What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-14 03:32:00 | Trickbot updates its VNC module for high-value targets (lien direct) | The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. [...] | Ransomware Malware Threat | ||
|
2021-07-13 15:32:23 | Microsoft fixes Windows Hello authentication bypass vulnerability (lien direct) | Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. [...] | Vulnerability Threat | ||
|
2021-07-12 10:17:12 | SolarWinds patches critical Serv-U vulnerability exploited in the wild (lien direct) | SolarWinds is urging customers to patch a remote code execution vulnerability that was exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. [...] | Vulnerability Threat | ||
|
2021-07-09 14:04:20 | FBI warns cryptocurrency owners, exchanges of ongoing attacks (lien direct) | The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses. [...] | Threat Guideline | ||
|
2021-07-07 08:50:19 | Fake Kaseya VSA security update backdoors networks with Cobalt Strike (lien direct) | Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. [...] | Ransomware Spam Threat | ||
|
2021-07-02 02:56:48 | Microsoft shares mitigations for Windows PrintNightmare zero-day bug (lien direct) | Microsoft says in a newly released security advisory that the Windows Print Spooler zero-day vulnerability known as PrintNightmare has already been exploited in the wild by threat actors. [...] | Vulnerability Threat | ||
|
2021-06-30 19:01:14 | Leaked Babuk Locker ransomware builder used in new attacks (lien direct) | A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide. [...] | Ransomware Tool Threat | ||
|
2021-06-29 17:28:58 | Hackers use zero-day to mass-wipe My Book Live devices (lien direct) | A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. [...] | Vulnerability Threat Guideline | ★★★★ | |
|
2021-06-29 12:23:47 | DoubleVPN servers, logs, and account info seized by law enforcement (lien direct) | Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. [...] | Threat | ||
|
2021-06-24 08:00:00 | Phishing attack\'s unusual file attachment is a double-edged sword (lien direct) | A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them. [...] | Threat | ||
|
2021-06-19 13:59:31 | (Déjà vu) South Korea\'s Nuclear Research agency hacked using VPN flaw (lien direct) | South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] | Threat | ||
|
2021-06-19 13:59:31 | South Korea\'s Nuclear Research agency breached using VPN flaw (lien direct) | South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. [...] | Threat | ||
|
2021-06-18 12:48:23 | Fake DarkSide gang targets energy, food industry in extortion emails (lien direct) | Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. [...] | Ransomware Threat | ||
|
2021-06-17 17:47:15 | (Déjà vu) Eggfree Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-17 17:47:15 | Egg free Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-16 00:19:02 | Peloton Bike+ vulnerability allowed complete takeover of devices (lien direct) | A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. [...] | Vulnerability Threat | ||
|
2021-06-15 17:53:16 | Avaddon ransomware\'s exit sheds light on victim landscape (lien direct) | A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation. [...] | Ransomware Threat | ||
|
2021-06-08 14:20:52 | Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days (lien direct) | Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. [...] | Threat | ||
|
2021-06-04 14:51:32 | Phishing uses Colonial Pipeline ransomware lures to infect victims (lien direct) | The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files. [...] | Ransomware Threat | ||
|
2021-06-04 14:23:21 | (Déjà vu) Attackers are scanning for vulnerable VMware servers, patch now! (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-04 14:23:21 | Attackers scan for unpatched VMware vCenter servers, PoC exploit available (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-03 11:55:34 | Chinese threat actors hacked NYC MTA using Pulse Secure zero-day (lien direct) | Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. [...] | Threat | ||
|
2021-06-01 15:33:46 | US: Russian threat actors likely behind JBS ransomware attack (lien direct) | The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. [...] | Ransomware Threat | ★★★ | |
|
2021-06-01 13:25:36 | Critical WordPress plugin zero-day under active exploitation (lien direct) | Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware. [...] | Threat | ★★★ | |
|
2021-05-29 11:33:44 | New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers (lien direct) | A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. [...] | Ransomware Threat | ||
|
2021-05-28 13:14:20 | Mexico walls off national lottery sites after ransomware DDoS threat (lien direct) | Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. [...] | Ransomware Threat | ||
|
2021-05-28 12:12:21 | Chinese cyberspies are targeting US, EU orgs with new malware (lien direct) | Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. [...] | Malware Threat | ||
|
2021-05-28 08:08:16 | Microsoft: SolarWinds hackers target govt agencies from 24 countries (lien direct) | The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-based SolarWinds hackers are behind an ongoing phishing campaign targeting government agencies worldwide. [...] | Threat | ||
|
2021-05-27 13:37:01 | (Déjà vu) New BazaFlix attack pushes BazarLoader malware via fake movie site (lien direct) | Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] | Malware Threat | ||
|
2021-05-27 13:37:01 | New BazaFlix phishing delivers BazarLoader malware via call center (lien direct) | Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] | Malware Threat | ||
|
2021-05-25 14:37:16 | Domino\'s India discloses data breach after hackers sell data online (lien direct) | Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] | Data Breach Threat | ||
|
2021-05-24 10:02:03 | North Korean hackers behind CryptoCore multi-million dollar heists (lien direct) | Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. [...] | Threat | APT 38 | |
|
2021-05-19 08:57:01 | Hackers scan for vulnerable devices minutes after bug disclosure (lien direct) | Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. [...] | Threat | ||
|
2021-05-17 20:57:51 | Student health insurance carrier Guard.me suffers a data breach (lien direct) | Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] | Data Breach Vulnerability Threat | ||
|
2021-05-17 15:01:35 | FBI spots spear-phishing posing as Truist Bank bank to deliver malware (lien direct) | Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. [...] | Malware Threat | ||
|
2021-05-14 10:37:45 | (Déjà vu) DarkSide ransomware servers reportedly seized, operation shuts down (lien direct) | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] | Ransomware Threat | ||
|
2021-05-14 10:37:45 | DarkSide ransomware servers reportedly seized, REvil restricts targets (lien direct) | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] | Ransomware Threat | ||
|
2021-05-13 18:24:29 | Chemical distributor pays $4.4 million to DarkSide ransomware (lien direct) | Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. [...] | Ransomware Threat | ||
|
2021-05-13 13:00:00 | (Déjà vu) Microsoft build tool abused to deliver password-stealing malware (lien direct) | Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] | Malware Tool Threat | ||
|
2021-05-13 13:00:00 | Attackers abuse Microsoft dev tool to deploy Windows malware (lien direct) | Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] | Malware Tool Threat | ||
|
2021-05-12 12:49:16 | Microsoft: Threat actors target aviation orgs with new malware (lien direct) | Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. [...] | Malware Threat | ||
|
2021-05-11 13:01:55 | Microsoft Defender ATP now secures networked Linux, macOS devices (lien direct) | Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). [...] | Threat | ||
|
2021-05-06 10:31:45 | New Moriya rootkit used in the wild to backdoor Windows systems (lien direct) | A new stealthy rootkit was used by an unknown threat actor to backdoor targeted Windows systems in a likely ongoing espionage campaign dubbed TunnelSnake and going back to at least 2018. [...] | Threat | ||
|
2021-04-30 02:43:43 | (Déjà vu) Codecov starts notifying customers affected by supply-chain attack (lien direct) | Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] | Threat | ||
|
2021-04-30 02:43:43 | Codecov begins notifying affected customers, discloses IOCs (lien direct) | Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. [...] | Threat | ||
|
2021-04-29 18:00:00 | New ransomware group uses SonicWall zero-day to breach networks (lien direct) | A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. [...] | Ransomware Threat | ||
|
2021-04-28 09:00:44 | Cyberspies target military organizations with new Nebulae backdoor (lien direct) | A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. [...] | Threat | ||
|
2021-04-27 10:46:26 | (Déjà vu) MangaDex discloses data breach after stolen database shared online (lien direct) | Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] | Data Breach Threat | ||
|
2021-04-27 10:46:26 | MangaDex discloses data breach after stolen data gets shared online (lien direct) | Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. [...] | Data Breach Threat | ||
|
2021-04-26 12:54:01 | Microsoft Defender now blocks cryptojacking malware using Intel TDT (lien direct) | Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT). [...] | Malware Threat |
To see everything:
Our RSS (filtrered)
