What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-27 10:01:31 | New Android banking Malware targets Brazil\'s Itaú Unibanco Bank (lien direct) | Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim's knowledge. Threat actors spread the malware using fake Google Play Store […] | Malware Threat | ||
|
2021-12-26 06:34:58 | \'Spider-Man: No Way Home\' used to spread a cryptominer (lien direct) | Threat actors attempted to take advantage of the interest in the new ‘ Spider-Man: No Way Home’ movie to spread a Monero Cryptominer. Threat actors are attempting to capitalize the interest in the release of Spider-Man: No Way Home movie and use it as bait to spread a Monero cryptominer. ReasonLabs researchers spotted a Russian torrent website […] | Threat | ||
|
2021-12-25 19:11:34 | New Rook Ransomware borrows code from Babuk (lien direct) | Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. A new ransomware operation named Rook appeared in the threat landscape, it was first reported by researcher Zach Allen and caught the attention of the experts for its blatant announcement that claims a desperate need to […] | Ransomware Threat | ★★★★★ | |
|
2021-12-23 14:49:49 | Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware (lien direct) | Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to […] | Malware Vulnerability Threat | ||
|
2021-12-22 15:50:25 | PYSA ransomware gang is the most active group in November (lien direct) | PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs. Experts observed a 400% […] | Ransomware Threat | ||
|
2021-12-21 15:42:09 | Patch these 2 Active Directory flaws to prevent the takeover of Windows domains (lien direct) | Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked […] | Threat | ||
|
2021-12-20 15:49:43 | Belgian defense ministry hit by cyberattack exploiting Log4Shell bug (lien direct) | The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability. The attack was uncovered on Thursday and today the government disclosed it, but according to local […] | Threat | ||
|
2021-12-20 15:20:58 | Alleged APT implanted a backdoor in the network of a US federal agency (lien direct) | An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights. Experts spotted a backdoor in the network of an unnamed U.S. federal government commission associated with international rights. The backdoor allowed the threat actors to achieve complete control over the infected networks, experts described the […] | Threat | ||
|
2021-12-18 15:20:12 | Apache releases the third patch to address a new Log4j flaw (lien direct) | Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library a third security vulnerability made the headlines. […] | Vulnerability Threat | ||
|
2021-12-18 09:16:02 | 1.8 Million customers of four sports gear sites impacted by credit cards breach (lien direct) | A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224 customers. Threat actors have stolen credit cards belonging to 1,813,224 customers of four affiliated online sports gear sites. Below are the affected websites: Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear Running Warehouse LLC (runningwarehouse.com) – Running apparel […] | Threat | ||
|
2021-12-17 11:47:21 | Phorpiex botnet is back, in 2021 it $500K worth of crypto assets (lien direct) | Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half a million dollars. Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in […] | Spam Threat | ||
|
2021-12-16 14:25:28 | While attackers begin exploiting a second Log4j flaw, a third one emerges (lien direct) | Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects […] | Threat | ||
|
2021-12-14 22:31:41 | Adobe addresses over 60 vulnerabilities in multiple products (lien direct) | Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks. The […] | Threat | ||
|
2021-12-14 20:57:03 | Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems (lien direct) | Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw […] | Ransomware Vulnerability Threat | ||
|
2021-12-14 15:54:23 | US CISA orders federal agencies to fix Log4Shell by December 24th (lien direct) | US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems. The CVE-2021-44228 flaw […] | Vulnerability Threat | ||
|
2021-12-13 07:36:38 | Two Linux botnets already exploit Log4Shell flaw in Log4j (lien direct) | Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and […] | Threat | ||
|
2021-12-12 14:19:16 | A phishing campaign targets clients of German banks using QR codes (lien direct) | Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. The messages used in a campaign recently discovered by cybersecurity firm Cofense use QR codes […] | Threat | ||
|
2021-12-11 16:10:11 | New \'Karakurt\' cybercrime gang focuses on data theft and extortion (lien direct) | Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. Accenture researchers detailed the activity of a sophisticated financially motivated threat actor called Karakurt. The activity of the group was first spotted in June 2021, but the group has been more active in Q3 2021. In June 2021 the […] | Threat | ||
|
2021-12-10 22:19:58 | Volvo Cars suffers a data breach. Is it a ransomware attack? (lien direct) | Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become […] | Ransomware Threat | ||
|
2021-12-10 11:42:56 | 1.6 million WordPress sites targeted in the last couple of days (lien direct) | Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million WordPress sites from 16,000 IPs. “Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks […] | Threat | ||
|
2021-12-09 14:46:15 | Crooks injects e-skimmers in random WordPress plugins of e-stores (lien direct) | Threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites, Sucuri researchers warn. Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. The holidays season is the period when online scammers and threat actors intensify their operations. Sucuri researchers have spotted a […] | Threat | ||
|
2021-12-07 15:28:27 | Bitcoin Miner [oom_reaper] targets QNAP NAS devices (lien direct) | Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Upon compromising the devices, the miner will create a new process named [oom_reaper] that allows threat actors to mine Bitcoin The above process could occupy […] | Threat Cloud | APT 37 | |
|
2021-12-07 07:54:37 | Nobelium continues to target organizations worldwide with custom malware (lien direct) | Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with the Russia-linked Nobelium APT group (aka UNC2452). The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that conducted […] | Malware Threat | APT 29 | |
|
2021-12-06 11:40:50 | (Déjà vu) Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform (lien direct) | Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart has disclosed a security breach, threat actors stole than $150 million in various cryptocurrencies. “We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot […] | Threat | ★★★★ | |
|
2021-12-03 15:33:50 | KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays (lien direct) | Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor users. A mysterious threat actor, tracked as KAX17, has run thousands of malicious Tor relay servers since 2017 in an attempt to deanonymize Tor users. KAX17 ran relay servers in various positions within the Tor […] | Threat | ||
|
2021-12-03 12:16:46 | Threat actors stole $120 M in crypto from BadgerDAO DeFi platform (lien direct) | Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto funds, blockchain security firm PeckShield reported. Most of the stolen funds, over $117 million, were Bitcoin, while the rest of […] | Threat | ||
|
2021-12-01 19:37:44 | VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs) (lien direct) | VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs). A collection is a live report that includes IoCs associated with a specific threat and it is available for […] | Threat | ||
|
2021-12-01 07:25:52 | Sabbath Ransomware target critical infrastructure in the US and Canada (lien direct) | Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and […] | Ransomware Threat | ||
|
2021-11-30 13:57:00 | WIRTE APT group targets the Middle East since at least 2019 (lien direct) | A threat actor named WIRTE targets government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East. Cybersecurity researchers from Kaspersky have detailed the activity of a threat actor named WIRTE that is targeting government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East since early 2019. The activity of […] | Threat | ||
|
2021-11-29 21:36:16 | Panasonic confirmed that its network was illegally accessed by attackers (lien direct) | Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company containing sensitive data. The company discovered the intrusion on November 11 and immediately launched an investigation, which is still […] | Threat | ||
|
2021-11-29 15:18:23 | Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server (lien direct) | Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers. The CVE-2021-40438 flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor […] | Threat | ||
|
2021-11-28 15:25:28 | RATDispenser, a new stealthy JavaScript loader used to distribute RATs (lien direct) | RATDispenser is a new stealthy JavaScript loader that is being used to spread multiple remote access trojans (RATs) into the wild. Researchers from the HP Threat Research team have discovered a new stealthy JavaScript loader dubbed RATDispenser that is being used to spread a variety of remote access trojans (RATs) in attacks into the wild. Experts […] | Threat | ||
|
2021-11-28 12:11:54 | North Korea-linked Zinc group posed as Samsung recruiters to target security firms (lien direct) | North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. According to the Google Threat Horizons report, the state-sponsored […] | Threat | APT 38 | |
|
2021-11-27 10:41:47 | IKEA hit by a cyber attack that uses stolen internal reply-chain emails (lien direct) | Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. Once compromised the mail servers, threat actors use the access to reply to the company's internal emails in reply-chain attacks. Sending the messages from […] | Threat | ||
|
2021-11-26 15:50:31 | Threat actors target crypto and NFT communities with Babadeda crypter (lien direct) | Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. Threat actors are attempting to exploit the booming market for NFTs and crypto games. Babadeda is able to bypass antivirus solutions. […] | Malware Threat | ||
|
2021-11-26 07:07:43 | APT C-23 group targets Middle East with an enhanced Android spyware variant (lien direct) | A threat actor, tracked as APT C-23, is using new powerful Android spyware in attacks aimed at targets in the Middle East. The APT C-23 cyberespionage group (also known as GnatSpy, FrozenCell, or VAMP) continues to target entities in the Middle East with enhanced Android spyware masqueraded as seemingly harmless app updates (i.e. AndroidUpdate,, Telegram). The […] | Threat | ||
|
2021-11-25 22:07:09 | New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks (lien direct) | Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, […] | Malware Threat | ||
|
2021-11-25 15:01:27 | (Déjà vu) Several GoDaddy brands impacted in recent data breach (lien direct) | Recently disclosed data breach impacted several of its brands, including Domain Factory, Heart Internet, Host Europe, Media Temple, tsoHost and 123Reg. Recently GoDaddy has disclosed a data breach that impacted up to 1.2 million of its customers, threat actors breached the company's Managed WordPress hosting environment. Threat actors compromised the company network since at least […] | Data Breach Threat | ||
|
2021-11-25 12:32:42 | Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials (lien direct) | An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML Remote Code Execution (RCE) flaw in attacks aimed at Farsi-speaking victims. The exploit is used to install a PowerShell […] | Threat | ||
|
2021-11-23 15:28:09 | (Déjà vu) Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue (lien direct) | A researcher publicly disclosed an exploit for a new Windows zero-day local privilege elevation that can allow gaining admin privileges. A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that can be exploited by threat actors to achieve admin privileges in Windows 10, Windows 11, and Windows […] | Vulnerability Threat | ||
|
2021-11-22 20:49:37 | New GoDaddy data breach impacted 1.2 million customers (lien direct) | GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment. Threat actors compromised the company network since at least September 6, 2021, but the security […] | Data Breach Threat | ||
|
2021-11-18 20:43:46 | Attackers deploy Linux backdoor on e-stores compromised with software skimmer (lien direct) | Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores. Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation into the compromised of an e-commerce server with a software skimmer. The attackers initially conducted a reconnaissance phase by probing the […] | Threat | ||
|
2021-11-17 14:15:10 | The rise of millionaire zero-day exploit markets (lien direct) | Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting […] | Threat | ||
|
2021-11-17 10:08:43 | Iran-linked APT groups continue to evolve (lien direct) | The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors. The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Over the past 12 months, MSTIC experts observed increasingly sophisticated attacks orchestrated […] | Threat | ||
|
2021-11-17 01:00:31 | Mandiant links Ghostwriter operations to Belarus (lien direct) | Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by […] | Threat | ||
|
2021-11-15 15:34:25 | North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro (lien direct) | North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software. Threat actors bundled the IDA Pro 7.5 […] | Threat | APT 38 APT 28 | |
|
2021-11-15 07:52:03 | Two Sony PS5 exploits disclosed the same day (lien direct) | Threat actors stole PS5 root keys using kernel exploits demonstrating the need to improve the security of the popular gaming console. Threat actors stole Sony PS5 root keys from the popular gaming console using two exploits for kernel vulnerabilities. The two exploits weren’t disclosed to the company, the hackers published both exploits on Twitter on […] | Threat | ||
|
2021-11-13 22:35:26 | Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server (lien direct) | Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their […] | Spam Threat | ||
|
2021-11-13 20:10:38 | GravityRAT returns disguised as an end-to-end encrypted chat app (lien direct) | Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. GravityRAT was first spotted by Cisco Talos researchers in 2017 who speculate it remained under the radar for the at least […] | Threat | ||
|
2021-11-13 00:06:33 | Retail giant Costco discloses data breach, payment card data exposed (lien direct) | Costco Wholesale Corporation discloses a data breach, threat actors had access to customers’ payment card information. Retail giant Costco Wholesale Corporation notified its customers of a data breach that might have exposed their payment card information. Data was allegedly exposed while customers were shopping at one of its stores. Costco discovered the security breach after […] | Data Breach Threat |
To see everything:
Our RSS (filtrered)
