What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-14 15:10:01 | US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices (lien direct) | The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) to warn of offensive capabilities developed by […] | Threat | ||
|
2022-04-14 10:42:53 | Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited (lien direct) | Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability […] | Vulnerability Threat | ||
|
2022-04-13 14:52:23 | China-linked Hafnium APT leverages Tarrask malware to gain persistence (lien direct) | China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities […] | Malware Threat | ||
|
2022-04-12 14:05:20 | Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers (lien direct) | Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by […] | Malware Threat | ||
|
2022-04-11 07:19:41 | Securing Easy Appointments and earning CVE-2022-0482 (lien direct) | Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […] | Vulnerability Threat | ||
|
2022-04-10 07:53:57 | Facebook blocked Russia and Belarus threat actors\' activity against Ukraine (lien direct) | Facebook/Meta said Russia-linked threat actors are attempting to use the social network against Ukraine with hate speech, bullying, and fake news. Facebook/Meta revealed that Russia-linked threat actors are attempting to weaponize the social network to target Ukraine. The company blocked about 200 accounts operated from Russia that were used to falsely report people for various […] | Threat | ||
|
2022-04-09 12:06:00 | China-linked threat actors target Indian Power Grid organizations (lien direct) | China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka […] | Threat | APT 1 | |
|
2022-04-09 07:45:29 | A Mirai-based botnet is exploiting the Spring4Shell vulnerability (lien direct) | Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […] | Vulnerability Threat | ||
|
2022-04-08 07:16:58 | Hamas-linked threat actors target high-profile Israeli individuals (lien direct) | Hamas-linked threat actors conducted an elaborate campaign aimed at high-profile Israeli individuals employed in sensitive sectors. Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns targeting Israeli high-profile targets working for sensitive defense, law enforcement, and emergency services organizations. The threat actors use sophisticated social engineering techniques to infect Windows and Android […] | Threat | APT-C-23 | |
|
2022-04-07 14:56:47 | Colibri Loader employs clever persistence mechanism (lien direct) | Recently discovered malware loader Colibri leverages a trivial and efficient persistence mechanism to deploy Windows Vidar data stealer. Malwarebytes researchers observed a new loader, dubbed Colibri, which has been used to deploy a Windows information stealer tracked as Vidar in a recent campaign. The Colibri Loader first appeared in the threat landscape in August 2021 […] | Malware Threat | ||
|
2022-04-06 14:57:35 | Ukraine warns of attacks aimed at taking over Telegram accounts (lien direct) | Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors […] | Threat | ||
|
2022-04-04 05:38:05 | Borat RAT, a new RAT that performs ransomware and DDoS attacks (lien direct) | Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Unlike other RATs, the Borat RAT provides Ransomware and DDOS services […] | Ransomware Threat | ||
|
2022-04-02 10:00:39 | Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts (lien direct) | GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […] | Vulnerability Threat | ||
|
2022-04-01 06:56:46 | Flaws in Wyze cam devices allow their complete takeover (lien direct) | Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds. The three flaws reported by the cybersecurity firm […] | Threat | ||
|
2022-03-30 15:02:13 | (Déjà vu) CISA and DoE warns of attacks targeting UPS devices (lien direct) | The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published joint guidance on mitigating cyber attacks against uninterruptible power supply (UPS) devices. The US agencies warn of threat actors gaining access to […] | Threat | ||
|
2022-03-29 22:03:16 | $625M stolen from Axie Infinity \'s Ronin bridge, the largest ever crypto hack (lien direct) | Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was […] | Hack Threat | ||
|
2022-03-29 07:04:04 | What is credential stuffing? And how to prevent it? (lien direct) | This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing attempt can be caught as a behavioral anomaly – if you're looking. Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, […] | Threat | ||
|
2022-03-25 15:29:35 | Chinese threat actor Scarab targets Ukraine, CERT-UA warns (lien direct) | Ukraine CERT (CERT-UA) released details about a campaign that SentinelLabs linked with the suspected Chinese threat actor tracked as Scarab. Ukraine CERT (CERT-UA) published technical details about a malicious activity tracked as UAC-0026, which SentinelLabs associated with China-linked Scarab APT. Scarab APT was first spotted in 2015, but experts believe it has been active since […] | Threat | ||
|
2022-03-23 21:43:36 | Ukrainian enterprises hit with the DoubleZero wiper (lien direct) | Ukraine CERT-UA warns of cyberattack aimed at Ukrainian enterprises using the a wiper dubbed DoubleZero. Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing a wiper dubbed DoubleZero. The government CERT started observing this campaign on March 17, 2022, threat actors launched spear-phishing […] | Malware Threat | ||
|
2022-03-23 15:19:59 | FBI warns of growing risks of Russia-linked attacks on US energy firms (lien direct) | The FBI is warning of risks related to cyber attacks aimed at energy companies of Russia-linked threat actors. The FBI is warning energy companies of the risks of cyber attacks carried out by Russia-linked threat actors, reported The Associated Press. The Associated Press has access to a security advisory issued by the FBI that reports […] | Threat | ||
|
2022-03-22 14:31:17 | Lapsus$ extortion gang claims to have stolen sensitive data from Okta (lien direct) | The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s […] | Hack Threat | ||
|
2022-03-20 14:26:44 | Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the previous weeks: March 18 – China-linked threat actors are targeting the government of Ukraine Google's TAG team revealed that China-linked APT groups are targeting Ukraine […] | Threat | ||
|
2022-03-19 16:10:54 | Crooks claims to have stolen 4TB of data from TransUnion South Africa (lien direct) | TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen […] | Threat | ||
|
2022-03-19 13:15:26 | Exotic Lily initial access broker works with Conti gang (lien direct) | Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Initial access brokers play an essential role in the cybercrime ecosystem, they provide access to previously […] | Ransomware Threat | ||
|
2022-03-18 21:12:47 | China-linked threat actors are targeting the government of Ukraine (lien direct) | Google’s TAG team revealed that China-linked APT groups are targeting Ukraine 's government for intelligence purposes. Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine ‘s government to gather info on the ongoing conflict. Below is the tweet […] | Threat | ||
|
2022-03-16 22:44:40 | Russia\'s disinformation uses deepfake video of Zelenskyy telling people to lay down arms (lien direct) | Russian disinformation continues, this time it used a deepfake video of Zelenskyy inviting Ukrainians to ‘lay down arms.’ A deepfake video of the Ukrainian president Volodymyr Zelenskyy telling its citizens to lay down arms is the last example of disinformation conducted by Russia-linked threat actors. The fake video shows President Zelenskyy saying ‘It turned out […] | Threat | ||
|
2022-03-16 13:28:18 | Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud (lien direct) | FBI and CISA warn Russia-linked threats actors gained access to an NGO cloud after enrolling their own device in the organization’s Duo MFA. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) warned that Russia-linked threat actors have gained access to a non-governmental organization (NGO) cloud by exploiting misconfigured default multifactor […] | Threat | ||
|
2022-03-14 21:51:17 | A massive DDoS attack hit Israel, government sites went offline (lien direct) | Many Israel government websites were offline after a cyberattack, defense sources claim that this is the largest-ever attack that hit the country. Israeli media reported that a massive DDoS attack has taken down many Israel government websites. The Jerusalem Post attributed the attack to an allegedly Iran-linked threat actor that claimed responsibility for the attack. Multiple […] | Threat | ||
|
2022-03-14 08:09:12 | Russia-Ukraine cyber conflict poses critical infrastructure at risk (lien direct) | While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk. Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine cyber conflict is posing them at risk. Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial […] | Threat | ||
|
2022-03-12 16:40:23 | Attackers use website contact forms to spread BazarLoader malware (lien direct) | Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms. TrickBot operation has recently arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, […] | Malware Threat | ||
|
2022-03-10 21:51:37 | Crooks target Ukraine\'s IT Army with a tainted DDoS tool (lien direct) | Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army, threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” The Liberator tool is circulating among pro-Ukraina hackers that use it to target Russian […] | Malware Tool Threat | ||
|
2022-03-09 15:57:44 | Multiple Russian government websites hacked in a supply chain attack (lien direct) | Threat actors hacked Russian federal agencies’ websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies’ websites were compromised in a supply chain attack, threat actors compromised the stats widget used to track the number of visitors by several government agencies. Threat actors were able to deface the […] | Threat | ||
|
2022-03-09 07:50:04 | Samsung data breach: Lapsus$ gang stole Galaxy devices\' source code (lien direct) | Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models. Last week the Lapsus$ ransomware gang claimed to have stolen a huge trove of sensitive data […] | Threat | ||
|
2022-03-08 21:44:44 | Google TAG: Russia, Belarus-linked APTs targeted Ukraine (lien direct) | Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google Threat Analysis Group (TAG), which focuses on the analysis of nation-state threat actors, revealed to have blocked attacks against hundreds of Ukrainians conducted by Belarus and Russian state-sponsored hackers. The attacks have been attributed to the Russia-linked […] | Threat | ||
|
2022-03-04 10:09:07 | Russia-Ukraine, who are the soldiers that crowd cyberspace? (lien direct) | While Russia is invading Ukraine, multiple forces are joining in the conflict, especially in the cyber space, let’s analyze them The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty of attributing the attacks. Security group CyberKnow shared an interesting analysis about the […] | Threat | ||
|
2022-03-01 15:24:35 | China-linked APT used Daxin, one of the most sophisticated backdoor even seen (lien direct) | Daxin is the most advanced backdoor in the arsenal of China-linked threat actors designed to avoid the detection of sophisticated defense systems. Symantec researchers discovered a highly sophisticated backdoor, named Daxin, which is being used by China-linked threat actors to avoid advanced threat detection capabilities. The malicious code was likely designed for long-running espionage campaigns […] | Threat | ||
|
2022-03-01 00:12:28 | FoxBlade malware targeted Ukrainian networks hours before Russia\'s invasion (lien direct) | Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. […] | Malware Threat | ||
|
2022-02-28 10:29:00 | Iran-linked UNC3313 APT employed two custom backdoors against a Middle East gov entity (lien direct) | An Iran-linked threat actor, tracked as UNC3313, was observed using two custom backdoor against an unnamed Middle East government entity. UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom […] | Threat | ||
|
2022-02-24 21:53:39 | CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due […] | Tool Vulnerability Threat | ||
|
2022-02-24 11:54:24 | New Wiper Malware HermeticWiper targets Ukrainian systems (lien direct) | Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. The threat of hybrid warfare is reality, Russia-linked APT group have supported the operations of the Russian army while preparing for the invasion. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in […] | Malware Threat | ★★★★★ | |
|
2022-02-22 20:46:50 | Threat actors target poorly protected Microsoft SQL Server installs (lien direct) | Threat actors install Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve a foothold in the target network. Researchers from Ahn Lab’s ASEC spotted a new wave of attacks deploying Cobalt Strike beacons on vulnerable Microsoft SQL Server installs to achieve initial access to target networks and deploy malicious payloads. The threat actors behind […] | Threat | ||
|
2022-02-21 07:58:51 | (Déjà vu) Threat Report Portugal: Q4 2021 (lien direct) | The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported […] | Threat | ||
|
2022-02-17 23:06:16 | Threat actors leverage Microsoft Teams to spread malware (lien direct) | Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users, threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising […] | Malware Threat | ||
|
2022-02-17 11:01:21 | New Kraken botnet is allowing operators to earn USD 3,000 every month (lien direct) | Researchers spotted a new Golang-based botnet called Kraken that is under active development and supports a lot of backdoor capabilities. Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence. Experts pointed out that despite having the same name, this botnet should not be confused with the Kraken […] | Threat | ||
|
2022-02-16 21:36:03 | Russia-linked threat actors breached US cleared defense contractors (CDCs) (lien direct) | Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to a joint alert published by the FBI, NSA, and CISA, Russia-linked threat actors conducted a cyber espionage campaign aimed at US cleared defense contractors to steal sensitive info related to intelligence programs and capabilities. CDCs […] | Threat | ||
|
2022-02-15 05:37:15 | Remote sex toys might spice up your love life – but crooks could also get a kick out of them (lien direct) | A CyberNews investigation has revealed that Lovense remote sex toy users might be at risk from threat actors, due to poor security features. Original post: https://cybernews.com/privacy/remote-sex-toys-might-spice-up-your-love-life-but-crooks-could-also-get-a-kick-out-of-them/ Lovense boasts that its teledildonic sex toys will spice up your sexual relationship. By using wireless remote control, you can customize vibrations and adjust them to your body, or […] | Threat | ||
|
2022-02-14 23:42:02 | SSU: Russia-linked actors are targeting Ukraine with \'massive wave of hybrid warfare\' (lien direct) | The Security Service of Ukraine (SSU) said the country is the target of an ongoing “wave of hybrid warfare.” The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors. Threat actors aim at destabilizing the social contest in the country […] | Threat | ||
|
2022-02-13 19:34:40 | Organizations paid at least $602 million to ransomware gangs in 2021 (lien direct) | Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. Last week, cybersecurity agencies from the U.K., the U.S. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. According to a report published by the blockchain analysis firm […] | Ransomware Threat | ||
|
2022-02-12 18:32:09 | CISA, FBI, NSA warn of the increased globalized threat of ransomware (lien direct) | CISA, FBI and NSA published a joint advisory warning of ransomware attacks targeting critical infrastructure organizations. Cybersecurity agencies from the U.K., the U.S. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial […] | Ransomware Threat | ||
|
2022-02-12 11:46:51 | (Déjà vu) Croatian phone carrier A1 Hrvatska discloses data breach (lien direct) | Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted roughly 200,000 customers. Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted 10% of its customers, roughly 200,000 people. Threat actors had access to sensitive personal information of the customers, including names, personal identification numbers, physical addresses, and […] | Data Breach Threat |
To see everything:
Our RSS (filtrered)
