What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-11 21:43:40 | (Déjà vu) CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. The 'Known Exploited Vulnerabilities Catalog' is a list of known vulnerabilities that threat actors have abused in attacks […] | Threat | ||
|
2022-02-10 15:19:33 | Threat actors compromised +500 Magento-based e-stores with e-skimmers (lien direct) | Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. Threat actors behind this campaign deployed a digital skimmer that was being loaded from the naturalfreshmall(.)com domain. […] | Threat | ||
|
2022-02-10 13:50:17 | Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents (lien direct) | The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and […] | Malware Threat | ★★★★★ | |
|
2022-02-07 12:55:07 | Hackers breached a server of National Games of China days before the event (lien direct) | An unnamed Chinese-language-speaking hacking group compromised systems at National Games of China in 2021. Researchers at cybersecurity firm Avast discovered that a Chinese-language-speaking threat actor has compromised systems at National Games of China in 2021. The event took place on September 15, 2021 in Shaanxi (China), it is a national version of the Olympics with only local […] | Threat | ||
|
2022-02-05 09:34:27 | CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw (lien direct) | US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. “CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat […] | Vulnerability Threat | ||
|
2022-02-04 15:28:38 | A nation-state actor hacked media and publishing giant News Corp (lien direct) | American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor. American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor that took place in January. The attackers compromised one of the systems of the […] | Threat | ||
|
2022-02-04 09:54:35 | Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor (lien direct) | An alleged Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform. An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability in the Zimbra open-source email platform. The zero-day vulnerability impacts almost any Zimbra install running version 8.8.15. Researchers from […] | Vulnerability Threat | ||
|
2022-02-03 23:09:56 | Exclusive interview with the Powerful Greek Army (PGA) hacker group (lien direct) | Six years ago the Powerful Greek Army (PGA) appeared in the threat landscape. After a long breach the hacker collective is back. I have interviewed them in exclusive … enjoy it! Tell me about your hacker team, which is the motivation behind the attacks? We have many motivations and reasons. First of all, we started […] | Threat | ||
|
2022-02-03 15:12:55 | Oil terminals in Europe\'s biggest ports hit by a cyberattack (lien direct) | A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after […] | Threat | ||
|
2022-02-02 18:30:49 | (Déjà vu) Sugar Ransomware, a new RaaS in the threat landscape (lien direct) | Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered through a ransomware-as-a-service (RaaS) model. Unlike other ransomware operations, Sugar ransomware appears to primarily focus on individual […] | Ransomware Threat | ||
|
2022-01-31 15:33:06 | Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform (lien direct) | Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million in cryptocurrency last week. The hack took place at around 5PM ET […] | Hack Threat | ||
|
2022-01-31 12:19:57 | Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone (lien direct) | Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received […] | Hack Threat | ||
|
2022-01-28 22:35:24 | NCSC warns UK entities of potential destructive cyberattacks from Russia (lien direct) | The UK's National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK's National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks […] | Threat | ||
|
2022-01-28 10:19:04 | (Déjà vu) Experts devise a technique to bypass Microsoft Outlook Security feature (lien direct) | A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. Reegun Richard Jayapaul, SpiderLabs lead threat architect at Trustwave, has devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. While investigating a malware campaign, […] | Malware Threat Guideline | ||
|
2022-01-26 22:25:35 | Apple fixed the first two zero-day vulnerabilities of 2022 (lien direct) | Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices. One of the zero-day flaws addressed […] | Hack Threat | ||
|
2022-01-25 22:24:27 | (Déjà vu) Segway e-store compromised in a Magecart attack to steal credit cards (lien direct) | Segway e-store suffered a Magecart attack that potentially allowed threat actors to steal credit cards and customer info. The online store of Segway was compromised as a result of a Magecart attack, threat actors planted a malicious script to steal credit card data and customer information while visitors were making a purchase Segway is known […] | Threat | ||
|
2022-01-25 11:33:25 | Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access (lien direct) | Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by […] | Vulnerability Threat | ||
|
2022-01-24 20:33:10 | Tens of AccessPress WordPress themes compromised as part of a supply chain attack (lien direct) | Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer’s website. The attack took place in the first half of September 2021, the attackers compromised […] | Threat | ||
|
2022-01-24 12:05:20 | Emotet spam uses unconventional IP address formats to evade detection (lien direct) | Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […] | Spam Malware Threat | ||
|
2022-01-23 18:13:34 | US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies. According to Binding Operational Directive (BOD) 22-01: Reducing the […] | Threat | ||
|
2022-01-22 20:34:31 | Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns (lien direct) | The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future […] | Threat | ||
|
2022-01-21 19:27:24 | (Déjà vu) Experts warn of anomalous spyware campaigns targeting industrial firms (lien direct) | Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email account credentials and carry out fraudulent activities. Threat actors sent spear-phishing messages from compromised corporate accounts to their contacts, the email carry malicious attachments. […] | Threat | ||
|
2022-01-21 11:59:14 | MoonBounce UEFI implant spotted in a targeted APT41 attack (lien direct) | Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner. Threat actors compromised a single […] | Threat Guideline | APT 41 | |
|
2022-01-20 06:02:57 | (Déjà vu) SolarWinds Serv-U bug exploited for Log4j attacks (lien direct) | SolarWinds has fixed a Serv-U vulnerability that threat actors actively exploited to carry out Log4j attacks to internal devices on a network. SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security researcher Jonathan […] | Vulnerability Threat | ||
|
2022-01-19 12:52:20 | (Déjà vu) Box flaw allowed to bypass MFA and takeover accounts (lien direct) | A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim's phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses. […] | Vulnerability Threat | ||
|
2022-01-19 06:05:49 | Is White Rabbit ransomware linked to FIN8 financially motivated group? (lien direct) | A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […] | Ransomware Malware Threat | ||
|
2022-01-18 19:05:25 | Financially motivated Earth Lusca threat actors targets organizations worldwide (lien direct) | A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value […] | Threat | ||
|
2022-01-16 15:31:09 | Microsoft spotted a destructive malware campaign targeting Ukraine (lien direct) | Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware. The attackers were discovered by Microsoft on January 13, the experts attributed the attack to an emerging threat cluster tracked […] | Malware Threat | ||
|
2022-01-16 10:06:55 | Security Affairs newsletter Round 349 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Threat actors stole $18.7M from the Lympo NTF platform Prominent Carding Marketplace UniCC announced […] | Threat | ||
|
2022-01-15 18:00:46 | Prominent Carding Marketplace UniCC announced it\'s shutting down (lien direct) | One of the biggest underground carding marketplaces, UniCC, announced it's shutting down its operations. UniCC, one of the biggest underground carding marketplaces announced it is shutting down. The site was launched in 2013 and according to the Elliptic Threat Intel about $358 million (across Bitcoin, Litecoin, Ether and Dash) in purchases were made through the […] | Threat | ||
|
2022-01-14 22:45:29 | Threat actors defaced Ukrainian government websites (lien direct) | Threat actors defaced multiple Ukrainian government websites after talks between Ukrainian, US, and Russian officials hit a dead this week. Threat actors have defaced multiple websites of the Ukrainian government on the night between January 13 and January 14. The attacks were launched after talks between Ukrainian, US, and Russian officials hit a dead end on Thursday. The […] | Threat | ||
|
2022-01-14 08:22:48 | Threat actors can bypass malware detection due to Microsoft Defender weakness (lien direct) | A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […] | Malware Threat | ||
|
2022-01-13 15:44:36 | Threat actors abuse public cloud services to spread multiple RATs (lien direct) | Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems. The malware campaign was spotted by Cisco Talos in October 2021, most […] | Malware Threat | ||
|
2022-01-12 20:01:50 | Russia-linked threat actors targets critical infrastructure, US authorities warn (lien direct) | US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)-authored […] | Threat | ||
|
2022-01-10 14:32:03 | Indian-linked Patchwork APT infected its own system revealing its ops (lien direct) | The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An India-linked threat actor, tracked as Patchwork (aka Dropping Elephant), employed a new variant of the BADNEWS backdoor, dubbed Ragnatela (“spider web” in Italian), in a recent campaign. However, the group made the headlines after infecting […] | Threat | ||
|
2022-01-10 06:12:37 | New ZLoader malware campaign hit more than 2000 victims across 111 countries (lien direct) | A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more […] | Malware Vulnerability Threat | ||
|
2022-01-09 19:06:30 | (Déjà vu) US NCSC and DoS share best practices against surveillance tools (lien direct) | The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last years, […] | Threat | ||
|
2022-01-07 15:47:57 | Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns (lien direct) | A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web shells. The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has […] | Hack Vulnerability Threat | ||
|
2022-01-07 09:20:29 | Over 3.7 million accounts were compromised in the FlexBooker data breach (lien direct) | The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums. FlexBooker is an online appointment scheduling platform that allows users to […] | Data Breach Threat | ||
|
2022-01-07 05:41:23 | Night Sky, a new ransomware operation in the threat landscape (lien direct) | Researchers warn of a new ransomware family, called ‘Night Sky,’ that uses a double-extortion model in attacks again businesses. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once encrypted a file, the ransomware appends the ‘.nightsky‘ extension to encrypted file names. The […] | Ransomware Threat | ||
|
2022-01-04 15:18:59 | Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites (lien direct) | Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company. In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to […] | Threat | ||
|
2022-01-04 12:39:26 | Purple Fox backdoor spreads through fake Telegram App installer (lien direct) | Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using weaponized installers of the Telegram messaging application to deliver the Purple Fox backdoor on Windows systems. Researchers from Minerva Labs pointed out that this campaign, unlike similar ones leveraging legitimate software to deliver malware, has […] | Threat | ||
|
2022-01-04 09:07:38 | Hospitality Chain McMenamins discloses data breach after ransomware attack (lien direct) | Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington. According to the company, threat actors have stolen data of individuals […] | Ransomware Data Breach Threat | ||
|
2022-01-03 15:22:25 | Israeli Media Outlets hacked on the anniversary of Soleimani killing (lien direct) | Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily newspaper publishing a picture of a fist firing a shell out of a ring with a red stone on a finger toward an […] | Threat | ||
|
2022-01-02 15:18:20 | North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges (lien direct) | North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South Korean media outlet Chosun, North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple […] | Threat | ||
|
2022-01-02 10:53:52 | Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021 (lien direct) | According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. The cyberattacks against the cryptocurrency industry are a profitable business for threat actors, according to the experts, $12.1 billion worth of cryptocurrencies have been stolen in the last decade. In 2021 we observed a […] | Threat | ||
|
2021-12-29 21:18:14 | T-Mobile suffered a new data breach (lien direct) | T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.' According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on […] | Data Breach Threat | ||
|
2021-12-28 21:52:55 | LastPass investigated recent reports of blocked login attempts (lien direct) | Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […] | Threat | LastPass | |
|
2021-12-27 19:08:50 | A new wave of ech0raix ransomware attacks targets QNAP NAS devices (lien direct) | A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix ransomware are targeting NAP network-attached storage (NAS) devices. Users reported numerous compromises of their devices a few days before Christmas. According to BleepingComputer, forum users reported an intensification of the attacks since December 20, the […] | Ransomware Threat | ||
|
2021-12-27 14:26:00 | Experts monitor ongoing attacks using exploits for Log4j library flaws (lien direct) | Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, […] | Threat |
To see everything:
Our RSS (filtrered)
