What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-30 11:55:17 | Security Affairs newsletter Round 316 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A malware attack hit the Alaska Health Department CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers Zeppelin ransomware gang is back after a temporary pause 13 flaws in Nagios IT […] | Ransomware Malware | ||
|
2021-05-26 06:20:14 | Agrius group targets Israel with data-wipers disguised as ransomware (lien direct) | An Iran-linked threat actor tracked as Agrius employed data-wipers disguised as ransomware to destroy targeted IT infrastructure. Researchers from cyber-security firm SentinelOne discovered a new Iran-linked threat actor, tracked as Agrius, which relied on data-wiping malware disguised as ransomware to destroy the targeted systems. In order to hide the real nature of the threat, the […] | Ransomware Malware Threat | ||
|
2021-05-25 12:28:15 | Apple addresses three zero-day flaws actively exploited in the wild (lien direct) | Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is […] | Malware Threat | ★★★ | |
|
2021-05-23 09:09:32 | A malware attack hit the Alaska Health Department (lien direct) | The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of the Alaska health department was forced offline this week by a malware attack. Local authorities launched an investigation into the attack, at the time of this writing, they did not provide details about the intrusion. […] | Malware | ||
|
2021-05-20 20:39:41 | STRRAT RAT spreads masquerading as ransomware (lien direct) | Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The RAT was designed to steal data from victims while masquerading as a ransomware attack. The Java-based STRRAT RAT […] | Ransomware Malware | ||
|
2021-05-16 11:31:28 | MSBuild tool used to deliver RATs filelessly (lien direct) | Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and RedLine Stealer password-stealing malware on targeted Windows systems. “Anomali Threat Research discovered a campaign in which threat actors used […] | Malware Tool Threat | ||
|
2021-05-16 08:39:52 | Pakistan-linked Transparent Tribe APT expands its arsenal (lien direct) | Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets. The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic […] | Malware | APT 36 | |
|
2021-05-12 12:54:13 | TeaBot Android banking Trojan targets banks in Europe (lien direct) | Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […] | Malware | ||
|
2021-05-09 18:12:06 | CISA MAR report provides technical details of FiveHands Ransomware (lien direct) | U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye's Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye's Mandiant. At the end of April, researchers […] | Ransomware Malware | ||
|
2021-05-07 09:57:25 | Connecting the Bots – Hancitor fuels Cuba Ransomware Operations (lien direct) | The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […] | Ransomware Malware | ||
|
2021-05-06 09:22:21 | A taste of the latest release of QakBot (lien direct) | A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim's secrets using […] | Malware | ||
|
2021-05-05 15:27:31 | (Déjà vu) UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware (lien direct) | A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization […] | Malware Threat | ||
|
2021-05-03 06:39:57 | Threat Report Portugal: Q1 2021 (lien direct) | The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […] | Malware Threat | ||
|
2021-04-29 11:15:03 | Purple Lambert, a new malware of CIA-linked Lambert APT group (lien direct) | Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […] | Malware | ||
|
2021-04-29 06:22:02 | RotaJakiro Linux backdoor has flown under the radar since 2018 (lien direct) | Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims. RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing […] | Malware Threat | ||
|
2021-04-27 18:14:55 | FBI shares with HIBP 4 million email addresses involved in Emotet attacks (lien direct) | The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. The authorities automatically wiped the infamous Emotet malware from infected systems […] | Malware | ★★★★ | |
|
2021-04-27 08:33:35 | Microsoft Defender uses Intel TDT technology against crypto-mining malware (lien direct) | Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using Cryptojacking malware […] | Malware Threat | ||
|
2021-04-27 06:53:05 | (Déjà vu) Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature (lien direct) | Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. The developers behind the Shlayer malware have successfully […] | Malware | ||
|
2021-04-26 14:52:44 | Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet (lien direct) | European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation. Early this year, law enforcement and judicial authorities worldwide conducted a […] | Malware | ||
|
2021-04-26 09:40:47 | Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws (lien direct) | Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet. The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws (CVE-2021-27065 and CVE-2021-26858) to deliver malware in their networks. Attackers […] | Malware Threat | ||
|
2021-04-25 14:02:32 | Security Affairs newsletter Round 311 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A member of the FIN7 group was sentenced to 10 years in prison Is BazarLoader malware linked to Trickbot operators? Monero Cryptocurrency campaign exploits ProxyLogon flaws Codecov was a victim […] | Malware | ||
|
2021-04-24 20:50:38 | ToxicEye RAT exploits Telegram communications to steal data from victims (lien direct) | ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure. ToxicEye RAT is a new malware that leverages the Telegram services for command & control, experts from Check Point already observed iover 130 attacks recorded in the past three months. The use of the […] | Malware | ||
|
2021-04-23 16:54:40 | New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days (lien direct) | A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily bases. The malware moves all files stored on the device to password-protected 7zip […] | Ransomware Malware | ||
|
2021-04-21 22:06:31 | WhatsApp Pink malware spreads via group chat messages (lien direct) | A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages. WhatsApp Pink is a fake app that was first discovered this week, […] | Malware | ||
|
2021-04-19 17:27:25 | Crooks made more than $560K with a simple clipboard hijacker (lien direct) | Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their efforts on cryptocurrency miners and malicious code that could empty the wallets of the victims. The antivirus company Avast analyzed […] | Malware | ||
|
2021-04-19 13:28:46 | XCSSET malware now targets macOS 11 and M1-based Macs (lien direct) | XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips. The new variant also implements new […] | Malware | ||
|
2021-04-18 11:50:44 | Security Affairs newsletter Round 310 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Is the recent accident at Iran Natanz nuclear plant a cyber attack? Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 million Clubhouse users leaked online Fitch Ratings: […] | Malware | ||
|
2021-04-18 08:54:06 | Is BazarLoader malware linked to Trickbot operators? (lien direct) | Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. The campaigns aimed at employees of large organizations, the messages attempt to trick the victims that they contain important information […] | Malware | ||
|
2021-04-16 08:56:25 | Mirai code re-use in Gafgyt (lien direct) | Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt”, via threat intelligence systems and our in-house osquery-based sandbox. Upon analysis, we identified several codes, techniques and implementations of Gafgyt, […] | Malware Threat | ||
|
2021-04-11 09:04:58 | Security Affairs newsletter Round 309 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak […] | Ransomware Malware | ||
|
2021-04-11 08:37:46 | Joker malware infected 538,000 Huawei Android devices (lien direct) | More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company's official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company's official Android store. The fight to the Joker malware (aka Bread) begun in September […] | Malware | ||
|
2021-04-10 15:08:31 | Crooks abuse website contact forms to deliver IcedID malware (lien direct) | Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Threat actors behind the operation are using contact forms published on websites to deliver malicious links to enterprises […] | Malware Threat | ||
|
2021-04-07 10:02:22 | Gigaset Android smartphones infected with malware after supply chain attack (lien direct) | A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of supply chain attack, threat actors compromised at least one server of the company to deliver malware. Gigaset AG, formerly known as Siemens Home and […] | Malware Threat | ||
|
2021-04-04 15:35:55 | (Déjà vu) Malware attack on Applus blocked vehicle inspections in some US states (lien direct) | A malware attack against vehicle inspection services provider Applus Technologies paralyzed preventing vehicle inspections in eight US states. Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company was recently hit by a malware cyberattack that impacted vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. […] | Malware Guideline | ||
|
2021-04-03 07:24:18 | Evolution and rise of the Avaddon Ransomware-as-a-Service (lien direct) | The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that […] | Ransomware Malware Threat | ||
|
2021-03-29 06:52:58 | New Purple Fox version includes Rootkit and implements wormable propagation (lien direct) | Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers from Guardicore have discovered a new version of the Purple Fox Windows malware that implements worm-like propagation capabilities.Up until recently, Purple Fox's operators infected machines by using exploit kits and phishing emails. Previous versions of […] | Malware | ||
|
2021-03-27 17:32:20 | Experts spotted a new advanced Android spyware posing as “System Update” (lien direct) | Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware that masquerades itself as a System Update application. The malware is able to collect system data, messages, images and take over the infected Android […] | Malware | ||
|
2021-03-25 17:04:26 | Facebook took action against China-linked APT targeting Uyghur activists (lien direct) | Facebook has closed accounts used by a China-linked APT to distribute malware to spy on Uyghurs activists, journalists, and dissidents living outside China. Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living […] | Malware | ||
|
2021-03-19 23:30:18 | (Déjà vu) Russian National pleads guilty to conspiracy to plant malware on Tesla systems (lien direct) | The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company's computers, has pleaded guilty. “A Russian national pleaded guilty in federal court […] | Malware Guideline | ||
|
2021-03-18 22:31:29 | (Déjà vu) XcodeSpy Mac malware targets Xcode Developers with a backdoor (lien direct) | Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple's Xcode integrated development environment. Researchers at SentinelOne uncovered a series of attacks involving a new XcodeSpy used to deliver a custom variant of a backdoor tracked as EggShell. The EggShell allows threat actors to spy on users, capture […] | Malware Threat | ||
|
2021-03-13 10:13:04 | New variant for Mac Malware XCSSET compiled for M1 Chips (lien direct) | Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware […] | Ransomware Malware | ||
|
2021-03-11 11:26:25 | RedXOR, a new powerful Linux backdoor in Winnti APT arsenal (lien direct) | Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. […] | Malware | APT 41 | |
|
2021-03-09 08:48:19 | SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors (lien direct) | Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks Supernova malware spotted on compromised SolarWinds Orion installs exposed on the Internets is likely linked to a China-linked espionage group. Researchers at Secureworks’ counter threat unit (CTU) were investigating the exploit of SolarWinds servers to deploy the Supernova web shell when collected evidence […] | Malware Hack Threat | ★★★★ | |
|
2021-03-08 17:58:38 | UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign (lien direct) | Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507) Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & […] | Malware Vulnerability Threat | ||
|
2021-03-05 20:00:25 | GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (lien direct) | Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads. Microsoft announced the discovery of three new pieces of malware that the threat actors behind the SolarWinds attack, tracked by the IT giant as Nobelium, used as second-stage payloads. Microsoft’s initial investigation revealed the existence of […] | Malware Threat | ||
|
2021-03-04 21:52:36 | (Déjà vu) Sunshuttle, the fourth malware allegedly linked to SolarWinds hack (lien direct) | FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle, and it was […] | Malware Hack Threat | ||
|
2021-03-03 21:57:33 | The Ursnif Trojan has hit over 100 Italian banks (lien direct) | Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators in targeting Italian banks. Operators behind this attacks have stolen financial data and credential from targeted financial institutions. “Among the […] | Malware | ||
|
2021-03-02 08:37:23 | Distributor of Asian food JFC International hit by Ransomware (lien direct) | JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International's Europe Group, the malware caused the disruption of some of its IT […] | Ransomware Malware | ||
|
2021-02-26 00:15:33 | China-linked TA413 group target Tibetan organizations (lien direct) | The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […] | Malware | ||
|
2021-02-22 06:28:33 | Researchers uncovered a new Malware Builder dubbed APOMacroSploit (lien direct) | Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […] | Malware |
To see everything:
Our RSS (filtrered)
