What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-04 20:59:35 | SEC warns of investment scams related to Hurricane Ida (lien direct) | The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and Exchange Commission (SEC)’s Office of Investor Education and Advocacy is warning investors of potential investment scams related to Hurricane Ida. Scammers will likely target individuals and organizations that are eligible to receive large payouts from insurance […] | |||
|
2021-09-04 13:06:19 | FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads (lien direct) | FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The messages used weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor, […] | Threat | ||
|
2021-09-04 11:26:46 | (Déjà vu) Source code for the Babuk is available on a hacking forum (lien direct) | The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that […] | Ransomware Threat | ||
|
2021-09-03 21:48:31 | USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw (lien direct) | USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend. Government experts are aware of the ongoing […] | Vulnerability | ||
|
2021-09-03 13:48:42 | (Déjà vu) PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection (lien direct) | Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. FireEye’s Mandiant cybersecurity researchers spotted a new malware family, named PRIVATELOG, that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files to avoid detection. Common […] | Malware | ||
|
2021-09-03 10:29:17 | FBI warns of ransomware attacks targeting the food and agriculture sector (lien direct) | FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting its operations, causing financial loss and negatively impacting the overall food supply chain. Small farms, large producers, processors and […] | Ransomware | ||
|
2021-09-03 06:55:38 | Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation (lien direct) | SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […] | Threat | ||
|
2021-09-02 21:20:19 | WhatsApp CVE-2020-1910 bug could have led to user data exposure (lien direct) | The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […] | Vulnerability | ||
|
2021-09-02 17:53:48 | New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices (lien direct) | Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS […] | Threat | ||
|
2021-09-02 12:36:57 | Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE (lien direct) | Threat actors are actively exploiting a recently patched vulnerability in Atlassian's Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian's Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise […] | Vulnerability Threat | ||
|
2021-09-02 11:36:26 | Cyber Defense Magazine – September 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month's edition…packed with 161 pages of excellent content. Cyber Defense eMagazine for September 2021 Published monthly by Cyber Defense Magazine, this resource shares a wealth of information to help you stay one step ahead of the next cyber threat. In this Edition: – […] | |||
|
2021-09-02 11:09:57 | (Déjà vu) Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists (lien direct) | Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass flaw (CVE-2021-34746) in Enterprise NFV Infrastructure Software (NFVIS) for which proof-of-concept exploit code is already available. An attacker can exploit the […] | |||
|
2021-09-02 10:11:29 | Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93 (lien direct) | Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in […] | |||
|
2021-09-01 21:23:55 | Mozi infections will slightly decrease but it will stay alive for some time to come (lien direct) | The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run for many other years. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared on the threat landscape in late 2019. The Mozi botnet was spotted by security experts from 360 Netlab, at […] | Threat | ||
|
2021-09-01 18:36:37 | QNAP will patche OpenSSL flaws in its NAS devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP is working on security patches for its products affected by recently fixed OpenSSL flaws. Taiwanese Network-attached storage (NAS) appliance maker QNAP announced that it is assessing the potential impact of two recently addressed flaws in OpenSSL on its products. The company also announced that it is working on security updates […] | |||
|
2021-09-01 14:32:10 | SEC announces sanctions against entities over email account hacking (lien direct) | The U.S. Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. The U.S. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. The companies were not able to protect the confidential information of their customers. “The Securities […] | |||
|
2021-09-01 13:27:30 | Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA (lien direct) | The FBI and CISA issued a joint cybersecurity advisory to warn organizations to remain vigilant against ransomware attacks during weekends or holidays. The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during weekends or holidays. The government agencies have observed an increase in ransomware attacks occurring on holidays and weekends, […] | Ransomware | ||
|
2021-08-31 22:31:44 | LockFile Ransomware uses a new intermittent encryption technique (lien direct) | Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the […] | Ransomware | ||
|
2021-08-31 19:39:22 | (Déjà vu) Threat actors can remotely disable Fortress S03 Wi-Fi Home Security System (lien direct) | Rapid7 researchers discovered two flaws that can be exploited by attackers to remotely disable one of the home security systems offered by Fortress Security Store. Researchers at cybersecurity firm Rapid7 discovered two vulnerabilities that can be exploited by hackers to remotely disarm the Fortress S03 WiFi Security System manufactured by Fortress Security Store. The Fortress […] | |||
|
2021-08-31 14:48:11 | HPE wars customers of Sudo flaw in Aruba AirWave Management Platform (lien direct) | Hewlett Packard Enterprise (HPE) warns of a vulnerability in Sudo open-source program used in its Aruba AirWave management platform. Hewlett Packard Enterprise (HPE) is warning of a high-severity privilege escalation vulnerability in Sudo open-source program used within its Aruba AirWave management platform. The Aruba AirWave management platform is a real-time monitoring and security alert platform designed by […] | |||
|
2021-08-31 11:53:36 | Threat actors stole $19 million worth of crypto assets from Cream Finance (lien direct) | Crooks have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises […] | Threat | ||
|
2021-08-31 10:16:39 | Microsoft Exchange ProxyToken flaw can allow attackers to read your emails (lien direct) | ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. Technical details of a serious vulnerability in the Microsoft Exchange Server, dubbed ProxyToken (CVE-2021-33766), were publicly disclosed. The issue could be exploited by an unauthenticated attacker to access emails from a target account. An […] | Vulnerability | ||
|
2021-08-30 14:40:37 | US DoJ announces the creation of Cyber Fellowship Program (lien direct) | The US DoJ announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity. The US DoJ announced a new Cyber Fellowship program for training selected prosecutors and attorneys on cyber threat and threat actors. The course is coordinated through the Criminal Division's Computer Crime and Intellectual Property Section. The training aims at […] | Threat | ||
|
2021-08-30 13:38:47 | ISRAELI FIRM \'BRIGHT DATA\' (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN (lien direct) | Who is behind the massive and prolonged Distributed Denial of Service (DDoS) attack that hit the Philippine human rights alliance Karapatan? The 25 days long DDoS attack against the website of Karapatan was launched by almost 30.000 IP addresses, whereas one third of the addresses originated from devices that there were not running “Open Proxies” or “Tor exits”. […] | |||
|
2021-08-30 13:11:17 | (Déjà vu) CISA urges enterprises to fix Microsoft Azure Cosmos DB flaw (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging enterprises to address the recently disclosed vulnerability in Microsoft Azure Cosmos DB. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging organizations to address the recently disclosed vulnerability in Microsoft Azure Cosmos DB (aka ChaosDB) as soon as possible. Last […] | Vulnerability | ||
|
2021-08-30 07:45:21 | Boston Public Library discloses cyberattack (lien direct) | The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading. At the time […] | Threat | ||
|
2021-08-30 06:50:31 | New variant of Konni RAT used in a campaign that targeted Russia (lien direct) | So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Researchers from Malwarebytes Labs spotted an ongoing malware campaign that is targeing Russia with the Konni RAT. Security researchers at Malwarebytes Labs have uncovered an ongoing malware campaign that is mainly targeting Russia […] | Malware | ||
|
2021-08-29 14:58:29 | 1 GB of data belonging to Puma available on Marketo (lien direct) | The name of the sportswear manufacturer Puma appeared on the dark web marketplace of stolen data Marketo, threat actors claim to have stolen 1 GB of data from the company. The emerging underground marketplace of stolen data 'Marketo' available in TOR network announced the publication of data presumably stolen from sportswear manufacturer Puma. The ad […] | Threat | ||
|
2021-08-29 08:19:15 | Security Affairs newsletter Round 329 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. EskyFun data leak, over 1 million Android gamers impacted Boffins show PIN bypass attack Mastercard and Maestro […] | |||
|
2021-08-29 07:44:54 | DDoS attacks target the Philippine human rights alliance Karapatan (lien direct) | The Philippine human rights alliance Karapatan has suffered a massive and prolonged Distributed Denial of Service (DDoS) attack, Qurium organizations linked it to the local government. For the past three weeks, the Philippine human rights alliance Karapatan has suffered a heavy and sustained DDoS attack. The attack comes only a month after the waves of DDoS attacks targeting the alternative media […] | |||
|
2021-08-29 07:01:51 | Some Synology products impacted by recently disclosed OpenSSL flaws (lien direct) | Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Taiwanese company Synology revealed that the recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities (CVE-2021-3711 and CVE-2021-3712) impact some of its products. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via […] | |||
|
2021-08-28 22:32:01 | EskyFun data leak, over 1 million Android gamers impacted (lien direct) | vpnMentor's researchers reported that the Chinese mobile gaming company EskyFun suffered a data breach, over 1 million gamers impacted. vpnMentor's researchers discovered that the Chinese mobile gaming company EskyFun suffered a data breach, information of over 1 million gamers were exposed on an unsecured server. EskyFun developed several Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, […] | |||
|
2021-08-28 16:07:03 | Boffins show PIN bypass attack Mastercard and Maestro contactless payments (lien direct) | Boffins from the Swiss ETH Zurich university demonstrated PIN bypass attack on contactless cards from Mastercard and Maestro. A group of researchers from the Swiss ETH Zurich university has discovered a vulnerability that allowed them to bypass PIN codes on contactless cards from Mastercard and Maestro. Technically the researchers performed a Man-in-the-Middle (MitM) attack between […] | Vulnerability | ||
|
2021-08-28 07:11:44 | Atlassian released security patches to fix a critical flaw in Confluence (lien direct) | Atlassian released patches to fix a critical flaw, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. Atlassian released security patches to address a critical vulnerability, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to execute arbitrary code on affected Confluence […] | |||
|
2021-08-27 23:00:41 | An RCE in Annke video surveillance product allows hacking the device (lien direct) | Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The vulnerability, tracked as […] | Hack Vulnerability | ||
|
2021-08-27 17:36:29 | (Déjà vu) ChaosDB, a Critical Cosmos DB flaw affected thousands of Microsoft Azure Customers (lien direct) | Microsoft has fixed a critical flaw in Cosmos DB that allowed any Azure user to remotely take over other users’ databases without any authorization. Researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos database vulnerability, dubbed ChaosDB, that could have been potentially exploited by attackers to gain full admin access […] | |||
|
2021-08-27 15:23:36 | (Déjà vu) The FBI issued a flash alert for Hive ransomware operations (lien direct) | The Federal Bureau of Investigation (FBI) published a flash alert related to the operations of the Hive ransomware gang. The Federal Bureau of Investigation (FBI) has released a flaw alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang. Recently the group hit the […] | Ransomware | ||
|
2021-08-27 08:21:48 | Victims of Ragnarok ransomware can decrypt their files for free (lien direct) | Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations worldwide. The news was reported by Bleeping Computer that also noticed that ransomware operators have replaced […] | Ransomware | ||
|
2021-08-27 07:03:25 | B. Braun Infusomat pumps could be hacked to alter medication doses (lien direct) | Researchers disclosed five vulnerabilities in B. Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. Cybersecurity researchers from McAfee disclosed five vulnerabilities in B. Braun’s Infusomat Space Large Volume Pump and SpaceStation that could be exploited by threat actors to alter medication doses. The flawed devices are uses in both […] | Threat | ||
|
2021-08-26 22:32:41 | CISA publishes malware analysis reports on samples targeting Pulse Secure devices (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. “As part of CISA's ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples […] | Malware | ||
|
2021-08-26 17:45:57 | (Déjà vu) Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches (lien direct) | Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. Cisco has released security updates to address a critical security vulnerability, tracked as CVE-2021-1577, in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The vulnerability could be exploited to […] | Vulnerability | ||
|
2021-08-26 17:13:34 | Kaseya fixed two of the three Kaseya Unitrends zero-days found in July (lien direct) | Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya released security updates address server-side Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya Unitrends is a cloud-based enterprise solution that provides affordable, […] | Vulnerability | ||
|
2021-08-26 08:16:19 | Personal Data and docs of Swiss town Rolle available on the dark web (lien direct) | Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers […] | Ransomware Data Breach Threat | ||
|
2021-08-26 07:07:36 | VMware addressed 4 High-Severity flaws in vRealize Operations (lien direct) | VMware released security patches to address multiple vulnerabilities in vRealize Operations, including four high severity flaws. VMware addressed multiple vulnerabilities in vRealize Operations, including four high severity flaws. The most severe flaw, tracked as CVE-2021-22025 (CVSS score of 8.6), is a broken access control vulnerability in the vRealize Operations Manager API. An attacker could exploit […] | Vulnerability | ||
|
2021-08-25 23:05:38 | F5 addressed a flaw in BIG-IP devices rated as critical severity under specific conditions (lien direct) | F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP networking device, including an issue that was considered as critical severity when exploited under specific conditions. The flaw, […] | |||
|
2021-08-25 18:10:54 | FIN8 group used a previously undetected Sardonic backdoor in a recent attack (lien direct) | Financially motivated threat actor FIN8 employed a previously undocumented backdoor, tracked as ‘Sardonic,’ in recent attacks. The financially motivated threat actor FIN8 has been observed employing a previously undetected backdoor, dubbed Sardonic, on infected systems. The new backdoor was spotted by researchers from cybersecurity firm Bitdefender, it was discovered while investigating an unsuccessful attack carried […] | Threat | ||
|
2021-08-25 08:15:50 | ShinyHunters group claims to have data of 70M AT&T customers (lien direct) | Threat actors claim to have a database containing private information on roughly 70 million AT&T customers, but the company denies any security breach. ShinyHunters group claims to have a database containing private information on roughly 70 million AT&T customers, but the company denies that they have been stolen from its systems. ShinyHunters is a popular […] | |||
|
2021-08-25 07:44:19 | Modified version of Android WhatsApp installs Triada Trojan (lien direct) | Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices. Researchers from Kaspersky spotted a modified version of WhatsApp for Android, which offers extra features, but which installs the Triada Trojan on the devices. WhatsApp users sometimes look for mods that offer extra […] | |||
|
2021-08-25 07:01:11 | Samsung could use a TV Block feature to disable any of its TVs worldwide (lien direct) | The South Korean multinational Samsung revealed that it can disable its Samsung TV sets remotely using the TV Block feature. Samsung TV sets can be remotely disabled by the vendor using a built-in feature dubbed TV Block. The company revealed the capability to disable any device worldwide in a press release issued earlier this month in […] | |||
|
2021-08-24 21:43:02 | CVE-2021-3711 in OpenSSL can allow to change an application\'s behavior (lien direct) | The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to change an application's behavior or cause the app to crash. The OpenSSL Project released the OpenSSL 1.1.1l version that addresses a high-severity buffer overflow flaw, tracked as CVE-2021-3711, that could allow an attacker to change an application's behavior or […] |
To see everything:
Our RSS (filtrered)
