What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-22 16:50:00 | Prévenir les menaces d'initiés dans votre répertoire actif [Preventing Insider Threats in Your Active Directory] (lien direct) | Active Directory (AD) est un puissant service d'authentification et de répertoire utilisé par les organisations du monde entier.Avec cette omniprésence et cette puissance, il vient du potentiel d'abus.Les menaces d'initiés offrent certains des plus potentiels de destruction.De nombreux utilisateurs internes ont un accès et une visibilité trop fournis dans le réseau interne.
Insiders \\ 'Le niveau d'accès et de confiance dans un réseau mène à
Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility into the internal network. Insiders\' level of access and trust in a network leads to unique |
Guideline | ★★ | |
|
2023-03-22 14:28:00 | Les forfaits Rogue Nuget infectent les développeurs .NET avec des logiciels malveillants crypto-nocaux [Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware] (lien direct) | Le référentiel NuGet est la cible d'une nouvelle "attaque sophistiquée et très malveillante" visant à infecter les systèmes de développeurs .NET avec des logiciels malveillants de voleur de crypto-monnaie.
Les 13 packages Rogue, qui ont été téléchargés plus de 160 000 fois au cours du mois dernier, ont depuis été retirés.
"Les packages contenaient un script PowerShell qui s'exécuterait lors de l'installation et déclencherait un téléchargement d'un \\ '
The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script that would execute upon installation and trigger a download of a \' |
Malware | ★★ | |
|
2023-03-22 12:49:00 | New NapListener Malware utilisé par le groupe REF2924 pour échapper à la détection du réseau [New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection] (lien direct) | Le groupe de menaces suivi comme Ref2924 a été observé pour déployer des logiciels malveillants invisibles auparavant dans ses attaques destinées aux entités d'Asie du Sud et du Sud-Est.
Le logiciel malveillant, surnommé NapListener par Elastic Security Labs, est un écouteur HTTP programmé en C # et est conçu pour échapper aux "formes de détection basées sur le réseau".
REF2924 est le surnom attribué à un cluster d'activités lié aux attaques contre une entité
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection." REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity |
Malware Threat General Information | ★★★ | |
|
2023-03-22 10:07:00 | L'administrateur de BreachForums Baphomet arrête le tristement célèbre forum de piratage [BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum] (lien direct) | Dans une tournure soudaine des événements, Baphomet, l'administrateur actuel de BreachForums, a déclaré dans une mise à jour le 21 mars 2023, que le forum de piratage avait été officiellement supprimé, mais a souligné que "ce n'est pas la fin".
"Vous êtes autorisé à me détester et à être en désaccord avec ma décision, mais je promets que ce qui va arriver sera mieux pour nous tous", a noté Baphomet dans un message publié sur le télégramme de BreachForums
In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that "it\'s not the end." "You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all," Baphomet noted in a message posted on the BreachForums Telegram |
★★★★ | ||
|
2023-03-21 20:31:00 | Nouveau \\ 'Bad Magic \\' Cyber Threat perturbe les secteurs clés de l'Ukraine \\ au milieu de la guerre [New \\'Bad Magic\\' Cyber Threat Disrupt Ukraine\\'s Key Sectors Amid War] (lien direct) | Au milieu de la guerre en cours entre la Russie et l'Ukraine, le gouvernement, l'agriculture et les organisations de transport situées à Donetsk, Lugansk et Crimée ont été attaquées dans le cadre d'une campagne active qui laisse tomber un cadre modulaire auparavant invisible surnommé Common Magic.
"Bien que le vecteur initial du compromis ne soit pas clair, les détails de l'étape suivante impliquent l'utilisation de phishing de lance ou similaire
Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar |
Threat | ★★ | |
|
2023-03-21 17:11:00 | Nouveau shellbot DDOS malware ciblant les serveurs Linux mal gérés [New ShellBot DDoS Malware Targeting Poorly Managed Linux Servers] (lien direct) | Les serveurs Linux SSH mal gérés sont ciblés dans le cadre d'une nouvelle campagne qui déploie différentes variantes de logiciels malveillants appelés shellbot.
"Shellbot, également connu sous le nom de Perlbot, est un logiciel malveillant DDOS BOT développé dans Perl et utilise caractéristiquement le protocole IRC pour communiquer avec le serveur C & amp; C", a déclaré Ahnlab Security Emergency Response Center (ASEC) dans un rapport.
Shellbot est installé sur des serveurs qui
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report. ShellBot is installed on servers that |
Malware | ★★ | |
|
2023-03-21 16:58:00 | La meilleure défense contre les cyber-menaces pour les équipes de sécurité maigre [The Best Defense Against Cyber Threats for Lean Security Teams] (lien direct) | H0lygh0st, Magecart et une multitude de groupes de pirates parrainés par l'État diversifient leurs tactiques et se concentrent sur…
Toi.
Autrement dit, si vous êtes en charge de la cybersécurité pour une entreprise de petite à moyenne (PME).
Pourquoi?Les mauvais acteurs savent que les PME ont généralement un budget de sécurité plus petit, moins de main-d'œuvre infosec et éventuellement des contrôles de sécurité faibles ou manquants pour protéger leurs données et
H0lyGh0st, Magecart, and a slew of state-sponsored hacker groups are diversifying their tactics and shifting their focus to… You. That is, if you\'re in charge of cybersecurity for a small-to-midsize enterprise (SME). Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and |
★★★★ | ||
|
2023-03-21 15:24:00 | Des ransomwares au cyber-espionnage: 55 vulnérabilités zéro jour armées en 2022 [From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022] (lien direct) | Pas moins de 55 vulnérabilités de jour zéro ont été exploitées dans la nature en 2022, la plupart des défauts découverts dans les logiciels de Microsoft, Google et Apple.
Bien que ce chiffre représente une diminution par rapport à l'année précédente, lorsqu'un stupéfort de 81 jours zéro a été armé, il représente toujours une augmentation significative ces dernières années d'acteurs de la menace tirant parti des défauts de sécurité inconnus à leur avantage.
Le
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The |
Ransomware Threat | ★★ | |
|
2023-03-21 12:25:00 | Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw (lien direct) | Le fabricant d'ATM Bitcoin General Bytes a révélé que les acteurs de la menace non identifiés ont volé la crypto-monnaie à des portefeuilles chauds en exploitant un défaut de sécurité nul dans son logiciel.
"L'attaquant a pu télécharger sa propre application Java à distance via l'interface de service maître utilisé par les terminaux pour télécharger des vidéos et l'exécuter à l'aide des privilèges d'utilisateur \\ 'BATM \'", a déclaré la société dans un avis publié sur le
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using \'batm\' user privileges," the company said in an advisory published over the |
Threat | ★★ | |
|
2023-03-20 19:09:00 | New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads (lien direct) | A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check | Malware | ★★★ | |
|
2023-03-20 17:56:00 | Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (lien direct) | A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, Ocelot Team from Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Mispadu ( | Spam | ★★ | |
|
2023-03-20 16:14:00 | New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches (lien direct) | This article has not been generated by ChatGPT. 2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in | Ransomware | ChatGPT | ★★★ |
|
2023-03-20 15:56:00 | Researchers Shed Light on CatB Ransomware\'s Evasion Techniques (lien direct) | The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use | Ransomware Threat | ★★ | |
|
2023-03-20 11:21:00 | Emotet Rises Again: Evades Macro Security via OneNote Attachments (lien direct) | The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A | Threat | ★★★ | |
|
2023-03-18 17:00:00 | Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack (lien direct) | The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. | ★★★ | ||
|
2023-03-18 11:29:00 | Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York (lien direct) | U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators were seen | ★★★ | ||
|
2023-03-18 10:47:00 | LockBit 3.0 Ransomware: Inside the Cyberthreat That\'s Costing Millions (lien direct) | U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," | Ransomware Threat | ★★★ | |
|
2023-03-17 23:45:00 | FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps (lien direct) | An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said. | Malware | ★★★ | |
|
2023-03-17 17:41:00 | THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter (lien direct) | Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do | General Information | ★★★ | |
|
2023-03-17 17:37:00 | New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (lien direct) | A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a | Malware Threat | ★★★ | |
|
2023-03-17 16:16:00 | A New Security Category Addresses Web-borne Threats (lien direct) | In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of | General Information Cloud | ★★★ | |
|
2023-03-17 15:52:00 | Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware (lien direct) | Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of | Malware Threat | ★★ | |
|
2023-03-17 12:36:00 | Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials (lien direct) | The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The | Threat | ★★ | |
|
2023-03-17 12:23:00 | Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips (lien direct) | Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 | ★★★ | ||
|
2023-03-16 21:00:00 | Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (lien direct) | Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as | Malware Threat | ★★ | |
|
2023-03-16 19:09:00 | Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (lien direct) | The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the | Malware | ★★ | |
|
2023-03-16 15:16:00 | Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme (lien direct) | A coalition of law enforcement agencies across Europe and the U.S. announced the takedown of ChipMixer, an unlicensed cryptocurrency mixer that began its operations in August 2017. "The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, | ★★ | ||
|
2023-03-16 12:42:00 | What\'s Wrong with Manufacturing? (lien direct) | In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents than any other | ★★ | ||
|
2023-03-16 12:04:00 | Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency (lien direct) | Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). | Vulnerability Threat | ★★ | |
|
2023-03-16 10:17:00 | CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion | Vulnerability Threat | ★★ | |
|
2023-03-15 19:19:00 | YoroTrooper Stealing Credentials and Information from Government and Energy Organizations (lien direct) | A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots," Cisco | Threat Threat | ★★★★ | |
|
2023-03-15 15:41:00 | New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining (lien direct) | Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet," CrowdStrike said in a new report shared with The | General Information | Uber | ★★★ |
|
2023-03-15 15:13:00 | The Different Methods and Stages of Penetration Testing (lien direct) | The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the | Data Breach | ★★★ | |
|
2023-03-15 14:53:00 | Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company (lien direct) | A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which | Malware Threat | ★★★ | |
|
2023-03-15 10:56:00 | Microsoft Rolls Out Patches for 80 New Security Flaws - Two Under Active Attack (lien direct) | Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The | ★★ | ||
|
2023-03-14 17:32:00 | GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks (lien direct) | A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor | Malware Threat | ★★★ | |
|
2023-03-14 17:22:00 | The Prolificacy of LockBit Ransomware (lien direct) | Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first | Ransomware Threat | ★★★ | |
|
2023-03-14 15:41:00 | Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (lien direct) | An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's | Threat | ★★★ | |
|
2023-03-14 11:31:00 | Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities (lien direct) | Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers Guillaume Lovet and Alex Kong said in an | Threat | ★★★ | |
|
2023-03-13 20:29:00 | Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects (lien direct) | A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an unknown | Threat | ★★★ | |
|
2023-03-13 17:54:00 | Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising (lien direct) | A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio | Threat | ChatGPT ChatGPT | ★★ |
|
2023-03-13 17:53:00 | How to Apply NIST Principles to SaaS in 2023 (lien direct) | The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can't be overstated. While NIST hasn't directly developed | Cloud | ★★★ | |
|
2023-03-13 17:17:00 | Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (lien direct) | Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," | Malware Threat | ★★ | |
|
2023-03-13 13:06:00 | Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (lien direct) | More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up. Akuvox E11 is | ★★★ | ||
|
2023-03-13 11:45:00 | KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (lien direct) | The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate | Malware Threat | ★★★ | |
|
2023-03-11 19:02:00 | BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (lien direct) | The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for | Malware | ChatGPT | ★★ |
|
2023-03-10 19:32:00 | New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (lien direct) | An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation | Malware | ★★★ | |
|
2023-03-10 19:20:00 | China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware (lien direct) | A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The | Malware | ★★ | |
|
2023-03-10 19:09:00 | International Law Enforcement Takes Down Infamous NetWire Cross-Platform RAT (lien direct) | A coordinated international law enforcement exercise has taken down the online infrastructure associated with a cross-platform remote access trojan (RAT) known as NetWire. Coinciding with the seizure of the sales website www.worldwiredlabs[.]com, a Croatian national who is suspected to be the website's administrator has been arrested. While the suspect's name was not released, investigative | ★★ | ||
|
2023-03-10 18:26:00 | When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (lien direct) | Multi-factor Authentication (MFA) has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be less known are the inherent coverage limitations of traditional MFA solutions. While compatible with | ★★ |
To see everything:
Our RSS (filtrered)
