What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-12-01 22:30:01 | ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools (lien direct) | Over 270,000 connected devices run vulnerable implementations of UPnP, threat actors are attempting to recruit them in a multi-purpose botnet. In April, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP), experts tracked the botnet as UPnProxy. Now the company provided an update to its initial analysis revealing […] | Threat | ||
|
2018-11-30 23:27:05 | New PowerShell-based Backdoor points to MuddyWater (lien direct) | Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. The first MuddyWater campaign was observed in late 2017, then researchers from Palo Alto Networks were investigating a mysterious wave […] | Malware Threat | ||
|
2018-11-27 12:40:00 | The SLoad Powershell malspam is expanding to Italy (lien direct) | A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its […] | Malware Threat | ||
|
2018-11-18 09:35:00 | Suspected APT29 hackers behind attacks on US gov agencies, think tanks, and businesses (lien direct) | Last week, security experts reported alleged APT29 hackers impersonating a State Department official in attacks aimed at U.S. government agencies, businesses and think tanks. Cyber security experts are warning of new attacks against U.S. government agencies, think tanks, and businesses. Threat actors carried out spear phishing attacks impersonating a State Department official to attempt compromising targets, […] | Threat | APT 29 | |
|
2018-11-16 12:37:03 | tRat is a new modular RAT used by the threat actor TA505 (lien direct) | The threat actor TA505 behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT) dubbed tRat. Researchers at Proofpoint warns that the threat actor TA505 have been using a new Remote Access Trojan (RAT) dubbed tRat that implements a modular structure that was written in Delphi. The TA505 operates on a large scale, it was […] | Threat | ||
|
2018-11-14 09:37:01 | The \'MartyMcFly\' investigation: Italian naval industry under attack (lien direct) | Experts at Yoroi's Cyber Security Defence Center along with Fincantieri's security team investigated the recently discovered Martymcfly malware attacks. Background On October 17th we disclosed the ‘MartyMcFly’ Threat (Rif. Analysis) where unknown attackers were targeting Italian naval industries. The analysis was cited by Kaspersky's ICS CERT who exposed a wider threat extension across multiple countries such as: […] | Malware Threat | ||
|
2018-11-06 07:22:04 | Shellbot Botnet Targets IoT devices and Linux servers (lien direct) | Security experts at Trend Micro have spotted an IRC bot dubbed Shellbot that was built using Perl Shellbot. The malware was distributed by a threat group called Outlaw, it was able to target Linux and Android devices, and also Windows systems. “We uncovered an operation of a hacking group, which we're naming “Outlaw” (translation derived from the Romanian word haiduc, […] | Malware Threat | ||
|
2018-11-04 10:32:04 | Kraken ransomware 2.0 is available through the RaaS model (lien direct) | The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web. Researchers from Recorded Future's Insikt Group and McAfee's Advanced Threat Research team have discovered a new version of the malware that is offered through a RaaS distribution program on the Dark Web. […] | Ransomware Malware Threat | ||
|
2018-11-02 12:03:00 | CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks (lien direct) | Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition […] | Vulnerability Threat | ||
|
2018-10-30 19:55:00 | Girl Scouts data breach exposed personal information of 2,800 members (lien direct) | A Girl Scouts of America branch in California suffered a security breach, hackers accessed data of 2,800 girls and their families. Hackers breached the Orange County, Calif. branch of the Girl Scouts of America, potentially exposing personal information for 2,800 members and their families. According to the Girl Scouts of Orange County, an unknown threat […] | Data Breach Threat | ||
|
2018-10-26 07:23:02 | Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol (lien direct) | Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol. Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs), about how crooks could abuse blockchain […] | Malware Threat | ||
|
2018-10-24 06:21:01 | Chalubo, a new IoT botnet emerges in the threat landscape (lien direct) | Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. Security experts from Sophos Labs have spotted a new piece of Linux malware tracked as Chalubo (ChaCha-Lua-bot) that is targeting IoT devices in an attempt to recruit them into […] | Malware Threat | ||
|
2018-10-21 17:49:04 | DarkPulsar and other NSA hacking tools used in hacking operations in the wild (lien direct) | Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. According to experts from Kaspersky Lab, threat actors leverage NSA tools DarkPulsar, DanderSpritz and Fuzzbunch […] | Threat | ||
|
2018-10-19 07:06:03 | Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew (lien direct) | Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […] | Malware Threat | APT 32 APT 1 | |
|
2018-10-18 19:31:01 | GreyEnergy cyberespionage group targets Poland and Ukraine (lien direct) | Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Security experts from ESET published a detailed analysis of a recently discovered threat actor tracked as GreyEnergy, its activity emerged in concurrence with BlackEnergy operations. ESET researchers have spotted a new strain of malware tracked as Exaramel […] | Malware Threat | ||
|
2018-10-16 19:47:02 | Russia-linked APT group DustSquad targets diplomatic entities in Central Asia (lien direct) | Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. Earlier October, security experts from ESET shared details about the operations of a cyber espionage group tracked as Nomadic Octopus, a threat actor focused on diplomatic entities in Central Asia. The group has been active since at least 2015, ESET researchers presented […] | Threat | ||
|
2018-10-11 06:25:02 | New Gallmaker APT group eschews malware in cyber espionage campaigns (lien direct) | A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. According to researchers from Symantec, who first spotted the threat actor, the group has launched attacks on several overseas embassies […] | Malware Threat | ||
|
2018-10-05 08:22:03 | (Déjà vu) DHS issued an alert on attacks aimed at Managed Service Providers (lien direct) | The United States Department of Homeland Security (DHS) is warning of ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs). The DHS issued an alert on ongoing attacks aimed at global managed service providers (MSPs) that are carried out by an advanced APT group. Managed services is the practice of outsourcing on a […] | Threat | ||
|
2018-10-04 07:42:02 | US offers its cyber warfare defense capabilities to NATO (lien direct) | The United States will offer its offensive cyber capabilities to NATO to strengthen its defenses against threat actors like Russian ones. The United States is expected to announce to provide cyber warfare capabilities to NATO to strengthen its defenses against threat actors like Russian ones. The announcement is expected today at a meeting of defence ministers in Brussels, […] | Threat | ||
|
2018-10-04 06:55:00 | APT38 is behind financially motivated attacks carried out by North Korea (lien direct) | Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Threat Medical | APT 38 | |
|
2018-09-26 20:59:01 | Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled (lien direct) | The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th […] | Threat | ||
|
2018-09-25 07:16:03 | Akamai Report: Credential stuffing attacks are a growing threat (lien direct) | According to Akamai’s latest State of the Internet report on credential stuffing, credential stuffing continues to be growing threat. According to Akamai report titled “[state of the internet] / security CREDENTIAL STUFFING ATTACKS“ the credential stuffing attacks are a growing threat and often underestimated. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing […] | Threat | ||
|
2018-09-20 12:44:01 | Sustes Malware: CPU for Monero (lien direct) | Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows […] | Malware Threat | ||
|
2018-09-19 08:40:02 | Evolution of threat landscape for IoT devices – H1 2018 (lien direct) | Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged […] | Malware Threat | ||
|
2018-09-10 18:59:03 | Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks (lien direct) | Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda, APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group […] | Threat | APT 27 APT 1 | ★★★ |
|
2018-09-10 07:09:04 | Fallout exploit kit appeared in the threat landscape in malvertising campaigns (lien direct) | At the end of August, security experts discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware. At the end of August, the threat analyst nao_sec discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware and other malicious codes, including droppers and potentially unwanted […] | Ransomware Threat | ||
|
2018-09-03 09:08:00 | TrendMicro links Urpage hacking crew to other threat actors (lien direct) | Last week, security researchers from Trend Micro discovered a new threat actor, tracked as Urpage, that shares similarities with other three hacking crews. Researchers from Trend Micro linked a recently discovered actor, tracked as Urpage, to the hacking groups known as Bahamut, Confucius, and Patchwork. Trend Micro first connected the Confucius group to the Patchwork […] | Threat | Bahamut | |
|
2018-09-03 08:14:00 | The cyber threat against Danish financial sector is very high (lien direct) | A report published by the Centre for Cyber Security (Center for Cybersikkerhed) states that the threat to the Danish financial sector is very high. According to a report by the Centre for Cyber Security (Center for Cybersikkerhed), a department of military security agency FET (Forsvarets Efterretningstjeneste), the cyber threat against the Danish financial sector is very […] | Threat | ||
|
2018-08-28 16:07:02 | Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild (lien direct) | According to the threat intelligence firm Volexity, the CVE-2018-11776 vulnerability is already being abused in malicious attacks in the wild. Just yesterday I wrote about the availability online of the exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2. The PoC code was published on GitHub and experts were warning of […] | Vulnerability Threat | ||
|
2018-08-28 08:06:03 | Iran-linked COBALT DICKENS group targets universities in new phishing campaign (lien direct) | Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Security firm SecureWorks has uncovered a new phishing campaign carried out by COBALT DICKENS APT targeting universities worldwide, it involved sixteen domains hosting more than 300 spoofed websites for 76 universities in 14 countries, including Australia, Canada, China, Israel, […] | Threat | ||
|
2018-08-20 13:58:02 | Malware researcher reverse engineered a threat that went undetected for at least 2 years (lien direct) | The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many […] | Malware Threat | ||
|
2018-08-19 06:53:00 | China\'s Belt and Road project (BRI) is a driver of regional cyber threat activity (lien direct) | Security experts have observed increasing cyber espionage activity related to China's Belt and Road Initiative (BRI). The alarm was launched by the experts from cybersecurity firms FireEye and Recorded Future. China's Belt and Road Initiative (BRI) is a development project for the building of an infrastructure connecting countries in Southeast Asia, Central Asia, the Middle East, Europe, […] | Threat | ||
|
2018-08-18 17:00:02 | 2.6 billion records exposed in 2,308 disclosed data breaches in H1 (lien direct) | According to a report from cyber threat intelligence firm Risk Based Security some 2.6. billion data records have been exposed in data breached in the first half of 2018. According to a new report titled “Mid-Year 2018 Data Breach QuickView” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed […] | Data Breach Threat | ||
|
2018-08-11 06:46:03 | Experts explained how to hack macs in enterprises through MDM (lien direct) | Researchers demonstrated how a sophisticated threat actor can hack a brand new Apple Mac computer in enterprise environments through MDM. A security duo composed by Jesse Endahl, CPO and CSO at macOS management firm Fleetsmith, and Max Bélanger, staff engineer at Dropbox, demonstrated at the Black Hat security conference how a persistent attacker could compromise […] | Hack Threat | ||
|
2018-08-09 17:21:00 | DeepLocker – AI-powered malware are already among us (lien direct) | Security researchers at IBM Research developed a “highly targeted and evasive” AI-powered malware dubbed DeepLocker and will present today. What about Artificial Intelligence (AI) applied in malware development? Threat actors can use AI-powered malware to create powerful malicious codes that can evade sophisticated defenses. Security researchers at IBM Research developed a “highly targeted and evasive” attack tool powered […] | Malware Tool Threat | ||
|
2018-07-27 06:27:03 | Leafminer cyber espionage group targets Middle East (lien direct) | Hackers belonging an Iran-linked APT group tracked as ‘Leafminer’ have targeted government and various organizations in the Middle East. An Iran-linked APT group tracked as ‘Leafminer’ has targeted government and businesses in the Middle. According to the experts from Symantec, the Leafminer group has been active at least since early 2017. “Symantec has uncovered the operations of a threat actor named […] | Threat | ||
|
2018-07-25 07:00:04 | The Death botnet grows targeting AVTech devices with a 2-years old exploit (lien direct) | A new botnet, tracked as Death botnet has appeared in the threat landscape and is gathering unpatched AVTech devices with an old exploit. A new botnet, tracked as ‘Death botnet,’ has appeared in the threat landscape, its author that goes online with the moniker EliteLands is gathering unpatched AVTech devices in the malicious infrastructure. AVTech […] | Threat | ★★ | |
|
2018-07-23 20:52:04 | Experts warn of new campaigns leveraging Mirai and Gafgyt variants (lien direct) | Security experts are warning of an intensification of attacks powered by two notorious IoT botnets, Mirai and Gafgyt. Security experts are warning of a new wave of attacks powered by two botnets, Mirai and Gafgyt. Since the code of the infamous Mirai botnet was leaked online many variants emerged in the threat landscape. Satori, Masuta, Wicked Mirai, JenX, […] | Threat | Satori | |
|
2018-07-14 17:35:01 | A few days after discovery of GandCrab ransomware ver 4.0, experts found 4.1 version (lien direct) | Security experts from Fortinet recently detected a new version of the GandCrab ransomware, ver 4.1, that is being distributed through compromised websites A few days ago, I wrote about the return of the GandCrab ransomware (v4), a new version appeared in the threat landscape and experts at BleepingComputer first reported it. GandCrab ransomware is a young threat, it first […] | Ransomware Threat | ||
|
2018-07-11 11:49:04 | Hacker offered for sale US Military Reaper Drone documents for $200 (lien direct) | Researchers at threat intelligence firm Recorded Future have reported that a hacker was trying to sell US Military Reaper drone documents for less than $200. The news is disconcerting, the hackers may have obtained the documents related to the Reaper drone by hacking into at least two computers belonging to U.S. military personnel. “Specifically, an English-speaking hacker claimed […] | Threat Cloud | APT 37 | |
|
2018-07-08 05:26:02 | HNS Botnet evolves and targets cross-platform database solutions (lien direct) | The HNS IoT botnet (Hide and Seek) originally discovered by BitDefender in January evolves and now targets cross-platform database solutions. Do you remember the Hide ‘N Seek (HNS) botnet? The IoT botnet Hide 'N Seek botnet appeared in the threat landscape in January, when it was first spotted on January 10th by malware researchers from Bitdefender. It was first discovered […] | Malware Threat | ||
|
2018-07-04 11:45:05 | The GandCrab ransomware V4 appears in the threat landscape (lien direct) | A new variant of the infamous GandCrab ransomware V4 was released during the weekend, experts shared details of the threat, A new version of the dreaded GandCrab ransomware (V4) was released during the weekend and according to the experts it included numerous changes. New #GandCrab version "V4" GANDCRAB V4 Ransomware – Remove and Restore .KRAB […] | Ransomware Threat | ||
|
2018-06-28 06:35:01 | Talos releases ThanatosDecryptor, a free Thanatos Ransomware decryptor (lien direct) | Experts from Cisco's Talos team released a free decryption tool for the Thanatos ransomware to recover the files without paying the ransom. The Thanatos ransomware first appeared in the threat landscape in February when it was discovered by researchers at the MalwareHunterTeam. The experts from Talos believe the malware is being actively developed, it was being distributed […] | Ransomware Malware Tool Threat | ||
|
2018-06-26 04:44:00 | Lazarus APT hackers leverages HWP Documents in a recent string of attacks (lien direct) | Security researchers at AlienVault uncovered a series of cyber attacks on cryptocurrency exchanges leveraging weaponized Hangul Word Processor HWP documents (Hangul Word Processor documents). The string of attacks involving the HWP documents has been attributed to the North Korea-linked Lazarus APT group, and includes the hack of the South Korean virtual currency exchange Bithumb. The hackers […] | Hack Threat | Bithumb APT 38 | |
|
2018-06-22 08:27:00 | GZipDe Downloader spotted serving a Metasploit backdoor (lien direct) | Security experts from AlienVault have spotted a new piece of malware named GZipDe that was used in a cyber-espionage campaign. GZipDe is downloader that is used by threat actors to fetch other payloads from a server controlled by attackers. The malware was detected after user from Afghanistan has uploaded a weaponized Word document on VirusTotal service, the […] | Malware Threat | ||
|
2018-03-18 13:39:04 | Hackers tried to cause a blast at a Saudi petrochemical plant (lien direct) | A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August. Do you remember the powerful cyber attack that in 2014 hit computers at Saudi Aramco? A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August. […] | Threat | ★★★★ | |
|
2018-03-13 11:54:02 | Study confirms the trade of code-signing certificates is a flourishing business (lien direct) | According to a new study conducted by American and Czech researchers, the trade of code-signing certificates is a flourishing business. Code-signing certificates are precious commodities in the dark web, according to a new study conducted by American and Czech researchers and Symantec Labs technical director Christopher Gates their trade is a flourishing business. The experts pointed out […] | Threat |
To see everything:
Our RSS (filtrered)
