What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-15 19:03:00 | Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware (lien direct) | A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389." The attacks, per the cybersecurity company, | Ransomware Malware Threat | ★★★ | |
|
2023-02-14 22:21:00 | Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected (lien direct) | The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin said in a report | Malware Threat | ★★ | |
|
2023-02-14 15:42:00 | A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (lien direct) | One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as | Ransomware Threat | ★★★ | |
|
2023-02-13 21:01:00 | Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players\' Systems (lien direct) | An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021. "Since V8 | Threat | ★★ | |
|
2023-02-13 15:29:00 | Honeypot-Factory: The Use of Deception in ICS/OT Environments (lien direct) | There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically | Threat Industrial | ★★ | |
|
2023-02-13 13:28:00 | Chinese Tonto Team Hackers\' Second Attempt to Target Cybersecurity Firm Group-IB Fails (lien direct) | The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto Team, | Threat | ★★ | |
|
2023-02-13 13:14:00 | Hackers Targeting U.S. and German Firms Monitor Victims\' Desktops with Screenshotter (lien direct) | A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks at | Malware Threat | ★★★ | |
|
2023-02-11 19:06:00 | New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool (lien direct) | After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB | Ransomware Tool Threat | ★★ | |
|
2023-02-11 16:41:00 | Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (lien direct) | Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar | Malware Threat Prediction | ★★ | |
|
2023-02-10 09:58:00 | Reddit Suffers Security Breach Exposing Internal Documents and Source Code (lien direct) | Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees. The attack | Threat | ★★★★ | |
|
2023-02-09 19:39:00 | Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices (lien direct) | A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli | Threat Industrial | ★★★★ | |
|
2023-02-09 16:36:00 | NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities (lien direct) | A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said. PIMEC, short for | Threat | ★★ | |
|
2023-02-09 16:08:00 | Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (lien direct) | The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. "The threat actor | Malware Threat | ★★★ | |
|
2023-02-08 16:31:00 | Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (lien direct) | A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide | Malware Threat | ★★ | |
|
2023-02-08 11:46:00 | CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency describing the activity as likely motivated by espionage given the toolset employed. The | Threat | ★★ | |
|
2023-02-07 18:28:00 | Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework (lien direct) | Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. "Not | Threat | ★★ | |
|
2023-02-07 15:51:00 | VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree (lien direct) | VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware | Ransomware Threat | ★ | |
|
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
|
2023-02-02 18:13:00 | New Russian-Backed Gamaredon\'s Spyware Variants Targeting Ukrainian Authorities (lien direct) | The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of | Threat | ★★ | |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-01 15:55:00 | Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards (lien direct) | The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its | Malware Threat | ★ | |
|
2023-01-31 16:09:00 | Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years (lien direct) | A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically | Malware Threat | ★★★ | |
|
2023-01-31 09:07:00 | GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom (lien direct) | GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, | Threat | ★★ | |
|
2023-01-30 16:56:00 | Titan Stealer: A New Golang-Based Information Stealer Malware Emerges (lien direct) | A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers | Malware Threat | ★★ | |
|
2023-01-29 11:17:00 | Gootkit Malware Continues to Evolve with New Components and Obfuscations (lien direct) | The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group." Gootkit, also called Gootloader, is spread through compromised websites that | Malware Threat | ★★ | |
|
2023-01-27 19:20:00 | Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (lien direct) | Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The | Malware Threat | ★★★ | |
|
2023-01-26 21:36:00 | Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation (lien direct) | Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News. "However, a | Threat | ★★★ | |
|
2023-01-26 20:04:00 | Researchers Uncover Connection b/w Moses Staff and Emerging Abraham\'s Ax Hacktivists Group (lien direct) | New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU) said | Threat | ★★ | |
|
2023-01-25 16:11:00 | North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks (lien direct) | A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as | Threat | ★★ | |
|
2023-01-25 13:13:00 | LastPass Parent Company GoTo Suffers Data Breach, Customers\' Backups Compromised (lien direct) | LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The | Threat | LastPass | ★★ |
|
2023-01-24 17:28:00 | FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber | Hack Threat Medical | APT 38 | ★★ |
|
2023-01-24 16:33:00 | Emotet Malware Makes a Comeback with New Evasion Techniques (lien direct) | The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via | Malware Threat | ★★★★ | |
|
2023-01-23 17:09:00 | SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric (lien direct) | The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access. The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures | Threat | ★★ | |
|
2023-01-23 15:24:00 | Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks (lien direct) | The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation | Threat | ★★ | |
|
2023-01-20 22:03:00 | Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers\' DNS Settings (lien direct) | Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea. | Malware Threat | ★★ | |
|
2023-01-20 12:29:00 | New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (lien direct) | A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were | Malware Vulnerability Threat | ★★ | |
|
2023-01-19 18:57:00 | Android Users Beware: New Hook Malware with RAT Capabilities Emerges (lien direct) | The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring | Malware Threat | ★★★ | |
|
2023-01-19 18:31:00 | New Research Delves into the World of Malicious LNK Files and Hackers Behind Them (lien direct) | Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and | Threat | ★★★★ | |
|
2023-01-19 11:03:00 | Mailchimp Suffers Another Security Breach Compromising Some Customers\' Information (lien direct) | Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee | Tool Threat | ★ | |
|
2023-01-18 22:54:00 | Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa (lien direct) | An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails, | Threat Prediction | ★★ | |
|
2023-01-18 16:35:00 | Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks (lien direct) | The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated | Malware Threat | ★★★ | |
|
2023-01-17 18:15:00 | Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware (lien direct) | New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port | Malware Threat | ★★★ | |
|
2023-01-17 12:06:00 | Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems (lien direct) | A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been | Malware Threat | ★★★ | |
|
2023-01-16 15:39:00 | New Backdoor Created Using Leaked CIA\'s Hive Malware Discovered in the Wild (lien direct) | Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it xdr33 based on its embedded Bot-side certificate CN=xdr33," | Malware Threat | ★★★★ | |
|
2023-01-14 14:11:00 | Malware Attack on CircleCI Engineer\'s Laptop Leads to Recent Security Incident (lien direct) | DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus | Malware Threat | ★★★ | |
|
2023-01-13 16:56:00 | Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar (lien direct) | Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher | Malware Threat | ★★★ | |
|
2023-01-12 20:16:00 | IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (lien direct) | A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in | Malware Threat | ★★ | |
|
2023-01-11 23:05:00 | New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (lien direct) | A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance, | Malware Threat | ★★ | |
|
2023-01-11 15:02:00 | Dark Pink APT Group Targets Governments and Military in APAC Region (lien direct) | Government and military organizations in the Asia Pacific region are being targeted by a previously unknown advanced persistent threat (APT) actor, per the latest research. Singapore-headquartered Group-IB, in a report shared with The Hacker News, said it's tracking the ongoing campaign under the name Dark Pink and attributed seven successful attacks to the adversarial collective between June | Threat | ★★★ | |
|
2023-01-10 22:10:00 | (Déjà vu) StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users (lien direct) | The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report. "The app is | Malware Threat | ★ |
To see everything:
Our RSS (filtrered)
