What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-01-08 11:16:44 | SNAKE Ransomware is targeting business networks (lien direct) | A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga. The scary trend sees criminal organizations targeting enterprises, instead of […] | Ransomware Malware Threat | ||
|
2020-01-07 11:01:12 | China-based Bronze President APT targets South and East Asia (lien direct) | A cyber-espionage group tracked as Bronze President has been targeting countries in South and East Asia, Secureworks experts warn. Researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a cyber espionage campaign carried out by an APT group tracked as Bronze President, The Bronze President group is targeting political and law enforcement organizations and NGOs […] | Threat | ||
|
2020-01-06 13:54:30 | DHS warns of Iran-linked attacks in a National Terrorism Advisory System bulletin (lien direct) | The U.S. Department of Homeland Security (DHS) has issued warnings about the possibility of cyber-attacks launched by Iran-linked hackers. The U.S. Department of Homeland Security (DHS) has issued warnings about the possibility of cyber-attacks launched by Iran-linked threat actors. The attacks could be the response of Teheran after Maj. Gen. Qassim Suleimani was killed by a U.S. drone airstrike […] | Threat | ||
|
2020-01-05 15:15:10 | DeathRansom ransomware evolves encrypting files, but experts identified its author (lien direct) | DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Researchers at Fortinet published an analysis that shows the threat evolving, […] | Ransomware Threat | ||
|
2019-12-18 08:19:44 | Gangnam Industrial Style APT campaign targets industrial firms worldwide (lien direct) | Experts discovered that at least 200 companies were the victims of a campaign, dubbed Gangnam Industrial Style, carried out by an advanced persistent threat (APT) group. Experts from the CyberX’s threat intelligence team Section 52 uncovered an ongoing cyberespionage campaign, tracked as Gangnam Industrial Style, that targeted industrial, engineering, and manufacturing organizations, most of them in South […] | Threat | ||
|
2019-11-28 18:48:00 | RevengeHotels campaign – crooks target the hospitality industry (lien direct) | RevengeHotels campaign – The hospitality industry continues to be a privileged target for cybercriminals that target hotels, restaurant chains, and tourism services. Security experts at Kaspersky have published a report on a targeted cybercrime malware campaign, tracked as RevengeHotels, that hit hotels, hostels, hospitality and tourism companies. According to the experts, the threat actor has […] | Malware Threat | ||
|
2019-11-27 07:10:09 | Microsoft warns of Dexphot miner, an interesting polymorphic threat (lien direct) | Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency, according to […] | Threat | ||
|
2019-11-21 23:33:22 | ENISA publishes a Threat Landscape for 5G Networks (lien direct) | ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated […] | Threat | ★★ | |
|
2019-11-21 14:43:39 | A critical flaw in Jetpack exposes millions of WordPress sites (lien direct) | A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a […] | Hack Vulnerability Threat | ||
|
2019-11-21 12:29:03 | Microsoft warns of growing DoppelPaymer Ransomware threat (lien direct) | The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat. The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware, the tech giant provided useful information on the threat and how it spreads. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information […] | Ransomware Threat Guideline | ||
|
2019-11-19 21:57:25 | CTHoW v2.0 – Cyber Threat Hunting on Windows (lien direct) | Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers […] | Threat | ||
|
2019-11-16 11:32:24 | Checkra1n, a working iPhone Jailbreak, was released (lien direct) | A working exploit for the checkm8 BootROM vulnerability is now available and security experts fear that threat actors could use is in attacks in the wild. This week, the “unpatchable” jailbreak, known as Checkra1n, for the checkm8 BootROM vulnerability was officially released potentially threatening millions of devices. “This release is an early beta preview and as such […] | Vulnerability Threat | ||
|
2019-11-15 12:57:25 | New TA2101 threat actor poses as government agencies to distribute malware (lien direct) | A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. A new threat actor, tracked as TA2101, is using email to impersonate government agencies in the United States, Germany, and Italy to multiple families of malware, deliver ransomware, and banking Trojans. The […] | Malware Threat | ||
|
2019-11-12 13:15:35 | Buran ransomware-as-a-service continues to improve (lien direct) | The recently discovered ransomware-as-a-service (RaaS) Buran attempts to gain popularity by offering discounted licenses. In May, researchers from McAfee's Advanced Threat Research Team discovered a new piece of ransomware named 'Buran.' Buran is offered as a RaaS model, but unlike other ransomware families such as REVil, GandCrab the authors take 25% of the income earned […] | Ransomware Threat | ||
|
2019-11-09 16:15:45 | The Platinum APT group adds the Titanium backdoor to its arsenal (lien direct) | Kaspersky researchers have found a new advanced backdoor used by the Platinum advanced persistent threat (APT) group in attacks in the wild. Security experts at Kaspersky Lab have spotted a new backdoor, tracked as Titanium, that was used by the Platinum APT group in attacks in the wild, the malicious code implements sophisticated evasion techniques. […] | Threat | ||
|
2019-11-08 11:01:36 | Capesand is a new Exploit Kit that appeared in the threat landscape (lien direct) | A recently discovered exploit kit dubbed Capesand is being involved in live attacks despite the fact that it's still under development. In October 2019, researchers at TrendMicro discovered a new exploit kit dubbed Capesand that is being involved in live attacks. The tool was discovered while analyzing a malvertising campaign employing the RIG EK to […] | Tool Threat | ||
|
2019-11-01 20:34:19 | (Déjà vu) CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks (lien direct) | One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack […] | Threat | ||
|
2019-10-29 08:13:51 | US Federal Communications Commission proposes cutting off funds for Chinese telecom equipment (lien direct) | US proposes cutting off funds for Chinese telecom equipment The Federal Communications Commission proposes cutting off funds for Chinese telecom equipment from Huawei and ZTE. The Federal Communications Commission proposes cutting off funds for Chinese telecom equipment from Huawei and ZTE. The US regulators consider the Chinese equipment in US telecommunications networks a threat to […] | Threat | ★★★ | |
|
2019-10-28 09:50:01 | SWEED targets precision engineering companies in Italy (lien direct) | Security expert Marco Ramilli published a quick analysis of an interesting attack carried out by SWEED threat actor targeting precision engineering firms in Italy. Introduction Today I'd like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Precision engineering is a very important business market in Europe, it […] | Threat | ||
|
2019-10-27 08:19:02 | NCSC Report: U.K. neutralized over 600 cyber attacks this year (lien direct) | NCSC Report: U.K. has neutralized more than 600 cyber attacks this year, most of them launched by threat actors from overseas The National Cyber Security Centre announced that the U.K. has neutralized more than 600 cyber attacks this year, most of them launched by threat actors from overseas. Hackers from overseas, many of which are […] | Threat | ||
|
2019-10-26 09:04:07 | P&G online beauty store First Aid Beauty hit by Magecart attack (lien direct) | A new MageCart attack made the headlines, this time hackers planted a software skimmer in the Procter & Gamble’s site First Aid Beauty website. According to Willem de Groot, a researcher at Sanguine Security, threat actors planted a MageCart software skimmer on Procter & Gamble’s site First Aid Beauty on May 5, and the malicious […] | Threat | ||
|
2019-10-25 18:11:10 | DDoS Attack on Amazon Web Services caused intermittently outage (lien direct) | This week Amazon Web Services (AWS) suffered a major distributed denial-of-service (DDoS) attack that made it unavailable for some customers. This week, threat actors launched a massive DDoS attack against Amazon Web Services (AWS) causing the inability of some customers to access their AWS S3 buckets. Users were intermittently unable to access online services relying […] | Threat | ||
|
2019-10-23 09:13:55 | Exploring the CPDoS attack on CDNs: Cache Poisoned Denial of Service (lien direct) | Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages. Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then […] | Threat | ||
|
2019-10-22 07:32:53 | NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches (lien direct) | NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. The information belonging to the NordVPN company […] | Threat | ||
|
2019-10-19 07:36:45 | Emsisoft released a free decryption tool for the STOP (Djvu) ransomware (lien direct) | Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months the research team helped victims of many other threats. STOP (Djvu) ransomware has 160 variants that infected more hundreds of thousands of victims worldwide. Experts estimated a total number of 460,000 victims, that makes this threat the most […] | Ransomware Tool Threat | ||
|
2019-10-18 14:40:53 | Trojanized Tor Browser targets shoppers of Darknet black marketplaces (lien direct) | A tainted version of the Tor Browser is targeting dark web market shoppers to steal their cryptocurrency and gather information on their browsing activity. A Trojanized version of the Tor Browser is targeting shoppers of black marketplaces in the dark web, threat actors aim to steal their cryptocurrency and gather information on their browsing activity. […] | Threat | ||
|
2019-10-13 23:06:24 | Charming Kitten Campaign involved new impersonation methods (lien direct) | Iran-linked APT group Charming Kitten employed new spear-phishing methods in attacks carried out between August and September. Security experts at ClearSky analyzed attacks recently uncovered by Microsoft that targeted a US presidential candidate, government officials, journalists, and prominent expatriate Iranians. Microsoft Threat Intelligence Center (MSTIC) observed the APT group making more than 2,700 attempts to […] | Threat Conference | APT 35 | |
|
2019-10-09 20:37:39 | (Déjà vu) Multiple APT groups are exploiting VPN vulnerabilities, NSA warns (lien direct) | NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws Last week, the UK's National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to […] | Threat | ||
|
2019-10-08 14:14:46 | Experts found a link between a Magecart group and Cobalt Group (lien direct) | Researchers from MalwareBytes and HYAS Threat Intelligence linked one of the hacking groups under the Magecart umbrella to the notorious Cobalt cybercrime Group. Hacker groups under the Magecart umbrella continue to target organizations worldwide to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010. According to […] | Threat | ||
|
2019-10-06 14:10:54 | Iran-linked Phosphorus group hit a 2020 presidential campaign (lien direct) | Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35, Charming Kitten, Newscaster, and Ajax Security Team) a 2020 presidential campaign. Microsoft’s Threat Intelligence Center (MSTIC) revealed that an Iran-linked APT group tracked as Phosphorus (aka APT35, Charming Kitten, Newscaster, and Ajax Security Team) attempted to access to email accounts belonging to current and former US government officials, journalists, Iranians living abroad, and individuals […] | Threat Conference | APT 35 | |
|
2019-10-06 10:16:56 | (Déjà vu) UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities (lien direct) | The UK's National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure According to the UK's National Cyber Security Centre (NCSC), advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors […] | Threat | ||
|
2019-10-06 08:41:20 | Hacker is auctioning a database containing details of 92 million Brazilians (lien direct) | A database containing details of 92 million Brazilians was auctioned by a threat actor on underground forums along with a search service focused on Brazilians. Someone is auctioning on several restricted underground forums a database containing personal information of 92 million Brazilian citizens. The threat actor, registered as X4Crow, is also advertising a search service that […] | Threat | ||
|
2019-10-03 22:24:52 | 6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group (lien direct) | Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. The name comes from the threat actor using PlugX inside ZIP archives containing […] | Threat | ||
|
2019-10-01 08:16:41 | Frequent VBA Macros used in Office Malware (lien direct) | The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […] | Malware Threat | ||
|
2019-10-01 07:55:31 | Gucci IOT Bot Discovered Targeting European Region (lien direct) | Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. Analysis The discovery came to exist during our reconnaissance and intelligence collection process. The IOT threat detection engine picked the infection IP has shown below hosting number of bins […] | Threat | ||
|
2019-09-30 20:46:10 | eGobbler \'s malvertising campaign hijacked over 1 billion ad impressions (lien direct) | A recently observed a malvertising campaign carried out by a threat group dubbed eGobbler that hijacked roughly 1.16 billion ad impressions. Researchers at Confiant observed a malvertising campaign carried out by a threat actor dubbed eGobbler hijacked roughly 1.16 billion ad impressions to redirect victims to websites hosting malicious payloads. The campaign was observed between August 1 […] | Threat | ||
|
2019-09-30 10:10:59 | Iran\'s oil minister orders \'Full Alert\' for oil sector on against attacks (lien direct) | Iran ‘s oil minister on Sunday ordered representatives of the energy sector to be on ‘full alert’ to the threat of “physical and cyber” attacks. Iran’s oil minister, Bijan Namdar Zanganeh, ordered companies operating in the energy sector to be on ‘full alert’ to the threat of “physical and cyber” attacks. “it is necessary for […] | Threat | ||
|
2019-09-30 08:19:53 | Arcane Stealer V, a threat for lower-skilled adversaries that scares experts (lien direct) | Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a .net information-stealing malware that is easy to acquire in the dark web. The author […] | Malware Threat | ||
|
2019-09-29 07:55:03 | Masad Stealer Malware exfiltrates data via Telegram (lien direct) | Experts at Juniper Threat Labs have discovered a new piece of malware dubbed Masad Stealer that exfiltrates cryptocurrency wallet files via Telegram. Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed. The malware could steals files, browser information, and cryptocurrency wallet data and send them […] | Malware Threat | ||
|
2019-09-26 20:00:37 | Botnet exploits recent vBulletin flaw to protect its bots (lien direct) | Security expert Troy Mursch of Bad Packets reported that a botnet is exploiting the recently disclosed vBulletin exploit to block other attackers from also using it. The security expert Troy Mursch observed a botnet that it utilizing the recently disclosed vBulletin exploit to secure vulnerable servers to avoid that can be compromised by other threat actors. […] | Threat | ||
|
2019-09-26 12:43:15 | Airbus suppliers were hit by four major attack in the last 12 months (lien direct) | Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources The European multinational aerospace corporation Airbus has been hit by a series of attacks, hackers targeted its suppliers to steal Intellectual property. The European aerospace giant Airbus has been hit by a series of supply chain attacks, threat actors hit its suppliers in the […] | Threat | ||
|
2019-09-24 14:26:29 | APT or not APT? What\'s Behind the Aggah Campaign (lien direct) | Researchers at Yoroi-Cybaze ZLab discovered an interesting drop chain associated with the well-known Aggah campaign. Introduction During our threat monitoring activities, we discovered an interesting drop chain related to the well-known Aggah campaign, the ambiguous infection chain observed by Unit42 which seemed to deliver payloads potentially associated with the Gorgon Group APT. After that, we discovered other malicious activities […] | Threat | ||
|
2019-09-24 05:12:29 | North Korea-linked malware ATMDtrack infected ATMs in India (lien direct) | Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. Threat actors deployed the malware on ATM systems to steal payment card details of […] | Malware Threat | ||
|
2019-09-23 05:54:38 | TortoiseShell Group targets IT Providers in supply chain attacks (lien direct) | Symantec spotted a new threat actor, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. Symantec researchers spotted a new threat group, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. The group was first spotted in 2018, but experts speculate that it has been active for […] | Threat | ||
|
2019-09-20 19:38:25 | Two selfie Android adware apps with 1.5M+ downloads removed from Play Store (lien direct) | Experts at Wandera's threat research team discovered two adware apps on the Google Play Store that were downloaded 1.5M+ times. Researchers at Wandera discovered two adware selfie filter camera apps on the Google Play that were pushing ads and that can record audio. The bad news is that the two apps were downloaded 1.5M+ times. […] | Threat | ||
|
2019-09-20 10:38:01 | Crooks hacked other celebrity Instagram accounts to push scams (lien direct) | There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been […] | Hack Threat | ||
|
2019-09-17 14:42:43 | Experts warn of the exposure of thousands of Google Calendars online (lien direct) | The news is shocking, thousands of Google Calendars are leaking private information posing a severe threat to the privacy of the users. Thousands of Google Calendars are leaking private information online threatening the privacy of the users. Google Calendar has more than q billion users that can potentially expose their private affairs due to the […] | Threat | ||
|
2019-09-17 06:29:28 | Fraudulent purchases of digitals certificates through executive impersonation (lien direct) | Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market. Researchers at ReversingLabs have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market. The experts discovered that digital certificates are then […] | Threat | ||
|
2019-09-16 20:07:19 | MobiHok RAT, a new Android malware based on old SpyNote RAT (lien direct) | A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts […] | Malware Threat | ||
|
2019-09-12 09:27:00 | Iran-linked group Cobalt Dickens hit over 60 universities worldwide (lien direct) | Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. Researchers at Secureworks’ Counter Threat Unit (CTU) uncovered a phishing campaign carried out by the Iran-linked Cobalt Dickens APT group (also known as Silent Librarian) that targeted more than 60 universities four continents in July and August. According to […] | Threat |
To see everything:
Our RSS (filtrered)
