What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-17 21:08:45 | Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities (lien direct) | Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An | Threat Guideline | ||
|
2022-08-04 22:54:43 | CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary | Vulnerability Guideline | ||
|
2022-08-04 06:10:59 | Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers (lien direct) | As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured | Vulnerability Guideline | ||
|
2022-07-29 03:49:50 | Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (lien direct) | Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the | Vulnerability Guideline | ||
|
2022-07-20 02:44:15 | Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of | Guideline | ||
|
2022-07-15 21:07:41 | New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain (lien direct) | Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an | Vulnerability Guideline | ||
|
2022-07-06 05:38:14 | OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks (lien direct) | The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on | Guideline | ||
|
2022-06-30 01:40:14 | Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks (lien direct) | A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins, who was extradited to the U.S. on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to | Ransomware Guideline | ||
|
2022-05-29 21:50:12 | FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks (lien direct) | Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S. | Guideline | ||
|
2022-05-28 06:14:11 | New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme (lien direct) | A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for | Guideline | ||
|
2022-05-27 05:28:57 | The Myths of Ransomware Attacks and How To Mitigate Risk (lien direct) | Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks - a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware. To help you | Ransomware Threat Guideline | ||
|
2022-05-19 22:30:01 | Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware (lien direct) | Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware | Malware Guideline | ||
|
2022-05-15 19:12:21 | Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers (lien direct) | A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev, who pleaded guilty to his offenses earlier this February, was arrested in Poland in October 2020, before being extradited to the U.S. in September | Guideline | ||
|
2022-05-09 01:55:28 | Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which | Malware Guideline | ||
|
2022-05-08 20:28:43 | U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack. | Ransomware Guideline | ||
|
2022-05-08 20:06:57 | Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability (lien direct) | Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked CVE-2022-1388 (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing | Vulnerability Guideline | ||
|
2022-04-20 03:54:14 | [eBook] The Ultimate Security for Management Presentation Template (lien direct) | Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program. But getting buy-in from leadership can be difficult when they are a non-technical audience. On top of managing your organization's breach protection | Guideline | ||
|
2022-03-22 00:34:15 | New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems (lien direct) | Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the | Guideline | ||
|
2022-03-16 06:52:51 | New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers (lien direct) | The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw | Guideline | ||
|
2022-03-16 06:14:32 | Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters (lien direct) | Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it | Vulnerability Guideline | ||
|
2022-03-16 00:53:39 | Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data (lien direct) | Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication, but can be triggered by any user with read permissions," Uriya Yavnieli and Or Peles, researchers | Guideline | ||
|
2022-03-14 05:48:01 | Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups (lien direct) | A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of | Ransomware Guideline | ||
|
2022-03-09 02:04:37 | Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (lien direct) | APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in | Vulnerability Threat Guideline | APT 41 | |
|
2022-03-09 01:48:57 | Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (lien direct) | Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an | Guideline | ||
|
2022-03-07 23:43:22 | Researchers Warn of Linux Kernel \'Dirty Pipe\' Arbitrary File Overwrite Vulnerability (lien direct) | Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation | Vulnerability Guideline | ||
|
2022-02-17 01:22:21 | This New Tool Can Retrieve Pixelated Text from Redacted Documents (lien direct) | The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling the reversal of pixelized text back into its original form. Dan Petro, a lead researcher at offensive | Tool Guideline | ||
|
2022-01-30 21:15:55 | DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering (lien direct) | An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb (DDW) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He pleaded guilty to money laundering | Guideline | ||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2021-12-27 03:32:03 | \'Spider-Man: No Way Home\' Pirated Downloads Contain Crypto-Mining Malware (lien direct) | Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for | Malware Guideline | ||
|
2021-12-20 23:20:59 | Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks (lien direct) | Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The social engineering scheme involved the creation of rogue webpages that masqueraded as the login | Guideline | ||
|
2021-12-01 00:36:43 | Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking (lien direct) | A sixth member associated with an international hacking group known as The Community has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was sentenced to 10 | Guideline | ||
|
2021-11-18 04:59:17 | Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models (lien direct) | Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead | Vulnerability Guideline | ||
|
2021-11-11 03:50:08 | TrickBot Operators Partner with Shatak Attackers for Conti Ransomware (lien direct) | The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a | Ransomware Threat Guideline | ||
|
2021-11-10 00:08:40 | 14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution.
The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, |
Tool Guideline | ||
|
2021-11-05 02:36:51 | U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group (lien direct) | The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands.
On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country |
Ransomware Guideline | ||
|
2021-10-27 04:16:16 | Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country (lien direct) | A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline.
Posts and videos circulated on social media showed messages that said, "Khamenei! Where is our gas?" - a reference to the country's supreme leader Ayatollah Ali Khamenei. Other signs read, " |
Guideline | ||
|
2021-10-25 06:04:47 | Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM (lien direct) | The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the |
Guideline | ||
|
2021-10-22 06:46:50 | Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks (lien direct) | The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
"With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity |
Ransomware Guideline | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-06 23:30:12 | Cyber Security WEBINAR - How to Ace Your InfoSec Board Deck (lien direct) | Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of |
Guideline | ||
|
2021-10-05 06:16:08 | New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (lien direct) | Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.
"The image we uncovered was that of a state-sponsored campaign that plays on |
Malware Guideline | APT 41 | |
|
2021-09-22 03:41:14 | New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures (lien direct) | As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.
Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive |
Guideline | ||
|
2021-09-10 01:18:43 | Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group (lien direct) | A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather |
Malware Guideline | APT 41 | |
|
2021-09-08 22:45:14 | CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus |
Vulnerability Guideline | ||
|
2021-09-08 05:38:12 | 3 Ways to Secure SAP SuccessFactors and Stay Compliant (lien direct) | The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more.
SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. |
Guideline | ||
|
2021-09-06 05:17:38 | ProtonMail Shares Activist\'s IP Address With Authorities Despite Its "No Log" Policy (lien direct) | End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.
The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for |
Guideline | ||
|
2021-08-30 20:38:15 | New Microsoft Exchange \'ProxyToken\' Flaw Lets Attackers Reconfigure Mailboxes (lien direct) | Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII).
The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the |
Vulnerability Guideline | ||
|
2021-08-18 08:48:40 | Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices (lien direct) | A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution.
Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw |
Vulnerability Guideline | ★★★ | |
|
2021-07-21 06:38:39 | Malicious NPM Package Caught Stealing Users\' Saved Passwords From Browsers (lien direct) | A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.
The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent |
Tool Guideline | ||
|
2021-07-14 04:01:50 | REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks (lien direct) | REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down.
Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained |
Ransomware Guideline |
To see everything:
Our RSS (filtrered)
