What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-27 05:44:52 | Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware (lien direct) | The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, | Ransomware Threat | ||
|
2022-06-24 00:06:51 | State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks (lien direct) | A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, | Ransomware Threat | ||
|
2022-06-23 19:36:46 | Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, | Hack Threat | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 | |
|
2022-06-21 05:22:35 | New ToddyCat Hacker Group on Experts\' Radar After Targeting MS Exchange Servers (lien direct) | An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to deploy the China Chopper web shell and | Threat | ||
|
2022-06-21 03:34:27 | Mitigate Ransomware in a Remote-First World (lien direct) | Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere. 2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a | Ransomware Threat | ||
|
2022-06-19 22:18:13 | BRATA Android Malware Gains Advanced Mobile Threat Capabilities (lien direct) | The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which | Malware Threat | ||
|
2022-06-17 01:39:56 | Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity (lien direct) | A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks | Vulnerability Threat | ||
|
2022-06-15 01:46:03 | Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR (lien direct) | Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don't have the financial resources to recover if they | Threat | ||
|
2022-06-14 01:30:24 | Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens (lien direct) | An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other | Threat | ||
|
2022-06-13 05:53:14 | Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (lien direct) | A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be | Threat | ||
|
2022-06-13 05:26:13 | Chinese \'Gallium\' Hackers Using New PingPull Malware in Cyberespionage Attacks (lien direct) | A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, | Malware Threat | ||
|
2022-06-13 02:49:51 | Quick and Simple: BPFDoor Explained (lien direct) | BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit | Malware Threat | ||
|
2022-06-12 19:39:36 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks (lien direct) | The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " | Malware Tool Threat | ||
|
2022-06-09 04:08:48 | Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector (lien direct) | Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite. | Malware Threat | ||
|
2022-06-09 03:54:41 | Even the Most Advanced Threats Rely on Unpatched Systems (lien direct) | Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost | Ransomware Tool Threat | ||
|
2022-06-09 03:00:45 | A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia (lien direct) | A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices," | Threat | ★★★ | |
|
2022-06-07 04:51:35 | Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions (lien direct) | The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service (RaaS) - | Ransomware Threat | ||
|
2022-06-07 01:14:19 | Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware (lien direct) | A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the | Spam Malware Threat | ||
|
2022-06-06 04:23:37 | Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers (lien direct) | Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. "Bohrium actors create fake | Threat | ||
|
2022-06-05 18:54:10 | State-Backed Hackers Exploit Microsoft \'Follina\' Bug to Target Entities in Europe and U.S (lien direct) | A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages | Vulnerability Threat | ||
|
2022-06-04 00:57:38 | Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild (lien direct) | Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 - another security flaw the Australian software company patched in August 2021. Both relate to a case of | Threat | ||
|
2022-06-03 06:54:33 | Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (lien direct) | An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report. | Tool Threat | ||
|
2022-06-03 01:19:30 | Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies (lien direct) | Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive | Threat | ||
|
2022-06-02 11:10:45 | Threat Detection Software: A Deep Dive (lien direct) | As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat | Threat | ||
|
2022-06-02 01:38:51 | SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (lien direct) | The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity | Malware Tool Threat | APT-C-17 | |
|
2022-06-01 05:36:29 | FluBot Android Spyware Taken Down by Global Law Enforcement Operation (lien direct) | An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement. The "complex | Malware Threat | ||
|
2022-05-31 22:02:54 | Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability (lien direct) | An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in | Vulnerability Threat | ||
|
2022-05-31 04:42:50 | Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise (lien direct) | An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most | Malware Threat | ||
|
2022-05-31 00:30:39 | SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years (lien direct) | An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their | Threat | APT-C-17 | |
|
2022-05-28 00:37:42 | Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices (lien direct) | Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As | Threat | ||
|
2022-05-27 05:28:57 | The Myths of Ransomware Attacks and How To Mitigate Risk (lien direct) | Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks - a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware. To help you | Ransomware Threat Guideline | ||
|
2022-05-26 03:24:57 | Experts Warn of Rise in ChromeLoader Malware Hijacking Users\' Browsers (lien direct) | A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically | Malware Threat | ||
|
2022-05-26 02:49:25 | Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities (lien direct) | Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the | Threat | ||
|
2022-05-25 02:39:51 | Researchers Find New Malware Attacks Targeting Russian Government Entities (lien direct) | An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a | Malware Threat | ||
|
2022-05-24 01:34:29 | Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code (lien direct) | Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to | Vulnerability Threat | ||
|
2022-05-23 03:01:19 | Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns (lien direct) | Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report published last week. "This system includes a web-based dashboard known as SANA that enables a user | Threat | ||
|
2022-05-22 22:12:53 | Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes (lien direct) | At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT). The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing | Threat | ||
|
2022-05-20 02:58:59 | Cytrox\'s Predator Spyware Target Android Users with Zero-Day Exploits (lien direct) | Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched | Threat | ||
|
2022-05-18 00:31:24 | Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets (lien direct) | Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet. "Cryware are information stealers that | Malware Threat | ||
|
2022-05-16 01:55:30 | Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram (lien direct) | An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the | Malware Threat | ||
|
2022-05-13 02:32:11 | New Saitama backdoor Targeted Official from Jordan\'s Foreign Ministry (lien direct) | A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a | Threat | APT 34 | ★★ |
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-05-11 05:37:26 | Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia (lien direct) | An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) | Threat | ||
|
2022-05-10 06:31:44 | 5 Benefits of Detection-as-Code (lien direct) | TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business | Threat | ★★★ | |
|
2022-05-10 06:02:32 | New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity (lien direct) | The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a | Ransomware Threat | ★★★ | |
|
2022-05-09 05:40:09 | SHIELDS UP in bite sized chunks (lien direct) | Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's | Threat | ★★★ | |
|
2022-05-09 05:27:01 | Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums (lien direct) | Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of | Malware Threat | ★★★★ | |
|
2022-05-06 00:17:17 | Experts Uncover New Espionage Attacks by Chinese \'Mustang Panda\' Hackers (lien direct) | The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing | Malware Threat | ||
|
2022-05-04 06:04:06 | Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies (lien direct) | An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included technology and | Threat | APT 41 |
To see everything:
Our RSS (filtrered)
