What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Malware Threat | ★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Malware Threat | ★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Malware Threat | ★★★ | |
|
2023-03-09 19:31:00 | IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (lien direct) | A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to | Ransomware Vulnerability | ★★★ | |
|
2023-03-09 17:55:00 | Does Your Help Desk Know Who\'s Calling? (lien direct) | Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take | Threat | ★★★ | |
|
2023-03-09 17:50:00 | Iranian Hackers Target Women Involved in Human Rights and Middle East Politics (lien direct) | Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The cybersecurity | Threat | ★★★ | |
|
2023-03-09 13:40:00 | New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (lien direct) | The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt, | ★★★ | ||
|
2023-03-09 10:53:00 | New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access (lien direct) | Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in | Vulnerability Threat | ★★★ | |
|
2023-03-08 22:00:00 | Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks (lien direct) | A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are | Guideline Cloud | ★★ | |
|
2023-03-08 17:56:00 | Syxsense Platform: Unified Security and Endpoint Management (lien direct) | As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that | ★★ | ||
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-03-08 13:27:00 | Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments (lien direct) | High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the " | Threat | ★★★ | |
|
2023-03-08 12:00:00 | CISA\'s KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability | Vulnerability | ★★ | |
|
2023-03-07 19:28:00 | SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms (lien direct) | Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure | Threat | ★★★★★ | |
|
2023-03-07 17:09:00 | Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (lien direct) | A suspected Pakistan-aligned advanced persistent threat (APT) group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET said in a report | Threat | APT 36 | ★★ |
|
2023-03-07 16:53:00 | Why Healthcare Can\'t Afford to Ignore Digital Identity (lien direct) | Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. - by Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing | ★★★ | ||
|
2023-03-07 13:12:00 | Shein\'s Android App Caught Transmitting Clipboard Data to Remote Servers (lien direct) | An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022. Shein, originally named ZZKKO, is a Chinese online fast | ★★ | ||
|
2023-03-07 11:51:00 | LastPass Hack: Engineer\'s Failure to Update Plex Software Led to Massive Data Breach (lien direct) | The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with | Data Breach | LastPass LastPass | ★★ |
|
2023-03-06 19:48:00 | New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims (lien direct) | A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on | Malware | ★★ | |
|
2023-03-06 19:34:00 | From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (lien direct) | Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement | Threat | ★★★ | |
|
2023-03-06 17:43:00 | Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (lien direct) | Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol. This encompassed | Ransomware | ★ | |
|
2023-03-06 17:21:00 | Experts Reveal Google Cloud Platform\'s Blind Spot for Data Exfiltration Attacks (lien direct) | Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response | Cloud | ★★★ | |
|
2023-03-06 14:00:00 | Experts Discover Flaw in U.S. Govt\'s Chosen Quantum-Resistant Encryption Algorithm (lien direct) | A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH | Vulnerability | ★ | |
|
2023-03-04 17:03:00 | Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery (lien direct) | This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees' SaaS usage through a completely free, self-service product that operates on a "freemium" model. If a user is impressed with the solution and wants to gain | Cloud | ★★★★ | |
|
2023-03-04 16:48:00 | New FiXS ATM Malware Targeting Mexican Banks (lien direct) | A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is | Malware | ★★★ | |
|
2023-03-03 15:48:00 | New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices (lien direct) | A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting the | Threat Guideline | ★★★ | |
|
2023-03-03 15:26:00 | Chinese Hackers Targeting European Entities with New MQsTTang Backdoor (lien direct) | The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report. Attack chains | ★★★ | ||
|
2023-03-03 12:12:00 | U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware\'s Deadly Capabilities (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said. The custom ransomware | Ransomware Threat | ★★ | |
|
2023-03-02 19:10:00 | Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (lien direct) | A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials," Sysdig said in a new report. The advanced cloud attack also entailed the | Cloud | ★★★★ | |
|
2023-03-02 17:09:00 | New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers (lien direct) | Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. "Underpinning this campaign was the use of transfer[.]sh," Cado Security said in a report shared with The Hacker News. "It's possible that it's an attempt at evading detections based on other common code | ★★★ | ||
|
2023-03-02 17:05:00 | 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (lien direct) | As a primary working interface, the browser plays a significant role in today's corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing | Cloud | ★★★ | |
|
2023-03-02 16:51:00 | Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI (lien direct) | A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an | Malware Threat Guideline | ★★ | |
|
2023-03-02 13:33:00 | SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics (lien direct) | The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said | Malware Threat Prediction | APT 27 | ★★ |
|
2023-03-02 09:47:00 | Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack (lien direct) | Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input. Successful | ★★★ | ||
|
2023-03-01 19:32:00 | Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware (lien direct) | Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization ( | Malware Threat | ★★ | |
|
2023-03-01 17:02:00 | BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11 (lien direct) | A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI | Malware Threat | ★★★★ | |
|
2023-03-01 17:00:00 | CISOs Are Stressed Out and It\'s Putting Companies at Risk (lien direct) | Employee well-being has become a primary focus for many businesses. Even before the pandemic, the C-suite was acutely aware of how employee mental health impacts business outcomes. But for cybersecurity professionals, stress has always been a part of the job. A new survey revealed that one of the most concerning aspects of employee mental health is how it impacts cybersecurity programs and, | ★★ | ||
|
2023-03-01 15:25:00 | Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy (lien direct) | Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said. To that end, users can send and receive emails or | ★★ | ||
|
2023-03-01 11:41:00 | Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (lien direct) | Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can interact with their victim via Windows Notepad that likely serves as a | Malware | ★★ | |
|
2023-02-28 19:29:00 | New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises (lien direct) | A new post-exploitation framework called EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. "It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool," CYFIRMA said in a new report. Some of the notable features include establishing a reverse shell | Ransomware Tool | ★★★★ | |
|
2023-02-28 19:29:00 | Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (lien direct) | Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023. It's based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in the U.S., the Philippines, the U.K., and Turkey. Xorist, detected since 2010, is distributed as a | Ransomware | ★★★ | |
|
2023-02-28 16:56:00 | Application Security vs. API Security: What is the difference? (lien direct) | As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves | ★★★ | ||
|
2023-02-28 16:03:00 | APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia (lien direct) | The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, law | Threat | APT-C-36 | ★★★ |
|
2023-02-28 12:12:00 | CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive | Vulnerability Threat | ★★★ | |
|
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
|
2023-02-27 21:03:00 | Researchers Share New Insights Into RIG Exploit Kit Malware\'s Operations (lien direct) | The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and | ★★★ | ||
|
2023-02-27 20:09:00 | Shocking Findings from the 2023 Third-Party App Access Report (lien direct) | Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don't even realize | Cloud | ★★★★ | |
|
2023-02-27 16:23:00 | ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks (lien direct) | A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week. ChromeLoader (aka | Malware | ★★★★ | |
|
2023-02-27 15:52:00 | (Déjà vu) PureCrypter Malware Targets Government Entities in Asia-Pacific and North America (lien direct) | Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security researcher | Malware Threat | ★★ | |
|
2023-02-27 15:34:00 | PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks (lien direct) | The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy | Tool Prediction | ★★★ |
To see everything:
Our RSS (filtrered)
