What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-13 15:43:51 | (Déjà vu) Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server (lien direct) | >Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The Cloudflare DDoS threat report 2022 Q3 states that multi-terabit massive DDoS attacks have become increasingly frequent. In Q3, the […] | Threat | ||
|
2022-10-12 05:54:56 | LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware (lien direct) | >Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. Threat actors initially deployed […] | Ransomware Malware Threat | ||
|
2022-10-11 16:56:09 | Caffeine, a new Phishing-as-a-Service toolkit available in the underground (lien direct) | >Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. The experts noticed that the toolkit has an intuitive interface and supports multiple features that allow customers to easily arrange phishing campaigns. The service […] | Threat | ||
|
2022-10-08 16:23:28 | BlackByte Ransomware abuses vulnerable driver to bypass security solutions (lien direct) | >The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […] | Ransomware Threat | ||
|
2022-10-07 09:16:50 | Hacker stole $566 million worth of Binance Coins from Binance Bridge (lien direct) | >Threat actors have stolen 2 million Binance Coins (BNB), worth $566 million, from the popular Binance Bridge. Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able to exploit an issue with the bridge, the attack took place at 2:30 PM EST today. […] | Threat | ||
|
2022-10-07 05:02:45 | LilithBot Malware, a new MaaS offered by the Eternity Group (lien direct) | >Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). The Eternity group operates a homonymous malware-as-a-service (MaaS), it is linked to the Russian “Jester Group,” which is […] | Malware Threat | ||
|
2022-10-03 19:29:51 | Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor (lien direct) | >A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike disclosed details of a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Comm100 is a provider of customer service and communication products […] | Threat | ||
|
2022-10-03 13:21:50 | Finnish intelligence warns of Russia\'s cyberespionage activities (lien direct) | The Finnish Security Intelligence Service (SUPO) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service (Suojelupoliisi or SUPO) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target […] | Threat | ||
|
2022-10-01 12:52:00 | Luxury hotel chain Shangri-La suffered a security breach (lien direct) | >The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised. The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July. The incident impacted hotels in […] | Threat | ||
|
2022-09-30 22:14:03 | Witchetty APT used steganography in attacks against Middle East entities (lien direct) | >A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The cyber […] | Threat | ||
|
2022-09-29 09:54:56 | A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums (lien direct) | >The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. The availability of the cracked version of the tool was first reported by the cybersecurity researcher Will […] | Tool Threat | ||
|
2022-09-28 15:43:32 | Threat actors use Quantum Builder to deliver Agent Tesla malware (lien direct) | >The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut […] | Malware Threat | ||
|
2022-09-28 14:03:04 | ONLINE DISINFORMATION: Under the hood of a Doppelgänger (lien direct) | >ONLINE DISINFORMATION is one of the defining issues of our time and the influence of fake news has become an acute threat to our society. Disinformation undermines true journalism and steers the public opinion in highly charged topics such as immigration, climate change, armed conflicts or refugee and health crises. Social media platforms are the […] | Threat | ||
|
2022-09-27 09:40:39 | (Déjà vu) Erbium info-stealing malware, a new option in the threat landscape (lien direct) | >The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat […] | Malware Threat | ||
|
2022-09-26 10:38:12 | (Déjà vu) Metador, a never-before-seen APT targeted ISPs and telco for about 2 years (lien direct) | >A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The experts pointed out that […] | Threat | ||
|
2022-09-26 06:22:16 | Exmatter exfiltration tool used to implement new extortion tactics (lien direct) | >Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] | Malware Tool Threat | ||
|
2022-09-23 11:02:00 | Australian Telecoms company Optus discloses security breach (lien direct) | >Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus, one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers. The company is a subsidiary of Singtel with 10.5 million subscribers as of 2019. […] | Threat | ||
|
2022-09-21 14:54:44 | Hackers stole $160 Million from Crypto market maker Wintermute (lien direct) | >Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. […] | Threat | ||
|
2022-09-20 13:17:36 | Uber believes that the LAPSUS$ gang is behind the recent attack (lien direct) | >Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group. Over the last months, the Lapsus$ gang compromised […] | Threat | Uber Uber | |
|
2022-09-20 10:52:13 | American Airlines disclosed a data breach (lien direct) | >American Airlines disclosed a data breach, threat actors had access to an undisclosed number of employee email accounts. American Airlines recently suffered a data breach, threat actors compromised a limited number of employee email accounts. The intruders had access to sensitive personal information contained in the accounts, but the company’s data breach notification states that it is not aware […] | Data Breach Threat | ||
|
2022-09-19 16:26:21 | Revolut security breach: data of +50,000 users exposed (lien direct) | >Revolut has suffered a cyberattack, threat actors have had access to personal information of tens of thousands of customers. The financial technology company Revolut suffered a ‘highly targeted’ cyberattack over the weekend, threat actors had access to the personal information of 0.16% of its customers (approximately 50,000 users). The company states that it has already contacted the […] | Threat | ||
|
2022-09-19 07:11:18 | (Déjà vu) Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online (lien direct) | >Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as 'teapotuberhacker' […] | Threat | Uber | |
|
2022-09-17 18:11:10 | LastPass revealed that intruders had internal access for four days during the August hack (lien direct) | >The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] | Hack Threat | LastPass | |
|
2022-09-16 16:40:56 | North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp (lien direct) | >North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers are spreading tainted versions of the PuTTY SSH and Telnet client. The attack chain starts with a fake […] | Threat | ||
|
2022-09-16 07:22:27 | Uber hacked, internal systems and confidential documents were allegedly compromised (lien direct) | >Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] | Vulnerability Threat | Uber Uber | |
|
2022-09-15 21:32:33 | Akamai mitigated a new record-breaking DDoS attack against a Europen customer (lien direct) | >Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack. On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked […] | Threat | ||
|
2022-09-15 08:48:25 | FBI: Millions in Losses resulted from attacks against Healthcare payment processors (lien direct) | >The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments. The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments. Threat actors used employees' publicly-available Personally Identifiable Information (PII) and social engineering techniques to […] | Threat | ||
|
2022-09-15 05:22:07 | Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks (lien direct) | >Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The attackers aim at tricking recipients into visiting sites designed to […] | Threat | ||
|
2022-09-14 05:21:01 | Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin (lien direct) | >Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […] | Vulnerability Threat | ||
|
2022-09-13 15:43:18 | Cyber espionage campaign targets Asian countries since 2021 (lien direct) | >A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. “A distinct group of espionage attackers who were formerly associated with the […] | Threat | ||
|
2022-09-13 10:43:49 | Iran-linked TA453 used new Multi-Persona Impersonation technique in recent attacks (lien direct) | >Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The campaign aimed at individuals specializing in Middle Eastern affairs, nuclear security and genome research. Threat actors used at least two actor-controlled personas on a single […] | Threat | ||
|
2022-09-12 16:36:52 | Google announced the completion of the acquisition of Mandiant for $5.4 billion (lien direct) | >Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into […] | Threat | ||
|
2022-09-09 11:50:31 | Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin (lien direct) | >Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […] | Vulnerability Threat | ||
|
2022-09-09 08:57:47 | Iran-linked DEV-0270 group abuses BitLocker to encrypt victims\' devices (lien direct) | Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 (Nemesis Kitten) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a […] | Ransomware Threat | ||
|
2022-09-08 09:10:20 | Ex-members of the Conti ransomware gang target Ukraine (lien direct) | >Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations […] | Ransomware Threat | ||
|
2022-09-07 16:38:18 | Experts spotted a new stealthy Linux malware dubbed Shikitega (lien direct) | >A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system […] | Malware Threat | ||
|
2022-09-06 16:23:32 | A new Android malware used to spy on the Uyghur Community (lien direct) | >Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […] | Malware Threat | ||
|
2022-09-05 20:43:48 | QNAP warns new Deadbolt ransomware attacks exploiting zero-day (lien direct) | >QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] | Ransomware Vulnerability Threat | ||
|
2022-09-04 13:23:48 | Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow (lien direct) | >The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow. This week Anonymous announced to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause a massive traffic jam in Moscow. The threat actors ordered all […] | Threat | ||
|
2022-09-04 09:14:26 | Alleged Iranian threat actors leak the code of their CodeRAT malware (lien direct) | >The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. […] | Malware Threat | ||
|
2022-09-02 22:38:44 | (Déjà vu) Samsung discloses a second data breach this year (lien direct) | >Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal […] | Data Breach Threat | ||
|
2022-09-02 13:26:40 | Another Ransomware For Linux Likely In Development (lien direct) | >Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] | Ransomware Threat | ||
|
2022-09-01 21:10:54 | Researchers analyzed a new JavaScript skimmer used by Magecart threat actors (lien direct) | >Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities […] | Threat | ||
|
2022-09-01 14:01:47 | 1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials (lien direct) | >Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services […] | Threat | ||
|
2022-08-31 19:42:45 | Threat actors breached the network of the Italian oil company ENI (lien direct) | >Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. Italian oil giant company Eni disclosed a security breach, threat actors gained access to its network, but according to the company the intrusion had minor consequences because it was quickly detected. “The internal […] | Threat | ★★ | |
|
2022-08-31 16:43:57 | GO#WEBBFUSCATOR campaign hides malware in NASA\'s James Webb Space Telescope image (lien direct) | A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. The phishing emails contain a Microsoft Office attachment that includes an external reference […] | Malware Threat | ||
|
2022-08-31 13:03:30 | China-linked APT40 used ScanBox Framework in a long-running espionage campaign (lien direct) | >Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint's Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […] | Threat | APT 40 | |
|
2022-08-30 05:26:17 | Crooks are increasingly targeting DeFi platforms to steal cryptocurrency (lien direct) | >The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency. Threat actors are exploiting […] | Threat | ||
|
2022-08-29 15:25:45 | Twilio breach let attackers access Authy two-factor accounts of 93 users (lien direct) | >Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through […] | Hack Threat | ||
|
2022-08-29 13:11:48 | Nitrokod crypto miner infected systems across 11 countries since 2019 (lien direct) | >Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and […] | Malware Threat |
To see everything:
Our RSS (filtrered)
