What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-20 07:22:57 | Crooks stole driver\'s license numbers from Geico auto insurer (lien direct) | Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks. Geico provided coverage for […] | Threat | ||
|
2021-04-19 08:32:13 | Nitroransomware demands gift codes as ransom payments (lien direct) | A new ransomware dubbed ‘NitroRansomware’ has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which demands a Discord Nitro gift code to the victims to decrypt their files. Discord is a free VoIP, instant messaging and […] | Ransomware Threat | ||
|
2021-04-19 05:35:39 | Codecov was a victim of a supply chain attack (lien direct) | The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools. A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools […] | Threat | ||
|
2021-04-18 17:51:30 | Monero Cryptocurrency campaign exploits ProxyLogon flaws (lien direct) | Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. Sophos researchers reported that threat actors targeted Microsoft Exchange by exploiting ProxyLogon vulnerabilities to deploy malicious Monero cryptominer in an unusual attack. The unknown attacker is attempting to deliver a payload which is being hosted on a compromised […] | Threat | ||
|
2021-04-16 08:56:25 | Mirai code re-use in Gafgyt (lien direct) | Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt”, via threat intelligence systems and our in-house osquery-based sandbox. Upon analysis, we identified several codes, techniques and implementations of Gafgyt, […] | Malware Threat | ||
|
2021-04-14 14:22:29 | FireEye: 650 new threat groups were tracked in 2020 (lien direct) | FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 […] | Threat | ||
|
2021-04-14 10:20:44 | FBI silently removed web shells planted on Microsoft Exchange servers in the US (lien direct) | FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers on Microsoft Exchange servers across the US and remove the malware, […] | Threat | ||
|
2021-04-10 17:50:30 | Hackers compromised APKPure client to distribute infected Apps (lien direct) | APKPure, one of the largest alternative app stores, was the victim of a supply chain attack, threat actors compromised client version 3.17.18 to deliver malware. Multiple security experts discovered threat actors tampered with the APKPure client version 3.17.18 of the popular alternative third-party Android app store. APKPure is available only on devices that use Google […] | Threat | ||
|
2021-04-10 15:08:31 | Crooks abuse website contact forms to deliver IcedID malware (lien direct) | Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Threat actors behind the operation are using contact forms published on websites to deliver malicious links to enterprises […] | Malware Threat | ||
|
2021-04-09 06:18:59 | 330K stolen payment cards and 895K stolen gift cards sold on dark web (lien direct) | A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering […] | Threat | ||
|
2021-04-08 16:15:05 | Swarmshop – What goes around comes around: hackers leak other hackers\' data online (lien direct) | Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and […] | Threat | ||
|
2021-04-08 09:21:10 | User database was also hacked in the recent hack of PHP \'s Git Server (lien direct) | The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. Unknown attackers hacked the official Git server of the PHP programming language and pushed […] | Hack Threat | ||
|
2021-04-07 22:04:37 | New Cring ransomware deployed targeting unpatched Fortinet VPN devices (lien direct) | Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a new piece of ransomware, tracked as Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom), to organizations in the industrial sector. […] | Ransomware Vulnerability Threat | ||
|
2021-04-07 12:52:58 | Crooks use Telegram bots and Google Forms to automate phishing (lien direct) | Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Alternative ways to obtain data help cybercriminals keep […] | Threat | ||
|
2021-04-07 10:02:22 | Gigaset Android smartphones infected with malware after supply chain attack (lien direct) | A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of supply chain attack, threat actors compromised at least one server of the company to deliver malware. Gigaset AG, formerly known as Siemens Home and […] | Malware Threat | ||
|
2021-04-06 17:22:25 | SAP systems are targeted within 72 hours after updates are released (lien direct) | On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat actors within 72 hours after security patches are released. Threat actors perform reverse-engineering of the SAP […] | Threat | ||
|
2021-04-06 13:15:40 | Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks (lien direct) | China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda, Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing. The threat actors are sending out spear-phishing messages to compromise diplomatic targets in Southeast […] | Threat | APT 27 | |
|
2021-04-05 13:27:31 | 33.4% of ICS computers hit by a cyber attack in H2 2020 (lien direct) | H2 2020 – Kaspersky observed an increase in ransomware attacks on industrial control system (ICS) systems in developed countries. Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based on statistical data collected by the distributed antivirus Kaspersky Security Network (KSN). The data analyzed by the experts were received […] | Ransomware Threat | ||
|
2021-04-03 12:39:48 | Activision warns of Call of Duty Cheat tool used to deliver RAT (lien direct) | The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that […] | Tool Threat | ||
|
2021-04-03 07:24:18 | Evolution and rise of the Avaddon Ransomware-as-a-Service (lien direct) | The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that […] | Ransomware Malware Threat | ||
|
2021-04-02 21:19:54 | (Déjà vu) FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers (lien direct) | FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint alert to warn of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The […] | Threat | ||
|
2021-04-01 07:45:39 | US CISA warns of DoS flaws in Citrix Hypervisor (lien direct) | Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to trigger a denial of service condition on the host. US CISA warns that Citrix has released security updates to address flaws in Hypervisor that could be exploited by threat actors to execute code in a […] | Threat | ||
|
2021-03-31 21:53:31 | North Korea-linked hackers target security experts again (lien direct) | Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The cyberspies used fake Twitter and LinkedIn social media accounts to get in contact with the victims. Experts identified two accounts impersonating recruiters for antivirus and security companies. Social media profiles were quickly removed after Google […] | Threat | ||
|
2021-03-31 15:17:15 | 5-star customer service: fraudsters launch massive campaign against Indonesia\'s major banks on Twitter (lien direct) | Experts warn that cybercriminals are targeting Indonesia's major banks posing as bank representatives or customer support team members on Twitter. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, warns of an ongoing fraudulent campaign targeting Indonesia's largest banks that cybercriminals run on social media with the ultimate goal of stealing bank customers' money. […] | Threat | ||
|
2021-03-30 19:59:37 | VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials (lien direct) | VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […] | Threat | ||
|
2021-03-30 15:30:14 | Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites (lien direct) | Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions […] | Vulnerability Threat | ||
|
2021-03-26 22:15:44 | German Parliament Bundestag targeted again by Russia-linked hackers (lien direct) | Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […] | Threat | ||
|
2021-03-26 18:37:31 | Hades ransomware gang targets big organizations in the US (lien direct) | Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. Accenture’s Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an analysis of the latest campaign conducted by financially motivated threat group Hades which have been operating since at least December 2020. Experts discovered that threat actors targeted […] | Ransomware Threat | ||
|
2021-03-25 15:15:53 | The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web (lien direct) | Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web. While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark Web started offering fake COVID-19 test results and vaccination certificates. Multiple research teams, including mine, are monitoring these […] | Threat | ||
|
2021-03-24 13:37:27 | Black Kingdom ransomware is targeting Microsoft Exchange servers (lien direct) | Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange servers exposed online. The first ransomware gang exploiting the above issues in attacks in the wild was a group tracked as DearCry. Last crew […] | Ransomware Threat | ||
|
2021-03-23 15:24:35 | Google fixes an Android vulnerability actively exploited in the wild (lien direct) | Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm chipsets. According to the IT giant, threat actors are actively exploiting the vulnerability in attacks in the wild. The CVE-2020-11261 flaw, is […] | Vulnerability Threat | ||
|
2021-03-22 08:14:13 | Which is the Threat landscape for the ICS sector in 2020? (lien direct) | The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. The experts gathered data related to the cyberthreats that […] | Threat | ||
|
2021-03-20 20:11:03 | A threat actor exploited 11 zero-day flaws in 2020 campaigns (lien direct) | A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google's Project Zero security team published a report about the activity of a mysterious hacking group that operated over the course of 2020 and exploited at least 11 […] | Threat | ||
|
2021-03-18 22:31:29 | (Déjà vu) XcodeSpy Mac malware targets Xcode Developers with a backdoor (lien direct) | Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple's Xcode integrated development environment. Researchers at SentinelOne uncovered a series of attacks involving a new XcodeSpy used to deliver a custom variant of a backdoor tracked as EggShell. The EggShell allows threat actors to spy on users, capture […] | Malware Threat | ||
|
2021-03-18 08:31:34 | Prime Minister Boris Johnson wants to enhance UK cyber capabilities (lien direct) | Prime Minister Boris Johnson declared that Britain needs to boost its cyber capability to conduct cyber attacks on foreign hostile actors. Prime Minister Boris Johnson said that his government needs to boost its capability to conduct cyber attacks on foreign threat actors. “Cyber power is revolutionising the way we live our lives and fight our […] | Threat | ||
|
2021-03-17 19:06:24 | China-linked hackers target telcos to steal 5G secrets (lien direct) | Chinese APT groups are targeting telecom companies in cyberespionage campaigns collectively tracked as Operation Diànxùn, to steal 5G secrets. Chinese-language threat actors are targeting telecom companies, as part of a cyber espionage campaign tracked as ‘Operation Diànxùn,’ to steal sensitive data and trade secrets tied to 5G technology. Hackers behind these campaigns are targering people […] | Threat | ||
|
2021-03-16 21:54:31 | New Mirai variant appears in the threat landscape (lien direct) | Palo Alto researchers uncovered a series of ongoing attacks to spread a variant of the infamous Mirai bot exploiting multiple vulnerabilities. Security experts at Palo Alto Networks disclosed a series of attacks aimed at delivering a Mirai variant leveraging multiple vulnerabilities. Below the list of vulnerabilities exploited in the attacks, three of which were unknown issues: […] | Threat | ||
|
2021-03-16 07:48:09 | Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms? (lien direct) | Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a partner security firm. According to a report published by The Wall Street Journal, Microsoft is investigating whether the threat actors behind the recent wave of attacks on Microsoft Exchange servers worldwide may have obtained sensitive […] | Threat | ||
|
2021-03-12 11:21:06 | Researchers warn of a surge in cyber attacks against Microsoft Exchange (lien direct) | Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently disclosed ProxyLogon zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) […] | Threat | ||
|
2021-03-11 14:38:14 | Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws (lien direct) | Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway ‘s parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting the recently disclosed vulnerabilities in Microsoft Exchange, collectively tracked as ProxyLogon. On March 2nd, Microsoft has released emergency out-of-band security updates that […] | Threat | ★★★ | |
|
2021-03-11 08:22:38 | F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ (lien direct) | Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as “critical” severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that run the F5 TMOS operating system and provides load balancing, firewall, access control, threat protection capabilities. The vendor has released security updates for seven […] | Threat | ||
|
2021-03-09 08:48:19 | SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors (lien direct) | Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks Supernova malware spotted on compromised SolarWinds Orion installs exposed on the Internets is likely linked to a China-linked espionage group. Researchers at Secureworks’ counter threat unit (CTU) were investigating the exploit of SolarWinds servers to deploy the Supernova web shell when collected evidence […] | Malware Hack Threat | ★★★★ | |
|
2021-03-08 17:58:38 | UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign (lien direct) | Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507) Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & […] | Malware Vulnerability Threat | ||
|
2021-03-07 21:51:48 | Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange (lien direct) | Thousands of organizations may have been victims of cyberattacks on Microsoft Exchange servers conducted by China-linked threat actors since January. At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies. The attacks started in January, but the attackers’ activity intensified in […] | Threat | ||
|
2021-03-07 14:54:02 | Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks (lien direct) | Russia-linked APT groups leveraged the Lithuanian nation's technology infrastructure to launch cyber-attacks against targets worldwide. The annual national security threat assessment report released by Lithuania's State Security Department states that Russia-linked APT groups conducted cyber-attacks against top Lithuanian officials and decision-makers last in 2020. APT29 state-sponsored hackers also exploited Lithuania's information technology infrastructure to carry […] | Threat | APT 29 | |
|
2021-03-06 18:32:04 | Hackers breached four prominent underground cybercrime forums (lien direct) | A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March, […] | Hack Threat | ★★ | |
|
2021-03-05 20:00:25 | GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (lien direct) | Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads. Microsoft announced the discovery of three new pieces of malware that the threat actors behind the SolarWinds attack, tracked by the IT giant as Nobelium, used as second-stage payloads. Microsoft’s initial investigation revealed the existence of […] | Malware Threat | ||
|
2021-03-04 21:52:36 | (Déjà vu) Sunshuttle, the fourth malware allegedly linked to SolarWinds hack (lien direct) | FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle, and it was […] | Malware Hack Threat | ||
|
2021-03-04 11:52:48 | Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150% (lien direct) | Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players' TTPs (tactics, techniques, and procedures). By […] | Ransomware Threat | ||
|
2021-03-03 23:14:44 | Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys (lien direct) | Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A couple of weeks ago, security experts […] | Ransomware Vulnerability Threat |
To see everything:
Our RSS (filtrered)
