What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-26 21:01:13 | Boffins found a bug in Apple AirDrop that could leak users\' personal info (lien direct) | Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information, such as email addresses and phone numbers. “A team of researchers from […] | |||
|
2021-04-26 14:52:44 | Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet (lien direct) | European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation. Early this year, law enforcement and judicial authorities worldwide conducted a […] | Malware | ||
|
2021-04-26 09:40:47 | Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws (lien direct) | Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet. The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws (CVE-2021-27065 and CVE-2021-26858) to deliver malware in their networks. Attackers […] | Malware Threat | ||
|
2021-04-26 06:39:17 | A supply chain attack compromised the update mechanism of Passwordstate Password Manager (lien direct) | The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed its customers of the security breach that impacted its Passwordstate password management application. Passwordstate is the Enterprise Password Management solution used by more […] | |||
|
2021-04-25 16:36:15 | Hackers are targeting Soliton FileZen file-sharing servers (lien direct) | Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations. Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations. FileZen servers allow users to share data according to their needs, […] | Threat | ||
|
2021-04-25 14:02:32 | Security Affairs newsletter Round 311 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A member of the FIN7 group was sentenced to 10 years in prison Is BazarLoader malware linked to Trickbot operators? Monero Cryptocurrency campaign exploits ProxyLogon flaws Codecov was a victim […] | Malware | ||
|
2021-04-25 13:11:55 | 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely (lien direct) | 10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. A remote attacker could exploit the vulnerability to disable alarm systems and expose homes and […] | Vulnerability | ||
|
2021-04-24 21:42:37 | The cybersecurity researcher Dan Kaminsky has died (lien direct) | The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left […] | |||
|
2021-04-24 20:50:38 | ToxicEye RAT exploits Telegram communications to steal data from victims (lien direct) | ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure. ToxicEye RAT is a new malware that leverages the Telegram services for command & control, experts from Check Point already observed iover 130 attacks recorded in the past three months. The use of the […] | Malware | ||
|
2021-04-24 06:22:25 | A new Linux Botnet abuses IaC Tools to spread and other emerging techniques (lien direct) | A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing […] | |||
|
2021-04-23 16:54:40 | New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days (lien direct) | A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. The malware moves all files stored on the device to password-protected 7zip […] | Ransomware Malware | ||
|
2021-04-23 07:45:44 | Evil Maid Attack – Vacuum Hack (lien direct) | Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady is also doing her job nearby, but you […] | Hack | ||
|
2021-04-23 07:18:57 | Darkside Ransomware gang aims at influencing the stock price of their victims (lien direct) | The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are listed on NASDAQ or other stock markets. The Darkside ransomware operators are stepping up their extortion tactics targeting companies that are listed on NASDAQ or other stock markets with a new technique. The group announced […] | Ransomware | ||
|
2021-04-22 16:08:59 | Privacy and security in the software designing (lien direct) | The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch […] | |||
|
2021-04-22 15:47:16 | Cellebrite \'s forensics tool affected by arbitrary code execution issue (lien direct) | Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie Marlinspike, the creator of the popular encrypted messaging app Signal, announced that Cellebrite mobile forensics tools developed by Cellebrite are affected by multiple vulnerabilities that could be exploited to achieve arbitrary code execution. Cellebrite develops […] | Tool | ||
|
2021-04-22 12:54:52 | (Déjà vu) Pareto Botnet, million infected Android devices conduct fraud in the CTV ad ecosystem (lien direct) | Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. Security researchers at Human Security (formerly White Ops) discovered a massive Android botnet, dubbed Pareto, used to conduct fraud in the Connected TV (CTV) advertising ecosystem. The Pareto botnet is composed of […] | |||
|
2021-04-22 09:01:52 | Trend Micro flaw actively exploited in the wild (lien direct) | Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, […] | Threat | ||
|
2021-04-22 05:49:21 | Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang (lien direct) | During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure, cash out schemes, and target acquisition strategies. From a relatively rare threat just a few years ago to one of the biggest moneymakers for cybercriminals today – the meteoric rise of ransomware has cast a shadow of […] | Ransomware Threat | ||
|
2021-04-21 22:06:31 | WhatsApp Pink malware spreads via group chat messages (lien direct) | A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages. WhatsApp Pink is a fake app that was first discovered this week, […] | Malware | ||
|
2021-04-21 13:12:46 | REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack (lien direct) | The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant from its business partner. REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta […] | Ransomware Hack | ||
|
2021-04-21 10:24:03 | 3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited (lien direct) | Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers to update their hosted and on-premises email security products to address three zero-day vulnerabilities that are being actively exploited in the wild. The three vulnerabilities addressed by the security vendor are: CVE-2021-20021: Email Security Pre-Authentication Administrative […] | |||
|
2021-04-21 05:38:01 | China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors (lien direct) | At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors […] | Hack Vulnerability | ||
|
2021-04-20 19:50:57 | Hacking a X-RAY Machine with WHIDelite & EvilCrowRF (lien direct) | The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants. The first thing striked my curiosity, even before purchasing it, was its remote. […] | Hack | ||
|
2021-04-20 18:00:58 | Critical update: Facebook Messenger users hit by scammers in over 80 states (lien direct) | Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB has detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB Digital Risk Protection (DRP) analysts have found evidence proving that users in over 80 countries in Europe, Asia, the MEA region, North […] | |||
|
2021-04-20 16:06:24 | North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection (lien direct) | North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) image file. The malicious code within the bitmap image […] | APT 38 APT 28 | ||
|
2021-04-20 13:33:14 | Watch out, hackers can take over your Cosori Smart Air Fryer (lien direct) | Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. Security experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. The Cosori Smart Air Fryer is an appliance with smart capabilities that cooks food […] | |||
|
2021-04-20 09:59:48 | WeChat users targeted by hackers using recently disclosed Chromium exploit (lien direct) | Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China. According to the researchers, the attacks only targeted users of the WeChat Windows app. The […] | Threat | ||
|
2021-04-20 07:22:57 | Crooks stole driver\'s license numbers from Geico auto insurer (lien direct) | Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks. Geico provided coverage for […] | Threat | ||
|
2021-04-19 21:49:23 | Experts demonstrated how to hack a utility and take over a smart meter (lien direct) | Researchers from the FireEye's Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in […] | Hack | ||
|
2021-04-19 17:27:25 | Crooks made more than $560K with a simple clipboard hijacker (lien direct) | Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their efforts on cryptocurrency miners and malicious code that could empty the wallets of the victims. The antivirus company Avast analyzed […] | Malware | ||
|
2021-04-19 13:28:46 | XCSSET malware now targets macOS 11 and M1-based Macs (lien direct) | XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips. The new variant also implements new […] | Malware | ||
|
2021-04-19 08:32:13 | Nitroransomware demands gift codes as ransom payments (lien direct) | A new ransomware dubbed ‘NitroRansomware’ has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which demands a Discord Nitro gift code to the victims to decrypt their files. Discord is a free VoIP, instant messaging and […] | Ransomware Threat | ||
|
2021-04-19 05:35:39 | Codecov was a victim of a supply chain attack (lien direct) | The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools. A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools […] | Threat | ||
|
2021-04-18 17:51:30 | Monero Cryptocurrency campaign exploits ProxyLogon flaws (lien direct) | Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. Sophos researchers reported that threat actors targeted Microsoft Exchange by exploiting ProxyLogon vulnerabilities to deploy malicious Monero cryptominer in an unusual attack. The unknown attacker is attempting to deliver a payload which is being hosted on a compromised […] | Threat | ||
|
2021-04-18 13:30:52 | A member of the FIN7 group was sentenced to 10 years in prison (lien direct) | Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak. The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated […] | |||
|
2021-04-18 11:50:44 | Security Affairs newsletter Round 310 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Is the recent accident at Iran Natanz nuclear plant a cyber attack? Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 million Clubhouse users leaked online Fitch Ratings: […] | Malware | ||
|
2021-04-18 08:54:06 | Is BazarLoader malware linked to Trickbot operators? (lien direct) | Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. The campaigns aimed at employees of large organizations, the messages attempt to trick the victims that they contain important information […] | Malware | ||
|
2021-04-17 18:57:03 | Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model (lien direct) | Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-users enough […] | Vulnerability | ||
|
2021-04-17 06:38:38 | 6 out of 11 EU agencies running Solarwinds Orion software were hacked (lien direct) | SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021. […] | Hack | ||
|
2021-04-16 17:37:35 | (Déjà vu) Critical RCE can allow attackers to compromise Juniper Networks devices (lien direct) | Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices. This flaw stems from the improper buffer size […] | Vulnerability | ||
|
2021-04-16 12:26:02 | Russia-linked APT SVR actively targets these 5 flaws (lien direct) | The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have published a joint advisory that warns that Russia-linked APT group SVR (aka APT29, Cozy Bear, and The Dukes). […] | APT 29 | ||
|
2021-04-16 08:56:25 | Mirai code re-use in Gafgyt (lien direct) | Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt”, via threat intelligence systems and our in-house osquery-based sandbox. Upon analysis, we identified several codes, techniques and implementations of Gafgyt, […] | Malware Threat | ||
|
2021-04-16 06:22:51 | Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto (lien direct) | Group-IB observed the North Korea-linked Lazarus APT group stealing cryptocurrency using a never-before-seen tool. In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more […] | APT 38 APT 28 | ||
|
2021-04-15 22:20:58 | US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack (lien direct) | The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […] | Hack | APT 29 | |
|
2021-04-15 14:33:32 | Cyber thieves move $760 million stolen in the 2016 Bitfinex heist (lien direct) | Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016, were moved on Wednesday to new accounts. On August 2016, the Asian Bitfinex suffered a security breach that resulted in the […] | |||
|
2021-04-15 11:51:01 | April 2021 Security Patch Day fixes a critical flaw in SAP Commerce (lien direct) | April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a […] | |||
|
2021-04-15 06:11:21 | (Déjà vu) For the second time in a week, a Google Chromium zero-day released online (lien direct) | For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. The […] | |||
|
2021-04-14 21:03:35 | WhatsApp flaws could have allowed hackers to remotely hack mobile devices (lien direct) | WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited by remote attackers to execute malicious code on a target device and potentially eavesdrop on communications. The vulnerabilities […] | Hack | ||
|
2021-04-14 14:22:29 | FireEye: 650 new threat groups were tracked in 2020 (lien direct) | FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 […] | Threat | ||
|
2021-04-14 10:20:44 | FBI silently removed web shells planted on Microsoft Exchange servers in the US (lien direct) | FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, […] | Threat |
To see everything:
Our RSS (filtrered)
