What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-11 13:01:03 | Dissecting the 10k Lines of the new TrickBot Dropper (lien direct) | Malware researchers at Yoroi-Cybaze analyzed the TrickBot dropper, a threat that has infected victims since 2016. Introduction TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. But nowadays defining it a “Banking Trojan” is quite reductive: during the last years its modularity brought […] | Threat | ||
|
2019-09-10 06:21:03 | DoS attack the caused disruption at US power utility exploited a known flaw (lien direct) | A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. In May, the Department of Energy confirmed […] | Vulnerability Threat | ||
|
2019-09-09 06:52:00 | China-linked APT3 was able to modify stolen NSA cyberweapons (lien direct) | China-linked APT3 stole cyberweapons from the NSA and reverse engineered them to create its arsenal. In 2010, security firm FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, […] | Vulnerability Threat | APT 3 | |
|
2019-09-07 21:52:04 | Google report on iPhone hack created \'False Impression,\' states Apple (lien direct) | Apple replied to Google about the recent report suggesting iPhones may have been hacked as part of a long-running hacking campaign. Apple criticized the report recently published by Google that claims that iPhones may have been hacked by threat actors as part of a long-running hacking campaign. Apple defines the report as inaccurate and misleading. […] | Hack Threat Guideline | ||
|
2019-08-30 11:59:02 | Google revealed how watering hole attacks compromised iPhone devices earlier this year (lien direct) | Google researchers discovered that iPhone devices could be hacked by tricking owners into visiting specially crafted websites. Researchers at Google Project Zero discovered that it was possible to hack iPhone devices by visiting specially crafted websites. Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited […] | Hack Threat | ||
|
2019-08-28 08:38:05 | (Déjà vu) TA505 group updates tactics and expands the list of targets (lien direct) | Recent campaigns show threat actors behind the Dridex and Locky malware families, the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. TA505 hacking group has been active since 2014 […] | Malware Threat | ||
|
2019-08-26 17:48:03 | Nemty Ransomware, a new malware appears in the threat landscape (lien direct) | A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes […] | Ransomware Malware Threat | ||
|
2019-08-23 16:02:00 | Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs (lien direct) | Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. The CVE-2018-13379 is a path traversal vulnerability in the […] | Vulnerability Threat | ||
|
2019-08-22 06:58:04 | DoS attacks against most used default Tor bridges could be very cheap (lien direct) | Researchers explained that carrying out attacks against the most used default Tor bridges would cost threat actors $17,000 per month. According to security researchers Rob Jansen from the U.S. Naval Research Laboratory, and Tavish Vaidya and Micah Sherr from Georgetown University, launching denial-of-service (DoS) attacks against most commonly used default Tor bridges would cost attackers […] | Threat | ||
|
2019-08-19 15:55:05 | Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization (lien direct) | A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis. Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data. The researchers analyzed PDF documents and email files (.msg and .eml) uploaded […] | Malware Threat | ||
|
2019-08-17 17:15:00 | New DanaBot banking Trojan campaign targets Germany (lien direct) | The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries. DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The […] | Malware Threat | ||
|
2019-08-16 07:58:00 | European Central Bank (ECB) discloses data breach in BIRD Newsletter (lien direct) | The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter The ECB was the victim of a data breach, the bank announced that hackers had access for several months to the contact information of hundreds of financial industry subscribers […] | Data Breach Threat | ||
|
2019-08-15 08:10:02 | Threat actors use a Backdoor and RAT combo to target the Balkans (lien direct) | Apparently financially-motivated threat actors carried out a long-term campaign against the Balkans involving a backdoor and a RAT to compromise the targets. Security experts from ESET uncovered a long-running campaign carried out by a financially-motivated threat actor. The attackers combined a backdoor dubbed BalkanDoor and a remote access Trojan tracked as BalkanRAT to take control […] | Threat | ||
|
2019-08-13 14:54:01 | Cerberus, a new banking Trojan available as malware-as-a-service in the underground (lien direct) | Security experts analyzed a new interesting Android banking Trojan, dubbed Cerberus, that is offered for rent by its author. A new malware-as-a-service dubbed Cerberus has emerged in the threat landscape, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware. According to researchers at Threat Fabric who analyzed the threat, Cerberus […] | Threat | ||
|
2019-08-13 06:28:02 | Recently Cloud Atlas used a new piece of polymorphic malware (lien direct) | Cloud Atlas threat actors used a new piece of polymorphic malware in recent attacks against government organizations. The Cloud Atlas cyberespionage group, aka Inception, continues to carry out attacks against government organizations and was observed using a new piece of polymorphic malware dubbed VBShower. The Cloud Atlas was first observed by researchers at Kaspersky Lab […] | Malware Threat | ||
|
2019-08-12 14:24:00 | Watch out, your StockX account details may be available in crime forums (lien direct) | Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX, the fashion and sneaker trading platform. A threat actor stole details of 6 million users, the stolen data includes user names, email addresses, addresses, shoe size, purchase history, and encrypted passwords (salted […] | Hack Threat | ||
|
2019-08-11 16:18:01 | Gaining remote code execution using a tainted SQLite database (lien direct) | Experts demonstrated that SQLite database can be abused by threat actors as an attack vector to execute malicious code in other apps. Experts at CheckPoint discovered that SQLite database can be abused by threat actors as an attack vector to execute malicious code in other apps, including Apple’s . The experts presented the attack technique at the DEF […] | Threat | ★★ | |
|
2019-08-07 06:35:01 | New Lord Exploit Kit appears in the threat landscape (lien direct) | Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […] | Threat | ||
|
2019-08-01 17:42:03 | Recently discovered Hexane group targets the oil and gas industry (lien direct) | Security researchers at Dragos Inc have tracked the activity of a threat actor recently discovered and dubbed Hexane. Security experts at Dragos Inc. have discovered a new threat actor, tracked as Hexane, that is targeting organizations in the oil and gas industry and telecommunication providers. The Hexane group has been active since at least the […] | Threat | ||
|
2019-07-31 06:14:03 | Hacking campaign is wiping Iomega NAS Devices exposed online (lien direct) | Experts warn of a new campaign carried out by threat actors that are wiping Iomega NAS devices exposed online. Security experts are warning of a campaign carried out by attackers that are deleting files on publicly accessible Lenovo Iomega NAS devices. Likely attackers use the Shodan search engine to find unprotected IOmega NAS exposed online […] | Threat | ||
|
2019-07-29 09:58:01 | Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware (lien direct) | According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 billion attacks. The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks, a 20% drop compared to […] | Malware Threat | ||
|
2019-07-29 07:28:05 | Facebook deleted Russia-Linked efforts focusing on Ukraine ahead of the election (lien direct) | Facebook recently announced that it removed multiple pages, groups, and accounts tied to Russia involved in psyops ahead of the election in Ukraine. Facebook spotted four campaigns that appear independent, three of them associated with Russian threat actors. One of the operations involved 18 Facebook accounts, nine pages, and three groups. Threat actors attempted to […] | Threat | ||
|
2019-07-28 14:57:02 | Crooks used rare Steganography technique to hack fully patched websites in Latin America (lien direct) | Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites. Security experts at Trustwave observed threat actors using a rare steganography technique, attackers are hiding PHP scripts in Exchangeable Image Format (EXIF) headers of JPEG images that are uploaded on the website. The Exchangeable image file format is a standard […] | Hack Threat | ||
|
2019-07-27 11:47:00 | Hackers inject Magecart multi-gateway skimmer in fake Google domains (lien direct) | Attackers deployed a Magecart credit card skimmer script into fake Google domains used to trick visitors into making online transactions. Experts at Sucuri discovered threat actors using fake Google domains hosting a Magento skimmer script used to steal payment data when unaware visitors make transactions. The campaign was uncovered when the owner of a website […] | Threat | ||
|
2019-07-25 09:28:01 | Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks (lien direct) | Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. (STC). “Lookout has discovered a highly targeted mobile malware threat that […] | Malware Threat | ||
|
2019-07-24 07:25:02 | (Déjà vu) Malvertising campaign exploits recently disclosed WordPress Plugin flaws (lien direct) | Experts at Defiant have uncovered a campaign that exploited recently disclosed plugin vulnerabilities to inject malware into websites. Experts at Defiant, the company that developed the Wordfence security plugin for WordPress, uncovered a malvertising campaign that leverages recently disclosed plugin flaws to inject malicious code into websites. Threat actors behind the malvertising campaign are leveraging […] | Malware Threat | ||
|
2019-07-24 03:07:00 | (Déjà vu) China-Linked APT15 group is using a previously undocumented backdoor (lien direct) | ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years. APT15 has been active […] | Threat | APT 15 APT 25 | |
|
2019-07-18 14:18:02 | Experts detailed new StrongPity cyberespionage campaigns (lien direct) | Experts at AT&T's Alien Labs recently discovered an ongoing campaign conducted by StrongPity threat actor that abuses malicious WinBox installers to infect victims. AT&T's Alien Labs experts recently discovered an ongoing campaign conducted by StrongPity APT group that abuses malicious WinBox installers to infect victims. The activity of the group was initially uncovered in 2016 […] | Threat | ||
|
2019-07-16 06:42:05 | DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape (lien direct) | Some of the crooks behind the Dridex Trojan have split from the gang and released a forked version of the BitPaymer ransomware dubbed DoppelPaymer. Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. The group that is known for the distribution of the Dridex Trojan and the Locky ransomware, has released other pieces of […] | Ransomware Threat | ||
|
2019-07-12 17:44:04 | Exclusive, experts at Yoroi-Cybaze ZLab released a free decryptor for Loocipher Ransomware (lien direct) | Exclusive – Malware researchers at Yoroi-Cybaze ZLab have released a free decryptor tool for the Loocipher Ransomware. Ransomware continues to be an easy way to monetize the criminal efforts and for this reason new malware appear in the threat landscape. Loocipher is a new threat that is rapidly spreading, its functionalities are pretty straight forward […] | Ransomware Malware Tool Threat | ||
|
2019-07-12 06:32:01 | CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack (lien direct) | The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. The first vulnerability, tracked as CVE-2019-1132, affects the Win32k component and could be […] | Threat | ||
|
2019-07-08 08:36:02 | Hackers are poisoning the PGP SKS keyserver network poisoned (lien direct) | Threat actors targeted two high-profile PGP project contributors with the intent to poison certificates used by the SKS keyserver network. Contributors to the PGP protocol GnuPG claim that threat actors are “poisoning” their certificates, this means that attackers spam their certificate with a large number of signatures. The intent is to make it impossible for […] | Spam Threat | ||
|
2019-07-04 11:58:03 | Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug (lien direct) | Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows The Sodinokibi Ransomware (aka Sodin, REvil) appeared in the threat landscape in April when crooks were delivering it by exploiting a recently patched Oracle WebLogic Server vulnerability. Now the threat is evolving, the Sodinokibi ransomware includes fresh […] | Ransomware Vulnerability Threat | ||
|
2019-07-02 13:06:02 | LooCipher: The New Infernal Ransomware (lien direct) | A new Ransomware appeared in the threat landscape, the malware began to threats the digital world. This time using a nice but scary name: LooCipher. Introduction A new Ransomware began to threats the digital world. This time using a nice but scary name: LooCipher. The name is at the same time an allusion to its capabilities (thank […] | Ransomware Malware Threat | ||
|
2019-06-26 12:39:00 | Malspam campaign spreads LokiBot & NanoCore via ISO image files (lien direct) | Experts from security firm Netskope observed variants of LokiBot and NanoCore malware distributed in ISO Image through malspam campaign. Security firm Netskope observed a new malspam campaign delivering variants of LokiBot and NanoCore malware in ISO image file attachments. “Netskope Threat Research Labs has been tracking multiple similar malspam campaigns that began in April 2019. […] | Malware Threat | ||
|
2019-06-20 19:56:02 | (Déjà vu) CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges (lien direct) | Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed […] | Malware Vulnerability Threat | ||
|
2019-06-20 05:59:05 | Bouncing Golf cyberespionage campaign targets Android users in Middle East (lien direct) | According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features […] | Malware Threat | ||
|
2019-06-17 07:29:02 | Hacker is targeting DNA sequencer applications from Iranian IP address (lien direct) | Threat actors are targeting Web-based DNA sequencer applications leveraging a still-unpatched zero-day to take over the targeted systems. Starting from June 12, 2019, the researcher Ankit Anubhav from NewSky Security, observed threat actors targeting Web-based DNA sequencer applications. The attackers are leveraging a still-unpatched zero-day vulnerability, tracked as CVE-2017-6526, to gain full control over the […] | Threat | ||
|
2019-06-16 18:09:02 | New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits (lien direct) | Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan. Recently a new botnet, tracked Echobot, appeared in the threat landscape its operators are adding new exploits to infect a broad range of systems, including IoT devices, enterprise apps Oracle WebLogic and VMware SD-Wan. […] | Threat | ||
|
2019-06-15 22:27:02 | Crooks exploit exposed Docker APIs to build AESDDoS botnet (lien direct) | Cybercriminals are attempting to exploit an API misconfiguration in Docker containers to infiltrate them and run the Linux bot AESDDoS. Hackers are attempting to exploit an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community to infiltrate containers and run the Linux bot AESDDoS (Backdoor.Linux.DOFLOO.AA). Threat actors are actively scanning the Internet for exposed […] | Threat | ||
|
2019-06-15 06:18:03 | Xenotime threat actor now is targeting Electric Utilities in US and APAC (lien direct) | Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/Triton malware attack that hit oil and gas organizations. In December 2017, the Triton malware (aka Trisis) was discovered by researchers at FireEye, it was specifically […] | Malware Threat | ||
|
2019-06-14 06:08:04 | Millions of Exim mail servers are currently under attack (lien direct) | Hackers are targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions, threat actors leverage the CVE-2019-10149 flaw. Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are under attack, threat actors are exploiting the CVE-2019-10149 flaw to take over them. A critical vulnerability affects versions 4.87 to 4.91 […] | Vulnerability Threat | ||
|
2019-06-08 08:40:00 | Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks (lien direct) | Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques. Attackers behind the Frankenstein campaign carried out […] | Threat | ||
|
2019-06-07 08:53:00 | New GoldBrute Botnet is attempting to infect 1.5 Million RDP Servers (lien direct) | A new botnet tracked as GoldBrute is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. A new botnet tracked as GoldBrute has appeared in the threat landscape, it is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. The botnet is currently targeting over 1.5 million […] | Threat | ||
|
2019-06-05 07:19:01 | BlackSquid malware uses multiple exploits to drop cryptocurrency miners (lien direct) | A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. The new piece of malware leverages many exploits […] | Malware Threat | ||
|
2019-06-03 05:34:03 | Threat actors abuse Microsoft Azure to Host Malware and C2 Servers (lien direct) | Microsoft Azure cloud services are being abused by threat actors to host malware and as command and control (C&C) servers. Threat actors look with great interest at cloud services that could be abused for several malicious purposes, like storing malware or implementing command and control servers. Now it seems to be the Microsoft Azure’s turn, […] | Malware Threat | ||
|
2019-06-01 17:35:01 | GandCrab operators are shutting down their operations (lien direct) | GandCrab first appeared in the threat landscape in early 2018 and continuously evolved over time. Now operators are shutting down their operations. Early 2018, experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and […] | Threat | ||
|
2019-06-01 12:29:05 | Cryptojacking campaign uses Shodan to scan for Docker hosts to hack (lien direct) | A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that […] | Hack Threat | ||
|
2019-05-25 17:16:05 | Hackers target MySQL databases to deliver the GandCrab ransomware (lien direct) | Security experts at Sophos have detected a wave of attacks targeting Windows servers that are running MySQL databases with the intent of delivering the GandCrab ransomware Sophos researchers have observed a wave of attacks targeting Windows servers that are running MySQL databases, threat actors aim at delivering the GandCrab ransomware. This is the first time […] | Ransomware Threat | ||
|
2019-05-23 10:17:04 | Playing Cat and Mouse: Three Techniques Abused to Avoid Detection (lien direct) | The experts at Yoroi-Cybaze Zlab described three techniques commonly implemented by threat actors to avoid detection. Introduction During our analysis we constantly run into the tricks cyber-attackers use to bypass companies security defences, sometimes advanced, others not. Many times, despite their elegance (or lack of it), these techniques are effective and actually help the cyber […] | Threat |
To see everything:
Our RSS (filtrered)
