What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-10-30 08:25:17 | Threat actors are actively exploiting Zerologon flaw, Microsoft warns (lien direct) | Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. Microsoft is warning that threat actors are actively exploiting the ZeroLogon vulnerability in the Netlogon Remote Protocol. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client […] | Vulnerability Threat | ||
|
2020-10-29 10:36:40 | Russia-linked Turla APT hacked European government organization (lien direct) | Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting […] | Threat | ||
|
2020-10-27 12:03:10 | Hacker was identified after the theft of $24 million from Harvest Finance (lien direct) | A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today […] | Hack Threat | ||
|
2020-10-26 17:09:46 | KashmirBlack, a new botnet in the threat landscape that rapidly grows (lien direct) | Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. Security experts from Imperva have spotted a new sophisticated botnet, tracked as KashmirBlack is believed to have already infected hundreds of thousands of websites by exploiting vulnerabilities in their content management system (CMS) platforms. […] | Threat | ||
|
2020-10-23 16:05:04 | Iran-Linked Seedworm APT target orgs in the Middle East (lien direct) | The Iran-linked cyber espionage group tracked as Seedworm started using a new downloader and is conducting destructive attacks. The Iran-linked cyber-espionage group Seedworm (aka MuddyWater MERCURY, and Static Kitten) was observed using a new downloader in a new wave of attacks. Security experts pointed out that the threat actor started conducting destructive attacks. Also referred to […] | Threat | ||
|
2020-10-22 08:19:11 | ENISA Threat Landscape Report 2020 (lien direct) | According to the ENISA Threat Landscape Report 2020, cyberattacks are becoming more sophisticated, targeted, and in many cases undetected. I'm proud to present the ENISA Threat Landscape Report 2020, the annual report published by the ENISA that provides insights on the evolution of cyber threats for the period January 2019-April 2020. The 8th annual ENISA Threat Landscape […] | Threat | ||
|
2020-10-20 10:15:22 | Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks (lien direct) | Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers. Powered with Group-IB's solution for online fraud prevention Secure […] | Threat | ||
|
2020-10-19 14:18:18 | (Déjà vu) The forum of the popular Albion Online game was hacked (lien direct) | Albion Online game maker discloses a data breach, hackers gained access to the company forum database by exploiting a known vulnerability. Albion Online (AO) is a free medieval fantasy MMORPG developed by Sandbox Interactive, a studio based in Berlin, Germany A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database. According to […] | Threat | ||
|
2020-10-19 09:41:19 | New Emotet campaign uses a new \'Windows Update\' attachment (lien direct) | After a short pause, a new Emotet malware campaign was spotted by the experts on October 14th, crooks began using a new ‘Windows Update’ attachment. After a short interruption, a new Emotet malware campaign was spotted by the experts in October. Threat actors began using new Windows Update attachments in a spam campaign aimed at […] | Spam Malware Threat | ||
|
2020-10-15 13:18:32 | U.S. Bookstore giant Barnes & Noble hit by cyberattack (lien direct) | U.S. Bookstore giant Barnes & Noble has disclosed a cyber attack and that the threat actors have exposed the customers’ data. Barnes & Noble, Inc., is an American bookseller with the largest number of retail outlets in the United States in fifty states. The bookseller also operated the Nook Digital, which is a spin-off division that […] | Threat | ||
|
2020-10-13 16:50:52 | Adobe addresses a critical security flaw in Adobe Flash Player (lien direct) | Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player that could be easily exploited by hackers. Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player (CVE-2020-9746) that could be exploited by threat actors by tricking the victims […] | Threat | ||
|
2020-10-12 11:29:34 | APT groups chain VPN and Windows Zerologon bugs to attack US government networks (lien direct) | US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint security alert to warn of attackers combining VPN and Windows Zerologon flaws to target government networks. […] | Threat | ||
|
2020-10-12 08:12:24 | Researchers found alleged sensitive documents of NATO and Turkey (lien direct) | Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of […] | Threat | ||
|
2020-10-11 16:44:16 | Underestimating the FONIX – Ransomware as a Service could be an error (lien direct) | FONIX is a new Ransomware as a Service available in the threat landscape that was analyzed by SentinelLabs researchers. FONIX is a relatively new Ransomware as a Service (RaaS) analyzed by researchers from Sentinel Labs, its operators were previously specialized in the developers of binary crypters/packers. The actors behind FONIX RaaS advertised several products on […] | Ransomware Threat | ||
|
2020-10-11 14:37:03 | Hackers targeted the US Census Bureau network, DHS report warns (lien direct) | The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year. The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The attacks were reported in the first Homeland Threat Assessment (HTA) report released earlier […] | Threat | ||
|
2020-10-08 19:50:37 | MontysThree threat actor targets Russian industrial organizations (lien direct) | A previously unknown threat actor, tracked as MontysThree, composed of Russian speaking members targets Russian industrial organizations. Kaspersky Lab researchers spotted a new threat actor, tracked as MontysThree, composed of Russian speaking members targets Russian industrial organizations. The MontysThree group used a toolset dubbed MT3 in highly targeted attacks with cyber espionage purposes. Researchers at […] | Threat | ||
|
2020-10-08 12:34:35 | Data from Airlink International UAE leaked on multiple dark web forums (lien direct) | Cybersecurity researchers from Cyble have spotted a threat actor sharing leaked data of Airlink International UAE for free on two different platforms. Cybersecurity researchers from Cyble have found a threat actor sharing leaked data of Airlink International UAE for free on two platforms on the dark web. The availability of the data on the dark web could pose organizations to serious risk, threat […] | Threat | ||
|
2020-10-08 11:22:54 | QNAP addresses 2 critical flaws that can allow hackers to take over NASs (lien direct) | QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over NAS devices. QNAP has addressed two critical security vulnerabilities in the Helpdesk app that can potential allow threat actors to take over vulnerable QNAP network-attached storage (NAS) devices. Helpdesk is a built-in app that allows owners of QNAP […] | Threat | ||
|
2020-10-05 21:47:58 | Second-ever UEFI rootkit used in North Korea-themed attacks (lien direct) | A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four […] | Malware Threat | ||
|
2020-10-05 18:13:54 | Experts warn of flaws in popular Antivirus solutions (lien direct) | Researchers disclosed details of security flaws in popular antivirus software that could allow threat actors to increase privileges. Security researchers from CyberArk Labs disclosed details of security vulnerabilities found in popular antivirus software that could be exploited by attackers to elevate their privileges on the target system. Antivirus solutions that are supposed to protect the systems from […] | Threat | ||
|
2020-10-05 13:30:07 | Hackers stole a six-figure amount from Swiss universities (lien direct) | Threat actors have hacked at least three Swiss universities, including the University of Basel and managed to drain employee salary transfers. Threat actors have managed to steal employee salary payments at several Swiss universities, including the University of Basel. “According to our information, several universities in Switzerland have been affected,” explained Martina Weiss, Secretary General of […] | Threat | ||
|
2020-10-05 11:10:54 | SLOTHFULMEDIA RAT, a new weapon in the arsenal of a sophisticated threat actor (lien direct) | U.S. DoD and the DHS CISA agency published a malware analysis report for a new malware variant tracked as SLOTHFULMEDIA The U.S. Department of Defense's Cyber National Mission Force (CNMF) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) have published a malware analysis report that provides technical details of a new […] | Malware Threat | ||
|
2020-10-04 15:39:45 | Visa shares details for two attacks on North American hospitality merchants (lien direct) | Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. US payments processor Visa revealed that two North American hospitality merchants have been hacked, threat actors infected the systems of the two unnamed organizations with some strains of point-of-sale (POS) malware. According to a security alert […] | Threat | ||
|
2020-10-01 11:57:36 | Flaws in leading industrial remote access systems allow disruption of operations (lien direct) | Experts found critical security flaws in two popular industrial remote access systems that could be exploited by threat actors for malicious purposes. Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper […] | Hack Threat Guideline | ||
|
2020-09-29 12:56:50 | FBI and CISA warn of disinformation campaigns about the hack of voter systems (lien direct) | The FBI and the US CISA issued a joint public service announcement about the threat of disinformation campaigns targeting the 2020 US election. The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement to warn of the threat of disinformation campaigns targeting the upcoming 2020 […] | Hack Threat | ||
|
2020-09-26 16:06:03 | Victims of ThunderX ransomware can recover their files for free (lien direct) | Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files. ThunderX is ransomware that appeared in the threat landscape recently, infections were discovered at the […] | Ransomware Threat | ||
|
2020-09-25 09:40:59 | CISA says federal agency compromised by malicious cyber actor (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and exfiltrated data. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. CISA published a detailed incident report related to the incident but didn’t disclose the name of the […] | Threat | ||
|
2020-09-24 08:42:19 | Hackers are using Zerologon exploits in attacks in the wild (lien direct) | Microsoft is warning of threat actors that are actively using the Windows Server Zerologon exploits in attacks in the wild. Microsoft has published a series of Tweets to warn of attackers that are actively exploiting the Windows Server Zerologon in attacks in the wild. The IT giant is urging Windows administrators to install the released […] | Threat | ||
|
2020-09-23 10:06:30 | Group-IB detects a series of ransomware attacks by OldGremlin (lien direct) | Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. The Russian-speaking threat actors are relatively new to the Big Game Hunting. Since […] | Ransomware Threat | ||
|
2020-09-22 22:21:06 | (Déjà vu) CISA\'s advisory warns of notable increase in LokiBot malware (lien direct) | US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning federal agencies and the private sector of a surge in the attacks employing the LokiBot […] | Malware Threat | ||
|
2020-09-20 14:06:15 | Mozi Botnet is responsible for most of the IoT Traffic (lien direct) | The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared on the threat landscape in late 2019. The Mozi botnet was spotted by security experts from 360 […] | Threat | ||
|
2020-09-18 09:38:15 | Ransomware en masse on the wane: top threats inside web-phishing in H1 2020 (lien direct) | Web-phishing targeting various online services almost doubled during the COVID-19 pandemic, it accounted for 46 percent of the total number of fake web pages. Singapore, 09/18/2020 - Group-IB, a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. It came as no […] | Ransomware Threat | ||
|
2020-09-17 11:26:39 | SunCrypt ransomware operators leak data of University Hospital New Jersey (lien direct) | University Hospital New Jersey (UHNJ) has suffered a ransomware attack, SunCrypt ransomware operators also leaked the data they have stolen. Systems at the University Hospital New Jersey (UHNJ) were encrypted with the SunCrypt ransomware, threat actors also stolen documents from the institution and leaked it online. The incident took place in September. The UHNJ is […] | Ransomware Threat | ||
|
2020-09-16 09:23:47 | New MrbMiner malware infected thousands of MSSQL DBs (lien direct) | A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. According to security firm Tencent, the team of […] | Malware Threat | ||
|
2020-09-15 19:37:27 | Experts warn of surge in DDoS attacks targeting education institutions (lien direct) | Experts warn of a surge in the DDoS attacks against education institutions and the academic industry across the world. While the popularity of online learning is increasing due to the ongoing Coronavirus pandemic, threat actors are launching distributed denial-of-service (DDoS) on education institutions and the academic industry across the world. The DDoS attacks are causing […] | Threat | ||
|
2020-09-14 15:32:25 | Staples discloses data breach exposing customer order data (lien direct) | Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. Staples, the office retail giant, disclosed a data breach, it notified its customers that their order data have been accessed by threat actors without authorization. The office retail giant sent out a data breach notification letter to the […] | Data Breach Threat | ||
|
2020-09-14 11:48:28 | (Déjà vu) Zerologon attack lets hackers to completely compromise a Windows domain (lien direct) | Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472. The CVE-2020-1472 flaw is an elevation of privilege […] | Threat | ||
|
2020-09-11 21:01:18 | Threat actors target WordPress sites using vulnerable File Manager install (lien direct) | Experts reported threat actors are increasingly targeting a recently addressed vulnerability in the WordPress plugin File Manager. Researchers from WordPress security company Defiant observed a surge in the number of attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager. In early September, experts reported that hackers were actively exploiting a critical remote […] | Vulnerability Threat | ||
|
2020-09-11 18:30:25 | (Déjà vu) Iran denies any involvement in the attack against 2020 US election (lien direct) | The Iranian government denies Microsoft’s allegations related to the alleged attacks against individuals involved in the upcoming 2020 US presidential election. Microsoft announced to have detected a new wave of attacks carried out by Chinese, Iranian, and Russian state-sponsored hackers against the US election. Threat actors had tried to compromise email accounts belonging to people […] | Threat | ||
|
2020-09-11 12:24:55 | Decrypting TLS connections with new Raccoon Attack (lien direct) | Boffins devised a new timing attack, dubbed Raccoon that could be exploited by threat actors to decrypt TLS-protected communications. Security researchers from universities in Germany and Israel have disclosed the details of a new timing attack, dubbed Raccoon, that could allow malicious actors to decrypt TLS-protected communications. The timing vulnerability resides in the Transport Layer […] | Vulnerability Threat | ||
|
2020-09-11 06:17:54 | Chinese, Iranian, and Russian APT groups target 2020 US election (lien direct) | Microsoft reveals that state-sponsored hackers had tried to breach email accounts belonging to people involved in the US election. Microsoft announced to have detected a new wave of attacks carried out by Chinese, Iranian, and Russian state-sponsored hackers against the US election. Threat actors had tried to compromise email accounts belonging to people associated with […] | Threat | ||
|
2020-09-10 08:57:19 | (Déjà vu) Hackers stole $5.4 million from cryptocurrency exchange ETERBASE (lien direct) | Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it […] | Hack Threat | ||
|
2020-09-04 18:26:16 | U.S. Department of Defense discloses details about critical and high severity issues (lien direct) | The U.S. Department of Defense has disclosed the details about four critical and high severity vulnerabilities in its infrastructure. The U.S. Department of Defense has disclosed details of four vulnerabilities in its infrastructure, two high severity rating issues and other two critical flaws. The vulnerabilities could be exploited by threat actors to hijack a subdomain, […] | Threat | ||
|
2020-08-31 14:29:28 | Hackers are trying to exploit DoS flaw in Cisco IOS XR software running in carrier-grade routers (lien direct) | Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability (CVE-2020-3566) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers. Cisco IOS XR […] | Vulnerability Threat | ||
|
2020-08-27 21:07:17 | Group with numerous faces: chronicle of UltraRank\'s deceptive JS-sniffer campaigns (lien direct) | Group-IB security researchers provide evidence linking three campaigns with the use of various JS-sniffer families. Singapore – Group-IB, a global threat hunting and intelligence company headquartered in Singapore, today released its analytical report “UltraRank: the unexpected twist of a JS-sniffer triple threat.” In its report, Group-IB Threat Intelligence experts provide evidence linking three campaigns with the use of various JavaScript-sniffer families […] | Threat | ||
|
2020-08-24 14:26:31 | Cybercriminal greeners from Iran attack companies worldwide for financial gain (lien direct) | Group-IB has detected financially motivated attacks carried out in June by newbie threat actors from Iran. The attackers used Dharma ransomware and a mix of publicly available tools to target companies in Russia, Japan, China, and India. All the affected organizations had hosts with Internet-facing RDP and weak credentials. The hackers typically demanded a ransom between 1-5 […] | Threat | ||
|
2020-08-23 14:56:11 | A Google Drive weakness could allow attackers to serve malware (lien direct) | A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images. enabling bad actors to perform spear-phishing attacks comparatively with a high success […] | Malware Threat | ||
|
2020-08-21 17:48:00 | Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators (lien direct) | Experts at threat intelligence firm Cyble came across a post published by Maze ransomware operators claiming to have breached the steel sheet giant Hoa Sen Group. During the ordinary monitoring of Deepweb and Darkweb, researchers at Cyble came across the leak disclosure post published by the Maze ransomware operators that claim the hack of the Hoa Sen […] | Ransomware Hack Threat | ||
|
2020-08-16 06:51:40 | Sodinokibi ransomware gang stole 1TB of data from Brown-Forman (lien direct) | Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Sodinokibi (REvil) ransomware operators announced last week to have breached the network of the Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Threat actors claim to have […] | Ransomware Threat | ||
|
2020-08-14 17:39:50 | (Déjà vu) North Korea\'s Lazarus compromised dozens of organizations in Israel (lien direct) | Since January 2020, the North Korea-linked Lazarus APT has successfully compromised dozens of organizations in Israel and other countries. The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country's defence manufacturers. According to the officials, the attack was launched by “an […] | Threat | APT 38 |
To see everything:
Our RSS (filtrered)
