What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-27 20:30:53 | North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks (lien direct) | North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent attacks, Malwarebytes researchers reported. The activity of the Lazarus APT group surged in 2014 and 2015, its members used […] | Malware | APT 38 APT 28 | |
|
2022-01-27 18:54:28 | Popular apps left biometric data, IDs of millions of users in danger (lien direct) | Personal data belonging to millions of customers of large businesses have been exposed due to a flaw in Onfido IDV. Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Among those affected are clients of Europcar, a vehicle […] | |||
|
2022-01-27 15:55:11 | Microsoft mitigated a 3.47 Tbps DDoS attack, the largest one to date (lien direct) | Microsoft announced to have mitigated a record 3.47 Tbps distributed denial of service (DDoS) attack targeting an Azure customer. Microsoft announced that its Azure DDoS protection platform has mitigated a record 3.47 Tbps attack that targeted one of its customers with a packet rate of 340 million packets per second (pps). The news of the attack was reported in […] | |||
|
2022-01-27 15:07:53 | Lockbit ransomware gang claims to have hacked Ministry of Justice of France (lien direct) | A few hours ago Lockbit ransomware operators announced to have stolen data from Ministry of Justice of France. The Ministry of Justice of France is a body of the French government, which is responsible for: supervision of the judiciary, its maintenance and administration; participation as Vice President of the Judicial Council; supervision of the prosecutor’s […] | Ransomware | ||
|
2022-01-27 09:48:16 | Experts analyze first LockBit ransomware for Linux and VMware ESXi (lien direct) | LockBit expands its operations by implementing a Linux version of LockBit ransomware that targets VMware ESXi servers. LockBit is the latest ransomware operation to add the support for Linux systems, experts spotted a new version that targets VMware ESXi virtual machines. The move aims at expanding the audience of potential targets, including all the organizations […] | Ransomware | ||
|
2022-01-26 22:25:35 | Apple fixed the first two zero-day vulnerabilities of 2022 (lien direct) | Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices. One of the zero-day flaws addressed […] | Hack Threat | ||
|
2022-01-26 20:44:27 | German intelligence agency warns of China-linked APT27 targeting commercial organizations (lien direct) | The BfV German domestic intelligence services warn of ongoing attacks carried out by the China-linked APT27 cyberespionage group. The Bundesamt für Verfassungsschutz (BfV) federal domestic intelligence agency warns of ongoing attacks coordinated by the China-linked APT27 group. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign […] | APT 27 APT 27 | ★★★★ | |
|
2022-01-26 15:42:10 | New DeadBolt ransomware targets QNAP NAS devices (lien direct) | New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, […] | Ransomware Malware | ||
|
2022-01-26 13:20:49 | (Déjà vu) VMware urges customers to patch VMware Horizon servers against Log4j attacks (lien direct) | VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. Searching for Internet-exposed VMware Horizon servers with Shodan, we can find tens of thousands of installs potentially exposed to […] | |||
|
2022-01-26 11:12:46 | PwnKit: Local Privilege Escalation bug affects major Linux distros (lien direct) | A flaw in Polkit’s pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linux distros. An attacker can exploit a vulnerability in Polkit’s pkexec component, tracked as CVE-2021-4034, that affects all major Linux distributions to gain full root privileges on the system. The good news is that this […] | Vulnerability | ||
|
2022-01-26 07:46:50 | PrinterLogic fixes high severity flaws in Printer Management Suite (lien direct) | PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1). Below is the list […] | |||
|
2022-01-25 22:24:27 | (Déjà vu) Segway e-store compromised in a Magecart attack to steal credit cards (lien direct) | Segway e-store suffered a Magecart attack that potentially allowed threat actors to steal credit cards and customer info. The online store of Segway was compromised as a result of a Magecart attack, threat actors planted a malicious script to steal credit card data and customer information while visitors were making a purchase Segway is known […] | Threat | ||
|
2022-01-25 20:05:59 | UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities (lien direct) | The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them. The […] | |||
|
2022-01-25 16:01:48 | Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks (lien direct) | Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. The investigation started in November after […] | |||
|
2022-01-25 11:33:25 | Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access (lien direct) | Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by […] | Vulnerability Threat | ||
|
2022-01-25 05:32:29 | Latest version of Android RAT BRATA wipes devices after stealing data (lien direct) | A new version of the BRATA malware implements a functionality to perform a factory reset of the device to wipe all data. The new version of the BRATA Android malware supports new features, including GPS tracking and a functionality to perform a factory reset on the device. Security experts at Kaspersky discovered the Android RAT […] | Malware | ||
|
2022-01-24 22:16:25 | A flaw in Rust Programming language could allow to delete files and directories (lien direct) | The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity vulnerability, tracked as CVE-2022-21658. An attacker can trigger the vulnerability to delete files and directories from a vulnerable […] | |||
|
2022-01-24 20:33:10 | Tens of AccessPress WordPress themes compromised as part of a supply chain attack (lien direct) | Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer’s website. The attack took place in the first half of September 2021, the attackers compromised […] | Threat | ||
|
2022-01-24 14:33:13 | Russian authorities arrested the kingpin of cybercrime Infraud Organization (lien direct) | Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The Justice Department announced indictments for 36 people charged with being […] | |||
|
2022-01-24 12:05:20 | Emotet spam uses unconventional IP address formats to evade detection (lien direct) | Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […] | Spam Malware Threat | ||
|
2022-01-24 06:40:51 | Crooks tampering with QR Codes to steal victim money and info, FBI warns (lien direct) | The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal their credentials and financial info. QR codes are widely adopted by businesses to facilitate payment. In a classic […] | |||
|
2022-01-24 06:15:48 | F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products (lien direct) | Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Most of the vulnerabilities (23) addressed by the company affect the BIG-IP application delivery controller (ADC), 13 of them have been rated […] | |||
|
2022-01-23 19:39:31 | OpenSubtitles data breach impacted 7 million subscribers (lien direct) | OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes. The administrator of the […] | Data Breach | ||
|
2022-01-23 18:13:34 | US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies. According to Binding Operational Directive (BOD) 22-01: Reducing the […] | Threat | ||
|
2022-01-23 14:41:33 | Molerats cyberespionage group uses public cloud services as attack infrastructure (lien direct) | Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure. Zscaler ThreatLabz analyzed an active espionage campaign carried out by Molerats cyberespionage group (aka TA402, Gaza Hackers Team, Gaza Cybergang, and Extreme Jackal) that abuses legitimate cloud services like Google Drive and Dropbox as attack infrastructure. Public […] | |||
|
2022-01-23 08:57:16 | Security Affairs newsletter Round 350 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns Vulnerabilities in Control […] | |||
|
2022-01-22 20:34:31 | Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns (lien direct) | The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future […] | Threat | ||
|
2022-01-22 16:29:21 | Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack (lien direct) | Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially expose Linux servers to remote code execution attacks. Control Web Panel is a popular open-source Linux control panel for servers and VPS that allows easy […] | Hack | ||
|
2022-01-22 13:20:57 | US Treasury Department sanctions 4 Ukrainian officials for working with Russian intelligence (lien direct) | The U.S. Treasury Department announced sanctions against four current and former Ukrainian government officials for collaborating with Russia. The U.S. Treasury Department this week announced sanctions against four current and former Ukrainian government officials for having supported influence activities carried out by the Russian government. The officials are accused of having gathered sensitive information about […] | |||
|
2022-01-21 22:19:55 | A bug in McAfee Agent allows running code with Windows SYSTEM privileges (lien direct) | McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges. The McAfee Agent is […] | |||
|
2022-01-21 19:27:24 | (Déjà vu) Experts warn of anomalous spyware campaigns targeting industrial firms (lien direct) | Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email account credentials and carry out fraudulent activities. Threat actors sent spear-phishing messages from compromised corporate accounts to their contacts, the email carry malicious attachments. […] | Threat | ||
|
2022-01-21 14:40:50 | Google Project Zero discloses details of two Zoom zero-day flaws (lien direct) | Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients and Multimedia Router (MMR) servers. An attacker could have exploited the now-fixed issues to crash the service, execute malicious code, and even leak the content […] | |||
|
2022-01-21 11:59:14 | MoonBounce UEFI implant spotted in a targeted APT41 attack (lien direct) | Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single […] | Threat Guideline | APT 41 | |
|
2022-01-21 06:22:42 | Conti ransomware gang started leaking files stolen from Bank Indonesia (lien direct) | The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank Indonesia confirmed that it was the victim of a ransomware attack that took place last month. The Conti ransomware gang claimed the attack and leaked some allegedly stolen files as proof of the security breach. A […] | Ransomware | ||
|
2022-01-20 22:45:55 | FBI links the Diavol ransomware to the TrickBot gang (lien direct) | The Federal Bureau of Investigation (FBI) officially linked the Diavol ransomware operation to the infamous TrickBot gang. The FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang, the group that is behind the TrickBot banking trojan. “The FBI first learned of Diavol ransomware in October 2021. Diavol is associated with developers from […] | Ransomware | ||
|
2022-01-20 19:04:49 | Cisco StarOS flaws could allow remote code execution and information disclosure (lien direct) | Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. The flaw, discovered by the company experts during internal security testing, can be exploited by […] | |||
|
2022-01-20 15:05:32 | Crypto.com hack impacted 483 accounts and resulted in a $34 million theft (lien direct) | Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts […] | Hack Guideline | ||
|
2022-01-20 13:15:14 | (Déjà vu) Red Cross hit by a sophisticated cyberattack (lien direct) | A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The infamous attack was disclosed by the International Committee of […] | |||
|
2022-01-20 11:06:02 | New BHUNT Stealer targets cryptocurrency wallets (lien direct) | Researchers spotted a new evasive cryptocurrency stealer named BHUNT that targets a list of wallets and implements multiple data-stealing capabilities. Bitdefender discovered a new evasive cryptocurrency stealer stealer dubbed BHUNT that is able to exfiltrate wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and data from the clipboard. BHUNT is […] | |||
|
2022-01-20 06:02:57 | (Déjà vu) SolarWinds Serv-U bug exploited for Log4j attacks (lien direct) | SolarWinds has fixed a Serv-U vulnerability that threat actors actively exploited to carry out Log4j attacks to internal devices on a network. SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security researcher Jonathan […] | Vulnerability Threat | ||
|
2022-01-19 22:20:34 | New DDoS IRC Bot distributed through Korean webHard platforms (lien direct) | Researchers spotted an IRC bot written in GoLang that is being used to carry out DDoS attacks targeting users in Korea. Researchers from AhnLab’s Security Emergency-response Center (ASEC) spotted an IRC bot written in GoLang that is being used to carry out DDoS attacks targeting users in Korea. Vxers use GoLang because it is easy and allows the development […] | |||
|
2022-01-19 20:32:08 | UK NCSC shares guidance for organizations to secure their communications with customers (lien direct) | UK NCSC has published new guidance for organizations to secure their communications with customers via SMS or phone calls. UK's National Cyber Security Center (NCSC) has published new guidance for organizations for combatting telephone and SMS fraud. This guide aims at protecting their customers from fraudulent activities, while also ensuring that their SMS and telephone […] | |||
|
2022-01-19 15:46:11 | CISA warns of potential critical threats following attacks against Ukraine (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit Ukraine. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an “insights” document that warned organizations about “potential critical threats” following the recent cyberattacks aimed at Ukraine. The document starts from most recent attacks targeting […] | |||
|
2022-01-19 12:52:20 | (Déjà vu) Box flaw allowed to bypass MFA and takeover accounts (lien direct) | A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim's phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses. […] | Vulnerability Threat | ||
|
2022-01-19 06:05:49 | Is White Rabbit ransomware linked to FIN8 financially motivated group? (lien direct) | A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […] | Ransomware Malware Threat | ||
|
2022-01-18 21:58:59 | AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler (lien direct) | Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data breach after an attack that took place in December. The luxury fashion giant was hit by AlphV/BlackCat ransomware that today published the stolen data on its leak site in the Tor network. In December, malware […] | Ransomware Data Breach Malware | ||
|
2022-01-18 19:05:25 | Financially motivated Earth Lusca threat actors targets organizations worldwide (lien direct) | A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value […] | Threat | ||
|
2022-01-18 16:13:37 | Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs (lien direct) | Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. “This week, law enforcement authorities took action against the criminal misuse […] | |||
|
2022-01-18 10:36:41 | (Déjà vu) Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues (lien direct) | Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday. The Windows Server updates for January were causing a series of issues […] | |||
|
2022-01-18 05:34:51 | A small number of Crypto.com users reported suspicious activity on their wallet (lien direct) | Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets. Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees. […] |
To see everything:
Our RSS (filtrered)
