What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-10 11:28:49 | (Déjà vu) Experts found 14 new flaws in BusyBox, millions of devices at risk (lien direct) | Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox. The software is used by many network appliances and embedded devices with limited memory […] | |||
|
2021-11-10 07:29:15 | TeamTNT group targets poorly configured Docker servers exposing REST APIs (lien direct) | TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, […] | Threat | ||
|
2021-11-09 21:40:55 | Robinhood data breach exposes 7 Million users\' information (lien direct) | Robinhood disclosed a security breach, an unidentified threat actor gained unauthorized access to approximately 7 million customer records. Robinhood Markets, Inc. is an American commission-free stock trading and investing platform, it had 18 million accounts as of March 2021, with over $80 billion in assets. The company disclosed a data breach, a threat actor gained […] | Data Breach Threat | ||
|
2021-11-09 20:24:24 | Microsoft Patch Tuesday security updates for November 2021 fix 2 Zero-Days actively exploited (lien direct) | Microsoft Patch Tuesday security updates for November 2021 address 55 vulnerabilities in multiple products and warn of two actively exploited issues. Microsoft Patch Tuesday security updates for November 2021 addressed a total of 55 vulnerabilities in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office […] | |||
|
2021-11-09 18:35:29 | Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack (lien direct) | The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware. The flaw is a remote code execution vulnerability that […] | Ransomware Vulnerability Threat | ||
|
2021-11-09 12:53:25 | Internationa law enforcement arrested REvil ransomware affiliates in Romania and Kuwait (lien direct) | Romanian police arrested two alleged Sodinokibi/REvil ransomware affiliates accused to have orchestrated attacks against thousands of victims. Romanian law enforcement agencies have arrested two alleged Sodinokibi/REvil ransomware affiliates on November 4, that are accused of having conducted attacks against thousands of victims. The arrests are the result of an international operation carried out in cooperation […] | Ransomware | ||
|
2021-11-09 08:17:46 | US DoS offers a reward of up to $10M for leaders of REvil ransomware gang (lien direct) | The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation The Department of State offers up to $10 million for information that can lead to the identification or location of individuals in key leadership positions in the REvil/Sodinokibi ransomware operation. The US government also offers $5 million […] | Ransomware Guideline | ||
|
2021-11-09 06:21:00 | Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya (lien direct) | The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav […] | Ransomware | ||
|
2021-11-08 20:33:29 | Ransomware attack disrupted store operations in the Netherlands and Germany (lien direct) | Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Electronics retail giant MediaMarkt was a victim of a ransomware attack that forced the company to shut down its IT infrastructure to contain the threat and disrupted store operations in the Netherlands and Germany. Media Markt is a […] | Ransomware Threat | ||
|
2021-11-08 15:24:30 | Healthcare – Patient or Perpetrator? – The Cybercriminals Within (lien direct) | The healthcare industry might be known for the work it does to treat patients. But it is also a prime target for malicious cyber actors. With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely […] | |||
|
2021-11-08 14:57:32 | Operation Cyclone targets Clop Ransomware affiliates (lien direct) | Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone. Law enforcement authorities from South Korea, Ukraine, […] | Ransomware | ||
|
2021-11-08 10:37:54 | Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw (lien direct) | Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. Cybersecurity experts from Palo Alto Networks warn of an ongoing cyberespionage campaign that has already compromised at least nine organizations worldwide from critical sectors, including defense, healthcare, and energy. Threat actors exploited a critical […] | Threat | ★★★★ | |
|
2021-11-08 09:09:11 | Hungarian official confirms Hungary used NSO Group Pegasus spyware (lien direct) | A Hungarian government official confirmed that his government has bought and used the controversial NSO Group’s Pegasus spyware. Lajos Kosa, chair of the Parliament's Defense and Law Enforcement Committee, confirmed that Hungary is one of the clients of the Israeli surveillance firm NSO Group and that it bought and used the controversial Pegasus spyware. According […] | |||
|
2021-11-08 08:34:50 | FBI warns of fraudulent schemes using cryptocurrency ATMs and QR for payments (lien direct) | The FBI warns of an increase of fraudulent schemes leveraging cryptocurrency ATMs and QR Codes to facilitate payment. The FBI Internet Crime Complaint Center (IC3) published an alert to warn the public of fraudulent schemes leveraging cryptocurrency ATMs and Quick Response (QR) codes to complete payment transactions. This payment option makes it quite impossible to […] | |||
|
2021-11-07 15:27:24 | Experts spotted a phishing campaign impersonating security firm Proofpoint (lien direct) | Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials. Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.” “The email […] | |||
|
2021-11-07 12:35:49 | New Magecart group uses an e-Skimmer that avoids VMs and sandboxes (lien direct) | A new Magecart group leverages a browser script to evade virtualized environments and sandboxes used by researchers. Malwarebytes researchers have spotted a new Magecart group that uses a browser script to evade detection and the execution in virtualized environments used by security researchers for threat analysis. Hacker groups under the Magecart umbrella continue to target e-stores to […] | Threat | ||
|
2021-11-07 10:15:54 | Security Affairs newsletter Round 339 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Casinos of tribal communities are losing millions in Ransomware attacks Threat actors stole $55 […] | Ransomware Threat | ||
|
2021-11-07 00:29:45 | Casinos of tribal communities are losing millions in Ransomware attacks (lien direct) | The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI’s Cyber Division revealed that ransomware attacks hit several tribal-owned casinos causing millions of dollar losses. The attacks paralyzed the activities of the casinos shutting down their gaming […] | Ransomware | ||
|
2021-11-06 17:49:11 | Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform (lien direct) | DeFi platforms are a privileged target for crooks, threat actors have stolen $55 million from bZx DeFi platform. Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance (DeFi) platforms allow users to borrow/loan and speculate on cryptocurrency price variations. Attackers obtained two private keys for […] | Threat | ||
|
2021-11-06 15:01:15 | Philips Tasy EMR healthcare infomatics solution vulnerable to SQL injection (lien direct) | The Philips Tasy EMR comprehensive healthcare informatics solution is affected by two critical SQL injection vulnerabilities. The Philips Tasy EMR is a comprehensive healthcare informatics solution that is used by thousands of hospitals and healthcare infrastructures, mainly in South America. The product is affected by two critical SQL injection vulnerabilities, tracked as CVE-2021-39375 and CVE-2021-39376 respectively. Both issues […] | |||
|
2021-11-06 12:19:43 | White hat hackers earn over $1 Million at Pwn2Own Austin 2021 (lien direct) | The Zero Day Initiative's Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws. Trend Micro’s Zero Day Initiative's Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, […] | |||
|
2021-11-06 00:10:36 | A drone was modified to disrupt U.S. Power Grid, says intelligence bulletin (lien direct) | US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via […] | Threat | ||
|
2021-11-05 22:54:46 | (Déjà vu) US defense contractor Electronic Warfare Associates discloses data breach (lien direct) | US defense contractor Electronic Warfare Associates (EWA) was hit by a cyber attack, threat actors stole personal information from its email system. US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system. The company confirmed that attackers exfiltrated files containing sensitive information. Electronic Warfare Associates provides electronic […] | Data Breach Threat | ||
|
2021-11-05 15:08:07 | Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group (lien direct) | Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the […] | |||
|
2021-11-05 11:52:07 | (Déjà vu) Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware (lien direct) | A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, […] | Ransomware Threat | ||
|
2021-11-05 09:21:55 | npm libraries coa and rc. have been hijacked to deliver password-stealing malware (lien direct) | Two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them versions laced with password-stealing malware. Coa is a command-line argument parser with approximately 9 million weekly downloads, while […] | Malware Threat | ||
|
2021-11-05 00:16:30 | US Gov offers a reward of up to $10M for info on DarkSide leading members (lien direct) | The US government offers up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members. The US government wants to dismantle the DarkSide ransomware operation and its rebrands and it is offering up to a $10,000,000 reward for information leading to the identification or arrest of members of the gang […] | Guideline | ||
|
2021-11-04 23:07:34 | CISA recommends vendors to fix BrakTooth issues after the release of PoC tool (lien direct) | CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November […] | Tool | ||
|
2021-11-04 20:19:47 | (Déjà vu) Cisco warns of hard-coded credentials and default SSH key issues in some products (lien direct) | Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The first flaw fixed by […] | |||
|
2021-11-04 18:37:22 | Expert found a critical remote code execution bug in Linux Kernel (lien direct) | A critical heap-overflow vulnerability, tracked as CVE-2021-43267, in Linux Kernel can allow remote attackers to takeover vulnerable installs. A SentinelOne researcher discovered a critical remote code execution vulnerability, tracked as CVE-2021-43267, resides in the Transparent Inter Process Communication (TIPC) module of the Linux kernel. The flaw is a critical heap-overflow issue that could lead to […] | Guideline | ||
|
2021-11-04 14:58:51 | (Déjà vu) Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto (lien direct) | The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks. The US Department of Justice has indicted Joseph James O’Connor, a suspected Twitter hacker also known as ‘PlugWalkJoe,’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. Crooks conduct SIM swapping attacks to take […] | Hack | ||
|
2021-11-04 11:36:58 | CISA shares a catalog of 306 actively exploited vulnerabilities (lien direct) | The US CISA shared a list of vulnerabilities known to be exploited in the wild and orders US federal agencies to address them within deadlines. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of 306 actively exploited vulnerabilities and has issued a binding operational directive ordering US federal agencies to address […] | |||
|
2021-11-04 09:53:48 | CERT-FR warns of Lockean ransomware attacks against French companies (lien direct) | CERT-France warns of a new ransomware group named Lockean that is behind a series of attacks against French organizations over the past 2 years. France's Computer Emergency Response Team (CERT-FR) officials identified a new ransomware gang named Lockean that is responsible for a long list of attacks against French companies over the past two years.The […] | Ransomware | ||
|
2021-11-03 21:35:52 | (Déjà vu) The U.K. Labour Party discloses a data breach (lien direct) | The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information […] | Ransomware Data Breach | ||
|
2021-11-03 18:23:45 | Cyber Defense Magazine – November 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month's edition…packed with 155 pages of excellent content. The Cyber Defense eMagazine for November 2021 We’ve, all of us, been through two trying years with Covid-19 – but, together, we’ve made it. There is no right or left, only up and down. We, Americans, […] | ★★★★★ | ||
|
2021-11-03 17:35:06 | NSO Group, Positive Technologies and other firms sanctioned by the US government (lien direct) | The U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. The Commerce Department’s Bureau of Industry and Security (BIS) has sanctioned four companies for the development of spyware or the sale of hacking tools used by nation-state actors. The firms are […] | Malware | ★★ | |
|
2021-11-03 08:18:18 | Cybercrime underground flooded with offers for initial access to shipping and logistics orgs (lien direct) | Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. These organizations […] | Threat | ||
|
2021-11-03 07:21:30 | BlackMatter ransomware gang is shutting down due to pressure from law enforcement (lien direct) | The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The BlackMatter ransomware group has announced it is shutting down its operation due to the pressure from local authorities. The announcement was published on the Ransomware-as-a-Service portal operated by the group used by the network of […] | Ransomware | ||
|
2021-11-03 06:31:36 | Google fixes actively exploited Zero-Day Kernel flaw in Android (lien direct) | Google's Android November 2021 security updates address a zero-day vulnerability in the Kernel that is actively exploited in the wild. Google's Android November 2021 security updates addressed 18 vulnerabilities in the framework and system components and 18 issues in the kernel and vendor components. One of these issues, tracked as CVE-2021-1048, is a use-after-free (UAF) vulnerability […] | Vulnerability | ||
|
2021-11-02 21:39:37 | Facebook is going to shut down Face Recognition system and data it collected (lien direct) | Facebook announced to shut down its Face Recognition system and is going to delete over 1 billion people’s facial recognition profiles. Facebook announced it will stop using the Face Recognition system on its platform and will delete over 1 billion people’s facial recognition profiles. Facebook is using the face recognition system to analyze photos taken […] | |||
|
2021-11-02 19:56:58 | Ransomware gangs target companies involved in time-sensitive financial events, FBI warns (lien direct) | The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. The Federal Bureau of Investigation (FBI) published a new private industry notification (PIN) to warn organizations of targeted ransomware attacks aimed at companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions. Ransomware gangs target these […] | Ransomware | ||
|
2021-11-02 15:47:22 | Google triples bounty for new Linux Kernel exploitation techniques (lien direct) | Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel. The payouts for privilege escalation exploits using a known vulnerability will be up to US$31,337, […] | Vulnerability | ||
|
2021-11-02 14:45:23 | (Déjà vu) 50% of internet-facing GitLab installations are still affected by a RCE flaw (lien direct) | Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab ‘s web interface actively exploited in the wild. Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205, in GitLab’s web interface that has been actively exploited in the wild. The vulnerability is an improper validation issue of […] | Vulnerability | ||
|
2021-11-02 11:54:59 | Trojan Source attack method allows hiding flaws in source code (lien direct) | Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be […] | Threat | ||
|
2021-11-02 08:08:53 | The Toronto Transit Commission (TTC) hit by a ransomware attack (lien direct) | A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began on Thursday night and disrupted its activities. At this time, no ransomware gang has taken responsibility for the attack. TTC […] | Ransomware | ||
|
2021-11-01 18:47:50 | HelloKitty ransomware gang also targets victims with DDoS attacks (lien direct) | The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). According to the alert, the ransomware gang is […] | Ransomware | ||
|
2021-11-01 15:56:39 | Squid Game Cryptocurrency exit scam! Operators made $2.1 Million (lien direct) | Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million just after a week from its launch. Gizmodo, which first reported the news, initially warned of a potential scam because investors were not allowed to sell the […] | |||
|
2021-11-01 13:52:42 | How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash (lien direct) | Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […] | Hack | ||
|
2021-11-01 12:05:09 | Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen (lien direct) | Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located in China. Qihoo 360’s Netlab Cybersecurity researchers discovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices. The botnet was created to launch DDoS attacks and to insert advertisements in the […] | |||
|
2021-11-01 10:20:13 | Balikbayan Foxes group spoofs Philippine gov to spread RATs (lien direct) | Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. Researchers from Proofpoint have uncovered a new threat actor, dubbed Balikbayan Foxes (TA2722) that is impersonating the Philippine health, labor, and customs organizations as well as […] | Threat |
To see everything:
Our RSS (filtrered)
