What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-12 22:15:05 | HTML Smuggling technique used in phishing and malspam campaigns (lien direct) | Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded […] | Malware Threat | ||
|
2021-11-12 15:57:25 | macOS Zero-Day exploited in watering hole attacks on users in Hong Kong (lien direct) | Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability […] | Malware Vulnerability Threat | ||
|
2021-11-11 18:53:22 | Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months (lien direct) | Threat actors compromised a server managing customer data for a Queensland water supplier and remained undetected for nine months. A served used by the SunWater statutory Queensland (Australia) Government-owned water supplier was compromised and threat actors remained undetected for nine longs, the annual financial audit report published by the Queensland Audit Office revealed. The water supplier […] | Threat | ||
|
2021-11-11 13:47:04 | (Déjà vu) Iranian threat actors attempt to buy stolen data of US organizations, FBI warns (lien direct) | The FBI warned private industry partners of attempts by an Iranian threat actor to buy stolen information belonging to US organizations. The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. […] | Threat | ||
|
2021-11-10 07:29:15 | TeamTNT group targets poorly configured Docker servers exposing REST APIs (lien direct) | TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, […] | Threat | ||
|
2021-11-09 21:40:55 | Robinhood data breach exposes 7 Million users\' information (lien direct) | Robinhood disclosed a security breach, an unidentified threat actor gained unauthorized access to approximately 7 million customer records. Robinhood Markets, Inc. is an American commission-free stock trading and investing platform, it had 18 million accounts as of March 2021, with over $80 billion in assets. The company disclosed a data breach, a threat actor gained […] | Data Breach Threat | ||
|
2021-11-09 18:35:29 | Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack (lien direct) | The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware. The flaw is a remote code execution vulnerability that […] | Ransomware Vulnerability Threat | ||
|
2021-11-08 20:33:29 | Ransomware attack disrupted store operations in the Netherlands and Germany (lien direct) | Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Electronics retail giant MediaMarkt was a victim of a ransomware attack that forced the company to shut down its IT infrastructure to contain the threat and disrupted store operations in the Netherlands and Germany. Media Markt is a […] | Ransomware Threat | ||
|
2021-11-08 10:37:54 | Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw (lien direct) | Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. Cybersecurity experts from Palo Alto Networks warn of an ongoing cyberespionage campaign that has already compromised at least nine organizations worldwide from critical sectors, including defense, healthcare, and energy. Threat actors exploited a critical […] | Threat | ★★★★ | |
|
2021-11-07 12:35:49 | New Magecart group uses an e-Skimmer that avoids VMs and sandboxes (lien direct) | A new Magecart group leverages a browser script to evade virtualized environments and sandboxes used by researchers. Malwarebytes researchers have spotted a new Magecart group that uses a browser script to evade detection and the execution in virtualized environments used by security researchers for threat analysis. Hacker groups under the Magecart umbrella continue to target e-stores to […] | Threat | ||
|
2021-11-07 10:15:54 | Security Affairs newsletter Round 339 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Casinos of tribal communities are losing millions in Ransomware attacks Threat actors stole $55 […] | Ransomware Threat | ||
|
2021-11-06 17:49:11 | Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform (lien direct) | DeFi platforms are a privileged target for crooks, threat actors have stolen $55 million from bZx DeFi platform. Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance (DeFi) platforms allow users to borrow/loan and speculate on cryptocurrency price variations. Attackers obtained two private keys for […] | Threat | ||
|
2021-11-06 00:10:36 | A drone was modified to disrupt U.S. Power Grid, says intelligence bulletin (lien direct) | US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via […] | Threat | ||
|
2021-11-05 22:54:46 | (Déjà vu) US defense contractor Electronic Warfare Associates discloses data breach (lien direct) | US defense contractor Electronic Warfare Associates (EWA) was hit by a cyber attack, threat actors stole personal information from its email system. US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system. The company confirmed that attackers exfiltrated files containing sensitive information. Electronic Warfare Associates provides electronic […] | Data Breach Threat | ||
|
2021-11-05 11:52:07 | (Déjà vu) Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware (lien direct) | A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, […] | Ransomware Threat | ||
|
2021-11-05 09:21:55 | npm libraries coa and rc. have been hijacked to deliver password-stealing malware (lien direct) | Two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them versions laced with password-stealing malware. Coa is a command-line argument parser with approximately 9 million weekly downloads, while […] | Malware Threat | ||
|
2021-11-03 08:18:18 | Cybercrime underground flooded with offers for initial access to shipping and logistics orgs (lien direct) | Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. These organizations […] | Threat | ||
|
2021-11-02 11:54:59 | Trojan Source attack method allows hiding flaws in source code (lien direct) | Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be […] | Threat | ||
|
2021-11-01 10:20:13 | Balikbayan Foxes group spoofs Philippine gov to spread RATs (lien direct) | Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. Researchers from Proofpoint have uncovered a new threat actor, dubbed Balikbayan Foxes (TA2722) that is impersonating the Philippine health, labor, and customs organizations as well as […] | Threat | ||
|
2021-10-31 09:30:41 | Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham (lien direct) | Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors […] | Ransomware Threat Guideline | ||
|
2021-10-30 20:48:30 | Hacker accessed medical info at UMass Memorial Health (lien direct) | A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info. Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and […] | Threat | ||
|
2021-10-29 13:47:05 | NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems (lien direct) | The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure. The US National Security Agency and the US Cybersecurity Infrastructure and Security Agency have published a security advisory to warn of attacks on 5G networks through the hijacking of a provider's cloud resources. The report […] | Threat | ||
|
2021-10-28 15:47:16 | AbstractEmu, a new Android malware with rooting capabilities (lien direct) | AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu, with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e. Amazon Appstore and the Samsung Galaxy Store). The malware […] | Malware Threat | ||
|
2021-10-28 09:40:24 | (Déjà vu) Crooks steal $130 million worth of cryptocurrency assets from Cream Finance (lien direct) | Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises earnings to users who are passively holding ETH or wBTC. Threat actors have stolen $130 million worth of cryptocurrency […] | Threat | ||
|
2021-10-27 13:47:47 | The 9th edition of the ENISA Threat Landscape (ETL) report is out! (lien direct) | I’m proud to announce the release of the 9th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape. This edition reports events and analyses […] | Threat | ||
|
2021-10-26 08:32:07 | UltimaSMS subscription fraud campaign targeted millions of Android users (lien direct) | UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS, the name comes from the first apps they discovered called Ultima Keyboard 3D Pro. Threat actors used at […] | Threat | ||
|
2021-10-24 13:40:20 | Security Affairs newsletter Round 337 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. NATO releases its first strategy for Artificial Intelligence Threat actors offer for sale data for 50 millions […] | Threat | ★★★ | |
|
2021-10-24 09:47:43 | Threat actors offer for sale data for 50 millions of Moscow drivers (lien direct) | Threat actors are offering for sale a database containing 50 million records belonging to Moscow drivers on a hacking forum for $800. Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow drivers on a hacking forum for only $800. The threat actors claim to have obtained […] | Threat | ||
|
2021-10-20 22:56:47 | YouTube creators\' accounts hijacked with cookie-stealing malware (lien direct) | A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire […] | Malware Threat | ||
|
2021-10-20 13:19:49 | Acer suffers a second data breach in a week (lien direct) | Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to […] | Data Breach Threat | ||
|
2021-10-19 17:48:31 | Experts found many similarities between the new Karma Ransomware and Nemty variants (lien direct) | Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation. Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. Sentinel Labs […] | Ransomware Threat | ||
|
2021-10-18 19:50:41 | TeamTNT Deploys Malicious Docker Image On Docker Hub (lien direct) | The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub. The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner-penetration testing tools […] | Threat | ||
|
2021-10-18 07:27:01 | REvil ransomware operation shuts down once again (lien direct) | It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site and payment portal. The news of the hack was shared by the […] | Ransomware Hack Threat | ||
|
2021-10-18 06:30:34 | Experts spotted an Ad-Blocking Chrome extension injecting malicious ads (lien direct) | Researchers warn of an Ad-Blocking Chrome extension that was abused by threat actors to Injecting Ads in Google search pages. Researchers from Imperva have spotted a new deceptive ad injection campaign that is targeting users of some large websites leveraging an AD-blocking extension, named AllBlock, that is available on both Chrome and Opera browsers. Ad […] | Threat | ||
|
2021-10-14 19:01:18 | Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020 (lien direct) | Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google's Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a […] | Threat | ||
|
2021-10-14 11:15:27 | New Yanluowang ransomware used in highly targeted attacks on large orgs (lien direct) | Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises. The discovery is part of an investigation into a recent attempted ransomware attack […] | Ransomware Threat | ||
|
2021-10-13 19:46:40 | MyKings botnet operators already amassed at least $24 million (lien direct) | The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities. Avast researchers reported […] | Threat | ||
|
2021-10-11 20:34:29 | (Déjà vu) Iran-linked DEV-0343 APT target US and Israeli defense technology firms (lien direct) | DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive […] | Threat | ||
|
2021-10-11 13:51:28 | Donot Team targets a Togo prominent activist with Indian-made spyware (lien direct) | A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as ‘Donot Team‘ (aka APT-C-35) which was orchestrated by threat actors in India and Pakistan. Experts believe the attackers used a spyware developed […] | Threat | ||
|
2021-10-08 09:09:54 | Google warns of APT28 attack attempts against 14,000 Gmail users (lien direct) | Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch […] | Threat | APT 28 | ★★★ |
|
2021-10-07 07:53:47 | Operation GhostShell: MalKamak APT targets aerospace and telco firms (lien direct) | Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus and Incident Response Teams discovered a new threat actor that is targeting organizations in the aerospace and telecommunications sectors with the ShellClient malware as part […] | Malware Threat | ||
|
2021-10-06 21:37:35 | Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs (lien direct) | Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage. Agent Tesla, first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from […] | Tool Threat | ||
|
2021-10-05 09:30:41 | Telco service provider giant Syniverse had unauthorized access since 2016 (lien direct) | Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers’ credentials. Syniverse is a global company that provides technology and business services for a number of telecommunications companies as well as a variety of other multinational enterprises. The company is a privileged target for threat […] | Threat | ||
|
2021-10-04 07:28:59 | LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting (lien direct) | Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. was hit by LockBit 2.0 ransomware, operators will leak files on 07 Oct, 2021. LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting Ltd, threat actors claim to have stolen data from the company and are threatening to leak them on […] | Ransomware Threat | ||
|
2021-10-03 19:38:53 | TA544 group behind a spike in Ursnif malware campaigns targeting Italy (lien direct) | Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns distributing hundreds of thousands of malicious […] | Malware Threat | ||
|
2021-10-03 11:57:28 | Security Affairs newsletter Round 334 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Threat actors exploit a flaw in Coinbase 2FA to steal user funds Flubot Android banking Trojan spreads […] | Threat | ||
|
2021-10-02 16:30:10 | Threat actors exploit a flaw in Coinbase 2FA to steal user funds (lien direct) | Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users. According to a data […] | Vulnerability Threat | ||
|
2021-10-02 14:17:02 | Flubot Android banking Trojan spreads via fake security updates (lien direct) | The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the […] | Malware Threat | ||
|
2021-10-01 13:32:49 | Neiman Marcus discloses data breach, payment card data exposed (lien direct) | Luxury retail company Neiman Marcus Group has announced this week that it has suffered a data breach that impacted customer information. The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and […] | Data Breach Threat | ||
|
2021-09-29 18:50:32 | Expert discloses new iPhone lock screen vulnerability in iOS 15 (lien direct) | The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access […] | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
