What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-24 17:18:06 | (Déjà vu) New zero-click exploit used to target Bahraini activists\' iPhones with NSO spyware (lien direct) | Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy NSO Group’s Pegasus spyware on Bahraini activists’ devices. The iPhones of nine activists, including members of the Bahrain Center for Human […] | |||
|
2021-08-24 08:24:57 | (Déjà vu) FBI flash alert warns on OnePercent Group Ransomware attacks (lien direct) | The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The Federal Bureau of Investigation (FBI) has published a flash alert about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. […] | Ransomware Threat | ||
|
2021-08-24 07:01:46 | Realtek SDK flaws exploited to deliver Mirai bot variant (lien direct) | Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Researchers from SAM Seamless Network warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its […] | Threat | ||
|
2021-08-23 20:18:28 | CISA recommends immediately patch Exchange ProxyShell flaws (lien direct) | US CISA issued an urgent alert to warn admins to address ProxyShell vulnerabilities on-premises Microsoft Exchange servers. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn admins to address actively exploited ProxyShell vulnerabilities on-premises Microsoft Exchange servers. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated […] | |||
|
2021-08-23 15:39:56 | Are you using a Sophos UTM appliance? Be sure it is up to date! (lien direct) | A researcher disclosed technical details of a critical remote code execution vulnerability, tracked as CVE-2020-25223, patched last year. In September, Sophos addressed a remote code execution vulnerability (CVE-2020-25223) in the WebAdmin of SG UTM that was reported via the company bug bounty program. At the time, the security vendor said that there was no evidence that […] | Vulnerability | ||
|
2021-08-23 08:31:57 | LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs (lien direct) | A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards. A local privilege escalation (LPE) zero-day flaw in Razer Synapse allows attackers to gain SYSTEM privileges on Windows systems […] | Vulnerability Threat | ||
|
2021-08-23 06:51:51 | Memorial Health System forced to cancel surgeries after ransomware attack (lien direct) | Health organization Memorial Health System was hit by a disruptive cyber attack that forced it to cancel surgeries and divert patients last week. The Memorial Health System announced that was hit by a disruptive cyber attack that forced it to suspend some of its operations. The organization operates the Marietta Memorial Hospital, the Selby General […] | Ransomware | ||
|
2021-08-22 16:27:43 | Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP (lien direct) | Google disclosed the details of a Windows AppContainer vulnerability because Microsoft initially had no plans to fix it. Google Project Zero experts disclosed the details of a Windows AppContainer flaw after Microsoft announced it had no plans to fix it. The team focused its analysis on Windows Firewall and AppContainer that were designed by Microsoft […] | Vulnerability | ||
|
2021-08-22 08:24:48 | Security Affairs newsletter Round 328 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. U.S. State Department was recently hit by a cyber attack New LockFile ransomware gang uses ProxyShell and […] | Ransomware | ||
|
2021-08-22 07:59:02 | T-Mobile data breach could be worse than initially thought, 54 million customers impacted (lien direct) | T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted. T-Mobile data breach could be worse than initially thought, according to an update to the investigation over 54 million customers had their data compromised. Recently T-Mobile has launched an investigation into a possible […] | Data Breach | ||
|
2021-08-21 23:39:32 | U.S. State Department was recently hit by a cyber attack (lien direct) | The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command might have suffered a serious breach. The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying impacted individuals, White House Correspondent and fill-in anchor at Fox News Jacqui Heinrich […] | |||
|
2021-08-21 18:03:39 | New LockFile ransomware gang uses ProxyShell and PetitPotam exploits (lien direct) | A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the Microsoft Exchange ProxyShell and the Windows […] | Ransomware | ||
|
2021-08-21 08:10:42 | US CISA releases guidance on how to prevent ransomware data breaches (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks. Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems. Over the past several […] | Ransomware Threat | ||
|
2021-08-21 06:56:08 | Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware (lien direct) | Lojas Renner, the largest Brazilian department stores clothing company, suffered a ransomware attack that impacted its IT infrastructure. Lojas Renner, the largest Brazilian department stores clothing company, announced to have suffered a ransomware attack that impacted its IT infrastructure. According to Brazilian news outlets, the company was forced to shut down all its physical stores […] | Ransomware | ||
|
2021-08-20 22:07:18 | (Déjà vu) Emsisoft releases free SynAck ransomware decryptor (lien direct) | Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their files for free Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt their encrypted files.<gwmw style=”display:none;”> Last week, the SynAck ransomware gang released the master decryption […] | Ransomware | ||
|
2021-08-20 18:02:06 | Cloudflare mitigated the largest ever volumetric DDoS attack to date (lien direct) | Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date. Volumetric DDoS attacks are designed to overwhelm internal network capacity and […] | |||
|
2021-08-20 16:02:00 | Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software (lien direct) | The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of […] | Vulnerability | ||
|
2021-08-20 15:37:07 | Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices (lien direct) | Mozi botnet continues to evolve, its authors implemented new capabilities to target Netgear, Huawei, and ZTE network gateways. Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared […] | |||
|
2021-08-20 08:02:18 | Cisco warns of Server Name Identification data exfiltration flaw in multiple products (lien direct) | Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering that affects multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine) that could be exploited […] | Vulnerability Threat | ||
|
2021-08-20 07:03:25 | 637 flaws in industrial control system (ICS) products were published in H1 2021 (lien direct) | During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain. The company reported that during the […] | Vulnerability Guideline | ||
|
2021-08-19 17:10:07 | Threat actors stole $97 million from Liquid cryptocurency exchange (lien direct) | Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from the company. Japan-based cryptocurrency exchange Liquid was hit by a cyber attack that resulted in the theft of $97 Million worth of crypto-currency assets from its warm wallets. Liquid confirmed that crooks stole various crypto-currency […] | Threat | ||
|
2021-08-19 16:32:06 | Cisco will not patch critical flaw CVE-2021-34730 in EoF routers (lien direct) | Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. The CVE-2021-34730 flaw resides in the Universal Plug-and-Play (UPnP) service […] | |||
|
2021-08-19 08:18:08 | Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw (lien direct) | Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day flaw. […] | Threat | ||
|
2021-08-19 06:47:34 | NK-linked InkySquid APT leverages IE exploits in recent attacks (lien direct) | North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper. Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group (aka ScarCruft, APT37, Group123, and Reaper) leverages two Internet Explorer exploits to deliver a custom backdoor in watering hole attacks aimed at the […] | Cloud | APT 37 | |
|
2021-08-18 17:15:34 | New analysis of Diavol ransomware reinforces the link to TrickBot gang (lien direct) | Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind the TrickBot botnet. In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used by […] | Ransomware | ||
|
2021-08-18 16:10:56 | T-Mobile data breach has impacted 48.6 million customers (lien direct) | T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web. Bleeping Computer reported that the seller was asking for 6 […] | Data Breach Threat | ||
|
2021-08-18 07:03:22 | Hamburg\'s data protection agency (DPA) states that using Zoom violates GDPR (lien direct) | The German state’s data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union’s GDPR. The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR). The DPA is concerned by the transfer of […] | Tool | ||
|
2021-08-17 16:55:17 | Kalay cloud platform flaw exposes millions of IoT devices to hack (lien direct) | FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEye's Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. The flaw […] | Hack Vulnerability | ||
|
2021-08-17 15:31:32 | Fortinet FortiWeb OS Command Injection allows takeover servers remotely (lien direct) | Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that […] | Vulnerability | ||
|
2021-08-17 08:31:03 | 1.9 million+ records from the FBI\'s terrorist watchlist available online (lien direct) | A security researcher discovered that a secret FBI's terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. A security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9 million records that were exposed on the internet for three weeks between July 19 and August 9, 2021. In July, […] | |||
|
2021-08-17 07:04:00 | Colonial Pipeline discloses data breach after May ransomware attack (lien direct) | Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. Colonial Pipeline has started notifying more than 5000 people that had their personal information compromised after a ransomware attack that took place in May. The Colonial Pipeline facility in Pelham, Alabama […] | Ransomware Data Breach | ||
|
2021-08-16 21:27:53 | T-Mobile confirms data breach that exposed customer personal info (lien direct) | T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. Yesterday the company announced it launched an investigation into a possible data breach after […] | Data Breach Threat | ||
|
2021-08-16 17:06:18 | (Déjà vu) Recent attacks on Iran were orchestrated by the Indra group (lien direct) | The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In July, Iran's railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, the Fars news agency reported. The […] | Threat | ||
|
2021-08-16 08:04:26 | US FINRA warns US brokerage firms and brokers of ongoing phishing attacks (lien direct) | The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing […] | Threat | ||
|
2021-08-16 06:47:07 | Threat actor claims to be selling data of more than 100 million T-Mobile customers (lien direct) | T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers. New problems for T-Mobile, the company is investigating a possible data breach after that a threat actor has published a post on a hacking forum claiming to be […] | Data Breach Threat | ||
|
2021-08-15 16:15:28 | A job ad published by the UK\'s Ministry of Defence revealed a secret hacking squad (lien direct) | A job ad published by the UK’s Ministry of Defence has revealed the existence of a previously undisclosed secret SAS mobile hacker team. The existence of a secret SAS mobile hacker squad, named MAB5 and under the control of the Computer Network Operations (CNO) Exploitation, was revealed by a job ad published by the UK’s […] | |||
|
2021-08-15 07:55:06 | Security Affairs newsletter Round 327 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Four years after its takedown, AlphaBay marketplace revamped Classified documents from Lithuanian Ministry of Foreign Affairs are […] | |||
|
2021-08-15 06:49:00 | (Déjà vu) Glowworm Attack allows sound recovery via a device\'s power indicator LED (lien direct) | The Glowworm attack leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy on electronic conversations. Boffins from the Ben-Gurion University of the Negev devised a new attack technique, dubbed the “Glowworm attack,” that leverages optical emanations from a device’s power indicator LED to recover sounds from connected […] | |||
|
2021-08-14 20:59:05 | Four years after its takedown, AlphaBay marketplace revamped (lien direct) | The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service. The darknet marketplace AlphaBay resurfaced four years after an international operation conducted by law enforcement agencies took down it. AlphaBay was active between 2014 and June 2017, law enforcement seized the marketplace and arrested the administrator Alexandre Cazes (aka “Alpha02/Admin”), […] | |||
|
2021-08-14 16:59:58 | Classified documents from Lithuanian Ministry of Foreign Affairs are available for sale (lien direct) | Emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs are available for sale in a cybercrime forum, some emails include high-sensitive info. An archive containing 1.6 million emails containing highly sensitive messages allegedly stolen from the Lithuanian Ministry of Foreign Affairs is available for sale on the RaidForums hacking forum. The ad doesn’t include […] | |||
|
2021-08-14 06:57:53 | Dumping user\'s Microsoft Azure credentials in plaintext from Windows 365 (lien direct) | A security expert devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 Cloud PC service using Mimikatz. Benjamin Delpy, the popular security researcher and author of the Mimikatz tool, has devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365 […] | |||
|
2021-08-13 18:13:27 | SynAck ransomware gang releases master decryption keys for old victims (lien direct) | The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. The gang has now rebranded as the new […] | Ransomware | ||
|
2021-08-13 17:16:10 | Vice Society ransomware also exploits PrintNightmare flaws in its attack (lien direct) | Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers. The PrintNightmare flaws (tracked as (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) reside in the Windows Print Spooler service, print drivers, and the Windows Point and […] | Ransomware Vulnerability | ||
|
2021-08-13 08:07:19 | Google open-sourced Allstar tool to secure GitHub repositories (lien direct) | Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration. “Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its […] | Tool | ||
|
2021-08-13 06:50:57 | (Déjà vu) Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users (lien direct) | Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. The attackers used invoice-themed XLS.HTML attachments, Microsoft reported that they changed obfuscation and encryption mechanisms every 37 […] | |||
|
2021-08-12 21:20:58 | Trend Micro warns customers of zero-day attacks against its products (lien direct) | Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products. On July 28, Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One […] | |||
|
2021-08-12 16:01:15 | Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers (lien direct) | Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) to infect Windows servers. The PrintNightmare flaws reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature. A few hours ago […] | Ransomware Threat | ||
|
2021-08-12 07:52:27 | Microsoft warns of a new unpatched Windows Print Spooler RCE zero-day (lien direct) | Microsoft is warning of another zero-day Windows print spooler vulnerability, tracked as CVE-2021-36958, that could allow local attackers to gain SYSTEM privileges. Microsoft published a security advisory to warn its customers of another remote code execution zero-vulnerability, tracked as CVE-2021-36958, that resides in the Windows Print Spooler component. A local attacker could exploit the vulnerability […] | Vulnerability | ||
|
2021-08-12 06:31:10 | Threat actors behind the Poly Network hack are returning stolen funds (lien direct) | The threat actor who hacked Poly Network cross-chain protocol stealing $611 million worth of cryptocurrency assets returns the stolen funds. The threat actor behind the hack of the Poly Network cross-chain protocol is now returning the stolen funds. The hackers have stolen $611 million worth of cryptocurrency assets, $273 million worth of Ethereum tokens, $253 million […] | Hack Threat | ||
|
2021-08-11 19:23:35 | Accenture has been hit by a LockBit 2.0 ransomware attack (lien direct) | Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site, “These people are beyond privacy and security. I really hope […] | Ransomware Hack |
To see everything:
Our RSS (filtrered)
