What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-17 12:20:05 | Mimecast Says SolarWinds Hackers Stole Source Code (lien direct) | Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack, and revealed that the threat actor managed to steal some source code. | Threat | ||
|
2021-03-13 02:32:52 | Huawei Listed Anew as Threat to US National Security (lien direct) | 
|
Threat | ||
|
2021-03-12 14:44:21 | Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities (lien direct) | In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators. | Ransomware Threat | ||
|
2021-03-11 14:04:13 | At Least 10 Threat Actors Targeting Recent Microsoft Exchange Vulnerabilities (lien direct) | At least 10 threat actors are currently involved in the targeting of Microsoft Exchange servers that are affected by recently disclosed zero-day vulnerabilities, according to cybersecurity firm ESET. | Threat | ||
|
2021-03-10 16:03:48 | Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors (lien direct) | A bill introduced in the House of Representatives this week could allow United States citizens to seek monetary damages if cyber-attacks by foreign threat actors harm them in any way. Referred to as the Homeland and Cyber Threat Act, or the HACT Act, the legislation is the reintroduced version of a bill initially introduced in August 2019. | Threat | ||
|
2021-03-05 09:52:22 | Someone Is Hacking Cybercrime Forums and Leaking User Data (lien direct) | Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale. | Threat | ||
|
2021-03-04 15:17:53 | Cybercriminals Finding Ways to Bypass \'3D Secure\' Fraud Prevention System (lien direct) | Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions. | Threat | ||
|
2021-03-01 11:24:11 | Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) | A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult. | Vulnerability Threat | ||
|
2021-02-26 21:27:36 | HYAS Raises $16 Million to Hunt Adversary Infrastructure (lien direct) | HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures.
|
Threat | ||
|
2021-02-26 18:29:53 | Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts (lien direct) | In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered. | Hack Threat | ||
|
2021-02-26 13:42:41 | Microsoft Releases Open Source Resources for Solorigate Threat Hunting (lien direct) | Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack. | Threat | Solardwinds Solardwinds | |
|
2021-02-26 04:48:42 | Here\'s How North Korean Hackers Stole Data From Isolated Network Segment (lien direct) | During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server. | Threat | APT 38 APT 28 | |
|
2021-02-24 15:48:05 | New \'LazyScripter\' Hacking Group Targets Airlines (lien direct) | A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association (IATA), cybersecurity firm Malwarebytes reported on Wednesday. | Threat | ||
|
2021-02-24 14:27:03 | Four Additional Threat Groups Seen Targeting Industrial Organizations in 2020 (lien direct) | A total of 15 threat groups have been observed targeting industrial organizations, according to industrial cybersecurity firm Dragos. | Threat | ||
|
2021-02-23 15:13:43 | Highly Active \'Gamaredon\' Group Provides Services to Other APTs (lien direct) | New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat (APT) actors, similar to crimeware gangs, according to security researchers with Cisco's Talos division. | Threat | ||
|
2021-02-23 04:47:51 | Attacks Targeting Accellion Product Linked to FIN11 Cybercrime Group (lien direct) | The hacking group behind the recent cyber-attack targeting Accellion's FTA file transfer service appears to be linked to a threat actor known as FIN11, security researchers with FireEye's Mandiant division reveal. | Threat | ||
|
2021-02-22 15:06:35 | Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak (lien direct) | A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' “Lost in Translation” leak, cybersecurity firm Check Point says in a new report. | Vulnerability Threat | APT 31 | |
|
2021-02-19 15:29:09 | Brussels Okays EU-UK Personal Data Flows (lien direct) | The European Commission lifted the threat of crucial data flows between Europe and Britain being blocked in a move that would have crippled business activity as it said Friday that privacy safeguards in the UK met European standards. | Threat | ||
|
2021-02-18 13:49:48 | Elevate the Value of Threat Intelligence in the SOC (lien direct) | Security Operations Centers (SOCs) Are Now Becoming Detection and Response Organizations | Threat | ||
|
2021-02-15 19:11:52 | Sandworm Hackers Hit French Monitoring Software Vendor Centreon (lien direct) | Russia-Linked Threat Group Caught Deploying Backdoors on Linux Servers in an Attack That Triggers New Conversations on Software Supply Chain Security | Threat | ||
|
2021-02-11 15:10:02 | Newly Discovered Android Spyware Linked to State-Sponsored Indian Hackers (lien direct) | Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat (APT) group named Confucius. | Threat | ||
|
2021-02-11 14:16:59 | Biden Team Asks Court to Pause Move to Ban TikTok in US (lien direct) | President Joe Biden's administration has asked a US federal court to pause proceedings aimed at banning TikTok to allow for a fresh review of the national security threat from the popular Chinese-owned video app. | Threat | ||
|
2021-02-01 13:49:37 | CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. | Threat | ★★★★★ | |
|
2021-01-29 14:37:22 | Elusive Lebanese Threat Actor Compromised Hundreds of Servers (lien direct) | A threat actor believed to be tied to the Lebanese government has compromised hundreds of servers pertaining to organizations worldwide, while maintaining a low profile, threat intelligence firm ClearSky reveals. | Threat | ||
|
2021-01-26 18:57:39 | More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack (lien direct) | Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it's unclear if it was specifically targeted. | Hack Threat | ||
|
2021-01-23 12:07:19 | SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws (lien direct) | Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company's products. | Threat | ||
|
2021-01-21 15:25:39 | Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers (lien direct) | Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC). | Malware Threat | ||
|
2021-01-20 16:34:22 | In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track (lien direct) | Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders | Threat | ||
|
2021-01-19 19:04:57 | FireEye Releases New Open Source Tool in Response to SolarWinds Hack (lien direct) | FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT management company SolarWinds. | Hack Tool Threat | ||
|
2021-01-19 14:12:55 | Microsoft Enables Automatic Remediation in Defender for Endpoint (lien direct) | Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews. | Threat | ||
|
2021-01-19 13:09:32 | SolarWinds Hackers Used \'Raindrop\' Malware for Lateral Movement (lien direct) | The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec reported on Tuesday. | Malware Threat | Solardwinds | |
|
2021-01-18 19:21:25 | FBI Warns of Employee Credential Phishing via Phone, Chat (lien direct) | The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. | Threat | ||
|
2021-01-15 09:19:58 | Telegram-Based Automated Scam Service Helps Fraudsters Make Millions (lien direct) | More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB. | Threat | ||
|
2021-01-13 12:03:23 | Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack (lien direct) | Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. | Hack Threat | ||
|
2021-01-08 13:25:06 | FBI Warns Businesses of Egregor Ransomware Attacks (lien direct) | Offered under a Ransomware-as-a-Service (RaaS) business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation warns. | Ransomware Threat | ||
|
2021-01-05 15:55:19 | Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances (lien direct) | Citrix on Monday informed customers that it released firmware updates for its Application Delivery Controller (ADC) and Gateway products to prevent threat actors from abusing the appliances to launch and amplify distributed denial-of-service (DDoS) attacks. | Threat | ||
|
2021-01-04 18:53:10 | Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report (lien direct) | It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports. | Threat | ||
|
2019-10-09 18:20:48 | Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (lien direct) | The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky's security researchers report. | Threat Conference | APT 35 | |
|
2019-10-09 14:51:37 | Pass the Hash Remains a Poorly Defended Threat Vector (lien direct) | In 2010, SANS reported that knowledge of the Pass the Hash attack first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete. | Threat | ||
|
2019-10-09 12:07:01 | (Déjà vu) NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws (lien direct) | After the UK's National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks. | Threat | ||
|
2019-10-07 18:23:50 | Magecart Group Tied to Cobalt Hackers (lien direct) | Security researchers were able to link one of the hacking groups operating under the Magecart umbrella to the infamous threat actor known as the Cobalt Group. | Threat | ||
|
2019-10-04 18:12:37 | APTs Exploiting Enterprise VPN Vulnerabilities, UK Govt Warns (lien direct) | Advanced persistent threat (APT) actors have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure, the UK's National Cyber Security Centre (NCSC) warns. | Threat | ||
|
2019-10-01 14:05:22 | WebEx, Zoom Meetings Exposed to Snooping via Enumeration Attacks (lien direct) | Malicious actors may be able to easily access unprotected Cisco WebEx and Zoom meetings due to an API enumeration vulnerability, Cequence Security's CQ Prime threat research team revealed on Tuesday. | Threat | ||
|
2019-09-30 13:25:07 | New Anomali Tool Finds Threat Data in News, Blogs, Social Networks (lien direct) | Threat intelligence firm Anomali on Monday announced the launch of Lens, a new tool designed to make it easier for organizations to find and use threat data from a wide range of sources. | Tool Threat | ||
|
2019-09-30 06:36:48 | Iran\'s Oil Sector on \'Full Alert\' Against Attacks (lien direct) | Iran's oil minister on Sunday ordered his country's energy sector to be on high alert to the threat of "physical and cyber" attacks. Bijan Namdar Zanganeh said "it is necessary for all companies and installations of the oil industry to be on full alert against physical and cyber threats," in a statement published on the oil ministry's Shana website. | Threat | ||
|
2019-09-27 07:11:59 | Magecart Hackers Target L7 Routers (lien direct) | One of the financially motivated threat actors operating under the Magecart umbrella appears to be testing malicious code to inject into commercial-grade layer 7 (L7) routers, IBM reports. | Threat | ||
|
2019-09-26 18:23:05 | Chinese Hackers Hit Technology Firms in Southeast Asia With PcShare Backdoor (lien direct) | Attacks conducted by a suspected Chinese threat actor on technology companies in Southeast Asia employ a version of the open-source PcShare backdoor, BlackBerry Cylance security researchers warn. | Threat | ||
|
2019-09-25 18:32:12 | POISON CARP Threat Actor Targets Tibetan Groups (lien direct) | A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals. The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas. | Threat | ||
|
2019-09-25 14:22:23 | Organizations Warned of Dual Threat Posed by RDP and Disruptive Ransomware (lien direct) | In a paper warning about the evolution of what it calls 'disruptionware', the Institute for Critical Infrastructure Technology (ICIT) highlights ransomware and RDP access as the current focus of a new development that "sees adversaries disrupting business continuity" posing "an existential threat to critical infrastructure operators." | Ransomware Threat | ||
|
2019-09-23 13:48:26 | Use Case-Centric Threat Intelligence Requires a Considered Approach (lien direct) | One of the most promising developments I've seen in threat intelligence over the last year or so is a greater emphasis on use cases. | Threat |
To see everything:
Our RSS (filtrered)
