What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-01 22:39:51 | New Go-based Redigo malware targets Redis servers (lien direct) | >Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) […] | Malware Threat | ★★★ | |
|
2022-12-01 07:33:53 | Lastpass discloses the second security breach this year (lien direct) | >LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […] | Threat | LastPass | ★★★★ |
|
2022-11-30 21:35:49 | Google links three exploitation frameworks to Spanish commercial spyware vendor Variston (lien direct) | >Google's Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. Officially, Variston claims to provide custom security solutions and custom patches for embedded system. The […] | Threat | ★★ | |
|
2022-11-28 15:04:34 | Experts found a vulnerability in AWS AppSync (lien direct) | >Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from […] | Vulnerability Threat | ★★ | |
|
2022-11-26 21:11:03 | Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches (lien direct) | >The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ★★ | |
|
2022-11-26 00:35:53 | Devices from Dell, HP, and Lenovo used outdated OpenSSL versions (lien direct) | >Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. […] | Threat | ★★★★★ | |
|
2022-11-25 06:35:47 | UK urges to disconnect Chinese security cameras in government buildings (lien direct) | >The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that the British government ordered its departments to stop installing Chinese security cameras at sensitive buildings due to security risks. The Government has ordered departments to disconnect the camera from core networks and to consider removing […] | Threat | ★★★★ | |
|
2022-11-24 08:46:59 | Threat actors exploit discontinues Boa web servers to target critical infrastructure (lien direct) | >Microsoft reported that hackers have exploited flaws in a now-discontinued web server called Boa in attacks against critical industries. Microsoft experts believe that threat actors behind a malicious campaign aimed at Indian critical infrastructure earlier this year have exploited security flaws in a now-discontinued web server called Boa. The Boa web server is widely used across a […] | Threat | ||
|
2022-11-23 21:20:11 | Pro-Russian group Killnet claims responsibility for DDoS attack that has taken down the European Parliament site (lien direct) | >Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website. “KILLNET officially recognises the European Parliament as sponsors of homosexualism,” states the group. The attack was launched immediately […] | Threat | ★★★ | |
|
2022-11-23 08:15:59 | Exclusive – Quantum Locker lands in the Cloud (lien direct) | >The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region. Executive Summary Incident Insights During the latest weeks, the Belgian company Computerland shared insights with the European threat intelligence community about Quantum TTPs adopted in recent attacks. The shared information revealed Quantum gang […] | Threat | ★★ | |
|
2022-11-22 15:20:06 | Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem (lien direct) | >Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing […] | Malware Threat | ★★★★ | |
|
2022-11-21 08:31:12 | Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild (lien direct) | >Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code […] | Ransomware Threat | ||
|
2022-11-19 19:27:12 | DEV-0569 group uses Google Ads to distribute Royal Ransomware (lien direct) | >Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […] | Ransomware Threat | ||
|
2022-11-19 15:56:56 | Black Friday and Cyber Monday, crooks are already at work (lien direct) | >Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday. The experts noticed that between October 26 and November 6, the rate of unsolicited […] | Threat | ★★★★ | |
|
2022-11-18 11:30:22 | Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies (lien direct) | >Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities. “As of November 2022, […] | Ransomware Threat | ||
|
2022-11-18 08:24:14 | Ongoing supply chain attack targets Python developers with WASP Stealer (lien direct) | >A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […] | Malware Threat | ||
|
2022-11-17 07:58:03 | Iran-linked threat actors compromise US Federal Network (lien direct) | >Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […] | Threat | ||
|
2022-11-15 16:16:40 | Experts revealed details of critical SQLi and access issues in Zendesk Explore (lien direct) | >Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources. Threat actors would have allowed […] | Threat | ||
|
2022-11-15 08:46:34 | Previously undetected Earth Longzhi APT group is a subgroup of APT41 (lien direct) | >Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed a custom Cobalt Strike loader in the attack. Further analysis, revealed that the same threat actor targeted multiple regions […] | Threat Guideline | APT 41 | ★★★★ |
|
2022-11-14 09:18:41 | CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine (lien direct) | >Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ […] | Ransomware Threat | ||
|
2022-11-11 23:07:47 | An initial access broker claims to have hacked Deutsche Bank (lien direct) | >An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts […] | Threat | ||
|
2022-11-11 21:07:03 | Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware (lien direct) | >Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] | Malware Threat | ||
|
2022-11-11 08:28:28 | Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine (lien direct) | >Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware, employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland. The Prestige ransomware first appeared in the threat […] | Ransomware Threat | ||
|
2022-11-07 19:52:34 | \'Justice Blade\' Hackers are Targeting Saudi Arabia (lien direct) | Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. The […] | Threat | ||
|
2022-11-06 13:51:03 | A cyberattack blocked the trains in Denmark (lien direct) | >At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo […] | Threat | ||
|
2022-11-05 17:30:47 | Zero-day are exploited on a massive scale in increasingly shorter timeframes (lien direct) | >Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of […] | Vulnerability Threat | ||
|
2022-11-04 13:51:55 | (Déjà vu) RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM (lien direct) | >A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. Researchers from BlackBerry uncovered a new RomCom RAT campaign impersonating popular software brands like KeePass, and SolarWinds. […] | Threat | ||
|
2022-11-04 10:09:39 | The 10th edition of the ENISA Threat Landscape (ETL) report is out! (lien direct) | >I'm proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10th edition of the […] | Threat | ||
|
2022-11-03 16:28:32 | 250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack (lien direct) | >Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] | Malware Threat | ||
|
2022-11-02 18:55:55 | SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority (lien direct) | >Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] | Malware Threat | ||
|
2022-11-02 10:31:40 | Dropbox discloses unauthorized access to 130 GitHub source code repositories (lien direct) | >Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign […] | Threat | ||
|
2022-11-01 11:32:51 | Ransomware activity and network access sales in Q3 2022 (lien direct) | >Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […] | Ransomware Threat | ||
|
2022-10-31 12:11:03 | GitHub flaw could have allowed attackers to takeover repositories of other users (lien direct) | >A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat actors to takeover the repositories of other users. The vulnerability was discovered by Checkmarx that called the attack technique RepoJacking. The […] | Vulnerability Threat | ||
|
2022-10-30 14:38:12 | Air New Zealand warns of an ongoing credential stuffing attack (lien direct) | >Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers’ accounts by carrying out credential-stuffing attacks. What is credential stuffing? “Credential stuffing is a type of attack in which hackers use automation and lists […] | Threat | ||
|
2022-10-29 18:34:59 | Twilio discloses another security incident that took place in June (lien direct) | >Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. The Communications company Twilio announced that it suffered another “brief security incident” on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to […] | Threat | ||
|
2022-10-26 19:09:16 | See Tickets discloses data breach, customers\' credit card data exposed (lien direct) | International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers’ payment card details. Threat actors were able to steal payment card data by implanting a software skimmer on its website. The company discovered […] | Data Breach Threat | ||
|
2022-10-25 14:59:22 | Two PoS Malware used to steal data from more than 167,000 credit cards (lien direct) | >Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […] | Malware Threat | ||
|
2022-10-25 11:44:24 | Hive ransomware gang starts leaking data allegedly stolen from Tata Power (lien direct) | >The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […] | Ransomware Threat | ||
|
2022-10-24 14:17:22 | Norway PM warns of Russia cyber threat to oil and gas industry (lien direct) | >Norway 's prime minister warned last week that Russia poses “a real and serious threat” to the country's oil and gas industry. Norway 's prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country's oil and gas industry. The minister claims its country is going slow in adopting […] | Threat | ||
|
2022-10-22 15:31:57 | Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners (lien direct) | >Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware. The issue causes server-side template injection due to because of the lack of […] | Threat | ||
|
2022-10-21 23:02:44 | EnergyAustralia Electricity company discloses security breach (lien direct) | >Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country's third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and […] | Threat | ||
|
2022-10-21 20:51:28 | Experts warn of CVE-2022-42889 Text4Shell exploit attempts (lien direct) | >Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub's threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons […] | Threat | ||
|
2022-10-20 16:07:14 | BlueBleed: Microsoft confirmed data leak exposing customers\' info (lien direct) | >Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar […] | Threat | ||
|
2022-10-19 22:50:57 | Text4Shell, a remote code execution bug in Apache Commons Text library (lien direct) | >Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] | Vulnerability Threat | ||
|
2022-10-18 14:15:09 | China-linked APT41 group targets Hong Kong with Spyder Loader (lien direct) | >China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […] | Threat Guideline | APT 41 APT 17 | |
|
2022-10-17 10:54:25 | Bulgaria hit by a cyber attack originating from Russia (lien direct) | >Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. The […] | Threat | ||
|
2022-10-16 23:22:16 | Mysterious Prestige ransomware targets organizations in Ukraine and Poland (lien direct) | >Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] | Ransomware Threat | ||
|
2022-10-15 10:22:50 | Indian power generation giant Tata Power hit by a cyber attack (lien direct) | >Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company […] | Threat | ||
|
2022-10-14 15:10:29 | WIP19, a new Chinese APT targets IT Service Providers and Telcos (lien direct) | >Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […] | Threat | ||
|
2022-10-13 23:10:45 | China-linked Budworm APT returns to target a US entity (lien direct) | >The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27, Bronze Union, Emissary Panda, Lucky Mouse, TG-3390, and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of […] | Threat | APT 27 |
To see everything:
Our RSS (filtrered)
