What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-28 15:03:56 | New Zealand-based cryptocurrency exchange Cryptopia hacked again (lien direct) | The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. At the time of the first attack, the threat actors stole approximately USD 30 million […] | Threat | ||
|
2021-02-28 10:24:58 | Security Affairs newsletter Round 303 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing […] | Threat | ||
|
2021-02-23 20:56:40 | Twitter removes 100 accounts linked to Russia disseminating disinformation (lien direct) | Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […] | Threat | ||
|
2021-02-21 21:00:36 | Experts warn of threat actors abusing Google Alerts to deliver unwanted programs (lien direct) | Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […] | Threat | ||
|
2021-02-20 16:42:40 | SonicWall releases second firmware updates for SMA 100 vulnerability (lien direct) | Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion. On January, 29 […] | Vulnerability Threat | ||
|
2021-02-19 12:12:01 | Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning (lien direct) | Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […] | Malware Threat | ||
|
2021-02-19 09:09:48 | Hackers steal credit card data abusing Google\'s Apps Script (lien direct) | Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […] | Threat | ||
|
2021-02-18 20:13:20 | SolarWinds hackers had access to components used by Azure, Intune, and Exchange (lien direct) | Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […] | Threat | ||
|
2021-02-17 22:25:42 | US DoJ charges three members of the North Korea-linked Lazarus APT group (lien direct) | The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […] | Threat | APT 38 APT 28 | |
|
2021-02-16 15:55:38 | Hackers abusing the Ngrok platform phishing attacks (lien direct) | Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […] | Threat | ||
|
2021-02-15 16:14:45 | The malicious code in SolarWinds attack was the work of 1,000+ developers (lien direct) | Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft's analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company's analysis of […] | Threat | ||
|
2021-02-07 10:44:34 | Web developers SitePoint discloses a data breach (lien direct) | The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M users. SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered for sale an archive containing […] | Data Breach Threat | ||
|
2021-02-04 16:06:40 | (Déjà vu) Hackers accessed Stormshield data, including source code of ANSSI certified products (lien direct) | The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. Stormshield is a French publisher of software specialized in computer security, its products are certified […] | Threat | ||
|
2021-02-02 19:26:09 | Police Exam Database Exposes 500K Indian Citizens \' PII (lien direct) | CloudSEK has discovered a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens. While the threat actor does not mention the name of an organization, the data provided in the sample is clearly associated with a police exam conducted on 22 Dec 2019. Discovery of the leak CloudSEK's proprietary risk […] | Threat | ★★★★★ | |
|
2021-02-02 10:21:49 | (Déjà vu) Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs (lien direct) | Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. According to ZDNet, threat actors are using VMWare ESXi exploits to encrypt the disks of virtual machines deployed in […] | Ransomware Threat | ||
|
2021-02-01 18:45:36 | Operation NightScout: supply chain attack on NoxPlayer Android emulator (lien direct) | Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. A new supply chain attack made the headlines, a threat actor has compromised the update process of NoxPlayer, a free Android emulator for Windows and Macs developed by BigNox. The company claims to have […] | Threat | ||
|
2021-01-30 14:17:20 | (Déjà vu) Victims of FonixCrypter ransomware could decrypt their files for free (lien direct) | FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. The FonixCrypter gang also closed its Telegram channel that was used to […] | Ransomware Threat | ||
|
2021-01-27 21:36:38 | Emotet Botnet dismantled in a joint international operation (lien direct) | A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was […] | Threat Guideline | ||
|
2021-01-26 11:51:57 | North Korea-linked campaign targets security experts via social media (lien direct) | Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. According to the Google team that focuses on nation-state attacks, a North Korea-linked APT group has targeted experts that are working on the research […] | Threat | ||
|
2021-01-25 08:41:52 | Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked (lien direct) | Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web. Leaked data includes names, e-mails, mobile numbers, encrypted passwords, user […] | Threat | ||
|
2021-01-24 18:40:58 | Hacker leaks data of 2.28M users of dating site MeetMindful (lien direct) | A well-known threat actor has leaked data belonging to 2.28 million users registered on the dating website MeetMindful. ZDNet first reported that the well-known threat actor ShinyHunters has leaked the data of more than 2.28 million users registered on the dating site MeetMindful, The threat actor leaked the data for free download on a publicly accessible hacking […] | Threat | ||
|
2021-01-23 10:05:28 | Security firm SonicWall was victim of a coordinated attack (lien direct) | The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities […] | Threat | ★★ | |
|
2021-01-22 12:52:23 | Data of 2 million MyFreeCams users sold on a hacker forum (lien direct) | A threat actor was offering for sale on a hacker forum data from 2 million users allegedly stolen from the adult streaming site MyFreeCams. A threat actor was offering for sale on a hacker forum a database containing user records allegedly stolen from the adult streaming site MyFreeCams. MyFreeCams it's one of the top adult […] | Threat | ||
|
2021-01-20 13:01:02 | FireEye releases an auditing tool to detect SolarWinds hackers\' activity (lien direct) | Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. The experts explained how the UNC2452 and other threat actors breached […] | Tool Threat | ★★★★★ | |
|
2021-01-19 23:21:34 | Malwarebytes \'s email systems hacked by SolarWinds attackers (lien direct) | Cyber security firm Malwarebytes announced that threat actor behind the SolarWinds attack also breached its network last year. Malwarebytes revealed today that SolarWinds hackers also breached its systems and gained access to its email. Malwarebytes joins the club of security firms that were hit by Solarwinds attackers, after FireEye, Microsoft, and CrowdStrike. The intrusion took […] | Threat | ||
|
2021-01-19 22:31:27 | Raindrop, a fourth malware employed in SolarWinds attacks (lien direct) | The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds […] | Malware Threat | Solardwinds | |
|
2021-01-19 13:34:06 | FreakOut botnet target 3 recent flaws to compromise Linux devices (lien direct) | Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems. The botnet appeared in the threat landscape in […] | Threat | ||
|
2021-01-15 14:13:30 | Winnti APT continues to target game developers in Russia and abroad (lien direct) | A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. Experts attribute the attacks to the China-linked Winnti APT group (aka APT41) […] | Threat Guideline | APT 41 APT 41 | |
|
2021-01-14 13:15:39 | Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds (lien direct) | Russian-speaking scammers started targeting users of European marketplaces and classifieds is a criminal scheme dubbed Classiscam. Group-IB, a global threat hunting and and adversary-centric cyber intelligence company, has discovered that Russian-speaking scammers started targeting users of European marketplaces and classifieds. The scheme, dubbed Classiscam by Group-IB, is an automated scam as a service designed to steal money […] | Threat | ||
|
2021-01-13 18:43:38 | Rogue Android RAT emerges from the darkweb (lien direct) | Experts discovered an Android Remote Access Trojan, dubbed Rogue, that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet threat actors known as Triangulum and HeXaGoN Dev. Both actors are Android malware authors that […] | Malware Threat | ||
|
2021-01-12 23:32:41 | Sophisticated hacking campaign uses Windows and Android zero-days (lien direct) | Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed in attacks in the wild. While partnering with the Google Threat Analysis Group (TAG), the experts discovered a watering hole […] | Threat | ||
|
2021-01-09 14:09:45 | SolarWinds hackers also used common hacker techniques, CISA revealed (lien direct) | CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, including password guessing and password spraying. “Frequently, […] | Hack Threat | ||
|
2021-01-08 09:48:08 | Ezuri memory loader used in Linux and Windows malware (lien direct) | Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T's Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […] | Malware Tool Threat | ||
|
2021-01-07 23:30:56 | FBI alert warns private organizations of Egregor ransomware attacks (lien direct) | The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to […] | Ransomware Threat | ||
|
2021-01-07 18:24:41 | North Korea-linked APT37 targets South with RokRat Trojan (lien direct) | Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government. On December 7 2020 researchers from Malwarebytes uncovered a campaign targeting the South Korean government with a variant of the RokRat RAT. The experts found a malicious document uploaded to Virus Total related to a […] | Threat | APT 37 | |
|
2021-01-06 23:02:23 | SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes (lien direct) | The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department’s O365 mailboxes. The US Department of Justice (DoJ) published a press release to confirm that the threat actors behind the SolarWinds supply chain attack were able to access thousands of mailboxes of its employees. “On […] | Threat | ||
|
2021-01-05 11:34:43 | Over 500,000 credentials for tens of gaming firm available in the Dark Web (lien direct) | The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online. The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to top 25 gaming firms. The alarm was raised by the threat intelligence firm Kela […] | Threat Guideline | ||
|
2021-01-04 08:49:19 | New alleged MuddyWater attack downloads a PowerShell script from GitHub (lien direct) | Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […] | Malware Threat | ||
|
2021-01-03 14:52:32 | Over 200 million records of Chinese Citizens for Sale on the Darkweb (lien direct) | During a routine Dark web monitoring, the Research team at Cyble found threat actors selling 200 million+ Records of Chinese Citizens. During a routine Dark web monitoring, the Research team at Cyble found multiple posts where threat actors are offering for sale alleged data leaks related to Chinese citizens. Data might have been stolen from […] | Threat | ||
|
2021-01-01 21:57:35 | Facebook ads used to steal 615000+ credentials in a phishing campaign (lien direct) | Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims' login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials. The campaign targeted more than […] | Threat | ||
|
2021-01-01 16:03:02 | Today Adobe Flash Player reached the end of life (EOL) (lien direct) | Today Adobe Flash Player has reached its end of life (EOL), its vulnerabilities were exploited by multiple threat actors in attacks in the wild over the years. Adobe Flash Player has reached the end of life (EOL) today, over the years, threat actors have exploited multiple vulnerabilities in the popular software. Adobe will no longer […] | Threat | ||
|
2021-01-01 13:25:50 | Alleged docs relating to Covid-19 vaccine leaked in darkweb (lien direct) | Experts from threat intelligence firm Cyble have found documents relating to Covid-19 vaccine of European Medicines Agency in the Darkweb Security experts from threat intelligence firm Cyble have found several documents relating to the Covid-19 vaccine allegedly stolen from the European Medicines Agency (EMA) leaked in the Darkweb. While the pandemic is spreading on a […] | Threat | ||
|
2020-12-31 21:46:01 | (Déjà vu) SolarWinds hackers gained access to Microsoft source code (lien direct) | The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. […] | Threat | ||
|
2020-12-31 18:48:52 | (Déjà vu) Threat actor is selling 368.8 million records from 26 data breaches (lien direct) | A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from Bleeping Computer reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum. The total volume of data available for sale is composed of 368.8 million stolen user […] | Data Breach Threat | ||
|
2020-12-29 21:55:38 | SolarWinds hackers aimed at access to victims\' cloud assets (lien direct) | Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst/Solorigate backdoor. “With […] | Threat Mobile | Solardwinds | |
|
2020-12-28 23:35:07 | Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile (lien direct) | Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Threat intelligence analyst @Bank_Security first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile. Ho mobile is an […] | Threat | ||
|
2020-12-28 22:14:51 | Finland confirms that hackers breached MPs\' emails accounts (lien direct) | The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs). “Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament technical surveillance. Some parliament e-mail accounts may have been compromised as a result of the attack, […] | Threat | ||
|
2020-12-27 16:06:09 | Vermont Hospital confirmed the ransomware attack (lien direct) | The Burlington-based University of Vermont Health Network has finally admitted that ransomware was behind the October attack. In October, threat actors hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The cyber attack took place on October 28 and disrupted services at the UVM Medical Center and affiliated facilities. A […] | Ransomware Threat | ||
|
2020-12-27 09:37:20 | (Déjà vu) SolarWinds releases updated advisory for SUPERNOVA backdoor (lien direct) | SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. SolarWinds has released an updated advisory for the SuperNova backdoor that was discovered while investigating the recent SolarWinds Orion supply-chain attack. The SuperNova backdoor was likely used by a separate threat actor. After the initial disclosure of the […] | Malware Threat | ||
|
2020-12-25 23:53:44 | CrowdStrike releases free Azure tool to review assigned privileges (lien direct) | CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike that threat actors attempted to read CrowdStrike’s emails by using a compromised Microsoft Azure reseller’s account. “Specifically, they […] | Tool Threat |
To see everything:
Our RSS (filtrered)
