What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-23 10:34:06 | State-sponsored hackers are using COVID-19 lures, Google warns (lien direct) | Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic. Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic. Google's Threat Analysis Group (TAG) shared its latest findings related […] | Threat | ||
|
2020-04-20 16:36:29 | Threat Report Portugal Q1 2020 (lien direct) | Threat Report Portugal Q1 2020: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is a novel open sharing database with the ability to collect indicators from multiple sources, developed by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community. This makes it a reliable and trustworthy and […] | Malware Threat | ||
|
2020-04-20 15:43:41 | Law enforcement and Microsoft join forces to dismantle botnet using LED Light Control Console (lien direct) | Cybercriminals have abused LED light control console to launch malicious attacks, Microsoft's security experts warn. Microsoft researchers shared details of a new incident discovered in Taiwan, where crooks abused LED light control consoles to launch malicious attacks. Threat actors used the consoles to deliver malware and ransomware through an IoT botnet that was also used […] | Ransomware Malware Threat | ||
|
2020-04-20 12:03:01 | Proposed government Coronavirus contact tracing app leaked data (lien direct) | A contact tracking app for the Coronavirus proposed to the government of the Netherlands is affected by security issues that could expose user data. Technologies play a crucial role in the containment of the Coronavirus outbreak, especially contact tracing applications that could pose a threat to user privacy. The app, called Covid19 Alert, was one […] | Threat | ||
|
2020-04-19 11:39:19 | (Déjà vu) Coronavirus-themed attacks April 12 – April 18, 2020 (lien direct) | This post includes the details of the Coronavirus-themed attacks launched from April 12 to April 18, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. April 14 – Crooks target Healthcare facilities involved […] | Threat | ||
|
2020-04-18 08:36:58 | Trickbot is the most prolific malware operation using COVID-19 themed lures (lien direct) | TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments. Microsoft experts revealed that this campaign […] | Malware Threat | ||
|
2020-04-16 08:07:35 | Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker (lien direct) | Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker. The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil. The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other […] | Threat | ||
|
2020-04-09 10:37:12 | Less than 2% of all daily malspam are Coronavirus-themed attacks, Microsoft reports (lien direct) | Microsoft shares new threat intelligence, the IT giant pointed out that malspam activities have not increased due to Coronavirus outbreak. In recent weeks, security firms and experts reported numerous Coronavirus-themed attacks, now Microsoft shares new threat intelligence on malicious activities during the pandemic. Despite threat actors are exploiting the current coronavirus pandemic to target users, […] | Threat | ||
|
2020-04-05 10:08:23 | (Déjà vu) Coronavirus-themed attacks March 29 – April 04, 2020 (lien direct) | In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 29 to April 04, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 30, 2020 – […] | Threat | ||
|
2020-04-04 16:22:04 | Firefox 74.0.1 addresses two zero-days exploited in the wild (lien direct) | Mozilla releases Firefox version 74.0.1 to address two vulnerabilities exploited by threat actors in attacks in the wild, users should update their browsers asap. Mozilla is urging users to install the latest version of its browser, Firefox 74.0.1, which addresses two bugs that are being exploited in the wild by threat actors. The two vulnerabilities […] | Threat | ||
|
2020-04-01 09:38:59 | New Raccoon Stealer uses Google Cloud Services to evade detection (lien direct) | Researchers found a piece of Raccoon Stealer that abuse of Google Cloud Services and leverages multiple delivery techniques. Racoon malware (aka Legion, Mohazo, and Racealer) is an info-stealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data from about […] | Malware Threat | ||
|
2020-04-01 08:00:10 | LimeRAT malware delivered using 8-year-old VelvetSweatshop trick (lien direct) | Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as an open-source project on Github, it […] | Malware Tool Threat | ||
|
2020-03-31 21:43:12 | A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges (lien direct) | A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […] | Vulnerability Threat | ||
|
2020-03-29 19:16:15 | (Déjà vu) Source code of Dharma ransomware now surfacing on public hacking forums (lien direct) | The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware, is up for sale on two Russian-language hacking forums. The Dharma ransomware first appeared on the threat landscape in February 2016, at the […] | Ransomware Threat | ||
|
2020-03-29 13:23:08 | (Déjà vu) Coronavirus-themed attacks March 22 – March 28, 2020 (lien direct) | In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 22 to March 28, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 23 – COVID19-themed […] | Threat | ★★★★★ | |
|
2020-03-27 10:04:32 | New financially motivated attacks in Western Europe traced to Russian-speaking threat actors (lien direct) | Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected successful attacks in Western Europe carried out in late January 2020 traced to Russian-speaking threat actors. At least two companies operating in pharmaceutical and manufacturing sectors have […] | Threat | ||
|
2020-03-27 08:42:37 | (Déjà vu) Ryuk Ransomware operators continue to target hospitals during COVID19 outbreak (lien direct) | Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware […] | Ransomware Threat | ||
|
2020-03-25 22:17:01 | China-linked APT41 group exploits Citrix, Cisco, Zoho flaws (lien direct) | The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye, threat actor targeted many organizations worldwide the […] | Threat Guideline | APT 41 | |
|
2020-03-24 21:45:39 | WildPressure, a new APT group targets the Middle East\'s industrial sector (lien direct) | Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in the Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August […] | Malware Threat | ||
|
2020-03-22 15:05:21 | Coronavirus-themed attacks March 15 – March 21, 2020 (lien direct) | In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 15 to March 21, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 21, 2020 – New […] | Threat | ||
|
2020-03-21 21:27:09 | New Coronavirus-themed attack uses fake WHO chief emails (lien direct) | Day after day the number of Coronavirus-themed attacks increases, fraudsters have launched a phishing campaign to deliver keyloggers on users’ PC Experts from IBM X-Force have uncovered a new Coronavirus-themed phishing campaign aimed at delivering keyloggers on users’ PC Threat actors are using phishing emails claiming to be sent from the chief of the World Health […] | Threat | ||
|
2020-03-21 15:46:39 | Mukashi, the new Mirai variant that targets Zyxel NAS (lien direct) | A new variant of the infamous Mirai malware, tracked as Mukashi, targets Zyxel network-attached storage (NAS) devices exploiting recently patched CVE-2020-9054 issue. Security experts have discovered a new variant of the infamous Mirai malware, tracked as Mukashi, was employed in attacks against network-attached storage (NAS) devices manufactured by Zyxel. According to Palo Alto researchers, threat actors exploited […] | Threat | ||
|
2020-03-21 07:48:46 | Healthcare sector targeted : what you need to know about the hackers very unusual strategy (lien direct) | Orange Cyberdefense's Epidemiology Lab has published a report on cyberattacks targeting the healthcare sector. While COVID-19 infections around the world are exploding, cyber threat actors are trying to capitalise on this global health crisis by creating malwares or launching attacks with a COVID-19 theme. Last week, a COVID-19 testing centre was hit by a cyberattack, […] | Threat | ||
|
2020-03-18 17:46:47 | Thousands of Coronavirus-related malicious domains are being created every day (lien direct) | The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. Crooks and nation-state actors continue to exploit the interest of potential victims in the Coronavirus outbreak. In recent weeks, we observed that threat actors are creating thousands of coronavirus-themed websites on a daily basis. […] | Malware Threat | ||
|
2020-03-18 10:25:47 | Trend Micro addresses two issues exploited by hackers in the wild (lien direct) | Trend Micro has addressed several serious vulnerabilities in its products, including two flaws that have been exploited in the wild. Trend Micro has released security updates to address several serious flaws in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of vulnerabilities that have been exploited by threat actors in the […] | Threat | ||
|
2020-03-17 21:56:52 | Operators behind Nefilim Ransomware threaten to release stolen data (lien direct) | Operators behind a new piece of ransomware dubbed Nefilim have started threatening victims to release stolen data like other cybercrime gangs. A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. The main difference between the two threats is that […] | Ransomware Threat | ||
|
2020-03-17 15:03:44 | Ursnif campaign targets Italy with a new infection Chain (lien direct) | Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source […] | Threat | ||
|
2020-03-12 17:18:13 | Card data stole from the Volusion security breach surfaces on the dark web (lien direct) | Security experts have discovered that card data stolen last year from Volusion-hosted online stores is now available for sale on the dark web. Experts from the threat intel firm Gemini Advisory have discovered that card data stolen last year from Volusion-hosted online stores have surfaced on the dark web. Volusion is a privately-held technology company that […] | Threat | ||
|
2020-03-11 15:58:17 | Office network at the European Network of Transmission System Operators for Electricity (ENTSO-E) breached (lien direct) | The European Network of Transmission System Operators for Electricity (ENTSO-E) disclose a security breach this week. The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that threat actors penetrated its network. ENTSO-E, the European Network of Transmission System Operators, represents 43 electricity transmission system operators (TSOs) from 36 countries across Europe, […] | Threat | ||
|
2020-03-10 10:13:14 | Microsoft warns of Human-Operated Ransomware as a growing threat to businesses (lien direct) | Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, […] | Ransomware Threat | ||
|
2020-03-09 11:43:52 | (Déjà vu) Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw (lien direct) | Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688. The experts did not provide details on the threat actors that are exploiting the […] | Vulnerability Threat | ||
|
2020-03-05 08:23:32 | Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers (lien direct) | China-linked cyber espionage groups increasingly targeted organizations in the telecommunications industry in 2019. According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the threat actors. Experts monitored operations carried out by nation-state actors and financially-motivated attackers. Most of the attacks against organizations in the telecom sector […] | Threat | ||
|
2020-03-03 18:48:42 | The North Korean Kimsuky APT threatens South Korea evolving its TTPs (lien direct) | Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […] | Threat | APT 34 APT 36 | |
|
2020-03-03 15:38:10 | Nemty ransomware operators launch their data leak site (lien direct) | The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files […] | Ransomware Malware Threat | ||
|
2020-02-28 13:05:57 | Which are the most dangerous mobile app stores online? (lien direct) | An interesting report published by RiskIQ on 2019 Mobile App Threat Landscape, lists the most dangerous mobile app store online. Mobile users downloaded over 200 billion apps in 2019 and the overall expense in app stores worldwide has been estimated in more than $120 billion. Threat actors don’t want to miss this amazing business opportunity […] | Threat | ||
|
2020-02-27 18:57:25 | Lampion malware origin servers geolocated in Turkey (lien direct) | After three months from the first detection, the Lampion origin was identified. A webserver named “portaldasfinancas” is available in Turkey and has been used to spread the threat in Portugal. Lampion malware is the most critical malware affecting Portuguese users' last three months. From December 2019 it had spread, impersonating and using template emails from the Portuguese […] | Malware Threat | ★★ | |
|
2020-02-27 08:05:01 | Threat actors scan Internet for Vulnerable Microsoft Exchange Servers (lien direct) | Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. The vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the […] | Vulnerability Threat | ||
|
2020-02-24 20:10:50 | Raccoon Malware, a success case in the cybercrime ecosystem (lien direct) | Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware, Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data […] | Malware Threat | ||
|
2020-02-23 11:14:42 | ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia (lien direct) | Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. The malware was employed in targeted attacks against […] | Malware Threat | ||
|
2020-02-11 15:44:01 | OT attacks increased by over 2000 percent in 2019, IBM reports (lien direct) | According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM's 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. According to IBM X-Force, attacks targeting operational technology (OT) infrastructure increased […] | Threat | ||
|
2020-01-31 08:17:43 | Report: Threat of Emotet and Ryuk (lien direct) | Experts at cyber security firm Cypher conducted a study on Portuguese domains during 2019 and concluded that Emotet and Ryuk were the most active threats Emotet, the most widespread malware worldwide and Ryuk, a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This is the conclusion of a […] | Ransomware Malware Threat | ||
|
2020-01-28 10:37:16 | Cyber Threat Trends Dashboard (lien direct) | Marco Ramilli published the Cyber Threat Trends Dashboard, a useful tool that will allow us to better understand most active threats in real time. Introduction Information sharing is one of the most important activity that cybersecurity researchers do on daily basis. Thanks to “infosharing” activities it is possible to block or, in specific cases, to […] | Tool Threat | ||
|
2020-01-27 14:40:38 | Which was the most common threat to macOS devices in 2019? Shlayer malware (lien direct) | Malware authors continue to show interest in macOS devices, Kaspersky experts confirmed that the Shlayer malware has been the most common threat to the macOS platform. Security experts from Kaspersky Lab revealed that the Shlayer malware was the most widespread macOS threat in 2019. In February, malware researchers at Carbon Black spotted a new strain […] | Malware Threat | ||
|
2020-01-23 18:16:05 | Iran-Linked PupyRAT backdoor used in recent attacks on European energy sector (lien direct) | Hackers used a remote access Trojan (RAT) associated with Iran-linked APT groups in recent attacks on a key organization in the European energy sector. Security experts from Recorded Future reported that a backdoor previously used in attacks carried out by an Iran-linked threat actor was used to target a key organization in the European energy […] | Threat | ||
|
2020-01-20 13:32:30 | NATO will send a counter-hybrid team to Montenegro to face Russia\'s threat (lien direct) | The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks. Last week in Brussels, the Chairman of the NATO Military Committee (MC), Marshal Sir Stuart Peach, announced the effort of the Alliance in facing Russian hybrid attacks. The term “Hybrid warfare” refers to […] | Threat | ||
|
2020-01-20 08:10:30 | JhoneRAT uses Google Drive, Twitter, ImgBB, and Google Forms to target countries in Middle East (lien direct) | Researchers from Cisco Talos discovered a new Trojan named JhoneRAT that was used in targeted attacks against entities in the Middle East. A new Trojan named JhoneRAT appeared in the threat landscape, it is selectively attacking targets in the Middle East by checking keyboard layouts. The malware targets a very specific set of Arabic-speaking countries, […] | Malware Threat | ||
|
2020-01-19 09:32:27 | Hackers patch Citrix servers to deploy their own backdoor (lien direct) | Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own backdoor to lock out other attackers. Security experts are monitoring a spike in the number of attacks against Citrix servers after that researchers announced the availability online of proof-of-concept exploits for the CVE-2019-19781 flaw in Citrix NetScaler […] | Threat Patching | ||
|
2020-01-16 07:05:50 | 5ss5c Ransomware emerges after Satan went down in the hell (lien direct) | The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the Satan, DBGer and Lucky ransomware and likely Iron ransomware, is back with a new piece of malware named ‘5ss5c’. The Bart Blaze believes that the threat actors have […] | Ransomware Malware Threat | ||
|
2020-01-15 09:02:12 | Iranian Threat Actors: Preliminary Analysis (lien direct) | Nowadays Iran's Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran's Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a […] | Threat | ||
|
2020-01-11 06:57:23 | CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited (lien direct) | The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that attackers continue to exploit the well known Pulse Secure VPN vulnerability tracked as CVE-2019-11510. The CVE-2019-11510 flaw in Pulse Connect Secure […] | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
