What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-16 11:38:00 | The stealthy email stealer in the TA505 hacker group\'s arsenal (lien direct) | Experts at Yoroi-Cybaze Z-Lab observed a spike in attacks against the banking sector and spotted a new email stealer used by the TA505 hacker group Introduction During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. In fact, many independent researchers pointed to a particular […] | Threat | ||
|
2019-05-14 08:02:01 | WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware (lien direct) | Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device. Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device. WhatsApp did not name the threat […] | Vulnerability Threat | ||
|
2019-05-11 07:30:03 | Microsoft SharePoint CVE-2019-0604 flaw exploited in the wild (lien direct) | According to researchers at AT&T Alien Labs, threat actors are attempting to exploit the CVE-2019-0604 Microsoft Sharepoint vulnerability in attacks in the wild. AlienLabs has seen a number of reports related to the active exploitation of the CVE-2019-0604 vulnerability in Microsoft Sharepoint. The CVE-2019-0604 vulnerability is a remote code execution flaw that is caused by […] | Vulnerability Threat | ||
|
2019-05-07 14:10:05 | ATMitch: New Evidence Spotted In The Wild (lien direct) | Early April, experts at Yoroi-Cybaze ZLab spotted a new interesting malware sample, likely active since 2017, that was linked to ATMitch attacks. In the first days of April, our threat monitoring operations spotted a new interesting malware sample possibly active in the wild since 2017. Its initial triage suggests it may be part of an […] | Malware Threat | ||
|
2019-05-06 05:11:01 | Retefe Banking Trojan resurfaces in the threat landscape with innovations (lien direct) | Security experts at Proofpoint warn of the resurfacing of the Retefe banking Trojan that implements new techniques to avoid detection. The Retefe banking Trojan resurfaces in that threat landscape and implements new techniques to avoid detection. The new variant resurfaced in April, it uses the stunnel encrypted tunneling mechanism and abuses a legitimate shareware app. […] | Threat | ||
|
2019-04-28 13:38:05 | Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader (lien direct) | Experts observed several malspam campaigns using signed emails to deliver the GootKit banking Trojan (aka talalpek or Xswkit). Threat actors leverage a multi-stage malware loader tracked as JasperLoader in the malspam campaigns over the past few months. The JasperLoader was observed while distributing malware to targets from Central Europe, most of them in Italy and […] | Malware Threat | ||
|
2019-04-18 10:04:04 | Russian TA505 threat actor target financial entities worldwide (lien direct) | Russian financially motivated threat actor TA505 used remote access Trojans (RATs) in attacks on financial entities in the United States and worldwide. Security experts at CyberInt uncovered a new campaign of a Russian financially motivated threat actor tracked as TA505. The hackers used remote access Trojans (RATs) in attacks aimed at financial entities in the […] | Threat | ||
|
2019-04-10 13:35:00 | [SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services (lien direct) | EMOTET spread in Chile targeted financial and banking services. SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. This threat is known as a […] | Malware Threat | ||
|
2019-04-10 08:53:01 | Experts spotted a new Mirai variant that targets new processors (lien direct) | Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai botnet continues to be one of the most dangerous malware in the threat landscape, experts at Palo Alto Networks discovered a new variant that targets more processor architectures than before. Mirai malware first […] | Malware Threat | ||
|
2019-04-09 05:04:03 | Gulf countries came under hackers\' spotlight in 2018, with more than 130 000 payment cards compromised (lien direct) | Bahrain, 08.04.2019 – Group-IB, an international company that specializes in preventing cyberattacks, and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. Group-IB Threat Intelligence team identified compromised credentials of 7 306 users from the Gulf countries in 2018 and detected the total of 138 978 compromised cards issued by the Gulf countries' banks. Number […] | Threat | ||
|
2019-04-03 06:58:01 | Crooks use hidden directories of compromised HTTPS sites to deliver malware (lien direct) | Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads. Hacked websites were […] | Malware Threat | ||
|
2019-03-28 07:32:00 | ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer (lien direct) | ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. The Operation ShadowHammer took […] | Malware Tool Threat | ||
|
2019-03-27 13:18:01 | LUCKY ELEPHANT campaign targets South Asian governments (lien direct) | The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. The campaign was discovered in early March 2019, threat actors behind the LUCKY ELEPHANT campaign […] | Threat | ||
|
2019-03-26 06:13:02 | Microsoft experts found high severity flaws in Huawei PCManager (lien direct) | Microsoft experts discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. Microsoft researchers discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei, both flaws were classified as “high severity.” The experts discovered the flaws because the kernel sensors in Microsoft Defender Advanced Threat Protection (ATP) detected an […] | Tool Threat | ||
|
2019-03-25 15:01:00 | Anubis II – malware and afterlife (lien direct) | Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished. Introduction Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Anubis II is […] | Malware Threat | ||
|
2019-03-24 18:23:04 | Microsoft Defender APT now protects also macOS (lien direct) | Microsoft has announced the availability of Defender ATP Endpoint Security for Apple macOS Microsoft has announced the availability of Microsoft 365 advanced endpoint security solution across platforms, with the support of Apple Mac it added to Microsoft Defender Advanced Threat Protection (ATP). Microsoft Windows Defender ATP was first introduced in 2016 as a defensive solution […] | Threat | ||
|
2019-03-21 07:36:02 | [SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies (lien direct) | LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This threat is very critical these days, and it is the most active ransomware that focuses on targeting companies. Altran and Norsk Hydro are two companies severely […] | Ransomware Threat | ||
|
2019-03-19 14:57:04 | New JNEC.a Ransomware delivered through WinRAR exploit (lien direct) | A new strain of ransomware tracked as JNEC.a is spreading through an exploit that triggers the recently discovered vulnerability in WinRAR. The ransomware was involved in the attacks observed by the Qihoo 360 Threat Intelligence Center in the wild, threat actors used an archive named “vk_4221345.rar” that delivers JNEC.a when its contents are extracted with […] | Ransomware Vulnerability Threat | ||
|
2019-03-15 14:00:04 | Recently fixed WinRAR bug actively exploited in the wild (lien direct) | Several threat actors are still exploiting a recently patched critical vulnerability in the popular compression software WinRAR. Several threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR. The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of […] | Vulnerability Threat | ||
|
2019-03-15 08:48:01 | Experts published details of the actively exploited CVE-2019-0808 Windows Flaw (lien direct) | Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft. The vulnerability was reported to Microsoft by researchers from Google's Threat Analysis Group that observed […] | Vulnerability Threat | ||
|
2019-03-15 07:34:03 | GlitchPOS PoS Malware appears in the cybercrime underground (lien direct) | A new piece of PoS malware appeared in the threat landscape, the malicious code dubbed GlitchPOS has been found on a crimeware forum. The GlitchPOS malware is able to steal credit card numbers (Track1 and Track2) from the memory of the infected system, it uses a regular expression to perform this task. The malicious code […] | Malware Threat | ||
|
2019-03-14 22:03:00 | Payment data of thousands of customers of UK and US online stores could have been compromised (lien direct) | Group-IB, an international company that specializes in preventing cyberattacks, has uncovered a malicious code designed to steal customers' payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer), dubbed by Group-IB as GMO. Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the […] | Threat | ||
|
2019-03-10 10:58:04 | Jackson County paid $400,000 to crooks after ransomare attack (lien direct) | Ransomware threat makes the headlines again, this time an attack hit the computers of Jackson County, Georgia, paralyzing the government activity. Computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files. “The Jackson County government paid online criminals about […] | Ransomware Threat | ||
|
2019-03-06 18:57:05 | Cybaz-Yoroi ZLAB shed the light on Op. \'Pistacchietto\': An Italian Job (lien direct) | In the past weeks, a new strange campaign emerged in the cyber threat Italian landscape, it has been tracked as “Operation Pistacchietto.” Introduction In the past weeks, a new strange campaign emerged in the Italian landscape. It has been baptized “Operation Pistacchietto” from a username extracted from a Github account used to serve some part […] | Threat | ||
|
2019-03-06 15:34:05 | Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild (lien direct) | A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […] | Vulnerability Threat | ||
|
2019-03-05 09:56:04 | Google Chronicle announced Backstory to protect businesses (lien direct) | Google Chronicle launched Backstory, the first global security telemetry platform designed to allow companies monitoring cyber threats. Google Chronicle announced Backstory, a cloud-based enterprise-level threat analytics platform that allows companies quickly investigate incidents, discover vulnerabilities and hunt for cyber threats. Google aims at analyzing network data and logs generated by enterprises on a daily basis […] | Threat | ||
|
2019-03-04 07:39:04 | Threat actors using FrameworkPOS malware in POS attacks (lien direct) | Security experts at Morphisec observed a wave of attacks against point-of-sale (PoS) thin clients using card data scraping malware and the Cobalt Strike beacon. Over the past 8-10 weeks, security experts at Morphisec observed multiple sophisticated attacks targeting PoS thin clients worldwide. Most of the indicators collected by the experts point to the FIN6 hacking […] | Malware Threat | ||
|
2019-02-27 19:00:01 | Multiple threat actors are targeting Elasticsearch Clusters (lien direct) | Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks thatleverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. At least six different threat actors are targeting installs running older […] | Threat | ||
|
2019-02-26 22:06:02 | Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild (lien direct) | Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads. Last week, Drupal core team […] | Threat | ||
|
2019-02-25 08:44:01 | B0r0nt0K ransomware demands $75,000 ransom to the victims (lien direct) | The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers. […] | Ransomware Threat | ||
|
2019-02-18 15:08:00 | ATT&CKized Splunk – Threat Hunting with MITRE\'s ATT&CK using Splunk (lien direct) | Most of us know MITRE and the ATT&CK™ framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they […] | Threat | ||
|
2019-02-09 14:29:03 | GandCrab ransomware campaign targets Italy using steganography (lien direct) | A newly discovered malware campaign leverages steganography to hide GandCrab ransomware in an apparently innocent Mario image. Security experts at Bromium have discovered a malware campaign using steganography to hide the GandCrab ransomware in a Mario graphic package. According to Matthew Rowan, a researcher at Bromium, threat actors use steganography to hide the malicious code and […] | Ransomware Malware Threat | ||
|
2019-02-09 08:50:05 | Exclusive – MalwareMustDie Team analyzed the Cayosin Botnet and its criminal ecosystem (lien direct) | Cayosin Botnet: a deeper look at this threat supported by the psychological profile of the “youngsters-wannabe-hackers” Rolex boasters Money, botnet as service business and coding on the dark side of the life: “At this point of my life… if it doesn't make me money, I don't make time for it”, is stated in the picture […] | Threat | ||
|
2019-01-30 11:28:00 | Reading the ENISA Threat Landscape Report 2018 (lien direct) | According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. I’m proud to present you the ENISA Threat Landscape Report 2018, the annual report published by the ENISA ETL group that provides insights on the evolution of the cyber […] | Threat | ||
|
2019-01-28 15:26:03 | Hackers compromise WordPress sites via Zero-Day flaws in Total Donations plugin (lien direct) | Security experts at Wordfence security firms discovered WordPress Sites compromised via Zero-Day vulnerabilities in Total Donations Plugin The Total Donations WordPress plugin was abandoned by its developers for this reason security experts are recommending to delete it after they discovered multiple zero-day flaws that were exploited by threat actors. The news was reported by security […] | Threat | ||
|
2019-01-26 15:05:01 | Anatova ransomware – Expert believe it will be a dangerous threat (lien direct) | Security experts at McAfee have discovered a new malware, dubbed Anatova ransomware, that has been spotted infecting computers worldwide The name Anatova is based on a name in the ransom note that is dropped on the infected systems. The Anatova ransomware outstands for its obfuscation capabilities and ability to infect network shares, it has a […] | Ransomware Threat | ||
|
2019-01-24 21:02:04 | New Russian Language Malspam is delivering Redaman Banking Malware (lien direct) | A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. The malware was first observed in the threat landscape in 2015, most of the victims […] | Spam Malware Threat | ||
|
2019-01-20 07:31:04 | DarkHydrus adds Google Drive support to its RogueRobin Trojan (lien direct) | Security experts attributed new malicious campaigns to the DarkHydrus APT group (aka Lazy Meerkat), threat actors used a new variant of the RogueRobin Trojan and leveraged Google Drive as an alternative C2 channel. DarkHydrus was first discovered by experts at Palo Alto Networks’ Unit 42 team in July when the group carried out attacks aimed at […] | Threat | ||
|
2019-01-18 07:58:04 | Attacks in the wild leverage flaw in ThinkPHP Framework (lien direct) | Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert Larry […] | Threat | ||
|
2019-01-14 05:43:03 | Which is the link between Ryuk ransomware and TrickBot? (lien direct) | FireEye and CrowdStrike discovered that threat actors behind the Ryuk ransomware are working with another cybercrime gang to gain access to target networks. In August 2018, security experts from Check Point uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. This is the first time that a security firm […] | Ransomware Threat | ||
|
2019-01-04 15:23:04 | New NRSMiner cryptominer NSA-Linked EternalBlue Exploit (lien direct) | A new variant of the NRSMiner is infecting users in the southern region of Asia, most of the victims are in Vietnam (54%), Iran (16%) and Malaysia (12%). The new version leverages the EternalBlue exploit to spread, experts observed that the threat also updates existing NRSMiner installs. ETERNALBLUE is an NSA exploit that made the headlines […] | Threat | ||
|
2018-12-25 20:14:03 | Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale (lien direct) | Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […] | Threat | Yahoo | |
|
2018-12-25 15:37:05 | Over 19,000 Orange Livebox ADSL modems leak WiFi credentials (lien direct) | Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. Threat actors in the wild are attempting to exploit a vulnerability in LiveBox ADSL modems from Orange, the issue could be triggered to retrieve their SSID and WiFi password in plaintext by simply […] | Vulnerability Threat | ||
|
2018-12-20 17:00:02 | Analyzing a Danabot Paylaod that is targeting Italy (lien direct) | A new variant of the infamous Danabot botnet hit Italy, experts at Cybaze-Yoroi ZLab dissected one of these sample that targeted entities in Italy. In the last weeks, a new variant of the infamous Danabot botnet hit Italy. Security firms such as Proofpoint and Eset analyzed other samples of the same threat targeting the Australian landscape back in […] | Threat | ||
|
2018-12-18 08:40:01 | Czech cyber-security agency warns over Huawei, ZTE security threat (lien direct) | A Czech cyber-security agency is warning against using Huawei and ZTE technologies because they pose a threat to state security. The Chinese nightmare is rapidly spreading among European countries, now a Czech cyber-security agency is warning against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. […] | Threat | ||
|
2018-12-13 15:01:02 | Operation Sharpshooter targets critical infrastructure and global defense (lien direct) | McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in […] | Malware Threat | APT 38 | |
|
2018-12-12 17:39:02 | Cyber attack hit the Italian oil and gas services company Saipem (lien direct) | Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week. Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors. The attack has […] | Threat | ||
|
2018-12-12 10:55:01 | New threat actor SandCat exploited recently patched CVE-2018-8611 0day (lien direct) | Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability (CVE-2018-8611) has been exploited by several threat actors. Microsoft's Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. The flaw, tracked as CVE-2018-8611, is as a privilege escalation flaw caused by the failure of […] | Vulnerability Threat | ||
|
2018-12-09 10:49:01 | STOLEN PENCIL campaign, hackers target academic institutions. (lien direct) | STOLEN PENCIL campaign – North Korea-linked APT group has been targeting academic institutions since at least May of this year. North Korea-linked threat actors are targeting academic institutions with spear phishing attacks. The phishing messages include a link to a website where a decoy document that attempts to trick users into installing a malicious Google Chrome […] | Threat | ||
|
2018-12-05 20:55:01 | CVE-2018-15982 Adobe zero-day exploited in targeted attacks (lien direct) | Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration. The flaw could be exploited by […] | Threat |
To see everything:
Our RSS (filtrered)
