
|
2021-11-04 12:39:34 |
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware (lien direct) |
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware. [...] |
Threat
Ransomware
|
|
|
|
2021-11-01 13:25:00 |
Kaspersky\'s stolen Amazon SES token used in Office 365 phishing (lien direct) |
Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. [...] |
Threat
|
|
|
|
2021-10-26 15:45:30 |
Spammers use Squirrelwaffle malware to drop Cobalt Strike (lien direct) |
A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. [...] |
Threat
Malware
|
|
|
|
2021-10-20 12:59:16 |
Political-themed actor using old MS Office flaw to drop multiple RATs (lien direct) |
A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. [...] |
Threat
|
|
|
|
2021-10-19 12:40:15 |
Acer hacked twice in a week by the same threat actor (lien direct) |
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...] |
Threat
|
|
|
|
2021-10-19 09:00:00 |
FBI warns of fake govt sites used to steal financial, personal data (lien direct) |
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. [...] |
Threat
|
|
|
|
2021-10-19 08:00:00 |
New Karma ransomware group likely a Nemty rebrand (lien direct) |
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...] |
Threat
Ransomware
|
|
|
|
2021-10-19 05:12:07 |
(Déjà vu) Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability (lien direct) |
Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments. [...] |
Threat
Vulnerability
|
|
|
|
2021-10-19 05:12:07 |
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code (lien direct) |
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments. [...] |
Threat
Vulnerability
|
|
|