What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-02 14:51:15 | Anonymous and its affiliates continue to cause damage to Russia (lien direct) | The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours, in addition to government sites, the sites of the country’s main banks have been brought to their knees. News of alleged […] | |||
|
2022-03-02 09:27:19 | Ukrainian researcher leaked the source code of Conti Ransomware (lien direct) | A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels. Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group. Clearly, the […] | Ransomware | ||
|
2022-03-01 23:14:26 | IsaacWiper, the third wiper spotted since the beginning of the Russian invasion (lien direct) | IsaacWiper, a new data wiper was used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. ESET researchers uncovered a new data wiper, tracked as IsaacWiper, that was used against an unnamed Ukrainian government network after Russia’s invasion of Ukraine. The wiper was first spotted on February 24 within an organization that was […] | |||
|
2022-03-01 15:24:35 | China-linked APT used Daxin, one of the most sophisticated backdoor even seen (lien direct) | Daxin is the most advanced backdoor in the arsenal of China-linked threat actors designed to avoid the detection of sophisticated defense systems. Symantec researchers discovered a highly sophisticated backdoor, named Daxin, which is being used by China-linked threat actors to avoid advanced threat detection capabilities. The malicious code was likely designed for long-running espionage campaigns […] | Threat | ||
|
2022-03-01 09:28:30 | CISA and FBI warn of potential data wiping attacks spillover (lien direct) | US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide. […] | |||
|
2022-03-01 00:12:28 | FoxBlade malware targeted Ukrainian networks hours before Russia\'s invasion (lien direct) | Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. […] | Malware Threat | ||
|
2022-02-28 21:50:52 | Anonymous hit Russian Nuclear Institute and leak stolen data (lien direct) | Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks […] | |||
|
2022-02-28 19:23:13 | Toyota Motors halted production due to a cyber attack on a supplier (lien direct) | Japanese carmaker Toyota Motors was forced to stop car production due to a cyberattack against one of its suppliers. Japanese carmaker Toyota Motors was forced to halt its production due to a cyber attack that suffered by one of its suppliers, Kojima Industries. “It is true that we have been hit by some kind of […] | |||
|
2022-02-28 14:35:52 | Researcher leaked Conti\'s internal chat messages in response to its support to Russia (lien direct) | A Ukrainian researcher leaked tens of thousands of internal chat messages belonging to the Conti ransomware operation. A Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. Researchers from cybersecurity firm Hold Security confirmed that the researcher was able to access […] | Ransomware | ||
|
2022-02-28 11:32:22 | Security Affairs newsletter Round 355 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Anonymous breached the internal network of Belarusian railways Feb 7- Feb 27 Ukraine – […] | |||
|
2022-02-28 10:29:00 | Iran-linked UNC3313 APT employed two custom backdoors against a Middle East gov entity (lien direct) | An Iran-linked threat actor, tracked as UNC3313, was observed using two custom backdoor against an unnamed Middle East government entity. UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom […] | Threat | ||
|
2022-02-27 23:13:49 | Anonymous breached the internal network of Belarusian railways (lien direct) | The Anonymous hacker collective claims to have breached the Belarusian Railway’s data-processing network. The Anonymous collective announced that the internal network of Belarusian railways has been compromised, the group claims to have blocked all services and will deactivate them until Russian troops will leave the territory of Belarus. Purpose of attack – to disrupt the […] | |||
|
2022-02-27 14:03:20 | Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of Russia – Ukraine cyber dispute February 27 – Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list Ukraine is recruiting a volunteer IT army […] | |||
|
2022-02-27 13:05:35 | Ukraine: Volunteer IT Army is going to hit tens of Russian targets from this list (lien direct) | Ukraine is recruiting a volunteer IT army composed of white hat hackers to launch attacks on a list of Russian entities. Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian entities. The list is composed of 31 targets including Russian critical […] | |||
|
2022-02-27 09:45:09 | Chipmaker giant Nvidia hit by a ransomware attack (lien direct) | The chipmaker giant Nvidia was the victim of a ransomware attack that took down some of its systems for two days. The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for teo days. The security breach is not connected to the ongoing crisis in Ukraine, according to a […] | Ransomware | ||
|
2022-02-26 18:44:00 | Fileless SockDetour backdoor targets U.S.-based defense contractors (lien direct) | Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have analyzed a previously undocumented and custom backdoor tracked as SockDetour that targeted U.S.-based defense contractors. According to the experts, the SockDetour backdoor has been in the wild since at least July 2019. Unit 42 attributes […] | Malware | ||
|
2022-02-26 12:47:33 | Russia restricts Twitter in the country amid conflict with Ukraine (lien direct) | Global internet monitor working group NetBlocks reported that Twitter has been restricted in Russia amid conflict with Ukraine. Global internet monitor working organization NetBlocks shared its metrics confirming the restriction of Twitter in Russia from early morning amid conflict with Ukraine. Multiple local providers (Rostelecom, MTS, Beeline and MegaFon) were blocking access to the popular […] | |||
|
2022-02-26 11:43:04 | Anonymous hacked the Russian Defense Ministry and is targeting Russian companies (lien direct) | Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion. A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and […] | |||
|
2022-02-26 10:45:40 | UK\'s NHS Digital warns of an RCE in Okta Advanced Server Access client (lien direct) | The UK’s NHS Digital agency warns of an RCE in the Windows client for the Okta Advanced Server Access authentication management platform. The UK’s NHS Digital agency published a security advisory to warn organizations of a remote code execution flaw, tracked as CVE-2022-24295, impacting the Windows client for the Okta Advanced Server Access authentication management […] | |||
|
2022-02-25 20:33:55 | Ukraine calls on independent hackers to defend against Russia, Russian underground responds (lien direct) | While Ukraine calls for hacker underground to defend against Russia, ransomware gangs make their moves. Ukraine’s government is asking for volunteers from the hacker underground to provide their support in protecting critical infrastructure and carry out offensive operations against Russian state-sponsored hackers, reported Reuters which cited two e experts involved in the project. The call […] | Ransomware | ||
|
2022-02-25 15:57:33 | Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing (lien direct) | The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In […] | |||
|
2022-02-25 15:04:16 | Anonymous launched its offensive on Russia in response to the invasion of Ukraine (lien direct) | The popular collective Anonymous declared war on Russia for the illegitimate invasion of Ukraine and announced a series of cyber attacks calling to action its members The Anonymous collective is calling to action against Russia following the illegitimate invasion of Ukraine. The famous groups of hackivists is also calling for action Russian citizens inviting them […] | |||
|
2022-02-25 06:20:44 | US and UK details a new Python backdoor used by MuddyWater APT group (lien direct) | US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group […] | Malware | ||
|
2022-02-24 21:53:39 | CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due […] | Tool Vulnerability Threat | ||
|
2022-02-24 19:28:49 | Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy (lien direct) | Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. Yesterday, researchers from cybersecurity firms ESET and Broadcom's Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company's telemetry shows […] | Ransomware Malware | ||
|
2022-02-24 15:55:50 | (Déjà vu) Deadbolt Ransomware targets Asustor and QNap NAS Devices (lien direct) | Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the […] | Ransomware | ||
|
2022-02-24 11:54:24 | New Wiper Malware HermeticWiper targets Ukrainian systems (lien direct) | Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. The threat of hybrid warfare is reality, Russia-linked APT group have supported the operations of the Russian army while preparing for the invasion. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in […] | Malware Threat | ★★★★★ | |
|
2022-02-24 05:31:35 | US and UK link new Cyclops Blink malware to Russian state hackers (lien direct) | UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the […] | Malware | ||
|
2022-02-23 20:33:13 | Researchers shared technical details of NSA Equation Group\'s Bvp47 backdoor (lien direct) | Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. Researchers from The China’s Pangu Lab have disclosed details of a Linux top-tier APT backdoor, tracked as Bvp47, which is associated with the U.S. National Security Agency (NSA) Equation Group. The name “Bvp47” comes form numerous references to […] | |||
|
2022-02-23 15:57:05 | Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? (lien direct) | The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. Experts from Sophos analyzed the code of Entropy ransomware employed in two distinct attacks. “A pair of incidents at different organizations in which attackers deployed a […] | Ransomware | ||
|
2022-02-23 11:07:11 | Horde Webmail Software is affected by a dangerous bug since 2012 (lien direct) | Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment. Horde Webmail is a free, enterprise-ready, and […] | Vulnerability | ||
|
2022-02-23 08:06:39 | Iranian Broadcaster IRIB hit by wiper malware (lien direct) | Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files […] | Malware | ||
|
2022-02-22 20:46:50 | Threat actors target poorly protected Microsoft SQL Server installs (lien direct) | Threat actors install Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve a foothold in the target network. Researchers from Ahn Lab’s ASEC spotted a new wave of attacks deploying Cobalt Strike beacons on vulnerable Microsoft SQL Server installs to achieve initial access to target networks and deploy malicious payloads. The threat actors behind […] | Threat | ||
|
2022-02-22 15:47:24 | Cookware giant Meyer Corporation discloses cyberattack (lien direct) | US cookware distributor giant Meyer Corporation discloses a data breach that affected thousands of its employees. Meyer Corporation, the second-largest cookware distributor globally, has disclosed a data breach that affects thousands of its employees. The attack took place on October 25, 2021, as reported by the data breach notification letter shared with the U.S. Attorney […] | Data Breach | ||
|
2022-02-22 15:15:03 | Police dismantled a gang that used phishing sites to steal credit cards (lien direct) | The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. The police arrested five that created and […] | |||
|
2022-02-22 13:20:44 | China-linked APT10 Target Taiwan\'s financial trading industry (lien direct) | China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targets Taiwan’s financial trading sector with a supply chain attack. The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported. The group (also known as Cicada, Stone Panda, MenuPass group, […] | APT 10 APT 10 | ||
|
2022-02-22 08:36:59 | A cyber attack heavily impacted operations of Expeditors International (lien direct) | American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend that paralyzed most of its operations worldwide. Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the […] | |||
|
2022-02-21 22:21:18 | Xenomorph Android banking trojan distributed via Google Play Store (lien direct) | Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph, distributed via the official Google Play Store that has over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information from […] | |||
|
2022-02-21 19:31:01 | How SMS PVA services could undermine SMS-based verification (lien direct) | Crooks abuse some SMS PVA services that allow their customers to create disposable user accounts to conduct malicious activities. While investigating SMS PVA services (phone-verified account services), Trend Micro researchers discovered a rogue platform using a botnet of thousands of Android devices used to carry out malicious activities. SMS PVA services provide alternative mobile numbers […] | |||
|
2022-02-21 08:16:50 | A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files (lien direct) | Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. The Hive ransomware operation has been active […] | Ransomware | ||
|
2022-02-21 07:58:51 | (Déjà vu) Threat Report Portugal: Q4 2021 (lien direct) | The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported […] | Threat | ||
|
2022-02-20 19:07:49 | BEC scammers impersonate CEOs on virtual meeting platforms (lien direct) | The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms. Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that […] | |||
|
2022-02-20 14:11:34 | Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users (lien direct) | Threat actors have stolen and flipped high-valued NFTs from the users of the world’s largest NFT exchange, OpenSea. The world’s largest NFT exchange, OpenSea on Sunday confirmed that tens of some of its users have been hit by a phishing attack and had lost valuable NFTs worth $1.7 million. The phishing attack was confirmed by […] | |||
|
2022-02-20 09:59:19 | Security Affairs newsletter Round 354 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. CISA compiled a list of free cybersecurity tools and services White House and UK […] | |||
|
2022-02-20 09:52:00 | Trickbot operation is now controlled by Conti ransomware (lien direct) | The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, which is planning to replace the popular banking Trojan with the stealthier BazarBackdoor. TrickBot is […] | Ransomware Malware | ||
|
2022-02-19 16:22:29 | (Déjà vu) CISA compiled a list of free cybersecurity tools and services (lien direct) | The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience. The […] | |||
|
2022-02-19 10:58:35 | White House and UK Gov attribute DDoS attacks on Ukraine to Russia\'s GRU (lien direct) | The White House has linked the recent DDoS attacks against Ukraine ‘s banks and defense agencies to Russia’s GRU. The White House has linked the recent DDoS attacks that took offline the sites of banks and defense agencies of Ukraine to Russia’s Main Directorate of the General Staff of the Armed Forces (aka GRU). This […] | |||
|
2022-02-19 09:55:35 | UpdraftPlus WordPress plugin update forced for million sites (lien direct) | WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has forced the update of the UpdraftPlus plugin around three million sites to address a high-severity vulnerability, tracked as CVE-2022-0633 (CVSS v3.1 score of 8.5) that can allow website subscribers to download the latest database backups, which could potentially […] | |||
|
2022-02-18 21:52:28 | Google Privacy Sandbox promises to protect user privacy online (lien direct) | Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company states that the Privacy Sandbox technologies are still in development. “Privacy Sandbox on Android will strengthen privacy, while […] | Guideline | ||
|
2022-02-18 15:21:14 | Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability (lien direct) | Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus, Charming Kitten […] | Ransomware Vulnerability Conference | APT 35 |
To see everything:
Our RSS (filtrered)
