What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-29 09:37:38 | Group-IB CEO was put under arrest on treason charges (lien direct) | Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an investigation into a criminal case. The police made searches in the Moscow office of the threat intelligence firm Group-IB, according to the media local authorities are investigating a criminal case. According to RTVI, the police […] | Threat | ||
|
2021-09-28 13:06:31 | A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online (lien direct) | An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild. VMware recently addressed the critical arbitrary file upload vulnerability CVE-2021-22005, it […] | Vulnerability Threat | ||
|
2021-09-28 07:26:24 | (Déjà vu) Russia-linked Nobelium APT group uses custom backdoor to target Windows domains (lien direct) | Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft Threat Intelligence Center (MSTIC) researchers have discovered a new custom malware, dubbed FoggyWeb used by the Nobelium APT group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. […] | Threat | ||
|
2021-09-28 05:20:26 | (Déjà vu) New BloodyStealer malware is targeting the gaming sector (lien direct) | Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. Researchers from Kaspersky have spotted a new malware dubbed BloodyStealer that is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, GOG Galaxy, EA Origin, and more. The infostealer is available […] | Malware Threat | ||
|
2021-09-27 13:54:50 | Jupyter infostealer continues to evolve and is distributed via MSI installers (lien direct) | Cybersecurity researchers spotted a new version of the Jupyter infostealer which is distributed via MSI installers. Cybersecurity researchers from Morphisec have spotted a new version of the Jupyter infostealer that continues to be highly evasive. In November 2020, researchers at Morphisec have spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, […] | Threat | ||
|
2021-09-26 11:23:54 | JSC GREC Makeyev and other Russian entities under attack (lien direct) | A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian organizations, including JSC GREC Makeyev, a company that develops liquid and solid fuel for Russia's ballistic missiles and space rocket program. Threat actors behind the cyberespionage […] | Threat | ||
|
2021-09-26 08:26:12 | Security Affairs newsletter Round 333 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GSS, one of the major European call center providers, suffered a ransomware attack Threat actors are attempting […] | Ransomware Threat | ★★ | |
|
2021-09-26 08:08:14 | Google TAG spotted actors using new code signing tricks to evade detection (lien direct) | Researchers from Google's TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google's Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the […] | Threat | ||
|
2021-09-25 12:09:20 | Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw (lien direct) | Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. The CVE-2021-22005 issue is a critical arbitrary file upload vulnerability […] | Vulnerability Threat | ||
|
2021-09-25 07:42:28 | European Union formally blames Russia for the GhostWriter operation (lien direct) | European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states. EU high representative said that Russia-linked threat actors were behind a recent operation tracked as Ghostwriter. The officials […] | Threat | ||
|
2021-09-23 20:49:28 | Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware (lien direct) | Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of […] | Threat | ||
|
2021-09-23 13:26:29 | BulletProofLink, a large-scale phishing-as-a-service active since 2018 (lien direct) | Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers have uncovered a large-scale phishing-as-a-service (PHaaS) operation, dubbed BulletProofLink (aka Anthrax), that offers to its customers phishing kits, email templates, and hosting and automated services to carry out phishing attacks. BulletProofLink service was very cheap […] | Threat | ||
|
2021-09-21 19:56:59 | Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US (lien direct) | Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla, in a series of attacks against the US, Germany, and Afghanistan. The threat actors are using […] | Threat | ||
|
2021-09-19 16:25:25 | Numando, a new banking Trojan that abuses YouTube for remote configuration (lien direct) | Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since […] | Threat | ||
|
2021-09-19 08:14:09 | Security Affairs newsletter Round 332 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The Biden administration plans to target exchanges supporting ransomware operations with sanctions Threat actor has been targeting the aviation industry since at least 2018 Expert discloses details and PoC […] | Ransomware Threat | ||
|
2021-09-18 16:48:46 | Threat actor has been targeting the aviation industry since at least 2018 (lien direct) | Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected. The experts believe that the threat actor behind this campaign is […] | Threat | ||
|
2021-09-17 20:22:21 | Experts warn that Mirai Botnet starts exploiting OMIGOD flaw (lien direct) | The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […] | Vulnerability Threat | ||
|
2021-09-17 14:10:41 | German Election body hit by a cyber attack (lien direct) | A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany’s September 26 general election, reported AFP. According to a spokesman for the organization, the attack took place at the end of August and […] | Threat | ||
|
2021-09-16 17:23:47 | (Déjà vu) Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug (lien direct) | Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […] | Ransomware Threat | ||
|
2021-09-14 06:00:39 | Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks (lien direct) | Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.Cobalt Strike is a legitimate penetration testing tool designed as an attack […] | Tool Threat | ||
|
2021-09-13 15:26:55 | New Spook.Js attack allows to bypass Google Chrome Site Isolation protections (lien direct) | Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, “Spook.js,” that can be abused by threat actors to bypass Site Isolation protections implemented in Google Chrome and Chromium browsers. The technique allows in some cases to steal sensitive […] | Threat | ||
|
2021-09-10 05:49:03 | International money launderer sentenced to more than 11 years (lien direct) | A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud schemes has been sentenced to 140 months in prison. The man is Ghaleb […] | Threat Guideline | ||
|
2021-09-09 14:31:46 | Millions of Microsoft web servers powered by vulnerable legacy software (lien direct) | CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes millions of web servers easy targets for threat actors and cybercriminals. Original post @ https://cybernews.com/security/millions-of-microsoft-web-servers-powered-by-vulnerable-legacy-software/ Boasting a market share of 12.4%, Microsoft […] | Threat | ||
|
2021-09-09 14:14:03 | TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide (lien direct) | The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group, aimed at organizations worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors […] | Threat | ||
|
2021-09-08 22:48:18 | Personal information of 7 million Israelis available for sale (lien direct) | A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis. A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis from the CITY4U website. The hacker is offering the data for sale, but […] | Threat | ||
|
2021-09-08 19:48:21 | Groove gang leaks list of 500k credentials of compromised Fortinet appliances (lien direct) | Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices. The financially motivated threat actor Groove has leaked online compromised credentials belonging to many organizations. The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. The threat actor leaked a […] | Ransomware Threat | ||
|
2021-09-08 12:07:04 | Microsoft warns of a zero-day in Internet Explorer that is actively exploited (lien direct) | Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the […] | Vulnerability Threat | ||
|
2021-09-07 13:04:45 | A server of the Jenkins project hacked by exploiting a Confluence flaw (lien direct) | The development team behind the Jenkins server disclose a security breach, threat actors deployed a cryptocurrency miner on one of its servers. The development team behind the Jenkins Project disclosed a security breach after threat actors compromised one of their internal servers and installed a cryptocurrency miner. Jenkins is the most popular open-source automation server, it is […] | Threat | ||
|
2021-09-06 07:03:57 | FBI IC3 warns of a spike in sextortion attacks (lien direct) | The FBI Internet Crime Complaint Center (IC3) warns of a spike in sextortion attacks since the beginning of 2021 that caused $8M losses. The FBI Internet Crime Complaint Center (IC3) is warning of a significant increase in sextortion complaints since the beginning of 2021. In a sextortion attack, threat actors threaten to distribute the victims […] | Threat | ||
|
2021-09-04 13:06:19 | FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads (lien direct) | FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The messages used weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor, […] | Threat | ||
|
2021-09-04 11:26:46 | (Déjà vu) Source code for the Babuk is available on a hacking forum (lien direct) | The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that […] | Ransomware Threat | ||
|
2021-09-03 06:55:38 | Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation (lien direct) | SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […] | Threat | ||
|
2021-09-02 17:53:48 | New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices (lien direct) | Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS […] | Threat | ||
|
2021-09-02 12:36:57 | Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE (lien direct) | Threat actors are actively exploiting a recently patched vulnerability in Atlassian's Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian's Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise […] | Vulnerability Threat | ||
|
2021-09-01 21:23:55 | Mozi infections will slightly decrease but it will stay alive for some time to come (lien direct) | The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run for many other years. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared on the threat landscape in late 2019. The Mozi botnet was spotted by security experts from 360 Netlab, at […] | Threat | ||
|
2021-08-31 11:53:36 | Threat actors stole $19 million worth of crypto assets from Cream Finance (lien direct) | Crooks have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises […] | Threat | ||
|
2021-08-30 14:40:37 | US DoJ announces the creation of Cyber Fellowship Program (lien direct) | The US DoJ announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity. The US DoJ announced a new Cyber Fellowship program for training selected prosecutors and attorneys on cyber threat and threat actors. The course is coordinated through the Criminal Division's Computer Crime and Intellectual Property Section. The training aims at […] | Threat | ||
|
2021-08-30 07:45:21 | Boston Public Library discloses cyberattack (lien direct) | The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading. At the time […] | Threat | ||
|
2021-08-29 14:58:29 | 1 GB of data belonging to Puma available on Marketo (lien direct) | The name of the sportswear manufacturer Puma appeared on the dark web marketplace of stolen data Marketo, threat actors claim to have stolen 1 GB of data from the company. The emerging underground marketplace of stolen data 'Marketo' available in TOR network announced the publication of data presumably stolen from sportswear manufacturer Puma. The ad […] | Threat | ||
|
2021-08-27 07:03:25 | B. Braun Infusomat pumps could be hacked to alter medication doses (lien direct) | Researchers disclosed five vulnerabilities in B. Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. Cybersecurity researchers from McAfee disclosed five vulnerabilities in B. Braun’s Infusomat Space Large Volume Pump and SpaceStation that could be exploited by threat actors to alter medication doses. The flawed devices are uses in both […] | Threat | ||
|
2021-08-26 08:16:19 | Personal Data and docs of Swiss town Rolle available on the dark web (lien direct) | Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers […] | Ransomware Data Breach Threat | ||
|
2021-08-25 18:10:54 | FIN8 group used a previously undetected Sardonic backdoor in a recent attack (lien direct) | Financially motivated threat actor FIN8 employed a previously undocumented backdoor, tracked as ‘Sardonic,’ in recent attacks. The financially motivated threat actor FIN8 has been observed employing a previously undetected backdoor, dubbed Sardonic, on infected systems. The new backdoor was spotted by researchers from cybersecurity firm Bitdefender, it was discovered while investigating an unsuccessful attack carried […] | Threat | ||
|
2021-08-24 08:24:57 | (Déjà vu) FBI flash alert warns on OnePercent Group Ransomware attacks (lien direct) | The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The Federal Bureau of Investigation (FBI) has published a flash alert about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. […] | Ransomware Threat | ||
|
2021-08-24 07:01:46 | Realtek SDK flaws exploited to deliver Mirai bot variant (lien direct) | Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Researchers from SAM Seamless Network warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its […] | Threat | ||
|
2021-08-23 08:31:57 | LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs (lien direct) | A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards. A local privilege escalation (LPE) zero-day flaw in Razer Synapse allows attackers to gain SYSTEM privileges on Windows systems […] | Vulnerability Threat | ||
|
2021-08-21 08:10:42 | US CISA releases guidance on how to prevent ransomware data breaches (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks. Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems. Over the past several […] | Ransomware Threat | ||
|
2021-08-20 08:02:18 | Cisco warns of Server Name Identification data exfiltration flaw in multiple products (lien direct) | Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering that affects multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine) that could be exploited […] | Vulnerability Threat | ||
|
2021-08-19 17:10:07 | Threat actors stole $97 million from Liquid cryptocurency exchange (lien direct) | Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from the company. Japan-based cryptocurrency exchange Liquid was hit by a cyber attack that resulted in the theft of $97 Million worth of crypto-currency assets from its warm wallets. Liquid confirmed that crooks stole various crypto-currency […] | Threat | ||
|
2021-08-19 08:18:08 | Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw (lien direct) | Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day flaw. […] | Threat | ||
|
2021-08-18 16:10:56 | T-Mobile data breach has impacted 48.6 million customers (lien direct) | T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web. Bleeping Computer reported that the seller was asking for 6 […] | Data Breach Threat |
To see everything:
Our RSS (filtrered)
