What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-21 07:17:19 | US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes (lien direct) | The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes. The rule announced by the BIS […] | |||
|
2021-10-21 06:11:55 | Top 5 Attack Vectors to Look Out For in 2022 (lien direct) | Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of […] | |||
|
2021-10-20 22:56:47 | YouTube creators\' accounts hijacked with cookie-stealing malware (lien direct) | A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire […] | Malware Threat | ||
|
2021-10-20 20:24:25 | PurpleFox botnet variant uses WebSockets for more secure C2 communication (lien direct) | Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operators have added new exploits and […] | |||
|
2021-10-20 13:19:49 | Acer suffers a second data breach in a week (lien direct) | Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to […] | Data Breach Threat | ||
|
2021-10-20 12:39:17 | China-linked LightBasin group accessed calling records from telcos worldwide (lien direct) | China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. The cyberespionage group has been active […] | |||
|
2021-10-20 06:48:04 | Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients (lien direct) | Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark. Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. The company announced with a message posted on Twitter: […] | |||
|
2021-10-19 17:48:31 | Experts found many similarities between the new Karma Ransomware and Nemty variants (lien direct) | Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation. Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. Sentinel Labs […] | Ransomware Threat | ||
|
2021-10-19 11:20:01 | Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos (lien direct) | Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is using a custom implant, dubbed Backdoor.Graphon, in attacks aimed at telecommunication providers, IT firms, and government entities in South Asia. At this […] | |||
|
2021-10-19 07:06:06 | (Déjà vu) FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations (lien direct) | FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […] | Ransomware | ||
|
2021-10-19 05:18:38 | (Déjà vu) Trustwave released a free decryptor for the BlackByte ransomware (lien direct) | Trustwave's SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover their files. Researchers from Trustwave's SpiderLabs have released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free. The experts spotted the BlackByte ransomware while investigating a recent malware incident. The […] | Ransomware Malware | ||
|
2021-10-18 19:50:41 | TeamTNT Deploys Malicious Docker Image On Docker Hub (lien direct) | The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub. The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner-penetration testing tools […] | Threat | ||
|
2021-10-18 18:15:07 | Prometheus endpoint unprotected installs could expose sensitive data (lien direct) | Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances of open source event monitoring solution Prometheus that may leak sensitive data. The solution scrapes real-time metrics from multiple endpoints, it is used by several major organizations such as Uber. Prometheus' […] | Uber | ||
|
2021-10-18 11:43:00 | Sinclair TV stations downtime allegedly caused by a ransomware attack (lien direct) | A ransomware attack is likely the cause of the recent downtime for TV stations owned by the Sinclair Broadcast Group broadcast television company. TV stations owned by the Sinclair Broadcast Group went down over the weekend officially due to technical issues, but some media [1,2] reported that it was a victim of a ransomware attack. […] | Ransomware | ||
|
2021-10-18 07:27:01 | REvil ransomware operation shuts down once again (lien direct) | It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site and payment portal. The news of the hack was shared by the […] | Ransomware Hack Threat | ||
|
2021-10-18 06:30:34 | Experts spotted an Ad-Blocking Chrome extension injecting malicious ads (lien direct) | Researchers warn of an Ad-Blocking Chrome extension that was abused by threat actors to Injecting Ads in Google search pages. Researchers from Imperva have spotted a new deceptive ad injection campaign that is targeting users of some large websites leveraging an AD-blocking extension, named AllBlock, that is available on both Chrome and Opera browsers. Ad […] | Threat | ||
|
2021-10-17 16:48:57 | Experts hacked a fully patched iOS 15 running on iPhone 13 at China\'s Tianfu Cup hacking contest (lien direct) | White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million on a total bonus of up to $1.5 Million by demonstrating vulnerabilities in popular software. The edition […] | |||
|
2021-10-17 12:58:55 | Twitch security breach had minimal impact, the company states (lien direct) | Twitch provided an update for the recent security breach, the company confirmed that it only had a limited impact on a small number of users. Twitch downplayed the recent security breach in an update, the company said it only impacted a small number of users. According to the update, login credentials or full payment card […] | |||
|
2021-10-17 09:49:33 | Ecuador\'s Banco Pichincha has yet to recover after recent cyberattack (lien direct) | The customers of Banco Pichincha, the largest bank in Ecuador, are still experiencing service disruptions after a massive cyberattack hit the financial organization early this week. The cyberattack took place over the last weekend and forced the bank to shut down a large part of its computer network in response to the incident. Many services […] | |||
|
2021-10-16 23:02:42 | Trickbot spreads malware through new distribution channels (lien direct) | TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and […] | Malware | ||
|
2021-10-16 15:42:52 | Russia-Linked TA505 targets financial institutions in a new malspam campaign (lien direct) | Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware campaign, tracked as MirrorBlast, targeting financial institutions in multiple geographies. TA505 hacking group has been active since 2014 […] | Malware | ||
|
2021-10-16 09:03:58 | (Déjà vu) US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments (lien direct) | The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) linked roughly $5.2 billion worth of Bitcoin transactions to ransomware. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified approximately $5.2 billion worth of Bitcoin transactions likely associated with operations of top 10 most commonly reported ransomware variants FinCEN analyzed a data set composed […] | Ransomware | ||
|
2021-10-15 20:17:29 | Accenture discloses data breach after LockBit ransomware attack (lien direct) | IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021. News about the attack was included in the company’s financial report for the fourth quarter […] | Ransomware Data Breach | ||
|
2021-10-15 14:39:29 | Juniper Networks released +40 security advisories to fix +70 vulnerabilities (lien direct) | Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than 70 vulnerabilities that affect its solutions. US CISA also issued a security advisory to warn organizations of the security updates released by […] | |||
|
2021-10-15 13:50:49 | Boffins devise a new side-channel attack affecting all AMD CPUs (lien direct) | A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs. Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security devised a new side-channel attack that […] | |||
|
2021-10-15 10:04:36 | Three more ransomware attacks hit Water and Wastewater systems in 2021 (lien direct) | A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […] | Ransomware | ||
|
2021-10-14 23:20:13 | WhatsApp made available end-to-end encrypted chat backups (lien direct) | WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp […] | |||
|
2021-10-14 21:17:25 | Since 2020, at least 130 different ransomware families have been active (lien direct) | The popular Google's VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. Since 2020, at least 130 different ransomware families have been active. […] | Ransomware | ||
|
2021-10-14 19:01:18 | Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020 (lien direct) | Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google's Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a […] | Threat | ||
|
2021-10-14 15:19:54 | For the first time, an Israeli hospital was hit by a major ransomware attack (lien direct) | The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel’s National Cyber Directorate as a “major” attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted the system of the hospital. Local media outlets reported that the hospital has […] | Ransomware | ||
|
2021-10-14 13:13:24 | Acer suffered the second security breach in a few months (lien direct) | Taiwanese electronics technology giant Acer discloses a security breach suffered by its after-sales service systems in India after an isolated attack. Bad news for the Taiwanese electronics technology giant Acer, it disclosed a second security breach this year. The company revealed that its after-sales service systems in India were hit by an isolated attack. The […] | |||
|
2021-10-14 11:15:27 | New Yanluowang ransomware used in highly targeted attacks on large orgs (lien direct) | Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises. The discovery is part of an investigation into a recent attempted ransomware attack […] | Ransomware Threat | ||
|
2021-10-13 23:12:15 | Apple silently fixed iOS zero-day without crediting the expet who reported it (lien direct) | Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has silently addressed zero-day vulnerability with the release of iOS 15.0.2, the vulnerability could allow attackers gain access to sensitive user information. The flaw was reported to the IT giant by software developers Denis Tokarev seven […] | Vulnerability | ||
|
2021-10-13 19:46:40 | MyKings botnet operators already amassed at least $24 million (lien direct) | The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities. Avast researchers reported […] | Threat | ||
|
2021-10-13 14:24:19 | Dutch police warn customers of a popular DDoS booter service (lien direct) | Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop using it to avoid prosecution. The letter sent by the Dutch Police aims to work as a deterrent […] | |||
|
2021-10-13 09:38:33 | (Déjà vu) Crooks use math symbols to evade anti-phishing solutions (lien direct) | Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos. The experts analyzed the case of a campaign targeting the customers of the […] | |||
|
2021-10-13 07:26:48 | (Déjà vu) Chinese APT IronHusky use Win zero-day in recent wave of attacks (lien direct) | A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail. The attacks were conducted between late August and early September 2021 […] | Vulnerability | ||
|
2021-10-12 22:48:52 | Necro botnet now targets Visual Tools DVRs (lien direct) | The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR. Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The POC exploit code for this vulnerability is publicly […] | Vulnerability | ||
|
2021-10-12 21:12:37 | Adobe addresses four critical flaws in its products (lien direct) | Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. The IT giant addressed four vulnerabilities in Acrobat and Reader for Windows and macOS, two arbitrary code execution flaws, tracked […] | |||
|
2021-10-12 17:04:28 | Olympus US was forced to take down computer systems due to cyberattack (lien direct) | Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a cyberattack. The medical technology giant Olympus was forced to shut down its computer network in America (U.S., Canada, and Latin America) following a cyberattack. The attack took place on October 10, 2021. “Upon detection of […] | |||
|
2021-10-12 14:17:43 | GitKraken flaw lead to the generation of weak SSH keys (lien direct) | Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with […] | Vulnerability Guideline | ||
|
2021-10-12 09:36:38 | Microsoft mitigated a record 2.4 Tbps DDoS attack in August (lien direct) | Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack […] | |||
|
2021-10-11 23:43:46 | Apple released emergency update to fix zero-day actively exploited (lien direct) | Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in […] | |||
|
2021-10-11 22:46:02 | Security Service of Ukraine arrested a man operating a huge DDoS botnet (lien direct) | Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent. The botnet was also used for other malicious activities, including […] | |||
|
2021-10-11 20:34:29 | (Déjà vu) Iran-linked DEV-0343 APT target US and Israeli defense technology firms (lien direct) | DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive […] | Threat | ||
|
2021-10-11 18:18:51 | (Déjà vu) Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing (lien direct) | LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents. LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that can allow attackers to manipulate documents to appear as signed by a trusted source. “It is possible for an attacker to manipulate documents […] | Vulnerability | ||
|
2021-10-11 13:51:28 | Donot Team targets a Togo prominent activist with Indian-made spyware (lien direct) | A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as ‘Donot Team‘ (aka APT-C-35) which was orchestrated by threat actors in India and Pakistan. Experts believe the attackers used a spyware developed […] | Threat | ||
|
2021-10-11 07:51:11 | NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks (lien direct) | The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […] | |||
|
2021-10-10 14:17:40 | Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks (lien direct) | Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because of they are affected by severe vulnerabilities that could lead to injury or death of the patients. An attacker can exploit the vulnerabilities […] | Guideline | ||
|
2021-10-10 13:07:19 | Security Affairs newsletter Round 335 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Previously undetected FontOnLake Linux malware used in targeted attacks Google addresses four high-severity flaws in Chrome Security […] | Malware |
To see everything:
Our RSS (filtrered)
