What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-19 15:34:00 | Explorer le côté obscur: outils et techniques OSINT pour démasquer les opérations Web sombres Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations (lien direct) |
Le 5 avril 2023, le FBI et la police nationale néerlandaise ont annoncé le retrait de Genesis Market, l'un des plus grands marchés Web Dark.L'opération, surnommée «Operation Cookie Monster», a entraîné l'arrestation de 119 personnes et la saisie de plus de 1 million de dollars de crypto-monnaie.Vous pouvez lire le mandat du FBI \\ ici pour plus de détails spécifiques à cette affaire.À la lumière de ces événements, je voudrais discuter de la façon dont Osint
On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI\'s warrant here for details specific to this case. In light of these events, I\'d like to discuss how OSINT |
Tool | ★★ | |
|
2023-07-15 16:00:00 | Wormpt: un nouvel outil d'IA permet aux cybercriminels de lancer des cyberattaques sophistiquées WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks (lien direct) |
L'intelligence artificielle générative (IA) devenant à la mode de nos jours, il n'est peut-être pas surprenant que la technologie ait été réutilisée par des acteurs malveillants à leur propre avantage, permettant des voies de cybercriminalité accélérée.
Selon les résultats de Slashnext, un nouvel outil de cybercriminalité générateur d'IA appelé Wormgpt a été annoncé sur les forums souterrains comme moyen pour les adversaires de
With generative artificial intelligence (AI) becoming all the rage these days, it\'s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to |
Tool | ★★★ | |
|
2023-07-14 15:42:00 | La campagne de vol d'identification Cloud de Teamtnt \\ cible désormais Azure et Google Cloud TeamTNT\\'s Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (lien direct) |
Un acteur malveillant a été lié à une campagne de vol d'identification cloud en juin 2023 qui s'est concentrée sur les services Azure et Google Cloud Platform (GCP), marquant l'expansion de l'adversaire \\ dans le ciblage au-delà des services Web d'Amazon (AWS).
Les résultats proviennent de Sentineone et Permiso, qui ont déclaré que "les campagnes partagent la similitude avec les outils attribués à l'équipe de cryptojacking de Teamtnt notoire".
A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that\'s focused on Azure and Google Cloud Platform (GCP) services, marking the adversary\'s expansion in targeting beyond Amazon Web Services (AWS). The findings come from SentinelOne and Permiso, which said the "campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew," |
Tool Cloud | ★★★ | |
|
2023-07-04 16:14:00 | L'outil d'attaque DDOSIA évolue avec le cryptage, ciblant plusieurs secteurs DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors (lien direct) |
Les acteurs de la menace derrière l'outil d'attaque DDOSIA ont proposé une nouvelle version qui intègre un nouveau mécanisme pour récupérer la liste des cibles à bombarder de demandes HTTP indésirables pour tenter de les faire tomber.
La variante mise à jour, écrite en Golang, "met en œuvre un mécanisme de sécurité supplémentaire pour cacher la liste des cibles, qui est transmise de la [commande et contrôle] à la
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the |
Tool Threat | ★★ | |
|
2023-06-26 18:06:00 | L'échange de crypto-monnaie japonaise est victime de l'attaque de la porte dérobée du Jokerspy MacOS Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (lien direct) |
Un échange de crypto-monnaie inconnu situé au Japon était la cible d'une nouvelle attaque plus tôt ce mois-ci pour déployer une porte dérobée Apple MacOS appelée Jokerspy.
Elastic Security Labs, qui surveille l'ensemble d'intrusion sous le nom Ref9134, a déclaré que l'attaque a conduit à l'installation de Swiftbelt, un outil d'énumération basé sur Swift inspiré d'un utilitaire open-source appelé ceinture de sécurité.
Jokersky était le premier
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the attack led to the installation of Swiftbelt, a Swift-based enumeration tool inspired by an open-source utility called SeatBelt. JokerSky was first |
Tool | ★★ | |
|
2023-06-16 19:24:00 | Chamedoh: Nouvelle porte dérobée Linux en utilisant le tunneling DNS-Over-HTTPS pour CNC Covert ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC (lien direct) |
L'acteur de menace connu sous le nom de Chamelgang a été observé à l'aide d'un implant préalable sans papiers dans des systèmes Linux de porte dérobée, marquant une nouvelle expansion des capacités de l'acteur de menace.
Le malware, surnommé Chamedoh par cage d'escalier, est un outil basé sur C ++ pour communiquer via DNS-Over-HTTPS (DOH).
Chamelgang a été éteinte pour la première fois par la société russe de cybersécurité Positive Technologies en septembre 2021,
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor\'s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed by Russian cybersecurity firm Positive Technologies in September 2021, |
Tool Threat | ★★ | |
|
2023-05-10 14:14:00 | Le gouvernement américain neutralise l'outil de cyber-espionnage de serpent le plus sophistiqué de la Russie U.S. Government Neutralizes Russia\\'s Most Sophisticated Snake Cyber Espionage Tool (lien direct) |
Le gouvernement américain a annoncé mardi la perturbation par le tribunal d'un réseau mondial compromis par une souche de logiciels malveillante avancée connue sous le nom de serpent exercé par le Federal Security Service (FSB) de Russie.
Snake, surnommé "l'outil de cyber-espionnage le plus sophistiqué", est le travail d'un groupe parrainé par l'État russe appelé Turla (aka Iron Hunter, Secret Blizzard, Summit, Uroburos, Venomous Bear,
The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia\'s Federal Security Service (FSB). Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, |
Malware Tool | ★★ | |
|
2023-05-05 15:49:00 | N. Corée des pirates de Kimsuky utilisant un nouvel outil Recon Reonshark dans les dernières cyberattaques N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks (lien direct) |
L'acteur de menace nord-coréen parrainé par l'État connu sous le nom de Kimsuky a été découvert à l'aide d'un nouvel outil de reconnaissance appelé Reonshark dans le cadre d'une campagne mondiale en cours.
"[Reonshark] est activement livré à des individus spécifiquement ciblés par le biais de courriels de lance-phishing, des liens OneDrive menant à des téléchargements de documents et à l'exécution de macros malveillants", cherche aux chercheurs de Sentinélone Tom Hegel
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom Hegel |
Tool Threat | APT 43 | ★★★ |
|
2023-05-02 17:26:00 | BouldSpy Android Spyware: Tool présumé du gouvernement iranien pour espionner des groupes minoritaires BouldSpy Android Spyware: Iranian Government\\'s Alleged Tool for Spying on Minority Groups (lien direct) |
Un nouveau logiciel de surveillance Android éventuellement utilisé par le gouvernement iranien a été utilisé pour espionner plus de 300 personnes appartenant à des groupes minoritaires.
Le logiciel malveillant, surnommé Bouldspy, a été attribué à une confiance modérée au commandement des forces de l'ordre de la République islamique d'Iran (Faraja).Les victimes ciblées comprennent les Kurdes iraniens, les Baluchis, les Azéris et les groupes chrétiens arméniens.
"Le logiciel espion
A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware |
Tool | ★★ | |
|
2023-04-26 21:01:00 | Des pirates chinois repérés en utilisant la variante Linux de Pingpull dans les cyberattaques ciblées Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks (lien direct) |
Le groupe chinois de l'État national surnommé Alloy Taurus utilise une variante Linux d'une porte dérobée appelée Pingpull ainsi qu'un nouvel outil sans papiers nommé Sword2033.
Cela \\ est selon les résultats de l'unité 42 de Palo Alto Networks, qui a découvert une récentes activités malveillantes menées par le groupe ciblant l'Afrique du Sud et le Népal.
Le taureau en alliage est le surnom de constellation affecté à un
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That\'s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a |
Tool | ★★ | |
|
2023-04-24 19:14:00 | Ransomware hackers utilisant l'outil Aukill pour désactiver le logiciel EDR à l'aide de l'attaque BYOVD Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack (lien direct) |
Les acteurs de la menace utilisent un "outil d'évasion de défense" sans papiers auparavant surnommé Aukill qui a conçu pour désactiver le logiciel de détection et de réponse (EDR) au moyen d'une propre attaque de conducteur vulnérable (BYOVD).
"L'outil Aukill abuse d'une version obsolète du pilote utilisé par la version 16.32 de l'utilitaire Microsoft, Process Explorer, pour désactiver les processus EDR avant le déploiement
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that\'s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying |
Ransomware Tool Threat | ★★ | |
|
2023-04-20 16:52:00 | Fortra met en lumière Goanywhere MFT Zero-Day Exploit utilisé dans les attaques de ransomwares Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks (lien direct) |
Fortra, l'entreprise derrière Cobalt Strike, a mis en lumière une vulnérabilité d'exécution de code à distance (RCE) zéro-jour dans son outil GOANYWORD MFT qui a été soumis à une exploitation active par les acteurs du ransomware pour voler des données sensibles.
Le défaut de haute sévérité, suivi sous le nom de CVE-2023-0669 (score CVSS: 7.2), concerne un cas d'injection de commande pré-authentifiée qui pourrait être abusée pour réaliser l'exécution du code.Le
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The |
Ransomware Tool Vulnerability | ★★ | |
|
2023-04-19 16:58:00 | Les pirates pakistanais utilisent le poseidon de logiciels malveillants Linux pour cibler les agences gouvernementales indiennes Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies (lien direct) |
L'acteur avancé de menace persistante (APT) basée au Pakistan connu sous le nom de Tribe Transparent a utilisé un outil d'authentification à deux facteurs (2FA) utilisé par les agences gouvernementales indiennes comme ruse pour livrer une nouvelle porte dérobée Linux appelée Poséidon.
"Poséidon est un logiciel malveillant en charge utile de deuxième étape associé à la tribu transparente", a déclaré le chercheur en sécurité UptyCS Tejaswini Sandapolla dans un rapport technique publié cette semaine.
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week. |
Malware Tool Threat | APT 36 | ★★ |
|
2023-04-17 17:16:00 | Google découvre l'utilisation par APT41 \\ de l'outil GC2 open source pour cibler les médias et les sites d'emploi Google Uncovers APT41\\'s Use of Open Source GC2 Tool to Target Media and Job Sites (lien direct) |
Un groupe chinois de l'État-nation a ciblé une organisation médiatique taïwanaise anonyme pour fournir un outil d'association rouge open source connu sous le nom de Google Command and Control (GC2) au milieu d'une abus plus large de l'infrastructure de Google \\ pour les fins malveillantes.
Le groupe d'analyse des menaces du géant de la technologie (TAG) a attribué la campagne à un acteur de menace qu'il suit en vertu du hoodoo de surnom géologique et géographique, qui est
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google\'s infrastructure for malicious ends. The tech giant\'s Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is |
Tool Threat | APT 41 APT 41 | ★★★ |
|
2023-04-17 13:31:00 | Ransomware de la vice Society Utilisation de l'outil PowerShell furtif pour l'exfiltration des données Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration (lien direct) |
Les acteurs de menace associés au gang de ransomware de la vice Society ont été observés à l'aide d'un outil basé sur PowerShell sur mesure pour voler sous le radar et automatiser le processus d'exfiltration de données à partir de réseaux compromis.
«Les acteurs de menace (TAS) utilisant des méthodes d'exfiltration de données intégrées comme [vivre des binaires et scripts terrestres] annulent la nécessité de faire appel à des outils externes qui pourraient être signalés par
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by |
Ransomware Tool Threat | ★★ | |
|
2023-04-13 16:40:00 | Le nouvel outil de piratage "Légion" basé sur Python émerge sur Telegram New Python-Based "Legion" Hacking Tool Emerges on Telegram (lien direct) |
Une récolteuse d'identification basée sur Python émergente et un outil de piratage nommé Légion sont commercialisés via Telegram comme moyen pour les acteurs de menace de pénétrer dans divers services en ligne pour une nouvelle exploitation.
La Légion, selon Cado Labs, comprend des modules pour énumérer les serveurs SMTP vulnérables, mener des attaques d'exécution de code distant (RCE), exploiter les versions non corrigées d'Apache et le cpanel brutal et
An emerging Python-based credential harvester and a hacking tool named Legion are being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and |
Tool Threat | ★★ | |
|
2023-04-07 11:45:00 | Microsoft prend des mesures juridiques pour perturber les cybercriminels \\ 'Utilisation illégale de l'outil de grève du cobalt Microsoft Takes Legal Action to Disrupt Cybercriminals\\' Illegal Use of Cobalt Strike Tool (lien direct) |
Microsoft a déclaré qu'il s'était associé au Fortra et au Centre d'analyse des informations sur les informations sur la santé (ISAC) pour lutter contre les abus de la grève du cobalt par les cybercriminels pour distribuer des logiciels malveillants, y compris le ransomware.
À cette fin, l'unité des crimes numériques du géant de la technologie (DCU) a révélé qu'elle avait obtenu une ordonnance du tribunal aux États-Unis pour "supprimer des copies illégales de la grève de Cobalt afin qu'elles ne puissent plus être utilisées par
Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant\'s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by |
Tool | ★★ | |
|
2023-03-28 23:38:00 | Microsoft présente l'outil de copilote de sécurité GPT-4 pour autoriser les défenseurs [Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders] (lien direct) | Microsoft a dévoilé mardi le copilote de sécurité en avant-première, marquant sa poussée continue pour intégrer les fonctionnalités axées sur l'IA dans le but d'offrir "une défense de bout en bout à la vitesse et à l'échelle de la machine".
Propulsé par GPT-4 d'Openai \\ GPT-4 et son propre modèle spécifique à la sécurité, il est facturé comme un outil d'analyse de sécurité qui permet aux analystes de cybersécurité de répondre rapidement aux menaces, aux signaux de processus et
Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale." Powered by OpenAI\'s GPT-4 generative AI and its own security-specific model, it\'s billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and |
Tool | ★★ | |
|
2023-03-27 15:18:00 | Microsoft émet un patch pour le défaut de confidentialité d'Acropalypse dans les outils de capture d'écran Windows [Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools] (lien direct) | Microsoft a publié une mise à jour hors bande pour aborder un défaut de déficience de confidentialité dans son outil d'édition de capture d'écran pour Windows 10 et Windows 11.
Le problème, surnommé Acropalypse, pourrait permettre aux acteurs malveillants de récupérer des parties éditées de captures d'écran, potentiellement révélant des informations sensibles qui peuvent avoir été résolues.
Suivi comme CVE-2023-28303, la vulnérabilité est notée de 3,3 sur le CVSS
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS |
Tool Vulnerability | ★★ | |
|
2023-02-28 19:29:00 | New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises (lien direct) | A new post-exploitation framework called EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. "It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool," CYFIRMA said in a new report. Some of the notable features include establishing a reverse shell | Ransomware Tool | ★★★★ | |
|
2023-02-27 15:34:00 | PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks (lien direct) | The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy | Tool Prediction | ★★★ | |
|
2023-02-23 17:17:00 | Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (lien direct) | A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine. | Malware Tool Medical | APT 38 | ★ |
|
2023-02-17 18:17:00 | Armenian Entities Hit by New Version of OxtaRAT Spying Tool (lien direct) | Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell, | Tool | ★★★ | |
|
2023-02-11 19:06:00 | New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool (lien direct) | After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB | Ransomware Tool Threat | ★★ | |
|
2023-01-19 11:03:00 | Mailchimp Suffers Another Security Breach Compromising Some Customers\' Information (lien direct) | Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee | Tool Threat | ★ | |
|
2023-01-05 16:21:00 | Mitigate the LastPass Attack Surface in Your Environment with this Free Tool (lien direct) | The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there | Tool | LastPass | ★★★ |
|
2022-11-23 11:10:00 | Nighthawk Likely to Become Hackers\' New Post-Exploitation Tool After Cobalt Strike (lien direct) | A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there are no | Tool Threat | ★★★★ | |
|
2022-11-21 11:12:00 | Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild (lien direct) | Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt | Tool Threat | ||
|
2022-11-18 18:23:00 | LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (lien direct) | The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped | Malware Tool Threat | ★★★ | |
|
2022-11-07 20:16:00 | This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others (lien direct) | Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws." | Tool | ||
|
2022-10-19 15:39:00 | Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update (lien direct) | Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at | Tool Threat | ||
|
2022-10-18 15:17:00 | European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars (lien direct) | Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement. The coordinated | Tool | ||
|
2022-10-07 18:34:00 | The essentials of GRC and cybersecurity - How they empower each other (lien direct) | Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the | Tool | ||
|
2022-08-23 07:50:00 | Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts (lien direct) | The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known | Malware Tool Threat Conference | Yahoo APT 35 | |
|
2022-08-09 23:12:13 | (Déjà vu) Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack (lien direct) | As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues | Tool Vulnerability | ★★★★ | |
|
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Malware Tool Vulnerability Threat | ★★★★★ | |
|
2022-08-02 01:07:34 | LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload (lien direct) | A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial | Ransomware Tool Threat | ||
|
2022-07-31 23:31:03 | Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals (lien direct) | A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to working as the administrator for the tool from 2013 until its | Tool | ||
|
2022-07-18 02:59:54 | Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems (lien direct) | Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said. "Further, the software was a malware | Tool Vulnerability | ||
|
2022-07-08 05:30:27 | Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (lien direct) | LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools and techniques to achieve their goal," Cybereason security analysts Loïc Castel and Gal Romano said. | Ransomware Tool | ||
|
2022-07-06 04:40:27 | Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection (lien direct) | Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint | Tool | ||
|
2022-07-01 02:03:44 | New \'SessionManager\' Backdoor Targeting Microsoft IIS Servers in the Wild (lien direct) | A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after | Malware Tool | ||
|
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
|
2022-06-27 02:21:46 | Italy Data Protection Authority Warns Websites Against Use of Google Analytics (lien direct) | Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that | Tool | ||
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
|
2022-06-23 03:08:07 | NSO Confirms Pegasus Spyware Used by at least 5 European Countries (lien direct) | The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. | Tool | ||
|
2022-06-23 03:07:58 | Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation (lien direct) | When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report. The survey report, | Tool | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 | |
|
2022-06-12 19:39:36 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks (lien direct) | The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " | Malware Tool Threat | ||
|
2022-06-09 03:54:41 | Even the Most Advanced Threats Rely on Unpatched Systems (lien direct) | Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost | Ransomware Tool Threat |
To see everything:
Our RSS (filtrered)
