What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-10 17:20:00 | The Future of Network Security: Automated Internal and External Pentesting (lien direct) | In today\'s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay
In today\'s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay |
Threat | ★★ | |
|
2024-12-10 14:42:00 | CERT-UA Warns of Phishing Attacks Targeting Ukraine\\'s Defense and Security Force (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces.
The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022.
"The phishing emails mimicked official messages
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages |
Threat | ★★★ | |
|
2024-12-09 23:14:00 | Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (lien direct) | The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.
"Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7 |
Ransomware Threat | ★★ | |
|
2024-12-09 16:14:00 | Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices (lien direct) | A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight.
"Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis |
Malware Threat | ★★★ | |
|
2024-12-07 13:48:00 | Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals\\' Data (lien direct) | Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings.
"The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company |
Malware Threat | ★★★ | |
|
2024-12-06 13:52:00 | More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader (lien direct) | The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation.
This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on |
Malware Tool Threat | ★★ | |
|
2024-12-06 12:33:00 | Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (lien direct) | The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis.
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis. |
Malware Threat | ★★ | |
|
2024-12-05 20:26:00 | Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access (lien direct) | Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.
The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input |
Vulnerability Threat | ★★★ | |
|
2024-12-05 18:13:00 | Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (lien direct) | A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
"Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a |
Threat Mobile | ★★★ | |
|
2024-12-05 16:30:00 | Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (lien direct) | A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion.
According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn\'t rule out the possibility that the intrusion may have occurred earlier.
"The attackers moved laterally
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn\'t rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally |
Threat | ★★★ | |
|
2024-12-05 13:00:00 | ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan (lien direct) | The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.
The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.
"An interesting aspect of this campaign is the comeback of a backdoor
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor |
Threat Prediction Technical | ★★ | |
|
2024-12-04 22:53:00 | Russia-Linked Turla Exploits Pakistani Hackers\\' Servers to Target Afghan and Indian Entities (lien direct) | The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.
The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding |
Threat | ★★ | |
|
2024-12-04 11:37:00 | Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (lien direct) | A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People\'s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers.
"Identified exploitations or compromises associated with these threat actors\' activity align with existing weaknesses associated with victim infrastructure; no novel
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People\'s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors\' activity align with existing weaknesses associated with victim infrastructure; no novel |
Threat | ★★ | |
|
2024-12-03 15:21:00 | North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (lien direct) | The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.
"Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September, |
Threat | ★★ | |
|
2024-11-28 14:59:00 | Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (lien direct) | A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.
"Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique |
Malware Threat | ★★ | |
|
2024-11-27 16:44:00 | APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor (lien direct) | The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.
That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
"In this attack,
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, |
Vulnerability Threat | ★★ | |
|
2024-11-27 10:51:00 | Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (lien direct) | A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
"This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a |
Malware Vulnerability Threat | ★★ | |
|
2024-11-26 16:04:00 | RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (lien direct) | The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.
"In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user |
Vulnerability Threat | ★★★ | |
|
2024-11-26 15:49:00 | Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (lien direct) | The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed |
Malware Hack Threat | ★★★ | |
|
2024-11-23 17:40:00 | Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites (lien direct) | Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.
The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said. |
Threat Industrial | ★★ | |
|
2024-11-23 17:23:00 | North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (lien direct) | The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.
These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both |
Malware Threat | ★★ | |
|
2024-11-22 22:29:00 | APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (lien direct) | The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.
The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today.
Mysterious Elephant, which is also known as
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as |
Malware Threat | ★★ | |
|
2024-11-22 17:36:00 | Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (lien direct) | Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.
Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The |
Malware Threat | APT 28 | ★★ |
|
2024-11-21 21:20:00 | Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (lien direct) | The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.
That\'s according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That\'s according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023. |
Threat | ★★ | |
|
2024-11-21 17:34:00 | North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs (lien direct) | Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme.
"Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers\' true origins and
Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers\' true origins and |
Threat | ★★★ | |
|
2024-11-21 12:04:00 | NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data (lien direct) | Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.
"They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher
Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher |
Malware Threat | ★★ | |
|
2024-11-20 18:39:00 | Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (lien direct) | Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim\'s funds at scale.
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.
"Criminals can now misuse Google Pay and Apple
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim\'s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple |
Threat Mobile | ★★ | |
|
2024-11-20 17:00:00 | NHIs Are the Future of Cybersecurity: Meet NHIDR (lien direct) | The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take |
Vulnerability Threat | ★★ | |
|
2024-11-20 14:46:00 | Decades-Old Security Vulnerabilities Found in Ubuntu\\'s Needrestart Package (lien direct) | Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that |
Vulnerability Threat | ★★ | |
|
2024-11-20 10:07:00 | Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (lien direct) | Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below -
CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 - A cookie management vulnerability in
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 - A cookie management vulnerability in |
Vulnerability Threat | ★★★ | |
|
2024-11-19 17:00:00 | Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (lien direct) | Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access-rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To
Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access-rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To |
Threat | ★★ | |
|
2024-11-19 15:10:00 | New \\'Helldown\\' Ransomware Variant Expands Attacks to VMware and Linux Systems (lien direct) | Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.
"Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group |
Ransomware Threat | ★★ | |
|
2024-11-19 12:32:00 | Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (lien direct) | U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.
The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It\'s not clear what information was taken, if any,
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It\'s not clear what information was taken, if any, |
Threat | ★★★ | |
|
2024-11-18 17:06:00 | THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17) (lien direct) | What do hijacked websites, fake job offers, and sneaky ransomware have in common? They\'re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.
This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative-using everything from human trust to hidden flaws in
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They\'re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative-using everything from human trust to hidden flaws in |
Ransomware Tool Threat | ★★ | |
|
2024-11-18 16:26:00 | Fake Discount Sites Exploit Black Friday to Hijack Shopper Information (lien direct) | A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season.
"The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products |
Threat | ★★ | |
|
2024-11-16 13:51:00 | PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released (lien direct) | Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.
To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP
Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP |
Vulnerability Threat | ★★★ | |
|
2024-11-16 11:55:00 | Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (lien direct) | A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.
Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, |
Malware Vulnerability Threat | ★★★ | |
|
2024-11-15 16:42:00 | Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia (lien direct) | A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer.
The malware "targets victims\' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software,"
A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims\' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," |
Malware Threat | ★★★ | |
|
2024-11-15 12:10:00 | High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (lien direct) | Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.
The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.
Environment variables are user-defined values that can allow a program
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program |
Vulnerability Threat | ★★ | |
|
2024-11-14 23:06:00 | Experts Uncover 70,000 Hijacked Domains in Widespread \\'Sitting Ducks\\' Attack Scheme (lien direct) | Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.
The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently |
Threat | ★★★ | |
|
2024-11-14 15:21:00 | New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (lien direct) | Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including |
Malware Threat | APT 38 | ★★★ |
|
2024-11-14 11:13:00 | Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (lien direct) | A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this |
Malware Vulnerability Threat | ★★ | |
|
2024-11-13 21:39:00 | Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel (lien direct) | A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities.
The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis.
"The [Israel-Hamas] conflict has not disrupted the WIRTE\'s
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE\'s |
Threat | ★★★ | |
|
2024-11-13 12:44:00 | Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (lien direct) | The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group\'s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.
"The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group\'s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said |
Malware Threat | ★★★ | |
|
2024-11-12 19:30:00 | New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (lien direct) | Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D\' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D\' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub |
Tool Threat | ★★★ | |
|
2024-11-12 18:30:00 | North Korean Hackers Target macOS Using Flutter-Embedded Malware (lien direct) | Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built
Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built |
Malware Threat | ★★ | |
|
2024-11-12 16:30:00 | 5 Ways Behavioral Analytics is Revolutionizing Incident Response (lien direct) | Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it\'s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more
Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it\'s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more |
Threat | ★★★ | |
|
2024-11-11 17:27:00 | Recapt THN: les principales menaces, outils et pratiques de cybersécurité (04 novembre - 10 novembre) (lien direct) |
⚠️ Imagine this: the very tools you trust to protect you online-your two-factor authentication, your car\\\\\\\\\\\\'s tech system, even your security software-turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn\\\\\\\\\\\\'t fiction; it\\\\\\\\\\\\'s the new cyber reality. Today\\\\\\\\\\\\'s attackers have become so sophisticated that they\\\\\\\\\\\\'re using our trusted tools as secret pathways,
⚠️ Imagine this: the very tools you trust to protect you online-your two-factor authentication, your car\\\\\\\\\\\\'s tech system, even your security software-turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn\\\\\\\\\\\\'t fiction; it\\\\\\\\\\\\'s the new cyber reality. Today\\\\\\\\\\\\'s attackers have become so sophisticated that they\\\\\\\\\\\\'re using our trusted tools as secret pathways, |
Tool Threat | ★★★ | |
|
2024-11-11 11:43:00 | Les cybercriminels utilisent Excel Exploit pour répartir les logiciels malveillants Remcos Remcos sans fil (lien direct) | Les chercheurs en cybersécurité ont découvert une nouvelle campagne de phishing qui diffuse une nouvelle variante inébranlable des logiciels malveillants commerciaux connus appelés Remcos Rat.
Remcos Rat "fournit des achats avec une large gamme de fonctionnalités avancées pour contrôler à distance les ordinateurs appartenant à l'acheteur", a déclaré le chercheur de Fortinet Fortiguard Labs, Xiaopeng Zhang, dans une analyse publiée la semaine dernière.
"Cependant, les acteurs de la menace ont
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have |
Malware Threat Commercial | ★★★ | |
|
2024-11-09 11:42:00 | Palo Alto conseille de sécuriser l'interface PAN-OS au milieu des préoccupations potentielles de menace RCE Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns (lien direct) |
Vendredi, Palo Alto Networks a publié un avis d'information exhortant les clients à s'assurer que l'accès à l'interface de gestion PAN-OS est sécurisé en raison d'une vulnérabilité potentielle d'exécution de code distant.
"Palo Alto Networks est au courant d'une réclamation d'une vulnérabilité d'exécution de code distant via l'interface de gestion PAN-OS", a indiqué la société."Pour le moment, nous ne connaissons pas les détails du
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said. "At this time, we do not know the specifics of the |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
