What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-28 05:06:36 | New Agenda Ransomware appears in the threat landscape (lien direct) | >Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] | Ransomware Threat | ★★★ | |
|
2022-08-27 16:14:51 | Twilio hackers also breached the food delivery firm DoorDash (lien direct) | >Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data. DoorDash declared that malicious hackers stole credentials from employees of a third-party vendor, then […] | Hack Threat | ||
|
2022-08-27 07:06:40 | Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus (lien direct) | >Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […] | Threat | ||
|
2022-08-26 06:58:36 | 0ktapus phishing campaign: Twilio hackers targeted other 136 organizations (lien direct) | >The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services. The campaign, codenamed 0ktapus, […] | Threat | ||
|
2022-08-25 23:18:15 | LastPass data breach: threat actors stole a portion of source code (lien direct) | >Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] | Threat | LastPass | |
|
2022-08-25 17:11:38 | Nobelium APT uses new Post-Compromise malware MagicWeb (lien direct) | >Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […] | Malware Threat | APT 29 | |
|
2022-08-25 06:59:38 | Threat actors are using the Tox P2P messenger as C2 server (lien direct) | >Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in […] | Threat | ||
|
2022-08-24 23:12:45 | Plex discloses data breach and urges password reset (lien direct) | >The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and […] | Data Breach Threat | ||
|
2022-08-24 17:48:20 | AiTM phishing campaign also targets G Suite users (lien direct) | >The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user […] | Threat | ||
|
2022-08-21 17:40:20 | Threat actors are stealing funds from General Bytes Bitcoin ATM (lien direct) | >Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] | Vulnerability Threat | ||
|
2022-08-20 08:28:30 | TA558 cybercrime group targets hospitality and travel orgs (lien direct) | >TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] | Malware Threat | ||
|
2022-08-18 15:24:11 | BlackByte ransomware v2 is out with new extortion novelties (lien direct) | >A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] | Ransomware Threat | ★★ | |
|
2022-08-18 08:36:30 | Apple fixed two new zero-day flaws exploited by threat actors (lien direct) | >Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […] | Threat | ||
|
2022-08-15 21:46:10 | Microsoft disrupts SEABORGIUM \'s ongoing phishing operations (lien direct) | >Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries. SEABORGIUM has been active since at least 2017, […] | Threat | ||
|
2022-08-15 18:01:21 | VNC instances exposed to Internet pose critical infrastructures at risk (lien direct) | >Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […] | Threat | ||
|
2022-08-15 07:02:20 | Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi (lien direct) | >China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems. The Iron Tiger APT (aka Panda Emissary, […] | Threat | APT 27 | ★★★★★ |
|
2022-08-14 06:52:55 | CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks (lien direct) | >The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] | Ransomware Threat | ||
|
2022-08-11 17:58:58 | Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS (lien direct) | >Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […] | Threat | ||
|
2022-08-11 05:47:24 | Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key (lien direct) | >Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] | Vulnerability Threat | ||
|
2022-08-10 21:20:53 | Cisco was hacked by the Yanluowang ransomware gang (lien direct) | >Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] | Ransomware Threat | ||
|
2022-08-10 15:14:01 | Experts found 10 malicious packages on PyPI used to steal developers\' data (lien direct) | 10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers provide details about […] | Threat | ||
|
2022-08-09 14:52:06 | Chinese actors behind attacks on industrial enterprises and public institutions (lien direct) | >China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, […] | Threat | ||
|
2022-08-08 18:16:46 | (Déjà vu) Twilio discloses data breach that impacted customers and employees (lien direct) | >Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is […] | Data Breach Threat | ||
|
2022-08-08 15:11:18 | LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities (lien direct) | >LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […] | Spam Threat | ||
|
2022-08-05 22:08:30 | Twitter confirms zero-day used to access data of 5.4 million accounts (lien direct) | >Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ||
|
2022-08-05 14:10:06 | (Déjà vu) DHS warns of critical flaws in Emergency Alert System encoder/decoder devices (lien direct) | >The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks. The Emergency Alert System […] | Threat | ||
|
2022-08-05 08:49:59 | Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor (lien direct) | >A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […] | Threat | ||
|
2022-08-04 19:13:13 | New Woody RAT used in attacks aimed at Russian entities (lien direct) | >An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] | Malware Threat | ||
|
2022-08-04 11:21:00 | Hackers stole $200 million from the Nomad crypto bridge (lien direct) | >The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project […] | Threat | ||
|
2022-08-03 17:15:45 | Manjusaka, a new attack tool similar to Sliver and Cobalt Strike (lien direct) | >Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Strike tools. The […] | Tool Threat | ||
|
2022-08-02 12:30:55 | LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender (lien direct) | >An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […] | Tool Threat | ||
|
2022-08-02 07:34:52 | Austria investigates DSIRF firm for allegedly developing Subzero spyware (lien direct) | >Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows […] | Threat | ★★ | |
|
2022-08-01 06:13:32 | US Federal Communications Commission (FCC) warns of the rise of smishing attacks (lien direct) | >The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams. “The FCC's Robocall Response Team is alerting consumers to the rising […] | Threat | ||
|
2022-07-31 08:43:16 | North Korea-linked SharpTongue spies on email accounts with a malicious browser extension (lien direct) | >North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Researchers from cybersecurity firm Volexity tracked the threat actors as SharpTongue, but […] | Threat | ||
|
2022-07-30 19:40:21 | Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report (lien direct) | I’m proud to announce the release of the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report, Enjoy it! Ransomware has become one of the most dangerous threats for organizations worldwide. Cybercriminal organizations and ransomware gangs have devised new business models that are attracting a broad range of advanced threat actors. It is quite easy today for […] | Ransomware Threat | ||
|
2022-07-28 17:34:58 | Threat actors use new attack techniques after Microsoft blocked macros by default (lien direct) | >Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that […] | Threat | ||
|
2022-07-28 11:04:36 | European firm DSIRF behind the attacks with Subzero surveillance malware (lien direct) | >Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] | Malware Threat | ||
|
2022-07-27 20:17:57 | Attackers increasingly abusing IIS extensions to establish covert backdoors (lien direct) | >Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […] | Threat | ||
|
2022-07-27 14:51:28 | DUCKTAIL operation targets Facebook\'s Business and Ad accounts (lien direct) | >Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook's Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […] | Threat | ||
|
2022-07-26 18:57:31 | U.S. increased rewards for info on North Korea-linked threat actors to $10 million (lien direct) | >The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the 'significant cyber threat' posed by the North Korean nation-state actors […] | Threat | ||
|
2022-07-26 06:22:58 | Zero Day attacks target online stores using PrestaShop (lien direct) | >Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] | Vulnerability Threat | ||
|
2022-07-25 23:10:18 | CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China (lien direct) | >Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] | Malware Threat | ||
|
2022-07-24 13:53:53 | Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? (lien direct) | >North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […] | Threat Cloud | APT 37 APT 28 | |
|
2022-07-24 08:29:58 | A database containing data of 5.4 million Twitter accounts available for sale (lien direct) | >Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] | Vulnerability Threat | ||
|
2022-07-23 18:27:23 | FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks (lien direct) | >The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] | Ransomware Threat | ||
|
2022-07-22 11:27:57 | Hackers breached Ukrainian radio station to spread fake news about Zelensky \'s health (lien direct) | Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President Volodymyr Zelensky Threat actors breached the Ukrainian radio station TAVR Media this week, the attackers spread a fake message on the health status of the Zelensky. The Kyiv Independent reported that a music program on […] | Threat | ||
|
2022-07-22 05:45:39 | (Déjà vu) TA4563 group leverages EvilNum malware to target European financial and investment entities (lien direct) | >A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] | Malware Threat | ||
|
2022-07-20 05:51:49 | EU warns of risks of spillover effects associated with the ongoing war in Ukraine (lien direct) | >The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of the ongoing conflict between Russia and Ukraine. The Council of the European Union (EU) warns of the risks associated with the malicious cyber activities conducted by threat actors in the context of the ongoing conflict […] | Threat | ||
|
2022-07-20 05:39:58 | Belgium claims China-linked APT groups hit its ministries (lien direct) | >The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the […] | Threat | ||
|
2022-07-19 13:41:49 | Russia-linked APT29 relies on Google Drive, Dropbox to evade detection (lien direct) | >Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported that the Russia-linked APT29 group, tracked by the researchers as Cloaked Ursa, started using the Google Drive cloud storage service to evade detection. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least […] | Threat | APT 29 |
To see everything:
Our RSS (filtrered)
