What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-11 17:11:14 | UNC215, an alleged China-linked APT group targets Israel orgs (lien direct) | China-linked threat actors UNC215 targeted Israeli organizations in a long-running campaign and used false flags to trick victims into believing the attacks was from Iran. A China-linked cyber-espionage group has targeted Israeli organizations and government institutions in a campaign that began in January 2019. The attacks were detailed by cybersecurity firm Mandiant, the state-sponsored hackers […] | Threat | ||
|
2021-08-11 08:05:34 | Adobe fixes critical flaws in Magento, patch it immediately (lien direct) | Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect: APSB21-64 Security updates available for Magento APSB21-66 Security update available for Adobe Connect Multiple critical vulnerabilities could be […] | |||
|
2021-08-11 06:52:03 | Microsoft patch Tuesday security updates fix PrintNightmare flaws (lien direct) | Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited in the wild. Microsoft released patch Tuesday security updates for August that address 120 CVEs in multiple products, including Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), Microsoft Scripting Engine, SQL Server, .NET […] | |||
|
2021-08-10 20:56:34 | $611 million stolen in Poly Network cross-chain hack (lien direct) | The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to date. $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. The cross-chain protocol Poly Network disclose a security breach, threat actors have stolen over $611 million in cryptocurrencies. The attackers have […] | Hack Threat | ||
|
2021-08-10 15:00:47 | New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors (lien direct) | A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms […] | Ransomware | ||
|
2021-08-10 10:14:38 | (Déjà vu) Microsoft Azure Sentinel uses Fusion ML to detect ransomware attacks (lien direct) | Microsoft Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform used the Fusion machine learning model to detect ransomware attack. Microsoft Azure Sentinel cloud-native SIEM is using the Fusion machine learning model to analyze data across enterprise environments and detect the activity associated with potential threats, including ransomware attacks. When a potential ransomware attack […] | Ransomware | ||
|
2021-08-10 02:09:57 | FlyTrap, a new Android Trojan compromised thousands of Facebook accounts (lien direct) | Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap, that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. The malware was spreading […] | Malware | ||
|
2021-08-09 16:22:07 | StealthWorker botnet targets Synology NAS devices to drop ransomware (lien direct) | Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt to implant ransomware. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux […] | Ransomware Threat | ||
|
2021-08-09 14:38:09 | City of Joplin paid a 320K ransom after a ransomware Attack (lien direct) | A ransomware attack hit City of Joplin forcing the IT staff to shutdown the City computer. Finally the insurer for Joplin paid $320,000 to threat actors. A ransomware attack last month hit the City of Joplin forcing the IT staff to shut down the city's government's computer system to prevent the threat from spreading. While […] | Ransomware Threat | ||
|
2021-08-09 11:41:41 | (Déjà vu) Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks (lien direct) | The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021. The Australian agency also published 2021-006: ACSC Ransomware Profile – Lockbit 2.0 which includes info […] | Ransomware | ||
|
2021-08-09 06:55:46 | (Déjà vu) Threat actors are probing Microsoft Exchange servers for ProxyShell flaws (lien direct) | Threat actors are actively scanning for the Microsoft Exchange ProxyShell RCE flaws after technical details were released at the Black Hat conference. Threat actors started actively scanning for the Microsoft Exchange ProxyShell remote code execution flaws after researchers released technical details at the Black Hat hacking conference. ProxyShell is the name of three vulnerabilities that could be […] | Threat | ||
|
2021-08-08 21:11:40 | 1M compromised cards available for free in the underground market (lien direct) | Group-IB detected an unconventional post on several carding forums containing links to a file containing 1 million compromised cards. On August 2, Group-IB Threat Intelligence & Attribution system detected an unconventional post on several carding forums. A user, nicknamed AW_cards posted links to a file containing 1 million pieces of stolen payment records. The file […] | Threat | ||
|
2021-08-08 13:30:06 | Security Affairs newsletter Round 326 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia WordPress Download Manager Plugin was affected by two flaws […] | Threat | ||
|
2021-08-08 07:37:23 | (Déjà vu) A zero-day RCE in Cisco ASDM has yet to be fixed (lien direct) | A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ASDM) Launcher, the IT giant confirmed that the flaw has yet to be addressed. […] | Vulnerability | ||
|
2021-08-08 07:37:23 | A zero-day RCE in Cisco ADSM has yet to be fixed (lien direct) | A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive Security Device Manager (ADSM) Launcher, the IT giant confirmed that the flaw has yet to be addressed. […] | Vulnerability | ||
|
2021-08-07 20:10:28 | CVE-2021-20090 actively exploited to target millions of IoT devices worldwide (lien direct) | Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090, impacting home routers with Arcadyan firmware to deploy a Mirai bot. “A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and […] | Vulnerability Threat | ||
|
2021-08-07 05:13:53 | RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE (lien direct) | Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data. At the time of this writing, the leak site of the RansomEXX gang dosn’t include the company name, […] | Ransomware | ||
|
2021-08-06 23:08:15 | RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna (lien direct) | RansomEXX ransomware operators hit the popular Italian luxury fashion house Ermenegildo Zegna Holding and started leaking stolen files. Zegna is one of the most famous Italian luxury fashion houses. It was founded in 1910 by Ermenegildo Zegna in Trivero, Biella Province of the Piedmont region of Northern Italy. Ermenegildo Zegna Group is the largest menswear brand in the world by revenue. As of 2018, Ermenegildo Zegna […] | Ransomware | ||
|
2021-08-06 16:26:45 | (Déjà vu) Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN (lien direct) | Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. The most severe flaw, tracked as CVE-2021-22937 is a high-severity remote code execution […] | Vulnerability | ||
|
2021-08-06 12:05:45 | Conti Leak Indicators – What to block, in your SOC…. (lien direct) | Security expert provided leak indicators for Conti ransomware operations that were recently disclosed by a disgruntled affiliate. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators. The Conti Ransomware operators offer their services to their […] | Ransomware | ||
|
2021-08-06 10:29:04 | VMware addresses critical flaws in its products (lien direct) | VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical issue that could allow an attacker to access confidential information. A couple of vulnerabilities tracked as CVE-2021-22002 and CVE-2021-22003, impact Workspace […] | Vulnerability | ||
|
2021-08-06 06:53:20 | BlackMatter ransomware also targets VMware ESXi servers (lien direct) | BlackMatter gang rapidly evolves, the group has developed a Linux version that allows operators to targets VMware’s ESXi VM platform. The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the […] | Ransomware | ||
|
2021-08-05 21:49:51 | Conti ransomware affiliate leaked gang\'s training material and tools (lien direct) | An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one […] | Ransomware | ||
|
2021-08-05 16:28:53 | Cryptominer ELFs Using MSR to Boost Mining Process (lien direct) | The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver. By UPTYCS THREAT RESEARCH Original research by Siddarth Sharma The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining […] | Threat | ||
|
2021-08-05 12:28:27 | Italian energy company ERG hit by LockBit 2.0 ransomware gang (lien direct) | ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The company is active in the production of […] | Ransomware | ||
|
2021-08-05 06:08:21 | (Déjà vu) Cisco fixes critical, high severity vulnerabilities in VPN routers (lien direct) | Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. An attacker could exploit the issues to trigger a denial of service condition or execute commands and arbitrary code on impacted multiple Small Business VPN […] | |||
|
2021-08-04 21:39:51 | (Déjà vu) Advanced Technology Ventures discloses ransomware attack and data breach (lien direct) | The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some […] | Ransomware Data Breach Threat | ||
|
2021-08-04 16:15:25 | US CISA and NSA publish guidance to secure Kubernetes deployments (lien direct) | US CISA and NSA released new guidance that provides recommendations on how to harden Kubernetes deployments and minimize the risk of hack. US CISA and NSA released new guidance that provides recommendations to harden Kubernetes deployments. Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. In recent months the number […] | Uber | ||
|
2021-08-04 15:25:01 | China-linked APT31 targets Russia for the first time (lien direct) | China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Researchers from Positive Technologies reported that China-linked APT31 group has been using a new piece of malware in a recent wave of attacks targeting Mongolia, Belarus, Canada, the United States, and Russia. Experts […] | Malware | APT 31 | |
|
2021-08-04 11:33:44 | INFRA:HALT flaws impact OT devices from hundreds of vendors (lien direct) | INFRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact a popular TCP/IP library named NicheStack commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more […] | |||
|
2021-08-03 22:57:40 | Cyber Defense Magazine – August 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine August 2021 Edition has arrived. We hope you enjoy this month's edition…packed with over 148 pages of excellent content. Cyber Defense eMagazine August Edition for 2021Grab this PDF version and help fund our operations:https://cyberdefensemagazine.tradepub.com/free/w_cyba125/ Here’s the Yumpu Magazine Versionhttps://www.yumpu.com/en/document/read/65794079/cyber-defense-emagazine-august-edition-for-2021 Here’s a free PDF Version hosted on our site:https://www.cyberdefensemagazine.com/newsletters/august-2021/CDM-CYBER-DEFENSE-eMAGAZINE-August-2021.pdf Mobile Versionhttps://www.cyberdefensemagazine.com/newsletters/august-2021/index.html The Black […] | |||
|
2021-08-03 20:55:39 | China-linked APT groups target telecom companies in Southeast Asia (lien direct) | China linked APT groups have targeted networks of at least five major telecommunications companies operating in Southeast Asia since 2017. Cybereason researchers identified three clusters of activity associated with China-linked threat actors that carried out a series of attacks against networks of at least five major telecommunications companies located in South Asia since 2017. “The goal […] | Threat | ||
|
2021-08-03 14:19:13 | Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software (lien direct) | Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518, that could be exploited by an attacker to execute arbitrary code on vulnerable devices. FDM On-Box allows […] | Vulnerability | ||
|
2021-08-03 08:27:43 | Experts found potential remote code execution in PyPI (lien direct) | A flaw in the GitHub Actions workflow for PyPI 's source repository could be exploited to potentially execute arbitrary code on pypi.org. Security researcher RyotaK disclosed three flaws in PyPI, the most severe one could potentially lead to the compromise of the entire PyPI infrastructure. Python Package Index (PyPI) is the official third-party software repository […] | Guideline | ||
|
2021-08-02 21:12:41 | Do You Trust Your Smart TV? (lien direct) | Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV. The video shows an insider plugging a USB Rubber […] | |||
|
2021-08-02 19:42:08 | PwnedPiper flaws in PTS systems affect 80% of major US hospitals (lien direct) | Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper, that left a widely-used pneumatic tube system (PTS) vulnerable to attacks. Researchers from cybersecurity Armis disclosed a set of nine vulnerabilities collectively tracked as PwnedPiper that could be exploited to carry out multiple attacks against a widely-used pneumatic tube system (PTS). The Swisslog PTS system are used in […] | |||
|
2021-08-02 09:18:05 | (Déjà vu) More evidence suggests that DarkSide and BlackMatter are the same group (lien direct) | Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities. […] | Ransomware | ||
|
2021-08-02 06:53:57 | WordPress Download Manager Plugin was affected by two flaws (lien direct) | An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. Researchers from Wordfence team discovered a vulnerability, tracked as CVE-2021-34639, affecting the WordPress Download Manager plugin that could allow attackers to execute arbitrary code under specific configurations. The flaw could allow authors and […] | Vulnerability | ||
|
2021-08-01 15:50:17 | GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia (lien direct) | Kaspersky experts spotted a previously undocumented Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange flaws in attacks on high-profile victims. Kaspersky spotted a new Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange vulnerabilities in attacks aimed at high-profile victims. The long-running operation carried out by the group mostly targeted […] | Threat | ||
|
2021-08-01 08:55:45 | Security Affairs newsletter Round 325 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Crooks target Kubernetes installs via Argo Workflows to deploy miners XCSSET MacOS malware targets Telegram, Google Chrome […] | Malware | Uber | |
|
2021-07-31 20:50:20 | Threat actors leaked data stolen from EA, including FIFA code (lien direct) | Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source […] | |||
|
2021-07-31 18:00:04 | SolarWinds hackers breached 27 state attorneys\' offices (lien direct) | Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The US Department of Justice revealed that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were hacked by the Russia-linked SVR (aka APT29, Cozy Bear, and The Dukes) during the SolarWinds attack. The […] | APT 29 | ||
|
2021-07-31 05:12:30 | Android Banking Trojan Vultur uses screen recording for credentials stealing (lien direct) | Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials. ThreatFabric researchers discovered a new Android banking Trojan, tracked as Vultur, that uses screen recording and keylogging to capture login credentials. Vultur was first spotted in late March 2021, it gains full […] | |||
|
2021-07-30 17:46:45 | CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines (lien direct) | Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines. The security researcher Manfred Paul of the RedRocket CTF team released the exploit code for a high-severity privilege escalation bug, tracked as CVE-2021-3490, in Linux kernel eBPF (Extended Berkeley Packet Filter). A local attacker could exploit the flaw to […] | |||
|
2021-07-30 06:18:26 | Estonia \'s police arrested a Tallin resident who stole 286K ID scans from a government DB (lien direct) | Estonia ‘s police arrested a man from Tallinn that is suspected to be the hacker who stole 286K ID scans from the government systems. Estonian police arrested a man from Tallinn that is suspected to have stolen 286,438 belonging to Estonians citizens from the government systems. The hacker exploited a vulnerability in a photo transfer […] | Vulnerability | ||
|
2021-07-30 06:02:08 | Meteor was the wiper used against Iran\'s national railway system (lien direct) | The recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by ransomware as initially thought. Meteor was a previously undetected strain of malware, but experts […] | Ransomware Malware | ||
|
2021-07-29 18:08:49 | BlackMatter and Haron, two new ransomware gangs in the threat landscape (lien direct) | The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of […] | Ransomware Malware Threat | ||
|
2021-07-29 10:54:12 | LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains (lien direct) | A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies. Kramez explained that this is the […] | Ransomware Malware | ||
|
2021-07-29 07:36:27 | Critical flaw in Microsoft Hyper-V could allow RCE and DoS (lien direct) | Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on it. Researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow triggering a DoS condition ot executing arbitrary code on it. The flaw resides in […] | |||
|
2021-07-28 20:29:03 | US, UK, and Australian agencies warn of top routinely exploited issues (lien direct) | A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) published a Joint Cybersecurity […] |
To see everything:
Our RSS (filtrered)
