What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-16 21:27:53 | T-Mobile confirms data breach that exposed customer personal info (lien direct) | T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. Yesterday the company announced it launched an investigation into a possible data breach after […] | Data Breach Threat | ||
|
2021-08-16 17:06:18 | (Déjà vu) Recent attacks on Iran were orchestrated by the Indra group (lien direct) | The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In July, Iran's railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, the Fars news agency reported. The […] | Threat | ||
|
2021-08-16 08:04:26 | US FINRA warns US brokerage firms and brokers of ongoing phishing attacks (lien direct) | The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing […] | Threat | ||
|
2021-08-16 06:47:07 | Threat actor claims to be selling data of more than 100 million T-Mobile customers (lien direct) | T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers. New problems for T-Mobile, the company is investigating a possible data breach after that a threat actor has published a post on a hacking forum claiming to be […] | Data Breach Threat | ||
|
2021-08-12 16:01:15 | Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers (lien direct) | Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) to infect Windows servers. The PrintNightmare flaws reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature. A few hours ago […] | Ransomware Threat | ||
|
2021-08-12 06:31:10 | Threat actors behind the Poly Network hack are returning stolen funds (lien direct) | The threat actor who hacked Poly Network cross-chain protocol stealing $611 million worth of cryptocurrency assets returns the stolen funds. The threat actor behind the hack of the Poly Network cross-chain protocol is now returning the stolen funds. The hackers have stolen $611 million worth of cryptocurrency assets, $273 million worth of Ethereum tokens, $253 million […] | Hack Threat | ||
|
2021-08-11 17:11:14 | UNC215, an alleged China-linked APT group targets Israel orgs (lien direct) | China-linked threat actors UNC215 targeted Israeli organizations in a long-running campaign and used false flags to trick victims into believing the attacks was from Iran. A China-linked cyber-espionage group has targeted Israeli organizations and government institutions in a campaign that began in January 2019. The attacks were detailed by cybersecurity firm Mandiant, the state-sponsored hackers […] | Threat | ||
|
2021-08-10 20:56:34 | $611 million stolen in Poly Network cross-chain hack (lien direct) | The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to date. $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. The cross-chain protocol Poly Network disclose a security breach, threat actors have stolen over $611 million in cryptocurrencies. The attackers have […] | Hack Threat | ||
|
2021-08-09 16:22:07 | StealthWorker botnet targets Synology NAS devices to drop ransomware (lien direct) | Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt to implant ransomware. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux […] | Ransomware Threat | ||
|
2021-08-09 14:38:09 | City of Joplin paid a 320K ransom after a ransomware Attack (lien direct) | A ransomware attack hit City of Joplin forcing the IT staff to shutdown the City computer. Finally the insurer for Joplin paid $320,000 to threat actors. A ransomware attack last month hit the City of Joplin forcing the IT staff to shut down the city's government's computer system to prevent the threat from spreading. While […] | Ransomware Threat | ||
|
2021-08-09 06:55:46 | (Déjà vu) Threat actors are probing Microsoft Exchange servers for ProxyShell flaws (lien direct) | Threat actors are actively scanning for the Microsoft Exchange ProxyShell RCE flaws after technical details were released at the Black Hat conference. Threat actors started actively scanning for the Microsoft Exchange ProxyShell remote code execution flaws after researchers released technical details at the Black Hat hacking conference. ProxyShell is the name of three vulnerabilities that could be […] | Threat | ||
|
2021-08-08 21:11:40 | 1M compromised cards available for free in the underground market (lien direct) | Group-IB detected an unconventional post on several carding forums containing links to a file containing 1 million compromised cards. On August 2, Group-IB Threat Intelligence & Attribution system detected an unconventional post on several carding forums. A user, nicknamed AW_cards posted links to a file containing 1 million pieces of stolen payment records. The file […] | Threat | ||
|
2021-08-08 13:30:06 | Security Affairs newsletter Round 326 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia WordPress Download Manager Plugin was affected by two flaws […] | Threat | ||
|
2021-08-07 20:10:28 | CVE-2021-20090 actively exploited to target millions of IoT devices worldwide (lien direct) | Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090, impacting home routers with Arcadyan firmware to deploy a Mirai bot. “A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and […] | Vulnerability Threat | ||
|
2021-08-05 16:28:53 | Cryptominer ELFs Using MSR to Boost Mining Process (lien direct) | The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver. By UPTYCS THREAT RESEARCH Original research by Siddarth Sharma The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining […] | Threat | ||
|
2021-08-04 21:39:51 | (Déjà vu) Advanced Technology Ventures discloses ransomware attack and data breach (lien direct) | The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some […] | Ransomware Data Breach Threat | ||
|
2021-08-03 20:55:39 | China-linked APT groups target telecom companies in Southeast Asia (lien direct) | China linked APT groups have targeted networks of at least five major telecommunications companies operating in Southeast Asia since 2017. Cybereason researchers identified three clusters of activity associated with China-linked threat actors that carried out a series of attacks against networks of at least five major telecommunications companies located in South Asia since 2017. “The goal […] | Threat | ||
|
2021-08-01 15:50:17 | GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia (lien direct) | Kaspersky experts spotted a previously undocumented Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange flaws in attacks on high-profile victims. Kaspersky spotted a new Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange vulnerabilities in attacks aimed at high-profile victims. The long-running operation carried out by the group mostly targeted […] | Threat | ||
|
2021-07-29 18:08:49 | BlackMatter and Haron, two new ransomware gangs in the threat landscape (lien direct) | The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of […] | Ransomware Malware Threat | ||
|
2021-07-28 07:16:58 | BlackMatter ransomware group claims to be Darkside and REvil succesor (lien direct) | BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its […] | Ransomware Threat | ★★★★★ | |
|
2021-07-27 09:20:23 | Hackers flooded the Babuk ransomware gang\'s forum with gay porn images (lien direct) | The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. The Babuk Locker operators halted their operations at the end […] | Ransomware Threat | ||
|
2021-07-25 20:45:28 | Threat actor offers Clubhouse secret database containing 3.8B phone numbers (lien direct) | A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people. The audio-only app hosts live discussions, with opportunities to participate through speaking and listening. Conversations are prohibited by Clubhouse’s guidelines […] | Threat | ||
|
2021-07-23 06:59:17 | (Déjà vu) Threat Report Portugal: Q2 2021 (lien direct) | The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021 The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported […] | Threat | ||
|
2021-07-22 15:33:27 | Group-IB helps Dutch police identify members of phishing developer gang Fraud Family (lien direct) | Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed ‘Fraud Family.’ Group-IB's […] | Threat Guideline | ||
|
2021-07-22 05:42:10 | Thousands of Humana customers have their medical data leaked online by threat actors (lien direct) | Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. The author of the post claims that the data was acquired from […] | Threat | ★★ | |
|
2021-07-19 14:08:11 | Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco (lien direct) | A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco. Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale […] | Threat | ||
|
2021-07-18 08:46:50 | (Déjà vu) HelloKitty ransomware gang targets vulnerable SonicWall devices (lien direct) | BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […] | Ransomware Threat | ||
|
2021-07-17 12:28:26 | Cisco fixes high-risk DoS flaw in ASA, FTD Software (lien direct) | Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. The flaw resides in the software cryptography module of both ASA and FTD […] | Vulnerability Threat | ||
|
2021-07-16 09:21:08 | New enhanced Joker Malware samples appear in the threat landscape (lien direct) | The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and […] | Malware Threat | ||
|
2021-07-15 17:34:17 | (Déjà vu) SpearTip Finds New Diavol Ransomware Does Steal Data (lien direct) | Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly identical command-line parameters for the same functionality. There may be some similarities, but as they've explained and SpearTip […] | Ransomware Threat | ||
|
2021-07-15 14:29:47 | SonicWall warns of \'imminent ransomware\' attacks on its EOL products (lien direct) | SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […] | Ransomware Threat | ||
|
2021-07-15 05:50:17 | macOS: Bashed Apples of Shlayer and Bundlore (lien direct) | Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […] | Malware Threat | ||
|
2021-07-12 21:01:19 | SolarWinds fixes critical Serv-U zero-day exploited in the wild (lien direct) | SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor. SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer […] | Vulnerability Threat | ||
|
2021-07-12 17:18:57 | Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again (lien direct) | Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/ For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from […] | Threat | ||
|
2021-07-12 14:15:12 | BIOPASS malware abuses OBS Studio to spy on victims (lien direct) | Researchers spotted a new malware, dubbed BIOPASS, that sniffs victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Researchers from Trend Micro spotted a new malware, dubbed BIOPASS, that sniffs the victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Threat actors behind the new malware planted a malicious JavaScript code on support […] | Malware Threat | ||
|
2021-07-10 18:20:34 | Iran\'s railroad system was hit by a cyberattack, hackers posted fake delay messages (lien direct) | Iran’s railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country. Iran’s railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, […] | Threat | ||
|
2021-07-10 05:09:35 | Kaseya warns customers of ongoing malspam campaign posing as security updates (lien direct) | Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […] | Ransomware Spam Malware Threat | ||
|
2021-07-09 11:02:40 | (Déjà vu) Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs (lien direct) | Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Now experts from McAfee Labs warn of a novel technique used by threat actors that […] | Threat | ||
|
2021-07-09 11:02:40 | Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs (lien direct) | Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Now experts from McAfee Labs warn of a novel technique used by threat actors that […] | Threat | ||
|
2021-07-08 19:30:40 | Morgan Stanley discloses data breach after the hack of a third-party vendor (lien direct) | The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than […] | Data Breach Hack Threat | ||
|
2021-07-08 09:47:35 | Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits (lien direct) | A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the […] | Threat | ||
|
2021-07-07 12:11:21 | Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya (lien direct) | Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain 'decoder[.]re' in addition to a ransomware page available in the TOR network. […] | Ransomware Threat | ||
|
2021-07-03 05:14:09 | Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang? (lien direct) | Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used […] | Ransomware Threat | ||
|
2021-07-02 11:43:04 | (Déjà vu) Experts warn of Babuk Locker attacks with recently leaked ransomware builder (lien direct) | The recently leaked Babuk Locker ransomware builder was used by a threat actor in an ongoing campaign targeting victims worldwide. At the end of June, The Record first reported that the builder for the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. […] | Ransomware Threat | ||
|
2021-07-01 17:35:10 | Hackers breached a data server of the University Medical Center (lien direct) | The University Medical Center hospital discloses a data breach after threat actors published online images of stolen personal information as proof of the hack. The University Medical Center hospital, in Nevada, discloses a security breach, the hackers compromised its data servers and published online the pictures of the allegedly stolen personal information. Early this week, […] | Data Breach Threat | ||
|
2021-07-01 08:41:19 | Freshly scraped LinkedIn data of 88,000 US business owners shared online (lien direct) | About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform's scrape-friendly systems. Hours ago, a 68MB JSON database containing LinkedIn data recently collected from 88,000 US business owners was shared on […] | Threat | ★★★★ | |
|
2021-06-30 09:03:30 | Russian-based DoubleVPN seized by law enforcement (lien direct) | Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The operation is a […] | Threat | ||
|
2021-06-30 05:32:01 | SolarWinds hackers remained hidden in Denmark\'s central bank for months (lien direct) | Russia-linked threat actors compromised Denmark's central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark's central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The security breach is the result of the SolarWinds supply chain attack that was carried out […] | Threat | ||
|
2021-06-28 14:46:32 | Microsoft investigates threat actor distributing malicious Netfilter Driver (lien direct) | Microsoft is investigating an strange attack, threat actor used a driver signed by the company, the Netfilter Driver, to implant a Rootkit. Microsoft announced it is investigating a threat actor distributing malicious drivers in attacks aimed at the gaming industry in China. The actor submitted drivers that were built by a third party for certification […] | Threat | ||
|
2021-06-26 16:36:51 | Microsoft: Russia-linked SolarWinds hackers breached three new entities (lien direct) | Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted news cyber attacks against other organizations. Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. […] | Threat | APT 29 |
To see everything:
Our RSS (filtrered)
