What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-29 14:17:43 | CISA releases tool to help orgs fend off insider threat risks (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [...] | Tool Vulnerability Threat | ||
|
2021-09-29 13:47:24 | Trucking giant Forward Air reports ransomware data breach (lien direct) | Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. [...] | Ransomware Data Breach Threat | ||
|
2021-09-28 07:03:15 | Working exploit released for VMware vCenter CVE-2021-22005 bug (lien direct) | A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. [...] | Vulnerability Threat | ★★★ | |
|
2021-09-27 11:22:58 | New malware steals Steam, Epic Games Store, and EA Origin accounts (lien direct) | A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. [...] | Malware Threat | ||
|
2021-09-25 10:00:00 | Bitcoin.org hackers steal $17,000 in \'double your cash\' scam (lien direct) | This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...] | Hack Threat | ||
|
2021-09-22 17:44:24 | Hackers are scanning for VMware CVE-2021-22005 targets, patch now! (lien direct) | Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...] | Vulnerability Threat Guideline | ||
|
2021-09-22 08:05:54 | RaidForums data marketplace accidentally exposes private staff page (lien direct) | Underground marketplace and hacker forum, Raidforums, recently exposed internal pages from its website, meant for staff members only. Raidforums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. [...] | Threat | ★★★★★ | |
|
2021-09-20 16:15:36 | Hacked sites push TeamViewer using fake expired certificate alert (lien direct) | Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. [...] | Threat | ||
|
2021-09-20 11:39:25 | VoIP.ms phone services disrupted by DDoS extortion attack (lien direct) | Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. [...] | Threat | ||
|
2021-09-17 11:23:14 | OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners (lien direct) | Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...] | Threat | ||
|
2021-09-16 14:11:42 | FBI and CISA warn of state hackers exploiting critical Zoho bug (lien direct) | The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. [...] | Threat | ||
|
2021-09-16 11:16:15 | Microsoft: Windows MSHTML bug now exploited by ransomware gangs (lien direct) | Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. [...] | Ransomware Threat | ||
|
2021-09-14 07:00:00 | Millions of HP OMEN gaming PCs impacted by driver vulnerability (lien direct) | Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. [...] | Vulnerability Threat | ||
|
2021-09-13 10:00:00 | Hacker-made Linux Cobalt Strike beacon used in ongoing attacks (lien direct) | An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. [...] | Threat | ||
|
2021-09-12 13:07:46 | Windows MSHTML zero-day exploits shared on hacking forums (lien direct) | Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. [...] | Vulnerability Threat | ||
|
2021-09-09 16:37:28 | Windows MSHTML zero-day defenses bypassed as new info emerges (lien direct) | New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks. [...] | Threat | ||
|
2021-09-08 15:03:32 | Hackers leak passwords for 500,000 Fortinet VPN accounts (lien direct) | A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. [...] | Threat | ||
|
2021-09-06 06:00:00 | Ransomware gangs target companies using these criteria (lien direct) | Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [...] | Ransomware Threat | ||
|
2021-09-04 12:35:55 | Watch out for new malware campaign\'s \'Windows 11 Alpha\' attachment (lien direct) | Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents. [...] | Malware Threat | ||
|
2021-09-03 16:17:10 | The Week in Ransomware - September 3rd 2021 - Targeting Exchange (lien direct) | Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [...] | Ransomware Threat | ||
|
2021-09-03 11:22:01 | Babuk ransomware\'s full source code leaked on hacker forum (lien direct) | A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. [...] | Ransomware Threat | ||
|
2021-08-24 09:23:35 | New zero-click iPhone exploit used to deploy NSO spyware (lien direct) | Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. [...] | Threat | ||
|
2021-08-23 18:17:49 | FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 (lien direct) | The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. [...] | Ransomware Threat | ||
|
2021-08-20 15:07:51 | LockFile ransomware uses PetitPotam attack to hijack Windows domains (lien direct) | At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...] | Ransomware Threat | ||
|
2021-08-20 09:43:40 | AT&T denies data breach after hacker auctions 70 million user database (lien direct) | AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. [...] | Data Breach Threat | ||
|
2021-08-19 15:32:48 | CEO tried funding his startup by asking insiders to deploy ransomware (lien direct) | Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...] | Ransomware Threat | ||
|
2021-08-16 15:52:44 | T-Mobile confirms servers were hacked, investigates data breach (lien direct) | T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen. [...] | Data Breach Threat | ||
|
2021-08-16 09:06:46 | Hackers behind Iranian wiper attacks linked to Syrian breaches (lien direct) | Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. [...] | Malware Threat | ||
|
2021-08-15 18:27:28 | Hacker claims to steal data of 100 million T-mobile customers (lien direct) | A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. [...] | Threat | ★★★ | |
|
2021-08-14 10:00:00 | US brokers warned of ongoing phishing attacks impersonating FINRA (lien direct) | The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. [...] | Threat | ★★★ | |
|
2021-08-12 17:24:22 | (Déjà vu) Microsoft Exchange servers are getting hacked via ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-12 17:24:22 | Hackers now backdoor Microsoft Exchange using ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-11 17:21:22 | (Déjà vu) Hacker behind biggest ever cryptocurrency heist returns stolen funds (lien direct) | The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds. [...] | Threat | ||
|
2021-08-11 17:21:22 | Hacker behind biggest cryptocurrency heist ever returns stolen funds (lien direct) | The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds. [...] | Threat | ||
|
2021-08-10 15:28:07 | Windows security update blocks PetitPotam NTLM relay attacks (lien direct) | Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain. [...] | Threat | ||
|
2021-08-09 18:19:37 | One million stolen credit cards leaked to promote carding market (lien direct) | A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. [...] | Threat | ||
|
2021-08-09 17:43:03 | FlyTrap malware hijacks thousands of Facebook accounts (lien direct) | A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. [...] | Malware Threat | ||
|
2021-08-07 12:53:34 | Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now (lien direct) | Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. [...] | Threat | ||
|
2021-08-07 10:10:05 | Actively exploited bug bypasses authentication on millions of routers (lien direct) | Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...] | Vulnerability Threat | ||
|
2021-08-06 17:16:56 | The Week in Ransomware - August 6th 2021 - Insider threat edition (lien direct) | If there is one thing we learned this week, it's that not only are corporations vulnerable to insider threats but so are ransomware operations. [...] | Ransomware Threat | ||
|
2021-08-06 12:09:58 | Computer hardware giant GIGABYTE hit by RansomEXX ransomware (lien direct) | Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid. [...] | Ransomware Threat | ||
|
2021-07-30 19:43:44 | The Week in Ransomware - July 30th 2021 - €1 billion saved (lien direct) | Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...] | Ransomware Threat | ||
|
2021-07-23 16:54:03 | New PetitPotam attack allows take over of Windows domains (lien direct) | A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [...] | Threat | ||
|
2021-07-23 11:27:27 | Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows (lien direct) | Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters. [...] | Threat | Uber | |
|
2021-07-20 07:27:09 | FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics (lien direct) | The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered. [...] | Threat | ||
|
2021-07-18 16:02:20 | New Windows print spooler zero day exploitable via remote print servers (lien direct) | Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...] | Vulnerability Threat | ||
|
2021-07-17 11:44:22 | HelloKitty ransomware is targeting vulnerable SonicWall devices (lien direct) | CISA is warning of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware. [...] | Ransomware Threat | ||
|
2021-07-15 14:57:54 | (Déjà vu) Windows print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-15 14:57:54 | Microsoft\'s print nightmare continues with malicious driver packages (lien direct) | Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...] | Threat | ||
|
2021-07-14 08:33:00 | Chinese cyberspies\' wide-scale APT campaign hits Asian govt entities (lien direct) | Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. [...] | Threat |
To see everything:
Our RSS (filtrered)
