What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-01 15:11:40 | (Déjà vu) New RTF Template Inject technique used by APT groups in recent attacks (lien direct) | Nation-state actors from China, India, and Russia, were spotted using a novel RTF template injection technique in recent attacks. APT groups from China, India, and Russia have used a new RTF (rich text format) template injection technique in recent phishing attacks. The technique was first reported by the security firm Proofpoint spotted which observed phishing […] | |||
|
2021-12-01 09:57:14 | FBI training document shows lawful access to multiple encrypted messaging apps (lien direct) | Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The document analyzes lawful access to multiple encrypted messaging […] | |||
|
2021-12-01 07:25:52 | Sabbath Ransomware target critical infrastructure in the US and Canada (lien direct) | Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and […] | Ransomware Threat | ||
|
2021-11-30 21:24:34 | Play the Opera Please – Opera patches a flaw in their turbo servers (lien direct) | Opera released a mini patch for a vulnerability in their turbo servers that dates back to 2018. Prior approval are taken from Opera security team before disclosing this issue! Before we get started there are few things which we need to understand such as, Value added service (VAS): Value added services (VAS) is a popular telecommunications […] | Vulnerability | ||
|
2021-11-30 19:09:05 | New EwDoor Botnet is targeting AT&T customers (lien direct) | 360 Netlab experts spotted a new botnet dubbed EwDoor that infects unpatched AT&T enterprise network edge devices. Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor, that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. The attackers are targeting Edgewater Networks’ […] | |||
|
2021-11-30 15:44:48 | Critical Printing Shellz flaws impact 150 HP multifunction printer models (lien direct) | Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked as Printing Shellz, that impact approximately 150 multifunction printer models. The vulnerabilities can be exploited by attackers to take control of vulnerable devices and steal sensitive information, […] | Vulnerability | ||
|
2021-11-30 13:57:00 | WIRTE APT group targets the Middle East since at least 2019 (lien direct) | A threat actor named WIRTE targets government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East. Cybersecurity researchers from Kaspersky have detailed the activity of a threat actor named WIRTE that is targeting government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East since early 2019. The activity of […] | Threat | ||
|
2021-11-30 07:44:25 | 4 Android banking trojans were spread via Google Play infecting 300.000+ devices (lien direct) | Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official Google Play Store between August and November 2021. According to the experts, the malware infected more than 300,000 devices through […] | Malware | ||
|
2021-11-29 22:53:05 | Google experts found 2 flaws in video conferencing software Zoom (lien direct) | Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android. The issues […] | |||
|
2021-11-29 21:36:16 | Panasonic confirmed that its network was illegally accessed by attackers (lien direct) | Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company containing sensitive data. The company discovered the intrusion on November 11 and immediately launched an investigation, which is still […] | Threat | ||
|
2021-11-29 15:18:23 | Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server (lien direct) | Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers. The CVE-2021-40438 flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor […] | Threat | ||
|
2021-11-29 13:17:41 | Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition (lien direct) | Biopharmaceutical company Supernus Pharmaceuticals discloses a ransomware attack, the Hive ransomware claims to have stolen company data. Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware attack that hit the firm last in Mid-November. The Company states that the security breach did not impact its operations, it notified […] | Ransomware Data Breach | ||
|
2021-11-29 08:33:22 | Israel cut cyber export list, excluding totalitarian regimes (lien direct) | Israel’s Ministry of Defense bans the sale of surveillance software and offensive hacking tools to tens of countries. Israel’s Ministry of Defense has cut the list of countries to which Israeli surveillance and cybersecurity firms could sell their products and services. 65 countries have been excluded from the export list, which now includes only 37 […] | |||
|
2021-11-28 23:21:06 | French court indicted Nexa Technologies for complicity in acts of torture (lien direct) | Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt. Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions. Now the French company was accused of having sold surveillance software to the Egyptian regime. The cybersurveillance equipment was […] | |||
|
2021-11-28 15:25:28 | RATDispenser, a new stealthy JavaScript loader used to distribute RATs (lien direct) | RATDispenser is a new stealthy JavaScript loader that is being used to spread multiple remote access trojans (RATs) into the wild. Researchers from the HP Threat Research team have discovered a new stealthy JavaScript loader dubbed RATDispenser that is being used to spread a variety of remote access trojans (RATs) in attacks into the wild. Experts […] | Threat | ||
|
2021-11-28 12:11:54 | North Korea-linked Zinc group posed as Samsung recruiters to target security firms (lien direct) | North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. According to the Google Threat Horizons report, the state-sponsored […] | Threat | APT 38 | |
|
2021-11-28 10:55:03 | 0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day (lien direct) | 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. The issue doesn’t impact Windows Servers because the vulnerable functionality in not implemented in these OSs. The […] | |||
|
2021-11-28 10:38:02 | Security Affairs newsletter Round 342 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Italy's Antitrust Agency fines Apple and Google for aggressive practices of data acquisition HAEICHI-II: […] | |||
|
2021-11-27 16:32:02 | (Déjà vu) Italy\'s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition (lien direct) | Italy’s antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices. Italy’s antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices and the lack of transparency on the use of […] | |||
|
2021-11-27 12:08:48 | (Déjà vu) HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes (lien direct) | HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. Interpol has coordinated an international operation, code-named Operation HAEICHI-II, that led to the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. The INTERPOL published […] | |||
|
2021-11-27 10:41:47 | IKEA hit by a cyber attack that uses stolen internal reply-chain emails (lien direct) | Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. Once compromised the mail servers, threat actors use the access to reply to the company's internal emails in reply-chain attacks. Sending the messages from […] | Threat | ||
|
2021-11-26 22:53:26 | Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware (lien direct) | Marine services provider Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that resulted in the theft of company data. Clop ransomware hit Marine services provider Swire Pacific Offshore (SPO) and stole company data, but did not affected global operations. “Swire Pacific Offshore (SPO) has discovered that it was the target of a cyberattack […] | Ransomware | ||
|
2021-11-26 15:50:31 | Threat actors target crypto and NFT communities with Babadeda crypter (lien direct) | Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. Threat actors are attempting to exploit the booming market for NFTs and crypto games. Babadeda is able to bypass antivirus solutions. […] | Malware Threat | ||
|
2021-11-26 14:39:52 | Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices (lien direct) | Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises. The identified vulnerability […] | Vulnerability | ||
|
2021-11-26 07:07:43 | APT C-23 group targets Middle East with an enhanced Android spyware variant (lien direct) | A threat actor, tracked as APT C-23, is using new powerful Android spyware in attacks aimed at targets in the Middle East. The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e. AndroidUpdate,, Telegram). The […] | Threat | ||
|
2021-11-25 22:07:09 | New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks (lien direct) | Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, […] | Malware Threat | ||
|
2021-11-25 15:01:27 | (Déjà vu) Several GoDaddy brands impacted in recent data breach (lien direct) | Recently disclosed data breach impacted several of its brands, including Domain Factory, Heart Internet, Host Europe, Media Temple, tsoHost and 123Reg. Recently GoDaddy has disclosed a data breach that impacted up to 1.2 million of its customers, threat actors breached the company's Managed WordPress hosting environment. Threat actors compromised the company network since at least […] | Data Breach Threat | ||
|
2021-11-25 12:32:42 | Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials (lien direct) | An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML Remote Code Execution (RCE) flaw in attacks aimed at Farsi-speaking victims. The exploit is used to install a PowerShell […] | Threat | ||
|
2021-11-25 07:20:46 | FBI warns of crooks targeting online shoppers during the holiday season (lien direct) | The Federal Bureau of Investigation (FBI) warns of cybercriminals targeting online shoppers during the holiday season. The FBI warns of cyber criminals targeting online shoppers during the holiday season. In this period netizens hope to take advantage of online bargains and are more active online, for this reason they are more exposed to the risk […] | |||
|
2021-11-24 20:17:38 | VMware addresses File Read and SSRF flaws in vCenter Server (lien direct) | VMware addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities in its vCenter Server product. VMware this week addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities affecting its vCenter Server product. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent […] | |||
|
2021-11-24 15:32:42 | A vulnerable honeypot exposed online can be compromised in 24 hours (lien direct) | Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours. Researchers from Palo Alto Networks deployed a honeypot infrastructure of 320 nodes to analyze how three actors target exposed services in public clouds. The company set up the honeypots between July 2021 and August 2021 to […] | |||
|
2021-11-24 10:15:09 | Apple sues NSO Group for abusing state-sponsored Pegasus spyware (lien direct) | Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus. According to the lawsuit, NSO […] | |||
|
2021-11-24 08:12:59 | Expert discloses details of flaws in Oracle VirtualBox (lien direct) | A vulnerability in Oracle VM VirtualBox could be potentially exploited to compromise the hypervisor and trigger a denial-of-service (DoS) condition. A vulnerability in Oracle VM VirtualBox, tracked as CVE-2021-2442, could be potentially exploited to compromise the hypervisor and trigger a DoS condition. The vulnerability was discovered by Max Van Amerongen from SentinelLabs, it received a CVSS […] | Vulnerability | ||
|
2021-11-23 22:13:25 | Malware are already attempting to exploit new Windows Installer zero-day (lien direct) | Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a […] | Malware | ||
|
2021-11-23 20:54:17 | Android.Cynos.7.origin trojan infected +9 million Android devices (lien direct) | Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e. simulators, platformers, arcades, strategies, and shooters) that were containing the Android.Cynos.7.origin trojan. They estimated that the malicious apps were installed on at least 9.300.00 Android devices. Experts state that some of these games […] | |||
|
2021-11-23 19:09:10 | Experts warn of RCE flaw in Imunify360 security platform (lien direct) | A flaw in CloudLinux's Imunify360 security product could have been exploited by an attacker for remote code execution. Cisco's Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux's Imunify360 security product. Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers. The […] | |||
|
2021-11-23 17:14:39 | Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug (lien direct) | A researcher has released a proof-of-concept exploit code for an actively exploited vulnerability affecting Microsoft Exchange servers. The researcher Janggggg has published on Sunday a proof-of-concept exploit code for an actively exploited vulnerability, tracked as CVE-2021-42321, in Microsoft Exchange servers. The CVE-2021-42321 is a high-severity remote code execution issue that occurs due to improper validation of […] | Vulnerability | ||
|
2021-11-23 15:28:09 | (Déjà vu) Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue (lien direct) | A researcher publicly disclosed an exploit for a new Windows zero-day local privilege elevation that can allow gaining admin privileges. A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that can be exploited by threat actors to achieve admin privileges in Windows 10, Windows 11, and Windows […] | Vulnerability Threat | ||
|
2021-11-23 07:20:10 | US govt warns critical infrastructure of ransomware attacks during holidays (lien direct) | US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure partners of ransomware attacks during the holiday season. During this period offices are often closed and employees are at home, […] | Ransomware | ||
|
2021-11-22 20:49:37 | New GoDaddy data breach impacted 1.2 million customers (lien direct) | GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment. Threat actors compromised the company network since at least September 6, 2021, but the security […] | Data Breach Threat | ||
|
2021-11-22 14:56:25 | Utah Imaging Associates data breach impacts 583,643 patients (lien direct) | Utah-based radiology medical center Utah Imaging Associates discloses a data breach that impacted 583,643 former and current patients. Utah Imaging Associates (UIA) discloses a security breach, on September 4, 2021 the company claims to have detected and blocked a cyber attack. The healthcare provider promptly secured its infrastructure with the help of a specialized third-party […] | Data Breach | ||
|
2021-11-22 11:49:32 | Iran\'s Mahan Air claims it has failed a cyber attack, hackers say the opposite (lien direct) | Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack. Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media reported. The airliner’s flight schedule was not affected by the cyberattack. “Our international and domestic flights are […] | |||
|
2021-11-22 10:04:00 | New Memento ransomware uses password-protected WinRAR archives to block access to the files (lien direct) | Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims' files. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version […] | Ransomware | ||
|
2021-11-22 06:27:58 | US SEC warns investors of ongoing fraudulent communications claiming from the SEC (lien direct) | The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent schemes. According to the alert issued by the SEC’s Office of Investor Education and Advocacy (OIEA), crooks are contacting investors via phone […] | |||
|
2021-11-21 18:52:13 | Experts found 11 malicious Python packages in the PyPI repository (lien direct) | Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks. Below is the list of malicious […] | |||
|
2021-11-21 15:01:49 | Researchers were able to access the payment portal of the Conti gang (lien direct) | The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it. Researchers at security firm Prodaft were able to identify the real IP address of one of the servers used by the Conti ransomware group and access the console for more than a month. The exposed […] | Ransomware Data Breach | ★★★★ | |
|
2021-11-21 11:12:37 | Attackers compromise Microsoft Exchange servers to hijack internal email chains (lien direct) | A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails to avoid detection. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick […] | Malware | ||
|
2021-11-20 23:41:42 | Security Affairs newsletter Round 341 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours Study reveals […] | |||
|
2021-11-20 22:43:07 | U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours (lien direct) | U.S. banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. U.S. banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of […] | |||
|
2021-11-20 15:07:53 | Study reveals top 200 most common passwords (lien direct) | The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords. The list of passwords was […] |
To see everything:
Our RSS (filtrered)
