What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-20 12:23:20 | The newer cybercrime triad: TrickBot-Emotet-Conti (lien direct) | Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. This operation was […] | Ransomware | ||
|
2021-11-20 00:54:57 | Tor Project calls to bring more than 200 obfs4 bridges online by December (lien direct) | The Tor Project offers rewards to users who will set up a Tor server after observing a significant drop in the number of Tor relays and Tor bridges. Bridges are private Tor relays that allow users to circumvent censorship, their role is essential in countries, that block Tor connections such as China, Belarus, Iran, and Kazakhstan. […] | |||
|
2021-11-19 22:47:28 | Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping (lien direct) | A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American individual. The news of the arrest was disclosed by the Hamilton Police […] | |||
|
2021-11-19 20:14:34 | California Pizza Kitchen discloses a data breach (lien direct) | American pizza chain California Pizza Kitchen (CPK) suffered a data breach that might have exposed personal information of its employees. American pizza chain California Pizza Kitchen (CPK) suffered a data breach, the company has already notified employees whose personal information might have been exposed. According to a data breach notification sent to the impacted employees, […] | Data Breach | ||
|
2021-11-19 15:14:40 | North Korea-linked TA406 cyberespionage group activity in 2021 (lien direct) | North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint revealed that the North Korea-linked TA406 APT group (Kimsuky, Thallium, and Konni, Black Banshee, Velvet Chollima) has intensified its operations in 2021. The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. At the end of October […] | Cloud | APT 37 | |
|
2021-11-19 11:01:30 | Conti ransomware operations made at least $25.5 million since July 2021 (lien direct) | Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since […] | Ransomware | ||
|
2021-11-19 07:57:46 | Android banking Trojan BrazKing is back with significant evasion improvements (lien direct) | The BrazKing Android banking trojan is back with significant improvements and dynamic banking overlays to avoid detection. Researchers from IBM spotted a new version of the BrazKing Android banking trojan that pull fake overlay screens from the command and control (C2) server in real-time. In the previous version, BrazKing abused the accessibility service to detect which app […] | |||
|
2021-11-18 23:16:32 | Microsoft addresses a high-severity vulnerability in Azure AD (lien direct) | Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. Microsoft has recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. “An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service […] | Vulnerability | ||
|
2021-11-18 20:43:46 | Attackers deploy Linux backdoor on e-stores compromised with software skimmer (lien direct) | Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores. Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation into the compromised of an e-commerce server with a software skimmer. The attackers initially conducted a reconnaissance phase by probing the […] | Threat | ||
|
2021-11-18 15:34:38 | Zero-Day flaw in FatPipe products actively exploited, FBI warns (lien direct) | The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least May 2021. FatPipe Software-Defined Wide Area Networking (SD-WAN) products provide solutions for an easy migration to Hybrid WAN. FatPipe delivers companies the ability to centrally manage their wide area network, manage branch office configurations, and deploy […] | Vulnerability | ||
|
2021-11-18 10:21:06 | Phishing campaign targets Tiktok influencer accounts (lien direct) | Threat actors have launched a phishing campaign targeting more than 125 TikTok 'Influencer' accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok 'Influencer' accounts. The original phishing email used a TikTok copyright violation notice lure, the messages instructed the victims responding to […] | |||
|
2021-11-18 08:55:10 | US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws (lien direct) | U.S., U.K. and Australia warn that Iran-linked APT groups exploiting Fortinet and Microsoft Exchange flaws to target critical infrastructure. A joint advisory released by government agencies (the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom's National Cyber Security Centre (NCSC)) in the U.S., U.K., and […] | |||
|
2021-11-17 21:35:31 | Netgear fixes code execution flaw in many SOHO devices (lien direct) | Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication buffer overflow issue in its small office/home office (SOHO) devices that can be exploited by an attacker on the local area network (LAN) to execute code remotely with root privileges. The flaw, tracked as CVE-2021-34991 […] | |||
|
2021-11-17 20:27:42 | (Déjà vu) CISA releases incident response plans for federal agencies (lien direct) | CISA released the Federal Government Cybersecurity Incident Response Playbooks for the federal civilian executive branch agencies. The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans for federal civilian executive branch (FCEB) agencies (” Federal Government Cybersecurity Incident and Vulnerability Response Playbooks“). The documents aim at developing a standard set of operational procedures […] | Vulnerability | ||
|
2021-11-17 14:15:10 | The rise of millionaire zero-day exploit markets (lien direct) | Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting […] | Threat | ||
|
2021-11-17 10:08:43 | Iran-linked APT groups continue to evolve (lien direct) | The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors. The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Over the past 12 months, MSTIC experts observed increasingly sophisticated attacks orchestrated […] | Threat | ||
|
2021-11-17 01:00:31 | Mandiant links Ghostwriter operations to Belarus (lien direct) | Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by […] | Threat | ||
|
2021-11-16 22:23:37 | GitHub addressed two major vulnerabilities in the NPM package manager (lien direct) | Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization. The flaw was reported by […] | Vulnerability | ||
|
2021-11-16 14:58:56 | Adult cam site StripChat exposes the data of millions of users and cam models (lien direct) | The popular adult cam site StripChat has suffered a security breach, the personal data of millions of users and adult models leaked online. The popular adult cam site StripChat has suffered a security breach that resulted in the leak of the personal data of millions of users and adult models. The security breach was discovered […] | |||
|
2021-11-16 09:17:14 | Intel addresses 2 high-severity issues in BIOS firmware of several processors (lien direct) | Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several processor families, both vulnerabilities have received a CVSS v3 score of 8.2. The vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, were discovered by researchers at […] | |||
|
2021-11-16 07:37:04 | SharkBot, a new Android Trojan targets banks in Europe (lien direct) | Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers. […] | |||
|
2021-11-15 22:33:11 | Operation Reacharound – Emotet malware is back (lien direct) | The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. […] | Malware | ||
|
2021-11-15 20:36:32 | Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date (lien direct) | Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which […] | |||
|
2021-11-15 15:34:25 | North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro (lien direct) | North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software. Threat actors bundled the IDA Pro 7.5 […] | Threat | APT 38 APT 28 | |
|
2021-11-15 14:37:21 | (Déjà vu) Microsoft rolled out emergency updates to fix Windows Server auth failures (lien direct) | Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. Microsoft has released out-of-band updates to fix authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running Windows Server. These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 […] | |||
|
2021-11-15 11:46:04 | Happy 10th Birthday, Security Affairs (lien direct) | Ten years together! I’m very excited. I launched Security Affairs for passion in 2011 and millions of readers walked with me. Thanks Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. Over the past decade, […] | |||
|
2021-11-15 10:50:56 | QAKBOT Trojan returns using Squirrelwaffle as a dropper (lien direct) | Experts warn of a surge in infections of the QBot (aka Quakbot) banking trojan which seems to be associated with the rise of Squirrelwaffle. Researchers warn of a new wave of QBot (aka Qakbot) banking trojan infections that appears to be associated with the rise of Squirrelwaffle. “Toward the end of September 2021, we noted […] | |||
|
2021-11-15 07:52:03 | Two Sony PS5 exploits disclosed the same day (lien direct) | Threat actors stole PS5 root keys using kernel exploits demonstrating the need to improve the security of the popular gaming console. Threat actors stole Sony PS5 root keys from the popular gaming console using two exploits for kernel vulnerabilities. The two exploits weren’t disclosed to the company, the hackers published both exploits on Twitter on […] | Threat | ||
|
2021-11-15 01:04:21 | ENISA – The need for Incident Response Capabilities in the health sector (lien direct) | ENISA analyzed the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. An attack […] | |||
|
2021-11-14 17:44:17 | FTC shares guidance for small businesses to prevent ransomware attacks (lien direct) | The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to increase resilience to ransomware attacks. The US Federal Trade Commission (FTC) published guidance for small businesses on how to protect their networks from ransomware attacks. The FTC suggests two steps small businesses can take to bolster their resilience against ransomware […] | Ransomware | ||
|
2021-11-14 09:19:42 | (Déjà vu) Threat Report Portugal: Q3 2021 (lien direct) | The Threat Report Portugal: Q3 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q3, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported by a […] | |||
|
2021-11-14 08:58:44 | Security Affairs newsletter Round 340 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email […] | |||
|
2021-11-13 22:35:26 | Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server (lien direct) | Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their […] | Spam Threat | ||
|
2021-11-13 20:10:38 | GravityRAT returns disguised as an end-to-end encrypted chat app (lien direct) | Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. GravityRAT was first spotted by Cisco Talos researchers in 2017 who speculate it remained under the radar for the at least […] | Threat | ||
|
2021-11-13 13:34:20 | Intel and AMD address high severity vulnerabilities in products and drivers (lien direct) | Chipmakers Intel and AMD addressed several vulnerabilities in their products, including high-risk issues in software drivers. Intel and AMD released patches to address multiple security vulnerabilities in multiple products, including high-severity flaws in software drivers. Intel published 25 advisories impacting Intel Core i5-8305G and i7-8706G processors, and the Intel graphics driver for Windows 10 64-bit for […] | |||
|
2021-11-13 11:14:08 | New evolving Abcbot DDoS botnet targets Linux systems (lien direct) | Qihoo 360’s Netlab detailed a new evolving DDoS botnet called Abcbot with wormable capabilities that targets Linux systems. Researchers from Qihoo 360’s Netlab security team have spotted a new botnet, tracked as Abcbot, that targets Linux systems to launch distributed denial-of-service (DDoS) attacks. The security firm analyzed a total of six versions of the botnet […] | |||
|
2021-11-13 00:06:33 | Retail giant Costco discloses data breach, payment card data exposed (lien direct) | Costco Wholesale Corporation discloses a data breach, threat actors had access to customers’ payment card information. Retail giant Costco Wholesale Corporation notified its customers of a data breach that might have exposed their payment card information. Data was allegedly exposed while customers were shopping at one of its stores. Costco discovered the security breach after […] | Data Breach Threat | ||
|
2021-11-12 22:15:05 | HTML Smuggling technique used in phishing and malspam campaigns (lien direct) | Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded […] | Malware Threat | ||
|
2021-11-12 15:57:25 | macOS Zero-Day exploited in watering hole attacks on users in Hong Kong (lien direct) | Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability […] | Malware Vulnerability Threat | ||
|
2021-11-12 10:11:29 | How we broke the cloud with two lines of code: the full story of ChaosDB (lien direct) | Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft […] | Vulnerability | ||
|
2021-11-12 07:16:27 | BotenaGo botnet targets millions of IoT devices using 33 exploits (lien direct) | Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. Below is the list of exploits used by the bot: Vulnerability Affected devices […] | Vulnerability | ||
|
2021-11-11 18:53:22 | Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months (lien direct) | Threat actors compromised a server managing customer data for a Queensland water supplier and remained undetected for nine months. A served used by the SunWater statutory Queensland (Australia) Government-owned water supplier was compromised and threat actors remained undetected for nine longs, the annual financial audit report published by the Queensland Audit Office revealed. The water supplier […] | Threat | ||
|
2021-11-11 17:15:44 | (Déjà vu) DoJ sentenced to 10 years Russian \'King of Fraud\' behind the fraud scheme 3ve (lien direct) | The US DoJ sentenced a Russian man for operating a large-scale digital advertising fraud scheme called Methbot (‘3ve’). The US DoJ sentenced the Russian nation Aleksandr Zhukov, aka the ‘King of Fraud,’ for operating a large-scale digital advertising fraud scheme called Methbot (‘3ve‘) that stole at least $7 million from US organizations. DoJ sentenced Zhukov […] | |||
|
2021-11-11 13:47:04 | (Déjà vu) Iranian threat actors attempt to buy stolen data of US organizations, FBI warns (lien direct) | The FBI warned private industry partners of attempts by an Iranian threat actor to buy stolen information belonging to US organizations. The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. […] | Threat | ||
|
2021-11-11 09:30:09 | CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN (lien direct) | Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064, in its GlobalProtect portal and gateway interfaces. The cybersecurity vendor warns that the vulnerability is easily exploitable by an unauthenticated network-based attacker. Successful exploitation can […] | Vulnerability | ||
|
2021-11-11 06:37:51 | Sophisticated Android spyware PhoneSpy infected thousands of Korean phones (lien direct) | South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South […] | Malware | ||
|
2021-11-10 22:45:20 | VMware discloses a severe flaw in vCenter Server that has yet to fix (lien direct) | VMware announced it is working on patches for an important severity privilege escalation vulnerability affecting vCenter Server. VMware announced it's working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its vCenter Server. vCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple […] | Vulnerability | ||
|
2021-11-10 21:18:57 | A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB (lien direct) | A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress plugin that could be exploited by an authenticated user to completely wipe the database of a […] | Vulnerability | ||
|
2021-11-10 15:42:21 | Citrix addresses a critical flaw in ADC, Gateway (lien direct) | Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading to DoS. Citrix has released security updates to address two vulnerabilities in ADC, Gateway, and SD-WAN, including a critical flaw, tracked as CVE-2021-22955, that can be exploited to trigger a denial of service (DoS) condition. The CVE-2021-22955 […] | Guideline | ||
|
2021-11-10 14:38:59 | Taiwan Government faces 5 Million hacking attempts daily (lien direct) | Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks […] |
To see everything:
Our RSS (filtrered)
