What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-02 17:09:12 | Conti leaked chats confirm that the gang\'s ability to conduct firmware-based attacks (lien direct) | The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to […] | Ransomware Threat | ||
|
2022-05-31 14:28:17 | SideWinder carried out over 1,000 attacks since April 2020 (lien direct) | >SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). The group stands out for the high frequency and persistence of its attacks, researchers believe that the […] | Threat | APT-C-17 | |
|
2022-05-30 14:49:23 | A new WhatsApp OTP scam could allow the hijacking of users\' accounts (lien direct) | Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users' accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users' accounts through phone calls. The fraudulent scheme is simple, threat actors make a phone call […] | Threat | ||
|
2022-05-30 11:20:08 | GoodWill Ransomware victims have to perform socially driven activities to decryption their data (lien direct) | >Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK's Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in […] | Ransomware Threat | ★★★ | |
|
2022-05-28 15:55:27 | Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (lien direct) | >360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […] | Malware Threat | ||
|
2022-05-28 13:30:21 | Reuters: Russia-linked APT behind Brexit leak website (lien direct) | >Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from Brexit supporters, including […] | Threat Guideline | ||
|
2022-05-28 11:01:18 | GitHub: Nearly 100,000 NPM Users\' credentials stolen in the April OAuth token attack (lien direct) | GitHub provided additional details into the theft of its integration OAuth tokens that occurred in April, with nearly 100,000 NPM users’ credentials. GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials. In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain […] | Threat | ||
|
2022-05-27 13:22:16 | FBI: Compromised US academic credentials available on various cybercrime forums (lien direct) | >The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks […] | Threat | ||
|
2022-05-27 05:58:22 | Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw (lien direct) | >Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) […] | Vulnerability Threat | ||
|
2022-05-26 20:40:28 | Exposed: the threat actors who are poisoning Facebook (lien direct) | >An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An investigation of the infamous “Is That You?” video scam has led Cybernews researchers to a cybercriminal stronghold, from which threat actors have been infecting the social media giant with […] | Threat | ||
|
2022-05-26 09:13:55 | Italy announced its National Cybersecurity Strategy 2022/26 (lien direct) | >Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government’s commitment to addressing cyber threats and increasing the resilience of the country to cyber attacks. The strategy is aligned with the […] | Threat | ||
|
2022-05-25 22:36:59 | Unknown APT group is targeting Russian government entities (lien direct) | >An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. The threat actors behind the attacks […] | Threat | ||
|
2022-05-24 18:18:56 | Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT (lien direct) | >Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited to deploy malware. In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen […] | Threat | ||
|
2022-05-24 13:16:01 | Microsoft warns of new highly evasive web skimming campaigns (lien direct) | >Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in […] | Threat | ||
|
2022-05-23 22:03:19 | Russia-linked Turla APT targets Austria, Estonia, and NATO platform (lien direct) | >Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO's […] | Threat | ||
|
2022-05-23 17:17:24 | Russia-linked Fronton botnet could run disinformation campaigns (lien direct) | >Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “Digital Revolution” claimed to have hacked a subcontractor to the Russian FSB. The […] | Threat | ||
|
2022-05-23 09:04:29 | Cytrox\'s Predator spyware used zero-day exploits in 3 campaigns (lien direct) | Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. The five 0-day vulnerabilities […] | Threat | ||
|
2022-05-23 06:56:23 | Threat actors target the infoSec community with fake PoC exploits (lien direct) | >Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library […] | Malware Threat | ||
|
2022-05-22 15:48:25 | North Korea-linked Lazarus APT uses Log4J to target VMware servers (lien direct) | >North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […] | Vulnerability Threat | APT 38 | |
|
2022-05-21 11:14:50 | Cisco fixes an IOS XR flaw actively exploited in the wild (lien direct) | >Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked as CVE-2022-20821 (CVSS score: 6.5), that threat actors are actively exploiting in attacks in the wild. The flaw resides in […] | Vulnerability Threat | ||
|
2022-05-20 14:36:00 | The activity of the Linux XorDdos bot increased by 254% over the last six months (lien direct) | >Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second […] | Threat | ||
|
2022-05-18 21:29:54 | VMware fixed a critical auth bypass issue in some of its products (lien direct) | >VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately. “This critical vulnerability should be patched or mitigated immediately per the […] | Vulnerability Threat | ||
|
2022-05-18 20:04:37 | Microsoft warns of attacks targeting MSSQL servers using the tool sqlps (lien direct) | >Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. The attacks are using the legitimate tool sqlps.exe, a sort of SQL Server PowerShell file, as a LOLBin (short for living-off-the-land binary). Microsoft warned of […] | Tool Threat | ||
|
2022-05-18 14:37:54 | Microsoft warns of the rise of cryware targeting hot wallets (lien direct) | >Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […] | Malware Threat | ||
|
2022-05-18 07:41:40 | Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift (lien direct) | >Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. The new version is written in Swift and relies on the AWS infrastructure to host its malicious payloads. […] | Malware Threat | ||
|
2022-05-17 19:10:57 | Venezuelan cardiologist accused of operating and selling Thanos ransomware (lien direct) | >The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a. Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware […] | Ransomware Malware Threat | ||
|
2022-05-17 05:19:04 | A custom PowerShell RAT uses to target German users using Ukraine crisis as bait (lien direct) | >Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis. Malwarebytes experts uncovered a campaign that targets German users with custom PowerShell RAT targeting. The threat actors attempt to trick victims into opening weaponized documents by using the current situation in Ukraine as bait. The […] | Threat | ||
|
2022-05-16 05:28:25 | Eternity Project: You can pay $260 for a stealer and $490 for a ransomware (lien direct) | >Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named 'Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The experts discovered the marketplace during a […] | Ransomware Threat | ||
|
2022-05-15 11:25:31 | Sysrv-K, a new variant of the Sysrv botnet includes new exploits (lien direct) | >Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. Threat actors use the botnet in a cryptomining campaign targeting Windows […] | Threat | ||
|
2022-05-13 06:52:53 | Iran-linked COBALT MIRAGE group uses ransomware in its operations (lien direct) | Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked […] | Ransomware Threat | APT 15 APT 15 | ★★★★ |
|
2022-05-10 06:41:59 | Threat actors are actively exploiting CVE-2022-1388 RCE in F5 BIG-IP (lien direct) | Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its […] | Threat | ★★★★ | |
|
2022-05-06 10:02:23 | Vulnerable Docker Installations Are A Playhouse for Malware Attacks (lien direct) | Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […] | Malware Threat | ||
|
2022-05-03 23:21:00 | China-linked APT Curious Gorge targeted Russian govt agencies (lien direct) | China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge, is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity […] | Threat | ||
|
2022-05-01 13:13:29 | Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol (lien direct) | Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million. Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers […] | Threat | ||
|
2022-04-30 17:27:35 | Emotet tests new attack chain in low volume campaigns (lien direct) | Emotet operators are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The threat actors are adopting the […] | Threat | ||
|
2022-04-28 14:49:32 | Bumblebee, a new malware loader used by multiple crimeware threat actors (lien direct) | Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. The loader appears to be under development and is a highly sophisticated […] | Malware Threat | ||
|
2022-04-28 04:36:37 | Russia-linked threat actors launched hundreds of cyberattacks on Ukraine (lien direct) | Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion. Microsoft states that at least six separate Russia-linked threat actors launched more than 237 operations against Ukraine starting just before the invasion. The cyber attacks included destructive wipers that were used to target critical infrastructure in a hybrid war […] | Threat | ||
|
2022-04-27 07:15:07 | Conti ransomware operations surge despite the recent leak (lien direct) | Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities. The group’s activity returned to the levels […] | Ransomware Threat | ||
|
2022-04-25 08:09:22 | Experts warn of a surge in zero-day flaws observed and exploited in 2021 (lien direct) | The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google and Mandiant have published two reports that highlight a surge in the discovery of zero-day flaws exploited by threat actors in attacks in the wild. Google's Project Zero researchers reported that 58 zero-day were discovered […] | Threat | ||
|
2022-04-24 13:57:11 | Atlassian addresses a critical Jira authentication bypass flaw (lien direct) | Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by […] | Vulnerability Threat | ||
|
2022-04-21 07:15:37 | US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors\' attacks (lien direct) | Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada, New Zealand, and the United Kingdom) issued a joint advisory warning of cyber attacks on critical infrastructure conducted by Russia-linked threat actors and criminal cyber threats. […] | Threat | ||
|
2022-04-20 19:30:08 | Russian Gamaredon APT continues to target Ukraine (lien direct) | Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and ACTINIUM) continues to target Ukraine and it is using new variants of the custom Pterodo backdoor (aka Pteranodon). The cyberespionage group is behind a recent series of spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian […] | Threat | ||
|
2022-04-19 10:03:43 | NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks (lien direct) | Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists. […] | Threat | ||
|
2022-04-18 17:46:46 | Experts spotted Industrial Spy, a new stolen data marketplace (lien direct) | A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the […] | Malware Threat | ||
|
2022-04-17 17:53:00 | Enemybot, a new DDoS botnet appears in the threat landscape (lien direct) | Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet […] | Threat | ||
|
2022-04-17 14:58:53 | Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns (lien direct) | GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, […] | Threat | ||
|
2022-04-16 11:49:34 | Threat actors target the Ukrainian gov with IcedID malware (lien direct) | Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats […] | Malware Threat | ||
|
2022-04-15 22:13:40 | Threat actors use Zimbra exploits to target organizations in Ukraine (lien direct) | Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). “Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch […] | Vulnerability Threat | ||
|
2022-04-15 14:37:07 | ZingoStealer crimeware released for free in the cybercrime ecosystem (lien direct) | A new powerful crimeware called ZingoStealer was released for free by a threat actor known as Haskers Gang. ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The threat actors were also offering their own crypter, dubbed […] | Threat | ||
|
2022-04-15 10:25:30 | Google fixed third zero-day in Chrome since the start of 2022 (lien direct) | Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The CVE-2022-1364 zero-day is a type confusion issue […] | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
