What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-07 17:15:04 | Microsoft disables the ms-appinstaller protocol because it was abused to spread malware (lien direct) | Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. In December, Microsoft addressed a vulnerability, tracked as CVE-2021-43890, in AppX installer that affects Microsoft Windows which is under active exploitation. “We have […] | Malware | ||
|
2022-02-07 15:20:00 | (Déjà vu) US Telecom providers requested $5.6B to replace Chinese equipment (lien direct) | The Federal Communications Commission (FCC) says that small telecom providers have requested $5.6 billion to replace Chinese gear. The U.S. government has requested telecom providers to replace Chinese equipment in their networks due to security issues and allocated $1.9 billion to support the companies in the transaction. The Federal Communications Commission (FCC) said that the […] | |||
|
2022-02-07 12:55:07 | Hackers breached a server of National Games of China days before the event (lien direct) | An unnamed Chinese-language-speaking hacking group compromised systems at National Games of China in 2021. Researchers at cybersecurity firm Avast discovered that a Chinese-language-speaking threat actor has compromised systems at National Games of China in 2021. The event took place on September 15, 2021 in Shaanxi (China), it is a national version of the Olympics with only local […] | Threat | ||
|
2022-02-07 07:06:06 | Russian Gamaredon APT is targeting Ukraine since October (lien direct) | Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Russia-linked cyberespionage group Gamaredon (aka Armageddon, Primitive Bear, and ACTINIUM) is behind the spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian affairs, since October 2021, Microsoft said. This week, Palo Alto Networks' Unit 42 reported that the […] | |||
|
2022-02-06 18:24:22 | Israeli surveillance firm QuaDream emerges from the dark (lien direct) | One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. Like NSO Group, QuaDream develops […] | |||
|
2022-02-06 13:49:13 | Argo CD flaw could allow stealing sensitive data from Kubernetes Apps (lien direct) | A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps, including passwords and API keys. The flaw received a CVSS […] | Tool | Uber | |
|
2022-02-06 10:07:44 | Security Affairs newsletter Round 352 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. LockBit ransomware gang claims to have stolen data from PayBito crypto exchange FBI issued […] | Ransomware | ||
|
2022-02-05 20:30:51 | LockBit ransomware gang claims to have stolen data from PayBito crypto exchange (lien direct) | LockBit ransomware gang claims to have stolen customers’ data from the PayBito crypto exchange. PayBito is a bitcoin and cryptocurrency exchange for major cryptocurrencies including Bitcoin Cash, Bitcoin, Ethereum, HCX, Litecoin, Ethereum Classic. The exchange is operated by global blockchain and IT services company HashCash. LockBit ransomware operators claim to have stolen customers’ data from the PayBito crypto exchange, […] | Ransomware | ||
|
2022-02-05 18:16:37 | FBI issued a flash alert on Lockbit ransomware operation (lien direct) | The FBI released a flash alert containing technical details associated with the LockBit ransomware operation. The Federal Bureau of Investigation (FBI) has issued a flash alert containing technical details and indicators of compromise associated with LockBit ransomware operations. The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 RaaS. Like […] | Ransomware | ||
|
2022-02-05 09:34:27 | CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw (lien direct) | US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. “CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat […] | Vulnerability Threat | ||
|
2022-02-04 21:46:06 | Over 500,000 people were impacted by a ransomware attack that hit Morley (lien direct) | Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals. Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000 individuals. Morley Companies is a United States corporation that provides business services to Fortune 500 and Global 100 clients; contact […] | Ransomware Data Breach | ||
|
2022-02-04 19:28:24 | Ransomware attack hit Swissport International causing delays in flights (lien direct) | Aviation services company Swissport International was hit by a ransomware attack that impacted its operations. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned by an international group of investors. The company handles around 282 million passengers and 4.8 million tonnes of cargo annually, on behalf of […] | Ransomware | ||
|
2022-02-04 15:28:38 | A nation-state actor hacked media and publishing giant News Corp (lien direct) | American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor. American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor that took place in January. The attackers compromised one of the systems of the […] | Threat | ||
|
2022-02-04 13:19:05 | (Déjà vu) Retail giant Target open sources Merry Maker e-skimmer detection tool (lien direct) | Retail giant Target is going to open-source an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Merry Maker is a tool designed by Target security developers Eric Brandel and Caleb Walch (@ebrandel and @cawalch) to […] | Tool | ||
|
2022-02-04 11:50:11 | Russia-linked Gamaredon APT targeted a western government entity in Ukraine (lien direct) | The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. Palo Alto Networks’ Unit 42 reported that the Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity operating in Ukraine in January, while geopolitical tensions between Russia and Ukraine have escalated dramatically. In Mid January the Ukrainian […] | ★★★ | ||
|
2022-02-04 09:54:35 | Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor (lien direct) | An alleged Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform. An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability in the Zimbra open-source email platform. The zero-day vulnerability impacts almost any Zimbra install running version 8.8.15. Researchers from […] | Vulnerability Threat | ||
|
2022-02-04 08:20:53 | (Déjà vu) Microsoft blocked tens of billions of brute-force and phishing attacks in 2021 (lien direct) | Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year. Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year. The IT giant added has blocked more than 25.6 billion Azure AD […] | |||
|
2022-02-03 23:09:56 | Exclusive interview with the Powerful Greek Army (PGA) hacker group (lien direct) | Six years ago the Powerful Greek Army (PGA) appeared in the threat landscape. After a long breach the hacker collective is back. I have interviewed them in exclusive … enjoy it! Tell me about your hacker team, which is the motivation behind the attacks? We have many motivations and reasons. First of all, we started […] | Threat | ||
|
2022-02-03 20:56:59 | (Déjà vu) Cisco fixes critical flaws in its Small Business Routers (lien direct) | Cisco released security patches to address multiple flaws in its Small Business RV160, RV260, RV340, and RV345 series routers. Cisco announced patches for multiple issue affecting its Small Business RV160, RV260, RV340, and RV345 series routers. Some of the bugs fixed by the IT giant could lead to the execution of arbitrary code with root […] | Guideline | ||
|
2022-02-03 19:09:31 | Antlion APT group used a custom backdoor that allowed them to fly under the radar for months (lien direct) | A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing companies, Symantec researchers reported. The backdoor was undetected for at least 18 months in a […] | |||
|
2022-02-03 15:12:55 | Oil terminals in Europe\'s biggest ports hit by a cyberattack (lien direct) | A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after […] | Threat | ||
|
2022-02-03 10:46:23 | Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform (lien direct) | Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took place on Wednesday. This is the second-biggest hack of a DeFi platform ever, just after the $600 […] | Hack | ||
|
2022-02-03 06:33:59 | Trend Micro fixed 2 flaws in Hybrid Cloud Security products (lien direct) | Trend Micro recently addressed two high-severity flaws affecting some of its hybrid cloud security products. Trend Micro released security updates to fix two high-severity vulnerabilities, tracked as CVE-2022-23119 and CVE-2022-23120, affecting some of its hybrid cloud security products. The vulnerabilities affect Deep Security and Cloud One workload security solutions. The flaws were reported by the cybersecurity […] | |||
|
2022-02-02 18:30:49 | (Déjà vu) Sugar Ransomware, a new RaaS in the threat landscape (lien direct) | Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered through a ransomware-as-a-service (RaaS) model. Unlike other ransomware operations, Sugar ransomware appears to primarily focus on individual […] | Ransomware Threat | ||
|
2022-02-02 13:23:46 | ESET releases fixes for local privilege escalation bug in Windows Applications (lien direct) | Antivirus firm ESET addressed a local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients. Antivirus firm ESET released security patches to address a high severity local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients. An attacker can exploit the vulnerability to misuse the AMSI scanning feature to elevate privileges in specific scenarios. “According […] | Vulnerability | ||
|
2022-02-02 11:55:18 | Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op (lien direct) | The Cybereason Nocturnus Team reported a spike in the activity of the Iran-linked APT group APT35 (aka Phosphorus or Charming Kitten). The Cybereason Nocturnus Team observed a spike in the activity of the Iran-linked APT group APT35 (aka 'Charming Kitten', 'Phosphorus', Newscaster, and Ajax Security Team) The Phosphorus group made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized […] | Ransomware Conference | APT 35 APT 35 | |
|
2022-02-02 07:53:24 | Experts found 23 flaws in UEFI firmware potentially impact millions of devices (lien direct) | Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. The vulnerabilities could impact millions of enterprise devices, including laptops, servers, routers, and industrial control systems (ICS). All these vulnerabilities […] | |||
|
2022-02-01 22:55:36 | Massive social engineering waves have impacted banks in several countries (lien direct) | A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking […] | |||
|
2022-02-01 19:03:50 | British Council exposed 144,000 files containing student details (lien direct) | Personal information belonging to British Council students was exposed online via an unsecured repository. The British Council is a British organisation specialising in international cultural and educational opportunities. It operates in over 100 countries: promoting a wider knowledge of the United Kingdom and the English language; encouraging cultural, scientific, technological and educational co-operation with the […] | |||
|
2022-02-01 15:04:57 | (Déjà vu) A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH (lien direct) | German petrol distributor Oiltanking GmbH was a victim of a cyberattack that has a severe impact on its operations. A cyber attack hit Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, severely impacting its operations. According to the media, the attack also impacted the oil supplier Mabanaft GmbH. The […] | |||
|
2022-02-01 11:06:35 | Iran-linked MuddyWater APT group campaign targets Turkish entities (lien direct) | The Iran-linked MuddyWater APT group is targeting private Turkish organizations and governmental institutions. Researchers from Cisco Talos have uncovered a cyber espionage campaign carried out by the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros) and targeting private Turkish organizations and governmental institutions. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called the […] | |||
|
2022-02-01 05:35:30 | RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites (lien direct) | A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative elements to improve the appearance of the pages. The plugin is affected by a critical remote code […] | |||
|
2022-01-31 22:14:39 | (Déjà vu) Samba fixed CVE-2021-44142 remote code execution flaw (lien direct) | Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers to gain code execution with root privileges on servers running vulnerable software. Samba is a free software re-implementation of the SMB networking […] | |||
|
2022-01-31 21:05:26 | (Déjà vu) CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog (lien direct) | The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in attacks in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog. The 'Known Exploited Vulnerabilities Catalog' is a list of known vulnerabilities that […] | |||
|
2022-01-31 19:30:15 | Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP (lien direct) | A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious activities. Researchers from Akamai have spotted a malicious campaign, tracked as ‘Eternal Silence,’ that is abusing Universal Plug and Play (UPnP) to turn routers into a proxy server used to carry out a broad range […] | |||
|
2022-01-31 15:33:06 | Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform (lien direct) | Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million in cryptocurrency last week. The hack took place at around 5PM ET […] | Hack Threat | ||
|
2022-01-31 14:35:33 | DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme (lien direct) | The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar (37), an Israeli national who operated DeepDotWeb (DDW), was sentenced to 97 months in prison and was ordered to forfeit $8,414,173. DeepDotWeb (DDW) was a website that connected internet users with Darknet marketplaces, where they […] | |||
|
2022-01-31 12:19:57 | Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone (lien direct) | Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received […] | Hack Threat | ||
|
2022-01-31 07:43:30 | Americans lost $770 million from social media fraud in 2021, FTC reports (lien direct) | A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds The US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. These data are the result of the increased exposure of netizens through social media. The US […] | |||
|
2022-01-30 23:30:47 | Hybrid cloud campaign OiVaVoii targets company executives (lien direct) | A new hacking campaign, tracked as 'OiVaVoii', is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named 'OiVaVoii' that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the […] | |||
|
2022-01-30 18:27:44 | Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue (lien direct) | A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The security researchers RyeLv has publicly released an exploit for a Windows local privilege elevation flaw (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege […] | |||
|
2022-01-30 14:28:03 | Security Affairs newsletter Round 351 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans […] | Ransomware | ||
|
2022-01-30 13:11:27 | Novel device registration trick enhances multi-stage phishing attacks (lien direct) | Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register devices on a target’s network to extend the attack to other enterprises. The attack exploits the concept of bring-your-own-device (BYOD) by […] | |||
|
2022-01-29 15:45:29 | QNAP force-installs update against the recent wave of DeadBolt ransomware infections (lien direct) | QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of […] | Ransomware | ||
|
2022-01-29 12:58:17 | US FCC bans China Unicom Americas telecom over national security risks (lien direct) | The Federal Communications Commission (FCC) revoked the license for the China Unicom Americas over serious national security concerns. The Federal Communications Commission (FCC) has revoked the license for China Unicom Americas over “serious national security concerns.” China Unicom is the world’s sixth-largest mobile service provider by subscriber base. The telecom company is a foreign subsidiary of […] | |||
|
2022-01-28 22:35:24 | NCSC warns UK entities of potential destructive cyberattacks from Russia (lien direct) | The UK's National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK's National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks […] | Threat | ||
|
2022-01-28 15:14:27 | (Déjà vu) Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits (lien direct) | Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft Outlook email client. The company pointed out that the increased payout for this specific vulnerability exploit is […] | Vulnerability | ||
|
2022-01-28 11:56:26 | Delta Electronics, a tech giants\' contractor, hit by Conti ransomware (lien direct) | Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. Delta Electronics operates as a contractor for major tech giants such as Apple, Tesla, HP, and Dell. […] | Ransomware | ||
|
2022-01-28 10:19:04 | (Déjà vu) Experts devise a technique to bypass Microsoft Outlook Security feature (lien direct) | A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. Reegun Richard Jayapaul, SpiderLabs lead threat architect at Trustwave, has devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. While investigating a malware campaign, […] | Malware Threat Guideline | ||
|
2022-01-27 21:41:00 | Puerto Rico was hit by a major cyberattack (lien direct) | Puerto Rico's Senate announced that is was it by a cyberattack that shut down its internet provider, phone system and official online page. The Senate of Puerto Rico announced this week that it was hit by a major cyberattack that disabled its internet provider, phone system and official online page. Local and federal authorities are […] |
To see everything:
Our RSS (filtrered)
