What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-01 09:12:04 | Microsoft warns of an increase in password spraying attacks (lien direct) | The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The Microsoft Detection and Response Team (DART) observed a worrisome rise in password spray attacks targeting privileged cloud accounts. Password spraying is a type of brute force attack where the attackers carry out brute force logins based […] | |||
|
2021-10-31 15:24:42 | Iranian Black Shadow hacking group breached Israeli Internet hosting firm (lien direct) | Irananian hacking group Black Shadow breached the Israeli internet hosting company Cyberserve, taking down several of its sites. Iranian hacking group Black Shadow compromised the server of the Israeli internet hosting company Cyberserve, taking down several of the sites hosted by the firm. The group also claims to have stolen data and threatens to leak […] | |||
|
2021-10-31 13:32:52 | Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure (lien direct) | Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Minecraft is one of the most popular games in the world, it had more than 140 million monthly active players in August 2021. Cybercriminals are attempting to exploit this popularity, the Chaos Ransomware gang is […] | Ransomware | ||
|
2021-10-31 09:30:41 | Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham (lien direct) | Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors […] | Ransomware Threat Guideline | ||
|
2021-10-31 08:43:40 | Security Affairs newsletter Round 338 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Hacker accessed medical info at UMass Memorial Health Reading INTERPOL the African Cyberthreat Assessment […] | |||
|
2021-10-30 20:48:30 | Hacker accessed medical info at UMass Memorial Health (lien direct) | A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info. Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and […] | Threat | ||
|
2021-10-30 19:42:25 | Reading INTERPOL the African Cyberthreat Assessment Report 2021 (lien direct) | INTERPOL published the African Cyberthreat Assessment Report 2021, a report that analyzes evolution of cybercrime in Africa. A new report published by INTERPOL, titled the African Cyberthreat Assessment Report 2021, sheds the light on cybercrime in Africa. The report aims at providing information about the most prevalent threats in Africa, a continent that is particularly […] | |||
|
2021-10-30 14:02:43 | (Déjà vu) MITRE and CISA publish the 2021 list of most common hardware weaknesses (lien direct) | MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS's Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. The list was published with the intent of raising awareness of […] | |||
|
2021-10-30 12:57:49 | TrickBot member extradited to US faces up to 60 years in prison (lien direct) | An alleged member of the TrickBot gang, the Russian national Vladimir Dunaev (aka FFX), has been extradited to the US. Vladimir Dunaev (38), a Russian national suspected to be a member of the infamous TrickBot gang, has been extradited to the U.S. and could be sentenced to up to 60 years in prison. “He is […] | |||
|
2021-10-29 22:49:42 | ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD (lien direct) | The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. Researchers at the cybersecurity firm believe that the new encryptors are still under development. Both variants are written in Golang, […] | Ransomware Malware | ||
|
2021-10-29 20:48:20 | Papua New Guinea \'s finance ministry was hit by a ransomware (lien direct) | A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations. The ransomware infected the Department of Finance’s Integrated Financial Management System a week ago, said the finance minister […] | Ransomware | ||
|
2021-10-29 18:13:08 | Police arrested 12 individuals involved in 1800 ransomware attacks worldwide (lien direct) | Europol and Norwegian Police arrested 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. A joint operation conducted by Europol, the Norwegian Police and other authorities led to the arrest of 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. The suspects were involved in more than 1,800 ransomware […] | Ransomware | ||
|
2021-10-29 13:47:05 | NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems (lien direct) | The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure. The US National Security Agency and the US Cybersecurity Infrastructure and Security Agency have published a security advisory to warn of attacks on 5G networks through the hijacking of a provider's cloud resources. The report […] | Threat | ||
|
2021-10-28 22:44:45 | Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection (lien direct) | Microsoft finds a flaw in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a vulnerability in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP) and perform malicious activities, such as gaining root privileges and installing rootkits on vulnerable devices. System Integrity Protection (also referred to […] | Vulnerability | ||
|
2021-10-28 21:00:12 | (Déjà vu) Over 1 million WordPress sites affected by OptinMonster plugin flaws (lien direct) | A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. The flaw was discovered by Wordfence researcher Chloe Chamberland on September 28, 2021, and the development […] | Vulnerability | ||
|
2021-10-28 16:37:51 | Wslink, a previously undescribed loader for Windows binaries (lien direct) | ESET researchers discovered a previously undescribed loader for Windows binaries, tracked as Wslink, that runs as a server and executes modules in memory. ESET researchers discovered Wslink, a previously undescribed loader for Windows binaries that, unlike similar loaders, runs as a server and executes modules in memory. The name Wslink comes from one of its […] | |||
|
2021-10-28 15:47:16 | AbstractEmu, a new Android malware with rooting capabilities (lien direct) | AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu, with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e. Amazon Appstore and the Samsung Galaxy Store). The malware […] | Malware Threat | ||
|
2021-10-28 13:37:49 | German investigators identify crypto millionaire behind REvil operations (lien direct) | German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their […] | Ransomware | ||
|
2021-10-28 09:40:24 | (Déjà vu) Crooks steal $130 million worth of cryptocurrency assets from Cream Finance (lien direct) | Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC. Threat actors have stolen $130 million worth of cryptocurrency […] | Threat | ||
|
2021-10-27 23:35:08 | Avast releases free decrypters for AtomSilo and LockFile ransomware families (lien direct) | Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free. Cyber security firm Avast has released today decryption utilities for AtomSilo and LockFile ransomware that allow the victims to recover their files for free. Experts pointed out that AtomSilo and LockFile ransomware only have a […] | Ransomware | ||
|
2021-10-27 22:25:08 | Grief ransomware gang hit US National Rifle Association (NRA) (lien direct) | Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site […] | Ransomware | ||
|
2021-10-27 19:58:37 | (Déjà vu) Avast released a free decryptor for Babuk ransomware (lien direct) | Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Babuk is […] | Ransomware Tool | ||
|
2021-10-27 13:47:47 | The 9th edition of the ENISA Threat Landscape (ETL) report is out! (lien direct) | I’m proud to announce the release of the 9th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape. This edition reports events and analyses […] | Threat | ||
|
2021-10-27 09:03:08 | North Korea-linked Lazarus APT targets the IT supply chain (lien direct) | North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North Korea-linked Lazarus APT group is now targeting also IT supply chain, researchers from Kaspersky Lab warns. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […] | Malware | APT 38 APT 28 | |
|
2021-10-27 07:08:26 | Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch? (lien direct) | A cyberattack has disrupted gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) across Iran. A cyber attack has disrupted gas stations from the state-owned National Iranian Oil Products Distribution Company (NIOPDC) across Iran. The attack also defaced the screens at the gas pumps and gas price billboards. In multiple cities, the billboards […] | |||
|
2021-10-26 21:45:39 | Dark HunTOR: Police arrested 150 people in dark web drug bust (lien direct) | Dark HunTOR: Police corps across the world have arrested 150 individuals suspected of buying or selling illicit goods on the dark web marketplace DarkMarket. A joint international operation, tracked as Dark HunTOR, conducted by law enforcement across the world resulted in the arrest of 150 suspects allegedly involved in selling and buying illicit goods in […] | |||
|
2021-10-26 19:57:25 | Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv (lien direct) | A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv's Wifi Networks starting from a sample of 5,000 gathered WiFi. CyberArk security researcher Ido Hoorvitch demonstrated how it is possible to crack WiFi at scale by exploiting a vulnerability that allows retrieving a PMKID hash. Hoorvitch has managed to crack […] | Vulnerability | ||
|
2021-10-26 14:54:38 | Ranzy Locker ransomware hit tens of US companies in 2021 (lien direct) | The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at […] | Ransomware | ||
|
2021-10-26 08:32:07 | UltimaSMS subscription fraud campaign targeted millions of Android users (lien direct) | UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS, the name comes from the first apps they discovered called Ultima Keyboard 3D Pro. Threat actors used at […] | Threat | ||
|
2021-10-26 06:51:12 | Kansas Man pleads guilty to hacking the Post Rock Rural Water District (lien direct) | Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District. Kansas man Wyatt A. Travnichek pleaded guilty to tampering with the computer system at a drinking water treatment facility at the Post Rock Rural Water District. The man also pleaded guilty to one count of […] | Guideline | ||
|
2021-10-25 21:13:17 | Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware (lien direct) | An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware. The attacks were first spotted this month […] | Ransomware | ||
|
2021-10-25 14:27:10 | A critical RCE flaw affects Discourse software, patch it now! (lien direct) | US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is a popular open-source Internet forum and mailing list management software application. The US CISA published a security advisory to urge administrators to fix a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. The […] | |||
|
2021-10-25 13:42:18 | Red TIM Research found two rare flaws in Ericsson OSS-RC component (lien direct) | The Red Team Research (RTR), the bug's research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio and Core (OSS-RC) provides a centralized interface into the radio and core components. The Operations Support Systems are all those […] | |||
|
2021-10-25 11:41:33 | Russia-linked Nobelium APT targets orgs in the global IT supply chain (lien direct) | Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The SolarWinds security breach was not isolated, Russia-linked Nobelium APT group has targeted140 managed service providers (MSPs) and cloud service providers and successfully breached 14 of them since May 2021. The NOBELIUM APT (APT29, Cozy Bear, and […] | APT 29 | ||
|
2021-10-25 09:49:05 | NYT Journalist\'s iPhone infected twice with NSO Group\'sPegasus spyware (lien direct) | Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group’s Pegasus spyware. The device was compromised two times, in July 2020 and June 2021. The attacks were […] | |||
|
2021-10-25 05:49:34 | Emsisoft created a free decryptor for past victims of the BlackMatter ransomware (lien direct) | Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware. The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted […] | Ransomware Tool Vulnerability | ||
|
2021-10-24 20:48:28 | TodayZoo phishing kit borrows the code from other kits (lien direct) | Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. A “phishing kit” is a set of software or services aimed at facilitating phishing campaigns, In most […] | |||
|
2021-10-24 13:40:20 | Security Affairs newsletter Round 337 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. NATO releases its first strategy for Artificial Intelligence Threat actors offer for sale data for 50 millions […] | Threat | ★★★ | |
|
2021-10-24 12:19:13 | NATO releases its first strategy for Artificial Intelligence (lien direct) | This week, NATO Defence Ministers released the first-ever strategy for Artificial Intelligence (AI) that encourages the use of AI in a responsible manner. Artificial Intelligence (AI) is changing the global defence and security environment, for this reason, NATO Defence Ministers released the first-ever strategy for this technology that promotes its development and use in a […] | |||
|
2021-10-24 09:47:43 | Threat actors offer for sale data for 50 millions of Moscow drivers (lien direct) | Threat actors are offering for sale a database containing 50 million records belonging to Moscow drivers on a hacking forum for $800. Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow drivers on a hacking forum for only $800. The threat actors claim to have obtained […] | Threat | ||
|
2021-10-23 20:24:38 | (Déjà vu) Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! (lien direct) | Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture […] | Guideline | ||
|
2021-10-23 13:03:09 | Supply-chain attack on NPM Package UAParser, which has millions of daily downloads (lien direct) | The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular […] | Malware | ||
|
2021-10-22 22:05:14 | Facebook SSRF Dashboard allows hunting SSRF vulnerabilities (lien direct) | Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web security vulnerability that allows an attacker […] | Tool Vulnerability | ||
|
2021-10-22 20:32:55 | Groove ransomware group calls on other ransomware gangs to hit US public sector (lien direct) | Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil […] | Ransomware | ||
|
2021-10-22 14:21:01 | DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown (lien direct) | Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was […] | Ransomware | ||
|
2021-10-22 11:02:03 | FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks (lien direct) | FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to […] | Ransomware | ||
|
2021-10-22 07:50:04 | FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts (lien direct) | Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK) testing can be digitally-signed by Microsoft WHQL (Windows Hardware Quality […] | |||
|
2021-10-21 22:40:02 | (Déjà vu) Evil Corp rebrands their ransomware, this time is the Macaw Locker (lien direct) | Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw […] | Ransomware | ||
|
2021-10-21 20:10:31 | A flaw in WinRAR could lead to remote code execution (lien direct) | A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of […] | Hack Vulnerability | ||
|
2021-10-21 15:17:51 | (Déjà vu) Administrators of bulletproof hosting sentenced to prison in the US (lien direct) | The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania, […] | Malware |
To see everything:
Our RSS (filtrered)
