What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-25 01:45:22 | DDoS amplify attack targets Citrix Application Delivery Controllers (ADC) (lien direct) | Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram […] | Threat | ||
|
2020-12-24 13:08:03 | Google reported that Microsoft failed to fix a Windows zero-day flaw (lien direct) | Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat […] | Vulnerability Threat | ||
|
2020-12-22 21:52:57 | Researchers shared the lists of victims of SolarWinds hack (lien direct) | Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that […] | Hack Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-21 18:26:13 | SUPERNOVA, a backdoor found while investigating SolarWinds hack (lien direct) | While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […] | Hack Threat | ||
|
2020-12-21 08:25:41 | Clop ransomware gang paralyzed flavor and fragrance producer Symrise (lien direct) | Flavor and fragrance producer Symrise is the last victim of the Clop ransomware gang that claims to have stolen 500 GB of unencrypted files. Symrise AG, a major producer of flavours and fragrances, was hit by Clop ransomware operators. The threat actors claim to have stolen 500 GB of unencrypted files. The attack was reported […] | Ransomware Threat | ||
|
2020-12-20 18:19:23 | SolarWinds hackers also breached the US NNSA nuclear agency (lien direct) | US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised the networks of the US National Nuclear Security Administration (NNSA) agency. “The Department of Energy […] | Threat | ||
|
2020-12-19 13:53:36 | (Déjà vu) NSA warns of cloud attacks on authentication mechanisms (lien direct) | The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate […] | Threat | ||
|
2020-12-18 08:20:42 | (Déjà vu) Fake mobile version of Cyberpunk 2077 spreads ransomware (lien direct) | A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077. Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that is delivering the CoderWare ransomware. Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it […] | Ransomware Threat | ||
|
2020-12-17 13:17:15 | Experts spotted browser malicious extensions for Instagram, Facebook and others (lien direct) | Avast researchers reported that three million users installed 28 malicious Chrome or Edge extensions that could perform several malicious operations. Avast Threat Intelligence researchers spotted malicious Chrome and Edge browser extensions that were installed by over 3 million users. The extensions were designed to steal user’s data (i.e. birth dates, email addresses, and active devices) and […] | Threat | ||
|
2020-12-11 12:11:50 | Threat actors target K-12 distance learning education, CISA and FBI warn (lien direct) | The US Cybersecurity Infrastructure and Security Agency and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector. The US CISA and the FBI warned about the increase in ransomware attacks targeting the US K-12 educational sector aimed at data theft and disruption of distance learning services. The number of […] | Ransomware Threat | ||
|
2020-12-09 16:02:11 | Crooks hide software skimmer inside CSS files (lien direct) | Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files. Security researchers have uncovered a new technique used by threat actors to inject a software skimmer onto websites, the attackers hide the malware in CSS files. Security experts have analyzed multiple Magecart attack techniques over […] | Malware Threat | ||
|
2020-12-09 08:07:43 | The importance of computer identity in network communications: how to protect it and prevent its theft (lien direct) | The importance of computer identity in network communications: how to protect it and prevent threat actors from spying or stealing on online communications When you fill out a registration form to take advantage of a web service, a virtual personal profile is generated, creating your own IT identity characterized by specific attributes. Even those who […] | Threat | ||
|
2020-12-08 17:58:14 | Unauthenticated Command Injection bug opens D-Link VPN routers to hack (lien direct) | An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The experts initially discovered the flaws in DSR-250 router family running firmware version 3.17, further investigation allowed […] | Hack Vulnerability Threat | ||
|
2020-12-06 13:02:20 | (Déjà vu) COVID-19 themed attacks October 1 – December 5, 2020 (lien direct) | This post includes the details of the COVID-19 themed attacks launched from October 1 to December 5, 2020. Threat actors exploit the interest in the COVID-19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily basis. Below a list of attacks detected between October 1 to December 5, 2020. October 26 […] | Threat | ||
|
2020-12-04 23:42:42 | Iranian hackers access unsecured HMI at Israeli Water Facility (lien direct) | A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. The threat actors accessed […] | Threat | ||
|
2020-12-03 22:29:33 | Hackers are targeting COVID-19 vaccine cold chain (lien direct) | IBM X-Force experts warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. Researchers from IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating a […] | Threat | ||
|
2020-12-02 16:06:14 | APT groups targets US Think Tanks, CISA, FBI warn (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks. APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a […] | Threat | ★★ | |
|
2020-11-28 16:52:11 | Office 365 phishing campaign leverages Oracle and Amazon cloud services (lien direct) | Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure. The campaign has been active for more […] | Threat | ||
|
2020-11-28 09:21:36 | Hundreds of C-level executives credentials available for $100 to $1500 per account (lien direct) | A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in is a popular closed-access underground forum for Russian-speaking hackers, and it […] | Threat | ||
|
2020-11-27 08:23:46 | Canon publicly confirms August ransomware attack and data breach (lien direct) | Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, ZDNet first revealed […] | Ransomware Data Breach Threat | ||
|
2020-11-26 15:41:01 | Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million (lien direct) | Carding Action 2020 targeted crooks selling/purchasing compromised card data on sites selling stolen cred itcard data and darkweb marketplaces Group-IB, a global threat hunting and intelligence company, has supported Carding Action 2020 – a cross-border operation led by Europol's European Cyber Crime Centre (EC3) with the support from law enforcement agencies including The Dedicated Card and Payment Crime Unit of the London […] | Threat | ||
|
2020-11-25 23:09:03 | Belden discloses data breach as a result of a cyber attack (lien direct) | Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information […] | Data Breach Threat | ||
|
2020-11-25 20:40:13 | Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members (lien direct) | Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL's Cybercrime Directorate, Nigerian Police Force, and Group-IB's APAC Cyber Investigations Team has resulted in the […] | Threat | ||
|
2020-11-25 10:02:56 | Group-IB Hi-Tech Crime Trends 2020/2021 report (lien direct) | Group-IB, a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware activity. […] | Ransomware Threat | ||
|
2020-11-24 17:56:35 | A new Stantinko Bot masqueraded as httpd targeting Linux servers (lien direct) | Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the […] | Threat | ||
|
2020-11-24 10:03:37 | Crooks social-engineered GoDaddy staff to take over crypto-biz domains (lien direct) | Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings […] | Threat | ||
|
2020-11-23 08:32:23 | Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware (lien direct) | Sonatype's deep dive research allowed to identify a new family of Discord malware called CursedGrabber. Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem. The malware called “xpc.js” […] | Malware Threat | ||
|
2020-11-22 18:07:39 | Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs (lien direct) | A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs. A threat actor, who goes online with the moniker “pumpedkicks,” has leaked online a list of exploits that could be exploited to steal VPN credentials from almost 50,000 Fortinet VPN devices. Researchers from Bank Security first […] | Threat | ||
|
2020-11-22 14:16:14 | Hundreds of female sports stars and celebrities have their naked photos and videos leaked online (lien direct) | Hackers have stolen naked photos and videos from hundreds of female sports stars and celebrities and leaked them online. Threat actors have stolen naked photos and videos from hundreds of female sports stars and celebrities and leaked them online. The attack took place in the same hours as hackers hit Manchester United and brings us back […] | Threat | ||
|
2020-11-21 14:27:56 | Experts warn of mass-scanning for ENV files left unsecured online (lien direct) | Threat actors are scanning the Internet for ENV files that usually contain API tokens, passwords, and database logins. Threat actors are scanning the internet for API tokens, passwords, and database logins that are usually used to store ENV files (Environment files) accidentally left exposed online. Environment files are configuration files that usually contain user environment […] | Threat | ||
|
2020-11-20 11:51:15 | QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor (lien direct) | The QakBot banking trojan has dropped the ProLock ransomware, they are now opting for the Egregor ransomware in their operations. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered that QakBot (aka Qbot) operators have abandoned ProLock for Egregor ransomware. Egregor has been actively distributed since September 2020 and has so far hit […] | Ransomware Threat | ||
|
2020-11-20 11:23:40 | A flaw in Facebook Messenger could have allowed spying on users (lien direct) | Facebook has addressed a security vulnerability in its Messenger for Android app that could have allowed attackers to spy on users. Facebook has addressed a major security issue in its Messenger for Android app that could have allowed threat actors to spy on users by placing and connecting Messenger audio calls without their interaction. The […] | Vulnerability Threat | ||
|
2020-11-19 20:49:21 | Nation-state actors from Russia, China, Iran, and North Korea target Canada (lien direct) | Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea. A report published by the Canadian Centre for Cyber Security, titled “National Cyber Threat Assessment 2020,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea. The report is based on both […] | Threat | ||
|
2020-11-18 20:27:53 | China-linked APT10 leverages ZeroLogon exploits in recent attacks (lien direct) | Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. Symantec’s Threat Hunter Team, a Broadcom division, uncovered a global campaign conducted by a China-linked APT10 cyber-espionage group targeting businesses using the recently-disclosed ZeroLogon vulnerability. The group, also known as Cicada, Stone Panda, and Cloud Hopper, has been active at […] | Threat | APT 10 | |
|
2020-11-18 07:44:15 | Large-scale campaign targets vulnerable Epsilon Framework WordPress themes (lien direct) | Hackers are scanning the Internet for WordPress websites with Epsilon Framework themes installed to launch Function Injection attacks. Experts at the Wordfence Threat Intelligence team uncovered a large-scale wave of attacks targeting reported Function Injection vulnerabilities in themes using the Epsilon Framework. Below a list of themes and related versions that are vulnerable to the above […] | Threat | ||
|
2020-11-16 07:51:35 | New skimmer attack uses WebSockets to evade detection (lien direct) | Experts spotted a new skimmer attack that used an alternative technique to exfiltrate payment information from payment cards. Researchers from Akamai discovered a new skimmer attack that is targeting several e-stores with a new technique to exfiltrate data. Threat actors are using fake credit card forum and WebSockets to steal the financial and personal information of the […] | Threat | ||
|
2020-11-16 07:26:44 | New Jupyter information stealer appeared in the threat landscape (lien direct) | Russian-speaking threat actors have been using a piece of malware, dubbed Jupyter malware, to steal information from their victims. Researchers at Morphisec have spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, tracked as Jupyter, to steal information from their victims. The Jupyter malware is able to collect data from multiple […] | Malware Threat | ||
|
2020-11-15 11:02:45 | Shiny Hacker hacked Pluto TV service, 3.2M accounts exposed (lien direct) | A hacker has shared 3.2 million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. Pluto TV is an American internet television service, it is an advertiser-supported video on demand (AVOD) service that primarily offers a selection of programming content through digital linear channels designed to emulate the experience of […] | Threat | ||
|
2020-11-11 23:22:51 | The alleged decompiled source code of Cobalt Strike toolkit leaked online (lien direct) | The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy […] | Threat | ||
|
2020-11-11 14:24:04 | Ragnar Locker ransomware gang advertises Campari hack on Facebook (lien direct) | Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attackers threaten to release the stolen […] | Ransomware Hack Threat | ||
|
2020-11-09 19:17:40 | xHunt hackers hit Microsoft Exchange with two news backdoors (lien direct) | While investigating a cyber attack on the Microsoft Exchange server of an organization in Kuwait, experts found two new Powershell backdoors. Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor […] | Threat | ||
|
2020-11-09 08:46:59 | FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses (lien direct) | The FBI warns that threat actors are abusing misconfigured SonarQube applications to steal source code from US government agencies and businesses. The Federal Bureau of Investigation has issued an alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and businesses. The alert, coded […] | Threat | ||
|
2020-11-07 17:27:56 | Ransomware operators target CVE-2020-14882 WebLogic flaw (lien direct) | At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. At the end of October, threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the […] | Ransomware Vulnerability Threat | ||
|
2020-11-06 13:03:54 | (Déjà vu) Threat Report Portugal: Q3 2020 (lien direct) | Threat Report Portugal Q3 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from […] | Malware Threat | ||
|
2020-11-05 13:07:10 | New KilllSomeOne APT group leverages DLL side-loading (lien direct) | A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar. A new Chinese APT group, tracked as KilllSomeOne, was spotted by researchers at Sophos. The advanced cyber-espionage group is targeting corporate organizations in Myanmar with DLL side-loading attacks. The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used […] | Threat | ||
|
2020-11-04 00:32:28 | UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit (lien direct) | A sophisticated threat actor, tracked as UNC1945, has been observed exploiting vulnerabilities in the Oracle Solaris operating systems for over two years. Researchers from FireEye reported that a sophisticated threat actor, tracked as UNC1945, has been observed targeting Oracle Solaris operating systems for over two years. The codename “UNC” used to track the group is […] | Threat | ||
|
2020-11-03 08:20:32 | Google fixes the second zero-day in Chrome in 2 weeks actively exploited (lien direct) | Google released Chrome 86.0.4240.183 for Windows, Mac, and Linux to fix 10 security vulnerabilities, including an RCE zero-day exploited in the wild. Google has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild. The RCE is […] | Threat | ||
|
2020-11-01 14:56:34 | Maze ransomware is going out of the business (lien direct) | The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the […] | Ransomware Threat | ||
|
2020-11-01 11:11:49 | A data breach broker is selling account databases of 17 companies (lien direct) | A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. The threat actor is advertising the stolen data since October 28 on a […] | Data Breach Threat | ||
|
2020-10-31 16:39:09 | Emotet operators are running Halloween-themed campaigns (lien direct) | Crooks behind Emotet malware attempt to take advantage of the Halloween festivity, a new campaign could invite you to a Halloween party. Threat actors are attempting to take advantage of the Halloween festivities, a recent Emotet malware campaign spotted by BleepingComputer employed spam emails that invite recipients to a Halloween party. The Emotet banking trojan has […] | Spam Malware Threat |
To see everything:
Our RSS (filtrered)
