What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-06 22:06:23 | North Korea-linked Konni APT targets Russian diplomatic bodies (lien direct) | North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s […] | Malware | ||
|
2022-01-06 19:20:26 | (Déjà vu) Threat actors stole 1.1 million customer accounts from 17 well-known companies (lien direct) | NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. The New York State Office of the Attorney General (NY OAG) has warned 17 companies that roughly 1.1 million accounts of their customers were compromised in credential stuffing attacks. Credential stuffing attacks involve […] | |||
|
2022-01-06 17:41:51 | Google Docs comment feature abused in phishing campaign (lien direct) | Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. Researchers from security firm Avanan in December uncovered a phishing campaign targeting mainly Outlook users with a new technique that abuses the commenting feature of Google Docs to send out […] | |||
|
2022-01-06 16:02:53 | France hits Google, Facebook with fines over \'Cookies\' management (lien direct) | The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France's National Commission on Informatics and Liberty (CNIL), the French data privacy and protection authority, hit Facebook and Google with 60 million euro ($68 million) and 150 million euro ($170 million) fines respectively. The CNIL fined […] | |||
|
2022-01-06 10:45:27 | NoReboot persistence technique fakes iPhone shutdown (lien direct) | Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs while spies on the user. The technique is based on the concept of simulating a shutdown of the iPhone when the victim attempts […] | Malware | ||
|
2022-01-06 00:12:35 | VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi (lien direct) | VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the hypervisor. VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045, in its Workstation, Fusion and ESXi products. VMware has addressed the vulnerability with the release of ESXi670-202111101-SG, ESXi650-202110101-SG, Workstation 16.2.0, and Fusion […] | Vulnerability Guideline | ||
|
2022-01-05 14:48:01 | FTC warns legal action against businesses who fail to mitigate Log4J attacks (lien direct) | The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell attacks. The US Federal Trade Commission (FTC) warns legal action against companies who protect their systems against Log4Shell (CVE-2021-44228) attacks. The move aims at urging organizations in protecting their infrastructure while both nation-state actors and cybercriminals are […] | |||
|
2022-01-05 10:46:51 | Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns (lien direct) | Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft warns. Microsoft is warning of continuing attempts by nation-state actors and cybercriminals to exploit recently discovered vulnerabilities in the Apache Log4j library to deploy malware on vulnerable systems. Microsoft recommends customers review their infrastructure looking […] | Malware | ||
|
2022-01-05 07:43:46 | Researchers used electromagnetic signals to classify malware infecting IoT devices (lien direct) | Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) […] | Malware | ||
|
2022-01-04 21:05:11 | UScellular discloses the second data breach in a year (lien direct) | UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over […] | Data Breach Hack | ||
|
2022-01-04 15:18:59 | Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites (lien direct) | Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company. In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to […] | Threat | ||
|
2022-01-04 12:39:26 | Purple Fox backdoor spreads through fake Telegram App installer (lien direct) | Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using weaponized installers of the Telegram messaging application to deliver the Purple Fox backdoor on Windows systems. Researchers from Minerva Labs pointed out that this campaign, unlike similar ones leveraging legitimate software to deliver malware, has […] | Threat | ||
|
2022-01-04 09:07:38 | Hospitality Chain McMenamins discloses data breach after ransomware attack (lien direct) | Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington. According to the company, threat actors have stolen data of individuals […] | Ransomware Data Breach Threat | ||
|
2022-01-04 05:36:01 | Broward Health suffered a data breach that impacted +1.3 million people (lien direct) | The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 million individuals. The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health, formally the North Broward Hospital District, is one of the 10 largest public health systems in the U.S. Located […] | Data Breach | ||
|
2022-01-03 22:23:46 | \'doorLock\' – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7 (lien direct) | Expert found a new persistent DoS vulnerability, dubbed ‘doorLock,’ affecting the Apple HomeKit in iOS 14.7 through 15.2. Security researchers Trevor Spiniolas discovered a new persistent DoS vulnerability, dubbed ‘doorLock,’ affecting the Apple HomeKit in iOS 14.7 through 15.2. HomeKit is a software framework by Apple, made available in iOS/iPadOS that lets users configure, communicate […] | |||
|
2022-01-03 15:22:25 | Israeli Media Outlets hacked on the anniversary of Soleimani killing (lien direct) | Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily newspaper publishing a picture of a fist firing a shell out of a ring with a red stone on a finger toward an […] | Threat | ||
|
2022-01-03 14:26:22 | SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack (lien direct) | SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN […] | |||
|
2022-01-03 11:03:55 | The worst cyber attacks of 2021 (lien direct) | Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? CNA Financial (March 2021) – CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore access to its files following a ransomware […] | Ransomware | ||
|
2022-01-03 07:44:53 | (Déjà vu) Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers (lien direct) | Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers since January 1st, 2022. “We have addressed the issue causing messages to be […] | |||
|
2022-01-02 21:19:39 | Exclusive: NASA Director Twitter account hacked by Powerful Greek Army (lien direct) | The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. I contacted the group for a comment, a spokesman told me that […] | |||
|
2022-01-02 19:24:33 | Lapsus$ ransomware gang hits Impresa, Portugal\'s largest media conglomerate (lien direct) | The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magazine publications. The attack took place during the New Year […] | Ransomware Guideline | ||
|
2022-01-02 15:18:20 | North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges (lien direct) | North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple […] | Threat | ||
|
2022-01-02 10:53:52 | Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021 (lien direct) | According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. The cyberattacks against the cryptocurrency industry are a profitable business for threat actors, according to the experts, $12.1 billion worth of cryptocurrencies have been stolen in the last decade. In 2021 we observed a […] | Threat | ||
|
2022-01-02 10:06:08 | Security Affairs newsletter Round 347 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber […] | |||
|
2022-01-01 21:44:55 | (Déjà vu) Y2k22 bug in Microsoft Exchange causes failure in email delivery (lien direct) | Y2k22 bug is causing Microsoft Exchange on-premise servers to fail in delivering email starting on January 1st, 2022. Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its […] | |||
|
2022-01-01 17:34:08 | Security Affairs most-read cyber stories of 2021 (lien direct) | Which are the most-read cyber stories of 2021? This post includes Top Posts for the last 365 days. Why Edward Snowden is urging users to stop using ExpressVPN? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Two kids found a screensaver bypass in Linux Mint The development team […] | |||
|
2022-01-01 12:30:10 | PulseTV discloses potential credit card breach (lien direct) | U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According to the notification letter published by the Office of the Maine Attorney General, VISA informed the company on March […] | Data Breach | ||
|
2021-12-31 21:03:58 | (Déjà vu) The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware (lien direct) | The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by […] | Data Breach Malware | ||
|
2021-12-31 14:29:50 | Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched (lien direct) | Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the […] | |||
|
2021-12-31 09:30:38 | How to implant a malware in hidden area of SSDs with Flex Capacity feature (lien direct) | Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex […] | Malware | ||
|
2021-12-30 22:26:58 | (Déjà vu) Flaws in DataVault encryption software impact multiple storage devices (lien direct) | Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues. An attacker can exploit the flaws to obtain […] | |||
|
2021-12-30 17:51:12 | New iLOBleed Rootkit, the first time ever that malware targets iLO firmware (lien direct) | A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. The […] | Malware | ||
|
2021-12-30 11:28:19 | (Déjà vu) AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency (lien direct) | The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. According to BleepingComputer, the gang hit a police department but fearing the reaction of US law enforcement opted to […] | Ransomware | ||
|
2021-12-30 05:36:02 | China-linked APT group Aquatic Panda leverages Log4Shell in recent attack (lien direct) | China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […] | Vulnerability | ||
|
2021-12-29 21:18:14 | T-Mobile suffered a new data breach (lien direct) | T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.' According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on […] | Data Breach Threat | ||
|
2021-12-29 14:34:11 | Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832) (lien direct) | The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last […] | Vulnerability | ||
|
2021-12-29 13:41:04 | A cyber attack against Norwegian Media firm Amedia blocked newspaper publishing (lien direct) | A cyber attack hit Norwegian media company Amedia on Tuesday and forced it to shut down multiple systems. Amedia, one of the largest media companies in Norway, was hit by a “serious” cyber attack and was forced to shut down its computer systems. The company is whole or partial owner of 50 local and regional newspaper with online […] | |||
|
2021-12-29 08:21:14 | China-linked BlackTech APT uses new Flagpro malware in recent attacks (lien direct) | China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as 'Flagpro'. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as 'Flagpro'. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. According to a report by NTT Security, Flagpro has […] | Malware | ||
|
2021-12-28 21:52:55 | LastPass investigated recent reports of blocked login attempts (lien direct) | Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […] | Threat | LastPass | |
|
2021-12-28 15:55:54 | (Déjà vu) Threat actors are abusing MSBuild to implant Cobalt Strike Beacons (lien direct) | Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source build toolset for managed code as well […] | |||
|
2021-12-28 15:13:46 | Shutterfly hit by a Conti ransomware attack (lien direct) | Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints. The service allows users to create personalized photo gifts such as smartphone cases, photo books, wall art, and […] | Ransomware | ||
|
2021-12-28 14:18:05 | DoubleFeature, post-exploitation dashboard used by Equation Group APT (lien direct) | Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. DanderSpritz made the headlines on April 14, […] | Malware Tool | ||
|
2021-12-28 08:49:27 | Logistics giant D.W. Morgan exposed 100 GB worth of clients\' data, including Fortune 500 Clients (lien direct) | The Website Planet security team discovered a data breach suffered by the multinational logistics giant D.W. Morgan. The Website Planet security team discovered an Amazon S3 bucket owned by logistics giant D.W. Morgan that was left unsecured online. The S3 bucket contained more than 100 GB of sensitive data relating to shipments and the company's clients, including some Fortune 500 […] | Data Breach | ||
|
2021-12-27 19:08:50 | A new wave of ech0raix ransomware attacks targets QNAP NAS devices (lien direct) | A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix ransomware are targeting NAP network-attached storage (NAS) devices. Users reported numerous compromises of their devices a few days before Christmas. According to BleepingComputer, forum users reported an intensification of the attacks since December 20, the […] | Ransomware Threat | ||
|
2021-12-27 18:26:06 | Apache addressed a couple of severe vulnerabilities in Apache HTTP Server (lien direct) | The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities, tracked as CVE-2021-44790 and CVE-2021-44224, that can lead to remote code execution attacks. The CVE-2021-44790 […] | Guideline | ||
|
2021-12-27 15:37:13 | (Déjà vu) Experts found backdoors in a popular Auerswald VoIP appliance (lien direct) | Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. The backdoors were discovered as part of penetration testing, they allow attackers to gain full […] | |||
|
2021-12-27 14:26:00 | Experts monitor ongoing attacks using exploits for Log4j library flaws (lien direct) | Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, […] | Threat | ||
|
2021-12-27 12:37:26 | Dark web marketplace ToRReZ shuts down on their own\'s decision (lien direct) | The operators of the ToRReZ dark web marketplace have shut down their operation claiming it is the result of their own's decision. The operators of the ToRReZ dark web marketplace have shut down their operation before Christmas, claiming that it is the result of their own's decision. The admin of Torrez market “mrblonde” made the […] | |||
|
2021-12-27 10:56:47 | Albania Prime Minister apologizes over the recent massive leak of government data (lien direct) | Albania's prime minister Edi Rama apologized for the massive leak of personal records from a government database of state. Albania's prime minister this week apologized for the massive leak of personal records from a government database of state. Exposed records include the personal identity card numbers, employment and salary data of some 637,000 people. The […] | |||
|
2021-12-27 10:01:31 | New Android banking Malware targets Brazil\'s Itaú Unibanco Bank (lien direct) | Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim's knowledge. Threat actors spread the malware using fake Google Play Store […] | Malware Threat |
To see everything:
Our RSS (filtrered)
