What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-17 19:24:43 | Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever (lien direct) | >Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the […] | Threat | ||
|
2022-07-16 14:16:22 | CISA urges to fix multiple critical flaws in Juniper Networks products (lien direct) | >CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Controller. Threat actors can exploit some of these vulnerabilities […] | Threat | ||
|
2022-07-16 13:14:26 | Threat actors exploit a flaw in Digium Phone Software to target VoIP servers (lien direct) | >Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] | Vulnerability Threat | ||
|
2022-07-15 22:27:19 | Tainted password-cracking software for industrial systems used to spread P2P Sality bot (lien direct) | >Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] | Vulnerability Threat | ||
|
2022-07-15 14:33:04 | Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons (lien direct) | >Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] | Vulnerability Threat | ||
|
2022-07-15 12:08:14 | Holy Ghost ransomware operation is linked to North Korea (lien direct) | >Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] | Ransomware Threat | ||
|
2022-07-15 07:26:04 | RedAlert, LILITH, and 0mega, 3 new ransomware in the wild (lien direct) | >Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] | Ransomware Threat | ||
|
2022-07-13 18:29:04 | Qakbot operations continue to evolve to avoid detection (lien direct) | >Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] | Malware Threat | ||
|
2022-07-13 05:56:54 | Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021 (lien direct) | >A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and bypass the authentication process even when the victim has enabled the MFA. In AiTM phishing, threat actors set up a proxy […] | Threat | ||
|
2022-07-12 07:26:21 | Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM (lien direct) | >Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant […] | Threat | ||
|
2022-07-11 14:42:18 | A fake job offer via LinkedIn allowed to steal $540M from Axie Infinity (lien direct) | >Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity's Ronin network bridge. The attack took place on March 23rd, but […] | Threat | ||
|
2022-07-10 16:07:44 | French telephone operator La Poste Mobile suffered a ransomware attack (lien direct) | >French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. The company pointed out that threat actors may have accessed data of its customers, […] | Ransomware Threat | ||
|
2022-07-09 04:59:16 | Evolution of the LockBit Ransomware operation relies on new techniques (lien direct) | >Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] | Ransomware Threat | ||
|
2022-07-08 07:23:07 | New Checkmate ransomware target QNAP NAS devices (lien direct) | >Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] | Ransomware Threat | ||
|
2022-07-07 20:08:30 | Large-scale cryptomining campaign is targeting the NPM JavaScript package repository (lien direct) | >Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […] | Threat | ||
|
2022-07-07 13:49:58 | North Korea-linked APTs use Maui Ransomware to target the Healthcare industry (lien direct) | >US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] | Ransomware Threat | ||
|
2022-07-07 10:16:53 | ENISA released the Threat Landscape Methodology (lien direct) | >I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual […] | Threat | ||
|
2022-07-06 23:08:11 | Marriott International suffered a new data breach, attackers stole 20GB of data (lien direct) | >Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland (BWIA), […] | Data Breach Threat | ||
|
2022-07-06 17:34:14 | Cyberattacks against law enforcement are on the rise (lien direct) | >Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong […] | Threat | ||
|
2022-07-04 18:37:06 | (Déjà vu) Data of a billion Chinese residents available for sale on a cybercrime forum (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 18:37:06 | Data of a billion Chinese residents available for sale on the dark web (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 08:05:41 | Threat Report Portugal: Q2 2022 (lien direct) | >The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […] | Threat | ||
|
2022-07-02 05:03:39 | A ransomware attack forced publishing giant Macmillan to shuts down its systems (lien direct) | >A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] | Ransomware Threat | ||
|
2022-07-01 14:44:34 | A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers (lien direct) | >Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to […] | Threat | ||
|
2022-06-30 17:58:47 | Experts blame North Korea-linked Lazarus APT for the Harmony hack (lien direct) | >North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's […] | Hack Threat | APT 38 | |
|
2022-06-28 21:24:18 | ZuoRAT malware hijacks SOHO Routers to spy in the vitims (lien direct) | >A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] | Malware Threat | ||
|
2022-06-27 14:46:33 | New Matanbuchus Campaign drops Cobalt Strike beacons (lien direct) | >Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] | Malware Threat | ||
|
2022-06-27 08:12:53 | Threat actors stole $100M in crypto assets from Harmony (lien direct) | >Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's Horizon […] | Threat | ||
|
2022-06-26 18:27:26 | Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day (lien direct) | >A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […] | Threat | ||
|
2022-06-26 09:32:45 | Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas (lien direct) | >Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […] | Threat | ||
|
2022-06-25 11:59:00 | Attackers exploited a zero-day in Mitel VOIP devices to compromise a network (lien direct) | >Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] | Ransomware Vulnerability Threat | ||
|
2022-06-24 07:14:03 | (Déjà vu) Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users (lien direct) | >Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with […] | Threat | ||
|
2022-06-23 07:53:28 | Researchers found flaws in MEGA that allowed to decrypt of user data (lien direct) | >Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. Data on Mega services is end-to-end encrypted client-side […] | Threat | ||
|
2022-06-22 13:49:09 | Magecart attacks are still around but are more difficult to detect (lien direct) | >Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes researchers warn that the Client-side Magecart attacks are still targeting organizations, but are more covert. The researchers recently uncovered two […] | Threat | ||
|
2022-06-22 09:21:23 | Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer (lien direct) | >Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex banking trojan instead of the Raccoon Stealer. The switch occurred in February when Raccoon Stealer temporarily halted […] | Threat | ||
|
2022-06-21 15:05:21 | New ToddyCat APT targets high-profile entities in Europe and Asia (lien direct) | >Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The threat […] | Threat | ||
|
2022-06-21 12:01:07 | New DFSCoerce NTLM relay attack allows taking control over Windows domains (lien direct) | >Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The DFSCoerce attack relies on the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to […] | Threat | ||
|
2022-06-19 22:31:24 | Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild (lien direct) | >A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] | Vulnerability Threat | ||
|
2022-06-17 23:00:30 | Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed (lien direct) | >China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] | Vulnerability Threat | ||
|
2022-06-17 20:00:33 | Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company (lien direct) | >Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] | Malware Threat Cloud | APT 37 | |
|
2022-06-16 21:53:40 | BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers (lien direct) | >The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] | Ransomware Threat | ||
|
2022-06-13 13:18:30 | HelloXD Ransomware operators install MicroBackdoor on target systems (lien direct) | >Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] | Ransomware Threat | ||
|
2022-06-10 20:51:38 | Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (lien direct) | >Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […] | Vulnerability Threat | ||
|
2022-06-09 19:10:49 | (Déjà vu) Symbiote, a nearly-impossible-to-detect Linux malware (lien direct) | >Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with […] | Threat | ||
|
2022-06-08 09:53:30 | China-linked threat actors have breached telcos and network service providers (lien direct) | >China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target […] | Threat | ||
|
2022-06-07 14:19:53 | Evil Corp gang starts using LockBit Ransomware to evade sanctions (lien direct) | >Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] | Ransomware Threat | ★★ | |
|
2022-06-07 08:55:47 | Black Basta ransomware operators leverage QBot for lateral movements (lien direct) | >The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] | Ransomware Malware Threat | ||
|
2022-06-06 20:15:11 | Microsoft seized 41 domains used by Iran-linked Bohrium APT (lien direct) | >Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed […] | Threat | ||
|
2022-06-05 13:58:11 | Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club (lien direct) | >Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted […] | Threat | ||
|
2022-06-03 14:45:49 | Clipminer Botnet already allowed operators to make at least $1.7 Million (lien direct) | >The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec's Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft […] | Threat |
To see everything:
Our RSS (filtrered)
