What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-14 15:07:49 | (Déjà vu) Threat Report Portugal: Q2 2020 (lien direct) | The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution […] | Threat | ||
|
2020-08-14 07:47:13 | Chinese APT CactusPete targets military and financial orgs in Eastern Europe (lien direct) | China-linked threat actor tracked as CactusPete was employing an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe. A China-linked APT group, tracked by Kaspersky as CactusPete (aka Karma Panda or Tonto Team), was observed using an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe. The […] | Threat | ||
|
2020-08-14 06:47:45 | Threat actor leaked data for U.S. gun exchange site on hacking forum (lien direct) | A threat actor has released the databases of Utah-based gun exchange and hunting sites for free on a cybercrime forum. On August 10th, a hacker has leaked online the databases of Utah-based gun exchange for free on a cybercrime forum. He claims the databases contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video […] | Threat | ||
|
2020-08-13 08:22:03 | Rent a hacker: Group-IB uncovers corporate espionage group RedCurl (lien direct) | Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. In less than three years, RedCurl […] | Threat | ||
|
2020-08-13 08:10:17 | Israel announced to have foiled an attempted cyber-attack on defence firms (lien direct) | Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers. The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country’s defence manufacturers. According to the officials, the attack […] | Threat | ||
|
2020-08-13 06:51:07 | Threat actors managed to control 23% of Tor Exit nodes (lien direct) | A security researcher has discovered that a threat actor controlled roughly 23% of the Tor network's exit nodes. A security researcher named Nusenu revealed that in May a malicious controlled roughly 23% of the entire Tor network's exit nodes. Experts warn that this was the first time that a single actor controlled such a large […] | Threat | ||
|
2020-08-10 14:58:32 | Nefilim ransomware operators claim to have hacked the SPIE group (lien direct) | Nefilim ransomware operators allegedly targeted the SPIE group, an independent European leader in multi-technical services. Researchers from threat intelligence firm Cyble reported that Nefilim ransomware operators allegedly hacked The SPIE Group, an independent European leader in multi-technical services. The number of ransomware attacks continues to increase, hackers also steal victims’ data and threaten them to […] | Ransomware Threat Guideline | ||
|
2020-08-07 22:19:20 | Reddit massive hack: hackers defaced channels with pro-Trump messages (lien direct) | Reddit suffered a massive hack, threat actors compromised tens of Reddit channels and defaced them showing messages in support of Donald Trump’s campaign. Reddit suffered a massive hack, threat actors defaced tens of channel to display messages in support of Donald Trump’s reelection campaign. At the time of writing, the massive hack is still ongoing […] | Hack Threat | ||
|
2020-08-07 06:58:17 | Google Threat Analysis Group took down ten influence operations in Q2 2020 (lien direct) | Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report, a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Google revealed to have taken down ten coordinated operations in […] | Threat | ||
|
2020-08-06 05:12:38 | Hackers can abuse Microsoft Teams updater to deliver malicious payloads (lien direct) | Threat actors can abuse Microsoft Teams updater to retrieve and execute malicious code from a remote location. Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. The bad news is […] | Threat | ||
|
2020-08-04 21:36:48 | UberEats data leaked on the dark web (lien direct) | Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process […] | Data Breach Threat | Uber | |
|
2020-08-03 07:46:14 | (Déjà vu) Havenly discloses data breach, 1.3M accounts available online (lien direct) | Havenly, a Denver-Based company, that realized an interior designer marketplace has disclosed a data breach that impacted 1.3 million users. The US-based interior design web site Havenly has disclosed a data breach after the known threat actor ShinyHunters has leaked for free the databases of multiple companies on a hacker forum. Last week, BleepingComputer reported that ShinyHunterswas […] | Data Breach Threat | ||
|
2020-07-31 09:04:23 | EU has imposed sanctions on foreign actors for the first time ever (lien direct) | For the first-ever time, the EU has imposed economical sanctions on Russia, China, and North Korea following cyber-attacks aimed at the EU and its member states. The Council of the European Union announced sanctions imposed on a Russia-linked military espionage unit, as well as companies operating for Chinese and North Korean threat actors that launched […] | Threat | ||
|
2020-07-30 15:37:35 | Operation North Star – North-Korea hackers targeted US defense and aerospace companies (lien direct) | North Korea-linked hackers continue to be very active in this period, researchers reported a campaign aimed at the US defense and aerospace sectors. Security experts from McAfee uncovered a new cyber-espionage campaign carried out by North Korean hackers that targeted the US defense and aerospace sectors. Threat actors used fake job offers to deceive employees […] | Threat | ||
|
2020-07-28 19:59:25 | ShinyHunters leaked over 386 million user records from 18 companies (lien direct) | ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app Dave.com disclosed a security […] | Threat | ||
|
2020-07-28 16:49:01 | Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew (lien direct) | Group-IB’s report uncovers major players and driving forces of a criminal digital piracy syndicate which has been flourishing in the post-Soviet space Group-IB, a global threat hunting and intelligence company headquartered in Singapore, today presented its report “Jolly Roger's patrons. Group-IB exposes financial crime network of online pirates in developing countries.“ The document uncovers major players […] | Threat | ||
|
2020-07-28 15:19:38 | Nefilim ransomware operators leaked data alleged stolen from the Dussmann group (lien direct) | Cyble researchers reported that Nefilim ransomware operators allegedly targeted the Dussmann group, the German largest private multi-service provider Researchers from threat intelligence firm Cyble reported that Nefilim ransomware operators allegedly targeted the Dussmann group, the German largest private multi-service provider. The Dussmann Group has over 64,500 employees in 22 countries, it is one of the […] | Ransomware Threat | ||
|
2020-07-27 06:08:07 | NSA/CISA joint report warns on attacks on critical industrial systems (lien direct) | NSA is warning of cyber attacks launched by foreign threat actors against organizations in the critical infrastructure sector across the U.S. The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S. “Over recent months, cyber-actors have demonstrated their […] | Threat | ||
|
2020-07-26 11:11:11 | Records for 7.5 million users of the digital banking app Dave leaked online (lien direct) | Digital banking app Dave.com discloses a security breach after the known threat actor ShinyHunters leaked 7 million user records on a crime forum. The popular digital banking app Dave.com discloses a security breach after the known threat actor ShinyHunters leaked 7,516,625 user records on a crime forum. According to ZDNet, the security breach originated on the network […] | Threat | ||
|
2020-07-25 08:25:03 | Threat actors are hijacking the infamous Emotet botnet (lien direct) | A sort of vigilante is attempting to disrupt the operations of the Emotet botnet by hacking the supply chain of the malware. Someone is attempting to sabotage the operations of the Emotet botnet by replacing the Emotet payloads with animated GIFs, in this way the victims will not be infected with the bot. The mysterious activity […] | Threat | ||
|
2020-07-23 14:46:05 | New MATA Multi-platform malware framework linked to NK Lazarus APT (lien direct) | North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD […] | Ransomware Malware Threat Medical | APT 38 | |
|
2020-07-23 06:10:03 | Prometei, a new modular crypto-mining botnet exploits Windows SMB (lien direct) | Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.move laterally across systems while covertly mining for cryptocurrency. The Prometei […] | Threat | ||
|
2020-07-22 14:17:13 | Dozens of unsecured databases wiped by mysterious Meow attack (lien direct) | Dozens of unsecured databases exposed online web wiped by threat actors as part of a campaign tracked as Meow attack. Experts observed dozens of unsecured Elasticsearch and MongoDB instances exposed online that were inexplicably wiped by threat actors as part of a campaign tracked as Meow attack. The Meow attack began recently and attackers did […] | Threat | ||
|
2020-07-18 14:34:16 | Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability (lien direct) | Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability, , tracked as CVE-2020-6287. Immediately after a researcher released a proof-of-concept (PoC) exploit for the RECON vulnerability, […] | Vulnerability Threat | ||
|
2020-07-16 05:43:03 | CIA covert operations likely behind attacks against APT34 and FSB (lien direct) | CIA orchestrated dozens of hacking operations against targets worldwide, including APT34 and FSB hacks, states an exclusive report from Yahoo News. In 2018, US President Trump gave to the Central Intelligence Agency (CIA) more powers to conduct covert offensive cyber operations against hostile threat actors, including Iranian and Russian APT groups and intelligence agencies. In […] | Threat | Yahoo APT 34 | |
|
2020-07-13 13:36:43 | Personal details and SSNs of 40,000 US citizens available for sale (lien direct) | Security experts at threat intelligence firm Cyble have identified a credible actor selling personal details of approximately 40,000 US citizens. Security experts at threat intelligence firm Cyble Experts have discovered the availability on the darkweb of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs). The huge trove of data was discovered […] | Threat | ||
|
2020-07-13 07:20:30 | Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb (lien direct) | Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. The huge trove of data was […] | Threat | ||
|
2020-07-11 04:45:03 | Evilnum Group targets European and British fintech companies (lien direct) | A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden […] | Malware Threat | ||
|
2020-07-10 10:09:52 | KingComposer fixes a reflected XSS impacting 100,000 WordPress sites (lien direct) | An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin. Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and […] | Vulnerability Threat | ★★ | |
|
2020-07-08 13:37:54 | Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw (lien direct) | Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before […] | Threat | ||
|
2020-07-06 07:42:48 | Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw (lien direct) | Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn. A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product. F5 Networks has recently addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management […] | Vulnerability Threat | ||
|
2020-07-05 09:50:22 | CISA warns organizations of cyberattacks from the Tor network (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the […] | Threat | ||
|
2020-07-03 14:11:52 | Hackers are targeting unsecured MongoDB database (lien direct) | A new wave of attacks is targeting unsecured MongoDB database servers and wiping their content attempting to extort a ransom to the victims. The popular security expert Victor Gevers from the non-profit GDI Foundation reported a new wave of attacks that are targeting unsecured MongoDB database servers exposed online. Threat actors are wiping the content […] | Threat | ||
|
2020-07-02 21:21:15 | Maze Ransomware operators hacked Highways Authority Of India (Nhai) (lien direct) | Researchers at Cyble reported that Maze Ransomware Operators allegedly breached National Highways Authority Of India (Nhai). As part of regular darkweb monitoring, researchers from threat intelligence firm has spotted the data leak of National Highways Authority of India (NHAI). The Maze ransomware operators allegedly breached the NHAI and leaked the data of their leak site. The National Highways […] | Ransomware Threat | ★★★★ | |
|
2020-06-30 12:49:18 | Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam (lien direct) | Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage […] | Threat | ||
|
2020-06-30 09:54:01 | A threat actor is selling databases stolen from 14 companies (lien direct) | A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChef, Minted, Tokopedia, and Zoosk) were previously reported data breaches. The list of […] | Threat | ||
|
2020-06-29 07:25:39 | Office 365 users that are returning to the workplace targeted with Coronavirus training resources (lien direct) | Experts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In […] | Threat | ||
|
2020-06-28 18:12:25 | Australian ACSC \'s report confirms the use of Chinese malware in recent attacks (lien direct) | Australian ACSC published a detailed report on the techniques, tactics, and procedures associated with the threat actor that targeted organizations in the country. Recently, Australia 's prime minister Scott Morrison revealed that a “state-based actor” is targeting government, public services, and businesses. Warning Australians of “specific risks” and an increased frequency of attacks, the Australian […] | Malware Threat | ||
|
2020-06-26 06:40:49 | New Lucifer DDoS botnet targets Windows systems with multiple exploits (lien direct) | A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it […] | Hack Threat | ||
|
2020-06-24 13:10:35 | (Déjà vu) Frost & Sullivan databases available for sale on a hacker forum (lien direct) | U.S. business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. U.S. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost […] | Threat | ||
|
2020-06-24 09:19:20 | (Déjà vu) REvil ransomware gang scans healthcare victim\'s network for PoS systems (lien direct) | Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Researchers from Symantec’s Threat Intelligence team reported that the REvil ransomware operators have been observed while scanning one of their victim’s network for Point of […] | Ransomware Threat | ||
|
2020-06-24 06:54:51 | New XORDDoS, Kaiji DDoS botnet variants target Docker servers (lien direct) | Operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online, Trend Micro warns. Trend Micro researchers reported that operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was […] | Threat | ||
|
2020-06-22 18:24:38 | Crooks leverage Google Analytics in web skimming attacks (lien direct) | Security researchers at Kaspersky uncovered a web skimming campaign leveraging Google Analytics service to steal user data. Recently, researchers at Kaspersky identified several web skimming attacks that abused Google Analytics service to exfiltrate data stolen with an e-skimmer software. Threat actors exploit the trust in Analytics to bypass Content Security Policy (CSP) using the Analytics API. […] | Threat | ||
|
2020-06-22 07:50:07 | A new variant of the IcedID banking Trojan spreads using COVID-19 lures (lien direct) | Experts spotted a new version of the IcedID banking trojan that uses steganography to infect victims as part of COVID-19 themed attacks. A new version of the IcedID banking trojan was employed in COVID-19 themed attacks, the new variant uses steganography to infect victims and implements anti-detection capabilities. Researchers at Juniper Threat Labs have spotted […] | Threat | ||
|
2020-06-21 15:47:53 | 230k+ Indonesian COVID-19 patients\' records for sale in the Darkweb (lien direct) | Security researchers at threat intelligence firm Cyble discovered over 230.000 Indonesian COVID-19 patients records leaked in the darknet. As part of a regular Deepweb and Darkweb monitoring activity, researchers at threat intelligence firm Cyble identified a credible threat actor who was selling the database of COVID-19 patients of Indonesia. The threat actor is offering around […] | Threat | ||
|
2020-06-21 13:47:41 | New Shlayer Mac malware spreads via poisoned search engine results (lien direct) | Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk […] | Malware Threat | ||
|
2020-06-21 09:35:08 | COVID-19 themed attacks are just a small percentage of the overall threats (lien direct) | Threat actors adapted their tactics to exploit the interest in the ongoing COVID-19 pandemic, Microsoft says. Since the beginning of the COVID-19 pandemic, threat actors started to actively deploy opportunistic campaigns using Coronavirus lures. Anyway, Microsoft says that malware attacks that abused the COVID-19 theme only had a temporary effect on the total volume of […] | Malware Threat | ||
|
2020-06-15 09:54:48 | Accessories giant Claire\'s is the victim of a Magecart attack, credit card data exposed (lien direct) | Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained access to customer’s credit cards. Claire’s […] | Threat | ||
|
2020-06-15 07:47:41 | Earth Empusa targets minority group with Android ActionSpy spyware (lien direct) | The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. Researchers warn that the Earth Empusa (aka POISON CARP/Evil Eye) threat group is targeting the Uyghurs, a Turkic minority ethnic group originating from and culturally affiliated with the general region of Central and East […] | Threat | ||
|
2020-06-14 12:27:59 | (Déjà vu) Coronavirus-themed attacks May 31 – June 13, 2020 (lien direct) | This post includes the details of the Coronavirus-themed attacks launched from May 31 to June 13, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected between May 31 and June 13, 2020. June 4, 2020 […] | Threat |
To see everything:
Our RSS (filtrered)
