What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-17 22:13:58 | Oracle Critical Patch Update for January 2022 will fix 483 new flaws (lien direct) | The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. The Critical Patch Update for January will be released on Tuesday, January 18, 2022. […] | |||
|
2022-01-17 20:42:03 | Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions (lien direct) | Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. The issue is an authentication bypass vulnerability, a remote attacker […] | Vulnerability | ||
|
2022-01-17 13:21:02 | High-Severity flaw in 3 WordPress plugins impacts 84,000 websites (lien direct) | Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8. […] | Vulnerability | ||
|
2022-01-17 10:13:30 | Experts warn of attacks using a new Linux variant of SFile ransomware (lien direct) | The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. […] | Ransomware Malware | ||
|
2022-01-17 08:31:26 | Kyiv blames Belarus-linked APT UNC1151 for recent cyberattack (lien direct) | Ukrainian government attributes the recent attacks against tens of Ukrainian government websites to Belarusian APT group UNC1151. The government of Kyiv attributes the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151, the Reuters agency reported in exclusive. Defaced websites were displaying the following message in Russian, Ukrainian and Polish languages. “Ukrainian! […] | |||
|
2022-01-16 18:50:28 | European Union simulated a cyber attack on a fictitious Finnish power company (lien direct) | The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. Cyber drills are essential to test the resilience of our infrastructure, the European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. The simulation took place on Friday and is […] | |||
|
2022-01-16 15:31:09 | Microsoft spotted a destructive malware campaign targeting Ukraine (lien direct) | Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware. The attackers were discovered by Microsoft on January 13, the experts attributed the attack to an emerging threat cluster tracked […] | Malware Threat | ||
|
2022-01-16 13:31:13 | A new wave of Qlocker ransomware attacks targets QNAP NAS devices (lien direct) | QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes named !!!READ_ME.txt on infected devices. In May, the Taiwanese vendor QNAP warned its […] | Ransomware | ||
|
2022-01-16 10:06:55 | Security Affairs newsletter Round 349 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Threat actors stole $18.7M from the Lympo NTF platform Prominent Carding Marketplace UniCC announced […] | Threat | ||
|
2022-01-16 09:27:19 | Threat actors stole $18.7M from the Lympo NTF platform (lien direct) | Threat actors hacked the hot wallet of the NFT platform Lympo and managed to steal 165.2 Million LMT (worth $18.7 million). NFT and DeFi platforms are privileged targets for cybercriminals, and the NFT platform Lympo was the last platform in order of time to suffer a security breach. Lympo is building a sports NFTs ecosystem […] | |||
|
2022-01-15 18:00:46 | Prominent Carding Marketplace UniCC announced it\'s shutting down (lien direct) | One of the biggest underground carding marketplaces, UniCC, announced it's shutting down its operations. UniCC, one of the biggest underground carding marketplaces announced it is shutting down. The site was launched in 2013 and according to the Elliptic Threat Intel about $358 million (across Bitcoin, Litecoin, Ether and Dash) in purchases were made through the […] | Threat | ||
|
2022-01-15 11:39:45 | One of the REvil members arrested by FSB was behind Colonial Pipeline attack (lien direct) | A senior Biden administration official said that the one of the Russian hacker arrested by FSB was behind the Colonial Pipeline attack. Yesterday, the Russian Federal Security Service (FSB) announced to have dismantled the REvil ransomware operation and arrested 14 alleged members of the gang. The group that is behind a long string of attacks […] | Ransomware | ||
|
2022-01-14 22:45:29 | Threat actors defaced Ukrainian government websites (lien direct) | Threat actors defaced multiple Ukrainian government websites after talks between Ukrainian, US, and Russian officials hit a dead this week. Threat actors have defaced multiple websites of the Ukrainian government on the night between January 13 and January 14. The attacks were launched after talks between Ukrainian, US, and Russian officials hit a dead end on Thursday. The […] | Threat | ||
|
2022-01-14 20:51:12 | Lorenz ransomware gang stolen files from defense contractor Hensoldt (lien direct) | German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its […] | Ransomware | ||
|
2022-01-14 19:03:42 | Russian government claims to have dismantled REvil ransomware gang (lien direct) | Russia’s FSB announced to have dismantled the REvil ransomware gang, the infamous group behind Kaseya and JBS USA. The Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS USA. The FSB claims to have […] | Ransomware | ||
|
2022-01-14 15:46:18 | North Korea-linked APT BlueNoroff focuses on crypto theft (lien direct) | The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The nation-state actor is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group. The […] | APT 38 APT 28 | ||
|
2022-01-14 11:04:46 | Ukrainian police arrested Ransomware gang behind attacks on 50 companies (lien direct) | Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. and Europe. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. and Europe. The operation was conducted by the SBU Cyber Department together with the Cyber […] | Ransomware | ||
|
2022-01-14 08:22:48 | Threat actors can bypass malware detection due to Microsoft Defender weakness (lien direct) | A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […] | Malware Threat | ||
|
2022-01-13 21:43:18 | Cisco fixes a critical flaw in Unified CCMP and Unified CCDM (lien direct) | Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM. Cisco released security patches to address a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit the flaw to elevate […] | |||
|
2022-01-13 15:44:36 | Threat actors abuse public cloud services to spread multiple RATs (lien direct) | Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems. The malware campaign was spotted by Cisco Talos in October 2021, most […] | Malware Threat | ||
|
2022-01-13 12:47:01 | Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities (lien direct) | Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746. […] | |||
|
2022-01-13 08:26:36 | USCYBERCOM: MuddyWater APT is linked to Iran\'s MOIS intelligence (lien direct) | US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS). USCYBERCOM has officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros) to Iran’s Ministry of Intelligence and Security (MOIS). The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called the campaign […] | |||
|
2022-01-13 06:03:29 | SysJoker, a previously undetected cross-platform backdoor made the headlines (lien direct) | Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker, that is able to infect Windows, macOS, and Linux systems. The experts spotted a Linux variant of the backdoor in December while investigating an attack against […] | |||
|
2022-01-13 00:07:18 | KCodes NetUSB flaw impacts millions of SOHO routers (lien direct) | Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes NetUSB component that is present in millions of end-user routers from different vendors, including Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital. NetUSB is […] | Vulnerability | ||
|
2022-01-12 20:01:50 | Russia-linked threat actors targets critical infrastructure, US authorities warn (lien direct) | US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)-authored […] | Threat | ||
|
2022-01-12 15:42:03 | (Déjà vu) New RedLine malware version distributed as fake Omicron stat counter (lien direct) | Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware […] | Malware | ||
|
2022-01-12 11:22:16 | Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor (lien direct) | Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka ‘Charming Kitten‘ or ‘Phosphorus‘) has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor, Check Point researchers states. The experts also details the use of a modular PowerShell-based framework dubbed CharmPower, that allows […] | Conference | APT 35 | |
|
2022-01-12 08:34:55 | Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup (lien direct) | Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator, Adobe Bridge, InCopy, and InDesign. 22 of these vulnerabilities were reported through the ZDI program. The software giant fixed a total of […] | |||
|
2022-01-11 20:37:56 | Microsoft Patch Tuesday fixes critical Office RCE (lien direct) | Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on vulnerable systems. Microsoft Patch Tuesday security updates for January 2022 patch 96 vulnerabilities in Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, […] | |||
|
2022-01-11 14:52:46 | Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers (lien direct) | Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and […] | Ransomware Hack Vulnerability | ||
|
2022-01-11 09:46:37 | AvosLocker ransomware now targets Linux systems, including ESXi servers (lien direct) | AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one […] | Ransomware | ||
|
2022-01-11 05:26:46 | WordPress 5.8.3 Security Release fixes four vulnerabilities (lien direct) | WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress 5.8.3 security release addresses four vulnerabilities affecting versions between 3.7 and 5.8, it is labeled as a short-cycle security release. The organization announced that the next major release will be version 5.9, which is already in […] | |||
|
2022-01-10 20:57:05 | Several EA Sports FIFA 22 players have been hacked (lien direct) | Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers such as Jamie Bateson (AKA Bateson87), NickRTFM, Trymacs, TisiSchubecH and FUT FG. […] | |||
|
2022-01-10 15:53:17 | Abcbot and Xanthe botnets have the same origin, experts discovered (lien direct) | Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020. In November Researchers from Qihoo 360's Netlab security team have spotted […] | |||
|
2022-01-10 14:32:03 | Indian-linked Patchwork APT infected its own system revealing its ops (lien direct) | The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An India-linked threat actor, tracked as Patchwork (aka Dropping Elephant), employed a new variant of the BADNEWS backdoor, dubbed Ragnatela (“spider web” in Italian), in a recent campaign. However, the group made the headlines after infecting […] | Threat | ||
|
2022-01-10 06:12:37 | New ZLoader malware campaign hit more than 2000 victims across 111 countries (lien direct) | A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more […] | Malware Vulnerability Threat | ||
|
2022-01-09 21:06:22 | Cyber Defense Magazine – January 2022 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine January 2022 Edition has arrived. We hope you enjoy this month's edition…packed with 155 pages of excellent content. CDMG is fully owned and operated by team Miliefsky in our 10th anniversary. We believe the letter Q stands for ‘Q’uestion. Are you Questioning your InfoSec posture right now? The cybercriminals are not resting. […] | |||
|
2022-01-09 19:06:30 | (Déjà vu) US NCSC and DoS share best practices against surveillance tools (lien direct) | The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last years, […] | Threat | ||
|
2022-01-09 15:34:08 | Swiss army asks its personnel to use the Threema instant-messaging app (lien direct) | The Swiss army has banned all instant messaging apps, including Signal, Telegram, and WhatsApp, recommending the use of the Threema app. The Swiss army has banned foreign instant messaging apps such as Signal, Telegram, and WhatsApp and only allows its members to use the Threema messaging app, which is developed in Switzerland. Threema is the instant […] | |||
|
2022-01-09 12:51:27 | Russian submarines threatening undersea cables, UK defence chief warns (lien direct) | Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure of our society. Multiple activities heavily depend on the global network of undersea cables, including financial transactions and communications. […] | |||
|
2022-01-09 09:57:08 | Security Affairs newsletter Round 348 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Unauthenticated RCE in H2 Database Console is similar to Log4Shell FluBot malware continues to […] | Malware | ||
|
2022-01-08 19:53:31 | Unauthenticated RCE in H2 Database Console is similar to Log4Shell (lien direct) | Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392, could allow attackers to execute remote code on vulnerable systems, the […] | Vulnerability | ||
|
2022-01-08 15:56:18 | FluBot malware continues to evolve. What\'s new in Version 5.0 and beyond? (lien direct) | Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. A recent SMISHING campaign spotted by CSIRT KNF, FluBot targeted Polish users with a […] | Malware | ||
|
2022-01-08 13:36:43 | Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug (lien direct) | SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. According to the company, starting January 1, 2022, its Email Security products began experiencing an issue causing […] | |||
|
2022-01-07 23:07:12 | FIN7 group continues to target US companies with BadUSB devices (lien direct) | The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry with BadUSB devices. The US Federal Bureau of Investigation issued a flash alert to warn that the financially motivated group FIN7 has sent malicious USB devices, BadUSB devices, to US companies over the past few […] | |||
|
2022-01-07 20:37:42 | How to secure QNAP NAS devices? The vendor\'s instructions (lien direct) | QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the […] | Ransomware | ||
|
2022-01-07 15:47:57 | Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns (lien direct) | A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web shells. The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has […] | Hack Vulnerability Threat | ||
|
2022-01-07 12:00:53 | Norton Crypto, the controversial cryptomining feature of Norton 360 (lien direct) | Experts warn that the popular antivirus product Norton 360 has installed a cryptocurrency miner on its customers' computers. Many users ignore that Norton 360 comes with a cryptomining feature, dubbed Norton Crypto, that could allow them to earn money mining Ethereum (ETH) cryptocurrency while the customer's computer is idle. Norton keeps a 15% of the mined cryptocurrency. […] | |||
|
2022-01-07 09:20:29 | Over 3.7 million accounts were compromised in the FlexBooker data breach (lien direct) | The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums. FlexBooker is an online appointment scheduling platform that allows users to […] | Data Breach Threat | ||
|
2022-01-07 05:41:23 | Night Sky, a new ransomware operation in the threat landscape (lien direct) | Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘.nightsky‘ extension to encrypted file names. The […] | Ransomware Threat |
To see everything:
Our RSS (filtrered)
