What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-25 18:07:23 | Hackers exploit 3-years old flaw to wipe Western Digital devices (lien direct) | Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting an old vulnerability. Owners of Western Digital (WD) claim that their My Book Live and My Book Live Duo network-attached storage (NAS) devices have been wiped. Threat actors forced a factory reset on the devices […] | Threat | ||
|
2021-06-24 14:15:55 | Zyxel warns customers of attacks on its enterprise firewall and VPN devices (lien direct) | Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. The threat actors are targeting the USG, […] | Threat | ||
|
2021-06-24 13:13:25 | ChaChi, a GoLang Trojan used in ransomware attacks on US schools (lien direct) | A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming language, dubbed ChaChi, which has been used by PYSA (aka Mespinoza) operators to target victims globally. The […] | Ransomware Threat | ||
|
2021-06-21 17:45:39 | Threat actors in January attempted to poison the water at a US facility (lien direct) | Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility in the U.S. made the headlines and highlights the importance of protecting critical […] | Threat | ||
|
2021-06-17 18:22:42 | Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran (lien direct) | Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on […] | Threat | ||
|
2021-06-15 18:53:53 | The source code of the Paradise Ransomware was leaked on XSS hacking forum (lien direct) | The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source […] | Ransomware Threat | ||
|
2021-06-14 23:08:15 | Apple fixed 2 WebKit flaws exploited to target older iPhones (lien direct) | Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited. WebKit is a browser […] | Threat | ||
|
2021-06-14 18:53:36 | SEO poisoning campaign aims at delivering RAT, Microsoft warns (lien direct) | Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems The IT giant […] | Threat | ||
|
2021-06-11 12:17:47 | Mysterious custom malware used to steal 1.2TB of data from million PCs (lien direct) | Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The database includes […] | Malware Threat | ||
|
2021-06-10 21:18:11 | Global Scamdemic: Scams Become Number One Online Crime (lien direct) | Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Group-IB, a global threat hunting and adversarial cyber intelligence company specializing in the investigation and prevention of high-tech cybercrime, has published a comprehensive analysis of fraud cases on a global scale. Group-IB, a global threat hunting and adversarial […] | Threat | ||
|
2021-06-10 12:18:57 | Russia-linked APT breached the network of Dutch police in 2017 (lien direct) | Russia-linked cyberspies breached the internal network of Dutch police in 2017 while the authorities were investigating the crash of the MH-17. Russia-linked threat actors breached the internal network of Dutch police in 2017 during the investigation into the MH-17 crash. The intrusion was uncovered by AIVD, the Dutch intelligence service, but was not disclosed by […] | Threat | ||
|
2021-06-07 13:10:27 | Russia behind a massive spear-phishing campaign that hit Ukraine (lien direct) | Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. Three Ukrainian cybersecurity agencies (Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine), including the Ukrainian Secret Service, warned last week of a “massive” spear-phishing campaign conducted by Russia-linked hackers against its government and organizations in the private […] | Threat | ||
|
2021-06-05 13:37:29 | BlackCocaine Ransomware, a new malware in the threat landscape (lien direct) | Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of […] | Malware Threat | ||
|
2021-06-05 08:52:04 | (Déjà vu) US CISA published a guide to better use the MITRE ATT&CK framework (lien direct) | The U.S. CISA announced the availability of a new guide for cyber threat intelligence experts on the use of the MITRE ATT&CK framework. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released a new guide for cyber threat intelligence experts on the use of the MITRE ATT&CK framework. In 2018, MITRE announced the […] | Threat | ||
|
2021-06-04 21:44:06 | Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE (lien direct) | Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in […] | Vulnerability Threat | ||
|
2021-06-04 11:44:19 | China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day (lien direct) | China-linked APT breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. China-linked threat actors breached the network of the New York City’s Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. The intrusion took place in April, but attackers did not cause any damage because they were […] | Threat | ||
|
2021-06-02 15:32:55 | Database, source code allegedly related to bulletproof hosting, once Parler\'s service provider, up for sale on hacker forum (lien direct) | Group-IB discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum. Group-IB, a global threat hunting and adversary-centric cyber intelligence company specializing in investigating and preventing hi-tech cybercrimes, has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum on […] | Threat | ||
|
2021-06-01 22:03:01 | (Déjà vu) JBS attack has likely a Russian origin (lien direct) | White House spokeswoman speculates threat actors behind the JBS ransomware attack have a Russian origin. The American food processing giant JBS Foods, the world's largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack. The cyberattack impacted multiple production plants of the company worldwide, including facilities located […] | Ransomware Threat | ||
|
2021-06-01 19:26:50 | New Epsilon Red Ransomware appears in the threat landscape (lien direct) | Researchers spotted a new piece of ransomware named Epsilon Red that was employed at least in an attack against a US company. Researchers from Sophos spotted a new piece of ransomware, named Epsilon Red, that infected at least one organization in the hospitality sector in the United States. The name Epsilon Red comes from an […] | Ransomware Threat | ||
|
2021-05-30 09:35:19 | Facefish Backdoor delivers rootkits to Linux x64 systems (lien direct) | Qihoo 360 NETLAB spotted a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal sensitive data. Cybersecurity experts from Qihoo 360 NETLAB published details about a new backdoor, dubbed Facefish, which can be used by threat actors to steal login credentials and executing arbitrary commands on Linux systems. The […] | Threat | ||
|
2021-05-28 10:56:54 | Microsoft details new sophisticated spear-phishing attacks from NOBELIUM (lien direct) | Microsoft experts uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind SolarWinds hack. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM APT. The NOBELIUM APT is the threat actor that conducted supply chain attack against SolarWinds which involved multiple families of implants, including the SUNBURST […] | Threat | Solardwinds | ★★ |
|
2021-05-27 12:43:57 | Hackers compromised Japanese government offices via Fujitsu \'s ProjectWEB tool (lien direct) | Threat actors have compromised offices of multiple Japanese agencies via Fujitsu ‘s ProjectWEB information sharing tool. Threat actors have breached the offices of multiple Japanese agencies after they have gained access to projects that uses the Fujitsu ‘s ProjectWEB information sharing tool. ProjectWEB is a software-as-a-service (SaaS) platform for enterprise collaboration and file-sharing that was […] | Tool Threat | ||
|
2021-05-26 06:20:14 | Agrius group targets Israel with data-wipers disguised as ransomware (lien direct) | An Iran-linked threat actor tracked as Agrius employed data-wipers disguised as ransomware to destroy targeted IT infrastructure. Researchers from cyber-security firm SentinelOne discovered a new Iran-linked threat actor, tracked as Agrius, which relied on data-wiping malware disguised as ransomware to destroy the targeted systems. In order to hide the real nature of the threat, the […] | Ransomware Malware Threat | ||
|
2021-05-25 12:28:15 | Apple addresses three zero-day flaws actively exploited in the wild (lien direct) | Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is […] | Malware Threat | ★★★ | |
|
2021-05-24 14:01:31 | 13 flaws in Nagios IT Monitoring Software pose serious risk to orgs (lien direct) | Researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited for malicious purposes. Cybersecurity researchers from Skylight Cyber disclosed technical details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited by threat actors to hijack the infrastructure. Nagios is an open-source IT infrastructure monitoring and […] | Threat | ||
|
2021-05-22 16:44:58 | Foreign hackers breached Russian federal agencies, said FSB (lien direct) | FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have breached networks of Russian federal agencies. A joint report published by Rostelecom-Solar and the FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have stolen information from Russian federal agencies. The attacks were spotted in 2020, threat actors leveraged […] | Threat | ||
|
2021-05-20 07:04:09 | Blind SQL Injection flaw in WP Statistics impacted 600K+ sites (lien direct) | Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs. The plugin was developed by VeronaLabs, it provides complete […] | Vulnerability Threat | ||
|
2021-05-18 17:53:47 | (Déjà vu) European Council extends sanctions against foreign threat actors (lien direct) | European Council extended for one year the sanctions against foreign threat actors that threaten the European Union and its member states. The European Council announced that it will extend for one year the framework for sanctions against threat actors that launched cyberattacks against the infrastructure of the European Union and its member states. The Council Decision […] | Threat | ||
|
2021-05-18 08:36:03 | Discovery of Simps Botnet Leads To Ties to Keksec Group (lien direct) | Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs’ threat research team has discovered a new Botnet named 'Simps' attributed to Keksec group primarily focussed on DDOS activities. We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code […] | Threat | ★★★ | |
|
2021-05-17 09:02:23 | Bitcoin down: 51% attack? No, put the blame on Elon Musk (lien direct) | The price of Bitcoin falls after Elon Musk declared that its company, Tesla, may have sold holdings of the cryptocurrency We have a long-debated about the possibility that the Bitcoin price could be influenced by threat actors through 51% attacks, but recent events demonstrate that it could be easier to manipulate its value. A simple […] | Threat | ||
|
2021-05-16 11:31:28 | MSBuild tool used to deliver RATs filelessly (lien direct) | Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and RedLine Stealer password-stealing malware on targeted Windows systems. “Anomali Threat Research discovered a campaign in which threat actors used […] | Malware Tool Threat | ||
|
2021-05-15 08:41:55 | QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks (lien direct) | QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that […] | Ransomware Threat | ||
|
2021-05-14 14:08:55 | Magecart gang hides PHP-based web shells in favicons (lien direct) | Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information. Researchers from Malwarebytes observed threat actors, likely Magecart […] | Threat | ||
|
2021-05-13 17:27:24 | Organizations in aerospace and travel sectors under attack, Microsoft warns (lien direct) | Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […] | Threat | ||
|
2021-05-10 07:31:28 | Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks (lien direct) | Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The […] | Threat | ||
|
2021-05-08 13:05:48 | Microsoft warns of a large-scale BEC campaign to make gift card scam (lien direct) | Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI's Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business […] | Threat | ||
|
2021-05-07 16:35:28 | 19 petabytes of data exposed across 29,000+ unprotected databases (lien direct) | CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, […] | Threat | ★★★ | |
|
2021-05-07 13:35:31 | [Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) (lien direct) | HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. video below), I started looking around […] | Threat | ||
|
2021-05-06 23:12:30 | Windows Moriya rootkit used in highly targeted attacks (lien direct) | Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems. Kaspersky experts who uncovered the threat speculate the attacks are likely part of an ongoing espionage campaign dubbed TunnelSnake that has been […] | Threat | ||
|
2021-05-05 15:27:31 | (Déjà vu) UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware (lien direct) | A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization […] | Malware Threat | ||
|
2021-05-03 17:39:49 | Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited (lien direct) | Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms […] | Vulnerability Threat | ★★★★ | |
|
2021-05-03 06:39:57 | Threat Report Portugal: Q1 2021 (lien direct) | The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […] | Malware Threat | ||
|
2021-04-30 14:09:35 | Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization (lien direct) | UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and the United Nations International Computing Centre (UNICC), detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. […] | Threat | ||
|
2021-04-29 06:22:02 | RotaJakiro Linux backdoor has flown under the radar since 2018 (lien direct) | Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims. RotaJakiro is a Linux backdoor recently discovered by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab). The malware remained undetected for years while threat actors were employing […] | Malware Threat | ||
|
2021-04-27 08:33:35 | Microsoft Defender uses Intel TDT technology against crypto-mining malware (lien direct) | Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using Cryptojacking malware […] | Malware Threat | ||
|
2021-04-26 09:40:47 | Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws (lien direct) | Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet. The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws (CVE-2021-27065 and CVE-2021-26858) to deliver malware in their networks. Attackers […] | Malware Threat | ||
|
2021-04-25 16:36:15 | Hackers are targeting Soliton FileZen file-sharing servers (lien direct) | Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations. Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations. FileZen servers allow users to share data according to their needs, […] | Threat | ||
|
2021-04-22 09:01:52 | Trend Micro flaw actively exploited in the wild (lien direct) | Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, […] | Threat | ||
|
2021-04-22 05:49:21 | Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang (lien direct) | During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure, cash out schemes, and target acquisition strategies. From a relatively rare threat just a few years ago to one of the biggest moneymakers for cybercriminals today – the meteoric rise of ransomware has cast a shadow of […] | Ransomware Threat | ||
|
2021-04-20 09:59:48 | WeChat users targeted by hackers using recently disclosed Chromium exploit (lien direct) | Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit to target WeChat users in China. According to the researchers, the attacks only targeted users of the WeChat Windows app. The […] | Threat |
To see everything:
Our RSS (filtrered)
