What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-05 07:00:30 | US water company WSSC Water hit by a ransomware attack (lien direct) | US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore, the company removed the malware just hours later and locked out […] | Ransomware Malware | ||
|
2021-07-04 17:30:38 | REvil gang exploited a zero-day in the Kaseya supply chain attack (lien direct) | Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA's infrastructure, then pushed out […] | Ransomware Vulnerability | ||
|
2021-07-04 13:59:54 | Hackers spread backdoor after compromising the Mongolian CA MonPass (lien direct) | Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Hackers compromised the servers of the Mongolian certificate authority (CA) MonPass and used its website to spread malware, reported Avast researchers. According to the experts, the security breach took place at least six months ago, MonPass was […] | |||
|
2021-07-04 11:55:14 | Security Affairs newsletter Round 321 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Crackonosh Monero miner made $2M after infecting 222,000 Win systems Hackers target Cisco ASA devices after a PoC […] | |||
|
2021-07-04 09:15:06 | Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack (lien direct) | Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya. The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya. The REvil ransomware operators initially compromised the Kaseya VSA's infrastructure, […] | Ransomware | ||
|
2021-07-03 18:01:06 | Kaseya VSA supply-chain ransomware attack hit hundreds of companies (lien direct) | A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform impacting MSPs and their customers. Kaseya has 40,000 customers, not all use the VSA tool which is […] | Ransomware Tool | ||
|
2021-07-03 05:14:09 | Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang? (lien direct) | Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used […] | Ransomware Threat | ||
|
2021-07-02 17:43:02 | Microsoft urges Azure users to update PowerShell to fix RCE flaw (lien direct) | Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity remote code execution vulnerability tracked as CVE-2021-26701. The IT giant is inviting the PowerShell task […] | Vulnerability | ||
|
2021-07-02 14:29:16 | Cyber Defense Magazine – July 2021 has arrived. Enjoy it! (lien direct) | Cyber Defense Magazine July 2021 Edition has arrived. We hope you enjoy this month's edition…packed with over 158 pages of excellent content. In this edition: Colonial Pipeline, JBS Cyber Attacks Shine Spotlight on Operational Technology Vulnerabilities for Wide Range of Business Sectors Getting The Cloud Right – Security and Compliance Flipping the Cyber Script … […] | |||
|
2021-07-02 11:43:04 | (Déjà vu) Experts warn of Babuk Locker attacks with recently leaked ransomware builder (lien direct) | The recently leaked Babuk Locker ransomware builder was used by a threat actor in an ongoing campaign targeting victims worldwide. At the end of June, The Record first reported that the builder for the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. […] | Ransomware Threat | ||
|
2021-07-02 08:53:26 | CISA alert urges to disable Windows Print Spooler to percent PrintNightmare attacks (lien direct) | CISA issued a security alert to warn admins to disable the Windows Print Spooler service on servers not used for printing due to PrintNightmare zero-day. CISA issued an alert to warn admins to disable the Windows Print Spooler on servers not used for printing due to the risk of exploitation of the PrintNightmare zero-day vulnerability. ““while Microsoft […] | |||
|
2021-07-01 21:49:14 | UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT (lien direct) | US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks.US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. US […] | APT 28 | ||
|
2021-07-01 17:35:10 | Hackers breached a data server of the University Medical Center (lien direct) | The University Medical Center hospital discloses a data breach after threat actors published online images of stolen personal information as proof of the hack. The University Medical Center hospital, in Nevada, discloses a security breach, the hackers compromised its data servers and published online the pictures of the allegedly stolen personal information. Early this week, […] | Data Breach Threat | ||
|
2021-07-01 15:16:55 | (Déjà vu) Microsoft found auth bypass, system hijack flaws in Netgear routers (lien direct) | Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. Microsoft researchers discovered multiple vulnerabilities in the firmware of the Netgear DGN-2200v1 series router that can allow attackers to bypass authentication, access stored credentials, and even take over devices. Experts discovered […] | Guideline | ||
|
2021-07-01 11:33:44 | (Déjà vu) US CISA releases a Ransomware Readiness Assessment (RRA) tool (lien direct) | The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET). RRA could be used by organizations to determine […] | Ransomware Tool | ||
|
2021-07-01 08:41:19 | Freshly scraped LinkedIn data of 88,000 US business owners shared online (lien direct) | About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform's scrape-friendly systems. Hours ago, a 68MB JSON database containing LinkedIn data recently collected from 88,000 US business owners was shared on […] | Threat | ★★★★ | |
|
2021-06-30 20:55:35 | Hackers hit a televised phone-in between President Putin and citizens at a TV show (lien direct) | A massive cyber attack attempted to disrupt a televised phone-in between Russian President Vladimir Putin and the Rossiya 24 network. Hackers launched a massive cyberattack against the state-broadcast Rossiya 24 network while transmitting a show in which President Putin was answering in real-time to answer from his citizens. The televised phone-in with the Russian President […] | |||
|
2021-06-30 15:48:02 | Colombian authorities arrested hacker behind the Gozi Virus (lien direct) | Colombian authorities arrested a Romanian hacker who is wanted in the U.S. for distributing the Gozi virus that already infected more than a million computers. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S. for his key role in the distribution of the Gozi virus that […] | |||
|
2021-06-30 09:03:30 | Russian-based DoubleVPN seized by law enforcement (lien direct) | Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The operation is a […] | Threat | ||
|
2021-06-30 05:32:01 | SolarWinds hackers remained hidden in Denmark\'s central bank for months (lien direct) | Russia-linked threat actors compromised Denmark's central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark's central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The security breach is the result of the SolarWinds supply chain attack that was carried out […] | Threat | ||
|
2021-06-29 19:28:50 | New LinkedIn breach exposes data of 700 Million users (lien direct) | A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on […] | |||
|
2021-06-29 17:07:23 | PoC exploit for CVE-2021-1675 RCE started circulating online (lien direct) | Proof-of-concept exploit code for CVE-2021-1675 flaw, an attacker could exploit it to compromise Windows systems. Proof-of-concept exploit code for the CVE-2021-1675 flaw has been published online, the flaw impacts the Windows Print Spooler service and could be exploited to compromise Windows systems. Microsoft addressed the flaw with the release of Microsoft June 2021 Patch Tuesday […] | |||
|
2021-06-29 13:24:14 | (Déjà vu) Linux version of REvil ransomware targets ESXi VM (lien direct) | The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. The availability of the Linux encryptor was announced by the REvil gang in May, a circumstance […] | Ransomware | ||
|
2021-06-29 08:18:16 | Experts developed a free decryptor for the Lorenz ransomware (lien direct) | Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims. Like other ransomware gangs, Lorenz operators also implement double-extortion […] | Ransomware | ||
|
2021-06-29 07:05:57 | GitHub paid out over $500K through its bug bounty program for 203 flaws in 2020 (lien direct) | Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since 2016. Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities affecting its products and services in 2020. The company revealed that it paid more than $1.5 million […] | |||
|
2021-06-28 14:46:32 | Microsoft investigates threat actor distributing malicious Netfilter Driver (lien direct) | Microsoft is investigating an strange attack, threat actor used a driver signed by the company, the Netfilter Driver, to implant a Rootkit. Microsoft announced it is investigating a threat actor distributing malicious drivers in attacks aimed at the gaming industry in China. The actor submitted drivers that were built by a third party for certification […] | Threat | ||
|
2021-06-28 06:46:10 | Six typosquatting packages in PyPI repository laced with crypto miner (lien direct) | Researchers discovered six rogue packages in the official Python programming language's PyPI repository containg cryptocurrency mining malware. Experts from security firm Sonatype have uncovered six typosquatting packages in the official Python programming language's PyPI repository that were laced with cryptomining malware. The Python Package Index (PyPI) is a repository of software for the Python programming language, it allows users […] | |||
|
2021-06-27 12:49:41 | Crackonosh Monero miner made $2M after infecting 222,000 Win systems (lien direct) | Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. “While the Windows system is in safe mode antivirus software doesn't work. This can enable the malicious Serviceinstaller.exe to […] | |||
|
2021-06-27 11:25:36 | Security Affairs newsletter Round 320 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Norway blames China-linked APT31 for 2018 government hack Poland: The leader of the PiS party blames Russia for […] | Hack Guideline | APT 31 | |
|
2021-06-27 08:43:32 | Hackers target Cisco ASA devices after a PoC exploit code was published online (lien direct) | Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability. Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published a PoC exploit code on Twitter for the CVE-2020-3580 XSS vulnerability. Tenable experts published an alert about […] | |||
|
2021-06-26 16:36:51 | Microsoft: Russia-linked SolarWinds hackers breached three new entities (lien direct) | Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted news cyber attacks against other organizations. Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. […] | Threat | APT 29 | |
|
2021-06-26 15:14:01 | New ransomware group Hive leaks Altus group sample files (lien direct) | On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”. Now, we have information […] | Ransomware | ||
|
2021-06-26 05:11:34 | Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable (lien direct) | CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several weeks later, security researchers from Sophos have discovered a new ransomware variant known as Epsilon Red. Now, we know exactly how it was carried out – and what you should do to be safe from it. Seemingly, […] | Ransomware | ||
|
2021-06-25 20:01:03 | Marketo Marketplace – Cybercriminals are targeting major law firms (lien direct) | Cybercriminals published for sale in Dark Web 58GB of data stolen from Hollingsworth LLP. One of the emerging underground marketplaces of stolen data ‘Marketo’ available in TOR network announced the publication of data presumably stolen from Hollingsworth LLP, one of the largest U.S.-based law firms. The information about the new victim of ransomware activity first […] | Ransomware | ||
|
2021-06-25 18:07:23 | Hackers exploit 3-years old flaw to wipe Western Digital devices (lien direct) | Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting an old vulnerability. Owners of Western Digital (WD) claim that their My Book Live and My Book Live Duo network-attached storage (NAS) devices have been wiped. Threat actors forced a factory reset on the devices […] | Threat | ||
|
2021-06-25 12:55:40 | Flaws in FortiWeb WAF expose Fortinet devices to remote hack (lien direct) | Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. Fortinet has recently addressed a high-severity vulnerability (CVE-2021-22123) affecting its FortiWeb web application firewall (WAF), a remote, authenticated attacker can exploit it to execute arbitrary commands via the SAML server […] | Hack Vulnerability | ||
|
2021-06-25 10:02:32 | Clop gang members recently arrested laundered over $500M in payments (lien direct) | The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups. Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as […] | Ransomware | ||
|
2021-06-24 22:33:56 | Flaws in Dell BIOSConnect feature affect 128 device models (lien direct) | Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the impacted device. Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities affecting the BIOSConnect feature of Dell Client BIOS that could be exploited by a privileged attacker to execute arbitrary code […] | |||
|
2021-06-24 16:57:36 | VMware releases patches for critical flaw in Carbon Black App Control (lien direct) | VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows. VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines. Carbon Black App Control allows to lock down critical systems and servers to prevent […] | Vulnerability | ||
|
2021-06-24 14:15:55 | Zyxel warns customers of attacks on its enterprise firewall and VPN devices (lien direct) | Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. The threat actors are targeting the USG, […] | Threat | ||
|
2021-06-24 13:13:25 | ChaChi, a GoLang Trojan used in ransomware attacks on US schools (lien direct) | A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming language, dubbed ChaChi, which has been used by PYSA (aka Mespinoza) operators to target victims globally. The […] | Ransomware Threat | ||
|
2021-06-23 22:15:15 | John McAfee found dead in prison cell ahead of extradition to US (lien direct) | One of the fathers of antivirus software, the entrepreneur John McAfee has been found dead in a Barcelona prison cell while he was waiting for extradition to the US. The popular cybersecurity entrepreneur John McAfee has been found dead in a Barcelona prison cell, a few hours after Spain’s National Court agreed to extradite him […] | |||
|
2021-06-23 20:31:41 | (Déjà vu) The European Commission proposed to launch the new Joint Cyber Unit (lien direct) | The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit. The European Commission proposed on Wednesday the creation of a new Joint Cyber Unit that aims at providing a coordinated response to large-scale cyber attacks and crises. The idea of establishing a Joint Cyber Unit (JCU) was […] | |||
|
2021-06-23 16:59:31 | (Déjà vu) VMware fixes privilege escalation issue in VMware Tools for Windows (lien direct) | VMware patched a high-severity vulnerability in VMware Tools for Windows that attackers could exploit to execute arbitrary code with elevated privileges. VMware patched a high-severity local privilege escalation vulnerability, tracked as CVE-2021-21999, in VMware Tools for Windows that could be exploited by attackers to execute arbitrary code with elevated privileges. The vulnerability has received a […] | Vulnerability | ||
|
2021-06-23 12:01:37 | Clop ransomware is back into action after the recent police operation (lien direct) | A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action. A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang, the group is back into action. Last week, Ukraine police arrested multiple individuals that are believed to […] | Ransomware | ||
|
2021-06-23 11:19:01 | Palo Alto Networks fixes critical flaw (CVE-2021-3044) in Cortex XSOAR (lien direct) | Palo Alto Networks addresses a critical improper authorization vulnerability (CVE-2021-3044) affecting its Cortex XSOAR security orchestration solution, automation and response (SOAR) platform. Researchers from Palo Alto Networks discovered and addresses a critical improper authorization vulnerability, tracked as CVE-2021-3044, that affects its Cortex XSOAR SOAR platform. The CVE-2021-3044 vulnerability received a CVSS score of 9.8. A […] | Vulnerability | ||
|
2021-06-23 08:53:07 | SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day (lien direct) | A critical vulnerability, tracked as CVE-2021-20019, in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, in SonicWall Network Security Appliance (NSA) appliances. At the time of the discovery, security experts from the Tripwire VERT […] | |||
|
2021-06-23 06:38:24 | MITRE adds D3FEND defensive cybersecurity techniques to ATT&CK Framework (lien direct) | D3FEND is a new project promoted by MITRE Corporation to add defensive cybersecurity techniques to the ATT&CK Framework. D3FEND is a new project promoted by MITRE Corporation aimed to add a knowledge graph of cybersecurity countermeasures to the ATT&CK Framework. The project was announced this week by the U.S. National Security Agency (NSA), it proposes […] | |||
|
2021-06-22 20:59:09 | Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers (lien direct) | DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers. The ransomware uses OpenSSL’s […] | Ransomware | ||
|
2021-06-22 17:48:23 | ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE (lien direct) | Researchers from Adversa devised an attack technique, dubbed ADVERSARIAL OCTOPUS, against Facial Recognition systems. THE INTENTION BEHIND THIS PROJECT Driven by our mission to increase trust in AI, Adversa's AI Red Team is constantly exploring new methods of assessing and protecting mission-critical AI applications. Recently, we've discovered a new way of attacking Facial Recognition systems […] |
To see everything:
Our RSS (filtrered)
