What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-13 20:30:55 | (Déjà vu) Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation (lien direct) | Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords […] | |||
|
2021-12-13 13:44:16 | CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. Below is the list of new vulnerabilities added […] | ★★★ | ||
|
2021-12-13 09:44:17 | Log4Shell was in the wild at least nine days before public disclosure (lien direct) | Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in […] | Vulnerability | ||
|
2021-12-13 07:36:38 | Two Linux botnets already exploit Log4Shell flaw in Log4j (lien direct) | Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and […] | Threat | ||
|
2021-12-12 20:27:18 | Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw (lien direct) | Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw (CVE-2021-44228) in the Apache Log4j Java-based logging library. On Friday, 10, 2021, Chinese […] | |||
|
2021-12-12 16:42:06 | Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection (lien direct) | A United States court has sentenced to four years in prison for the Russian citizen Oleg Koshkin for his role in Kelihos Botnet development. Oleg Koshkin (41) has been sentenced to 48 months in prison for one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse. Russian […] | |||
|
2021-12-12 14:19:16 | A phishing campaign targets clients of German banks using QR codes (lien direct) | Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. The messages used in a campaign recently discovered by cybersecurity firm Cofense use QR codes […] | Threat | ||
|
2021-12-12 10:33:38 | Security Affairs newsletter Round 344 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks New 'Karakurt' cybercrime […] | |||
|
2021-12-11 22:37:37 | (Déjà vu) Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks (lien direct) | Vulnerabilities in the Western Digital SanDisk SecureAccess can be exploited to access user data through brute force and dictionary attacks. Western Digital has released updates for its SanDisk SecureAccess software to fix multiple vulnerabilities that can be exploited to access user data by carrying out brute force and dictionary attacks. The SanDisk SecureAccess software, now […] | |||
|
2021-12-11 16:10:11 | New \'Karakurt\' cybercrime gang focuses on data theft and extortion (lien direct) | Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. Accenture researchers detailed the activity of a sophisticated financially motivated threat actor called Karakurt. The activity of the group was first spotted in June 2021, but the group has been more active in Q3 2021. In June 2021 the […] | Threat | ||
|
2021-12-11 10:05:25 | Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE (lien direct) | Cybereason researchers released a “vaccine” that mitigates the critical ‘Log4Shell’ Apache Log4j code execution vulnerability. Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. p0rz9 revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false. The Log4j is widely […] | ★★★ | ||
|
2021-12-10 22:19:58 | Volvo Cars suffers a data breach. Is it a ransomware attack? (lien direct) | Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become […] | Ransomware Threat | ||
|
2021-12-10 19:21:54 | Australian ACSC warns of Conti ransomware attacks against local orgs (lien direct) | The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November. “The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and […] | Ransomware | ||
|
2021-12-10 15:18:29 | A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants (lien direct) | Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed […] | Vulnerability | ||
|
2021-12-10 11:42:56 | 1.6 million WordPress sites targeted in the last couple of days (lien direct) | Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million WordPress sites from 16,000 IPs. “Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks […] | Threat | ||
|
2021-12-10 08:05:50 | BlackCat ransomware, a very sophisticated malware written in Rust (lien direct) | BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language In the past, other two ransomware were written in Rust for research purposes, one of them […] | Ransomware Malware | ||
|
2021-12-09 21:19:03 | Dark Mirai botnet spreads targeting RCE on TP-Link routers (lien direct) | A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to […] | Vulnerability | ||
|
2021-12-09 19:12:44 | (Déjà vu) Mozilla fixed high-severity bugs in Firefox and Thunderbird mail client (lien direct) | Mozilla released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities. Mozilla released security updates to address multiple vulnerabilities in the Firefox browser and Thunderbird mail client. The company addressed 13 vulnerabilities in the Firefox browser with the release of Firefox 95, including six high-severity flaws. The most severe of […] | |||
|
2021-12-09 14:46:15 | Crooks injects e-skimmers in random WordPress plugins of e-stores (lien direct) | Threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites, Sucuri researchers warn. Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. The holidays season is the period when online scammers and threat actors intensify their operations. Sucuri researchers have spotted a […] | Threat | ||
|
2021-12-09 10:49:06 | Tens of malicious NPM packages caught hijacking Discord servers (lien direct) | Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to […] | |||
|
2021-12-09 07:47:06 | (Déjà vu) Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products (lien direct) | Moobot is a Mirai-based botnet that is leveraging a critical command injection vulnerability in the webserver of some Hikvision products. The Mirai-based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260, in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers […] | Vulnerability | ||
|
2021-12-09 00:01:48 | Microsoft Vancouver leaking website credentials via overlooked DS_STORE file (lien direct) | CyberNews researchers discovered a Desktop Services Store (DS_STORE) file left on a publicly accessible web server that belongs to Microsoft Vancouver. Original post @ https://cybernews.com/security/microsoft-vancouver-leaking-website-credentials-via-overlooked-ds-store-file/ The metadata stored on the file led the researchers to several WordPress database dumps, which contained multiple administrator usernames and email addresses, as well as the hashed password for the […] | |||
|
2021-12-08 20:08:22 | SonicWall strongly urges customers to apply patches to SMA 100 devices (lien direct) | SonicWall strongly urges customers using SMA 100 series appliances to install security patches that address multiple security flaws, some of them rated as critical. Security vendor SonicWall urges customers using SMA 100 series appliances to apply security patches that address multiple security vulnerabilities, some of which have been rated as critical. “SonicWall has verified and […] | |||
|
2021-12-08 15:54:33 | CS Energy foiled a ransomware attack (lien direct) | A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers. A ransomware cyberattack hit a major energy network operated by CS Energy, that attack could have had dramatic consequences leaving millions of homes without energy. The attack took place on Saturday, November 27, experts believe […] | Ransomware | ||
|
2021-12-08 06:28:06 | Emotet directly drops Cobalt Strike beacons without intermediate Trojans (lien direct) | The Emotet malware continues to evolve, in the latest attacks, it directly installs Cobalt Strike beacons to give the attackers access to the target network. Emotet malware now directly installs Cobalt Strike beacons to give the attackers immediate access to the target network and allow them to carry out malicious activities, such as launching ransonware […] | Malware | ||
|
2021-12-07 22:55:12 | Google disrupts the Glupteba botnet (lien direct) | Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide. Google announced to have taken down the infrastructure operated by the Glupteba, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been active since […] | |||
|
2021-12-07 15:28:27 | Bitcoin Miner [oom_reaper] targets QNAP NAS devices (lien direct) | Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Upon compromising the devices, the miner will create a new process named [oom_reaper] that allows threat actors to mine Bitcoin The above process could occupy […] | Threat Cloud | APT 37 | |
|
2021-12-07 10:09:54 | Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group (lien direct) | Microsoft seized dozens of malicious domains used by the China-linked APT15 group to target organizations worldwide. Microsoft announced to have obtained a court warrant that allowed it to seize 42 domains used by a China-linked APT15 group (aka Nickel, Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) in recent operations that targeted organizations in the US and 28 other countries. […] | APT 15 APT 25 | ||
|
2021-12-07 07:54:37 | Nobelium continues to target organizations worldwide with custom malware (lien direct) | Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with the Russia-linked Nobelium APT group (aka UNC2452). The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that conducted […] | Malware Threat | APT 29 | |
|
2021-12-06 22:31:02 | Nobelium APT targets French orgs, French ANSSI agency warns (lien direct) | The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. The French national cybersecurity agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) revealed that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. The NOBELIUM APT (APT29, Cozy Bear, and […] | APT 29 | ||
|
2021-12-06 19:40:41 | 330 SPAR stores close or switch to cash-only payments after a cyberattack (lien direct) | A cyber attack hit the international supermarket franchise SPAR forcing 330 shops in North East England to shut down. A cyberattack hit the international supermarket franchise SPAR impacting the operations at 330 shops in North East England. Many stores were forced to close or switch to cash-only payments after the attack. SPAR operates 13,320 stores […] | |||
|
2021-12-06 15:55:12 | DMEA Colorado electric utility hit by a disruptive cyberattack (lien direct) | A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a local electric cooperative located in Colorado, it is part of Touchstone Energy Cooperatives. The company has discovered a security breach on November 7, the attack disrupted phone, email, billing, and customer account systems. The […] | Ransomware | ||
|
2021-12-06 11:40:50 | (Déjà vu) Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform (lien direct) | Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart has disclosed a security breach, threat actors stole than $150 million in various cryptocurrencies. “We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot […] | Threat | ★★★★ | |
|
2021-12-06 08:54:05 | Hackers are sending receipts with anti-work messages to businesses\' printers (lien direct) | Hackers are targeting printers of businesses around the world to print 'anti-work' slogans pushing workers to demand better pay. Multiple employees are sharing on Twitter and Reddit the images of anti-work messages sent to the printers of their organizations. The messages encourage workers to protect their rights and discuss their pay with coworkers and demand […] | |||
|
2021-12-06 07:25:04 | Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers (lien direct) | Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and a malicious Chrome extension. Talos researchers spotted a series of malvertising campaigns using fake installers of popular apps and games as a lure to trick users into downloading a new backdoor and an undocumented malicious […] | |||
|
2021-12-05 13:05:32 | Security Affairs newsletter Round 343 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users German BSI agency […] | |||
|
2021-12-05 12:30:23 | Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users (lien direct) | Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine Wi-Fi routers from known manufacturers (Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys). Millions of users are potentially impacted […] | |||
|
2021-12-05 10:18:37 | German BSI agency warns of ransomware attacks over Christmas holidays (lien direct) | German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange servers. The German cybersecurity authority BSI warns of ransomware attacks over the Christmas holidays, fearing the return of the Emotet botnet return. During this period offices are often closed and employees are at home, for […] | Ransomware | ||
|
2021-12-04 18:23:48 | Cuba ransomware gang hacked 49 US critical infrastructure organizations (lien direct) | The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that […] | Ransomware | ||
|
2021-12-04 07:33:27 | (Déjà vu) CISA warns of vulnerabilities in Hitachi Energy products (lien direct) | CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products. CISA's advisories are related to RTU500 series bidirectional communication interface, Relion protection and control […] | |||
|
2021-12-03 21:17:49 | NSO Group spyware used to compromise iPhones of 9 US State Dept officials (lien direct) | Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware. The iPhones of at least nine US state department officials were compromised with the NSO Group’s spyware Pegasus. The US officials targeted by the surveillance software were either based in Uganda or focused […] | |||
|
2021-12-03 15:33:50 | KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays (lien direct) | Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor users. A mysterious threat actor, tracked as KAX17, has run thousands of malicious Tor relay servers since 2017 in an attempt to deanonymize Tor users. KAX17 ran relay servers in various positions within the Tor […] | Threat | ||
|
2021-12-03 12:16:46 | Threat actors stole $120 M in crypto from BadgerDAO DeFi platform (lien direct) | Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto funds, blockchain security firm PeckShield reported. Most of the stolen funds, over $117 million, were Bitcoin, while the rest of […] | Threat | ||
|
2021-12-03 08:45:35 | Watch out for Omicron COVID-19-themed phishing messages! (lien direct) | Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks. People are interested in the spreading of the new variant, […] | |||
|
2021-12-02 20:17:35 | CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues (lien direct) | U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of actively exploited vulnerabilities recommending federal agencies to address the flaws in Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software within specific timeframes and deadlines. CISA also warns of […] | |||
|
2021-12-02 17:38:57 | Russian internet watchdog Roskomnadzor bans six more VPN services (lien direct) | Russia's internet watchdog, 'Roskomnadzor', has announced the ban of other VPN products, 15 VPN services are now illegal in Russia Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. The latest banned services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel. The total number of […] | |||
|
2021-12-02 16:18:21 | NginRAT – A stealth malware targets e-store hiding on Nginx servers (lien direct) | Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. CronRAT is employed in Magecart attacks against online stores […] | Malware | ||
|
2021-12-02 09:46:22 | Europol arrested 1800 money mules as part of an anti-money-laundering operation (lien direct) | Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. Europol has identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. The operation is the result of a joint effort of 27 countries, Eurojust, INTERPOL, […] | |||
|
2021-12-02 05:26:59 | (Déjà vu) Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library (lien direct) | Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and […] | Vulnerability | ||
|
2021-12-01 19:37:44 | VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs) (lien direct) | VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs). A collection is a live report that includes IoCs associated with a specific threat and it is available for […] | Threat |
To see everything:
Our RSS (filtrered)
