What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-27 09:01:32 | Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems (lien direct) | A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows to visualize and control industrial processes. The security researcher Michael Heinzl discovered multiple vulnerabilities in the myPRO product, some […] | |||
|
2021-12-26 20:36:19 | French IT services provider Inetum hit by BlackCat ransomware attack (lien direct) | The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company the security breach had a limited impact on its operations. Inetum is […] | Ransomware | ||
|
2021-12-26 14:17:13 | Security Affairs newsletter Round 346 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. New Rook Ransomware borrows code from Babuk Omicron-themed phishing attacks spread Dridex and taunt […] | Ransomware | ||
|
2021-12-26 13:30:23 | (Déjà vu) Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature (lien direct) | Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code. The vulnerability […] | Vulnerability | ||
|
2021-12-26 06:34:58 | \'Spider-Man: No Way Home\' used to spread a cryptominer (lien direct) | Threat actors attempted to take advantage of the interest in the new ‘ Spider-Man: No Way Home’ movie to spread a Monero Cryptominer. Threat actors are attempting to capitalize the interest in the release of Spider-Man: No Way Home movie and use it as bait to spread a Monero cryptominer. ReasonLabs researchers spotted a Russian torrent website […] | Threat | ||
|
2021-12-25 19:11:34 | New Rook Ransomware borrows code from Babuk (lien direct) | Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. A new ransomware operation named Rook appeared in the threat landscape, it was first reported by researcher Zach Allen and caught the attention of the experts for its blatant announcement that claims a desperate need to […] | Ransomware Threat | ★★★★★ | |
|
2021-12-25 15:11:34 | Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline (lien direct) | A gang behind a recent Dridex Omicron campaign is moking the victims taunting them with a COVID-19 funeral assistance helpline number. Crooks behind a recent Dridex campaign is moking the researchers and victims taunting them with a COVID-19 funeral assistance helpline number The phishing messages use weaponized Word or Excel attachments to install the Dridex […] | |||
|
2021-12-24 14:08:48 | Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues (lien direct) | Experts found serious privacy issues affecting Fisher Price Chatter Bluetooth Telephone, a Bluetooth headset that appears like a classic kids toy. Fisher Price Chatter Bluetooth Telephone has the appearance of a classic kids toy, but it was designed for adults and allows to make and receive calls over Bluetooth using a nearby smartphone. The device […] | |||
|
2021-12-24 10:25:26 | Experts warn of a new stealthy loader tracked as BLISTER (lien direct) | Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […] | Malware | ||
|
2021-12-24 07:00:55 | NVIDIA informs customers of its products affected by Log4j flaws (lien direct) | NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. The company states that the following products are not impacted by the Log4j vulnerabilities: GeForce Experience client software GeForceNOW […] | Vulnerability | ||
|
2021-12-23 19:31:01 | AvosLocker ransomware reboots in Safe Mode and installs tools for remote access (lien direct) | In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions. Sophos experts monitoring AvosLocker ransomware attacks, noticed that the malware is rebooting compromised systems into Windows Safe Mode to disable endpoint security solutions. Running the systems into safe mode will allow the malware to encrypt […] | Ransomware Malware | ||
|
2021-12-23 14:49:49 | Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware (lien direct) | Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to […] | Malware Vulnerability Threat | ||
|
2021-12-23 12:04:54 | Three trivial bugs in Microsoft Teams Software remain unpatched (lien direct) | Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication software that could allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and triggering a […] | |||
|
2021-12-23 09:57:35 | HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems (lien direct) | The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘Hack DHS‘ bug bounty program. Below is the […] | |||
|
2021-12-23 05:36:02 | A flaw in Microsoft Azure App Service exposes customer source code (lien direct) | A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years. Early this month, Microsoft has notified a small group of Azure customers that have been impacted by a recently discovered bug, dubbed NotLegit, that exposed the source code of their Azure web apps since at […] | Vulnerability | ||
|
2021-12-22 22:10:29 | (Déjà vu) CISA releases a scanner to identify web services affected by Apache Log4j flaws (lien direct) | US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. “This repository provides a scanning solution […] | |||
|
2021-12-22 19:16:53 | Ubisoft discloses unauthorized access to \'Just Dance\' user data (lien direct) | Video game company Ubisoft confirmed a security breach that resulted in unauthorized access to ‘Just Dance’ user data. Ubisoft discloses a data breach that resulted in unauthorized access to ‘Just Dance’ user data. The security breach was caused by a misconfiguration, the good news is that the problem has been quickly solved. According to the […] | Data Breach | ||
|
2021-12-22 15:50:25 | PYSA ransomware gang is the most active group in November (lien direct) | PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs. Experts observed a 400% […] | Ransomware Threat | ||
|
2021-12-22 06:47:14 | A new version of the Abcbot bot targets Chinese cloud providers (lien direct) | Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security researchers discovered a new botnet, named Abcbot, that focused on Chinese cloud hosting providers over the past months. The list of targeted providers includes Alibaba Cloud, Baidu, Tencent, and Huawei Cloud. In November, researchers from […] | |||
|
2021-12-21 21:42:48 | (Déjà vu) Russian national extradited to US for trading on stolen Information (lien direct) | A Russian national was extradited to the US from Switzerland after he was charged for trading information stolen from hacked U.S. companies. The Russian national Vladislav Klyushin (41) was extradited to the United States from Switzerland to face charges for his alleged role in a scheme whose participants traded on information stolen from U.S. companies. […] | |||
|
2021-12-21 15:42:09 | Patch these 2 Active Directory flaws to prevent the takeover of Windows domains (lien direct) | Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked […] | Threat | ||
|
2021-12-21 09:46:30 | More than 35,000 Java packages impacted by Log4j flaw, Google warns (lien direct) | Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and […] | |||
|
2021-12-21 08:04:29 | Log4j Vulnerability Aftermath (lien direct) | Uptycs researchers have observed attacks related to miners, DDOS malware and some variants of ransomware actively leveraging LogforShell flaw in log4j. Last week the Log4j vulnerability turned the internet upside down. The impact of the vulnerability is massive and attackers have started taking advantage of the flaw. So far we have observed attacks related to […] | Ransomware Malware Vulnerability | ||
|
2021-12-20 23:39:31 | DarkWatchman RAT uses Windows Registry fileless storage mechanism (lien direct) | DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence. Recently Prevailion experts detected a malicious javascript-based Remote Access Trojan (RAT) dubbed DarkWatchman that uses a robust Domain Generation Algorithm (DGA) to contact the C2 infrastructure and novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities […] | |||
|
2021-12-20 21:25:43 | Nation-state actors are exploiting Zoho zero-day CVE-2021-44515 since October, FBI warns (lien direct) | The FBI warns that zero-day flaw in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since October. The Federal Bureau of Investigation (FBI) revealed that the critical CVE-2021-44515 zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since at least October. The CVE-2021-44515 flaw is an authentication bypass vulnerability in ManageEngine Desktop […] | Vulnerability | ||
|
2021-12-20 15:49:43 | Belgian defense ministry hit by cyberattack exploiting Log4Shell bug (lien direct) | The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability. The attack was uncovered on Thursday and today the government disclosed it, but according to local […] | Threat | ||
|
2021-12-20 15:20:58 | Alleged APT implanted a backdoor in the network of a US federal agency (lien direct) | An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights. Experts spotted a backdoor in the network of an unnamed U.S. federal government commission associated with international rights. The backdoor allowed the threat actors to achieve complete control over the infected networks, experts described the […] | Threat | ||
|
2021-12-20 07:41:21 | A new attack vector exploits the Log4Shell vulnerability on servers locally (lien direct) | Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. Researchers from cybersecurity firm Blumira devised a new attack vector that relies on a Javascript WebSocket connection to exploit the Log4Shell vulnerability on internal and locally exposed unpatched Log4j applications. Experts pointed out that this […] | Vulnerability | ||
|
2021-12-19 19:07:55 | Clop ransomware gang is leaking confidential data from the UK police (lien direct) | Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom Clop ransomware operators have stolen confidential information held by some British police, according to the media the cybercriminal gang targeted the IT firm Dacoll. According to the media, the cybercriminals […] | Ransomware | ||
|
2021-12-19 15:13:00 | Security Affairs newsletter Round 345 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks Western Digital customers have to […] | Ransomware | ||
|
2021-12-18 19:14:28 | (Déjà vu) Western Digital customers have to update their My Cloud devices to latest firmware version (lien direct) | My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Western Digital is urging customers to update their WD My Cloud devices to the latest firmware version to continues receiving security updates on My Cloud OS firmware that is reaching […] | |||
|
2021-12-18 15:20:12 | Apache releases the third patch to address a new Log4j flaw (lien direct) | Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library a third security vulnerability made the headlines. […] | Vulnerability Threat | ||
|
2021-12-18 09:16:02 | 1.8 Million customers of four sports gear sites impacted by credit cards breach (lien direct) | A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224 customers. Threat actors have stolen credit cards belonging to 1,813,224 customers of four affiliated online sports gear sites. Below are the affected websites: Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear Running Warehouse LLC (runningwarehouse.com) – Running apparel […] | Threat | ||
|
2021-12-17 21:44:50 | Conti ransomware gang exploits Log4Shell bug in its operations (lien direct) | The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected. Conti operators run a private Ransomware-as-a-Service (RaaS), […] | Ransomware | ||
|
2021-12-17 15:11:48 | (Déjà vu) VMware fixes critical SSRF flaw in Workspace ONE UEM Console (lien direct) | VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed a critical server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in the Workspace ONE UEM console. An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. An […] | Vulnerability | ||
|
2021-12-17 11:47:21 | Phorpiex botnet is back, in 2021 it $500K worth of crypto assets (lien direct) | Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half a million dollars. Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in […] | Spam Threat | ||
|
2021-12-17 07:38:21 | PseudoManuscrypt, a mysterious massive cyber espionage campaign (lien direct) | Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations worldwide have been hit by the PseudoManuscrypt spyware. The name PseudoManuscrypt comes from the similarities with the Manuscrypt malware used by the North Korea-linked […] | |||
|
2021-12-16 19:07:10 | (Déjà vu) Flaws in Lenovo laptops allow escalating to admin privileges (lien direct) | The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues that resides in the ImControllerService service allowing attackers to execute commands with admin privileges. The vulnerabilities, tracked as CVE-2021-3922 and CVE-2021-3969, […] | |||
|
2021-12-16 14:25:28 | While attackers begin exploiting a second Log4j flaw, a third one emerges (lien direct) | Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects […] | Threat | ||
|
2021-12-16 12:24:16 | Multiple Nation-State actors are exploiting Log4Shell flaw (lien direct) | Nation-state actors from China, Iran, North Korea, and Turkey are attempting to exploit the Log4Shell vulnerability to in attacks in the wild. Microsoft researchers reported that Nation-state actors from China, Iran, North Korea, and Turkey are now abusing the Log4Shell (CVE-2021-44228) in the Log4J library in their campaigns. Some of the groups exploiting the vulnerability are China-linked Hafnium and […] | Vulnerability | ||
|
2021-12-16 07:24:07 | (Déjà vu) Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials (lien direct) | Threat actors are using a malicious Internet Information Services (IIS) Server module, dubbed Owowa, to steal Microsoft Exchange credentials. Kaspersky researchers spotted malicious actors while deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers to steal credentials and for remote code execution. “Owowa […] | |||
|
2021-12-15 20:16:53 | FBI\'s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine (lien direct) | While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware gang operates out of Ukraine. The investigation conducted by FBI on a recent data breach suffered by an Oregon healthcare organization lead to the accidental revelation that the FBI believes that the HelloKitty ransomware gang […] | Ransomware Data Breach Guideline | ||
|
2021-12-15 15:08:17 | Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day (lien direct) | Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, […] | |||
|
2021-12-15 12:14:56 | Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia (lien direct) | Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. Iran-linked APT group Seedworm (aka MERCURY, MuddyWater, TEMP.Zagros, or Static Kitten) is behind a new cyberespionage campaign targeting telecommunication and IT service providers in the Middle East and Asia, Symantec warns. The Seedworm has been active since at least […] | |||
|
2021-12-15 07:35:47 | (Déjà vu) DHS announces its \'Hack DHS\' bug bounty program (lien direct) | The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed ‘Hack DHS’ that allows vetted white hat hackers to discover and report security vulnerabilities in external DHS systems. “As the federal […] | |||
|
2021-12-14 22:31:41 | Adobe addresses over 60 vulnerabilities in multiple products (lien direct) | Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks. The […] | Threat | ||
|
2021-12-14 20:57:03 | Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems (lien direct) | Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw […] | Ransomware Vulnerability Threat | ||
|
2021-12-14 15:54:23 | US CISA orders federal agencies to fix Log4Shell by December 24th (lien direct) | US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems. The CVE-2021-44228 flaw […] | Vulnerability Threat | ||
|
2021-12-14 08:11:54 | Google fixed the 17th zero-day in Chrome since the start of the year (lien direct) | Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild. The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution […] | Guideline | ||
|
2021-12-14 07:39:26 | TinyNuke banking malware targets French organizations (lien direct) | The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and […] | Malware |
To see everything:
Our RSS (filtrered)
