What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-09 21:25:56 | Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day (lien direct) | >Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA […] | Vulnerability | ||
|
2022-08-09 17:04:09 | Experts linked Maui ransomware to North Korean Andariel APT (lien direct) | >Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group, North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic […] | Ransomware | APT 38 | |
|
2022-08-09 14:52:06 | Chinese actors behind attacks on industrial enterprises and public institutions (lien direct) | >China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, […] | Threat | ||
|
2022-08-09 10:28:00 | US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT (lien direct) | >The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korea. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group. The mixers are essential components for cybercriminals that use […] | APT 38 | ||
|
2022-08-09 09:17:18 | Malicious file analysis – Example 01 (lien direct) | >Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. For this first one, I’ll briefly introduce some crucial topics to […] | |||
|
2022-08-08 22:24:24 | Orchard botnet uses Bitcoin Transaction info to generate DGA domains (lien direct) | >Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the […] | |||
|
2022-08-08 18:16:46 | (Déjà vu) Twilio discloses data breach that impacted customers and employees (lien direct) | >Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is […] | Data Breach Threat | ||
|
2022-08-08 15:11:18 | LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities (lien direct) | >LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […] | Spam Threat | ||
|
2022-08-08 05:53:48 | Attackers abuse open redirects in Snapchat and Amex in phishing attacks (lien direct) | >Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft 365 users. The term Open URL redirection, open redirects, refers to a security issue that makes it […] | |||
|
2022-08-08 05:51:15 | Microsoft is blocking Tutanota email addresses from registering a MS Teams account (lien direct) | >Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app and a freemium secure email service, as of March 2017, Tutanota’s owners claimed to have over 2 million users. The news is that Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams […] | |||
|
2022-08-07 16:37:20 | Serious cyberattack hits German Chambers of Industry and Commerce (DIHK) (lien direct) | >A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. “Due to a possible cyber attack, the […] | |||
|
2022-08-07 12:24:54 | GwisinLocker ransomware exclusively targets South Korea (lien direct) | >Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets South Korean healthcare, industrial, and pharmaceutical companies, its name comes from the name of the author ‘Gwisin’ (ghost […] | Ransomware | ||
|
2022-08-06 20:46:41 | Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports (lien direct) | >Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware, Reuters reported citing two sources present. The revelation comes while media and journalists are […] | Malware | ||
|
2022-08-06 18:06:07 | Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes (lien direct) | >Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation […] | |||
|
2022-08-05 22:08:30 | Twitter confirms zero-day used to access data of 5.4 million accounts (lien direct) | >Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ||
|
2022-08-05 20:45:30 | The popularity of Dark Utilities \'C2-as-a-Service\' rapidly increases (lien direct) | Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the Dark Utilities “C2-as-a-Service” is rapidly increasing, over 3,000 users are already using it as command-and-control for their campaigns. Dark Utilities was launched in early 2022, the platform that provides full-featured C2 capabilities to its users. Dark […] | |||
|
2022-08-05 14:10:06 | (Déjà vu) DHS warns of critical flaws in Emergency Alert System encoder/decoder devices (lien direct) | >The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks. The Emergency Alert System […] | Threat | ||
|
2022-08-05 13:03:38 | CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog. In middle June, researchers from Sonarsource discovered […] | ★★ | ||
|
2022-08-05 08:49:59 | Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor (lien direct) | >A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […] | Threat | ||
|
2022-08-04 19:13:13 | New Woody RAT used in attacks aimed at Russian entities (lien direct) | >An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] | Malware Threat | ||
|
2022-08-04 16:48:56 | Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction (lien direct) | >A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices. Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized […] | |||
|
2022-08-04 12:50:29 | Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit (lien direct) | >Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi. The cyber attacks forced offline the government […] | |||
|
2022-08-04 11:21:00 | Hackers stole $200 million from the Nomad crypto bridge (lien direct) | >The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project […] | Threat | ||
|
2022-08-04 07:37:25 | Cisco addressed critical flaws in Small Business VPN routers (lien direct) | >Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. […] | |||
|
2022-08-03 18:34:37 | Power semiconductor component manufacturer Semikron suffered a ransomware attack (lien direct) | >Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than 3,000 people in 24 subsidiaries worldwide, with production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the USA. The company confirmed it has suffered a cyberattack conducted by a professional […] | Ransomware | ||
|
2022-08-03 17:15:45 | Manjusaka, a new attack tool similar to Sliver and Cobalt Strike (lien direct) | >Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Strike tools. The […] | Tool Threat | ||
|
2022-08-03 15:45:18 | Google fixed Critical Remote Code Execution flaw in Android (lien direct) | >Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android System component. The IT giant has fixed the flaw with the release of Android 12 and 12L updates. Google did […] | Vulnerability | ||
|
2022-08-03 07:22:45 | Busting the Myths of Hardware Based Security (lien direct) | >Many experts often overlook hardware based security and its vital importance in establishing a secure workspace. When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based security and its vital importance in establishing a secure workspace. This is attributed to a general lack […] | |||
|
2022-08-02 17:29:31 | VMware fixed critical authentication bypass vulnerability (lien direct) | >VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges. “A malicious actor with network access to the […] | Vulnerability | ||
|
2022-08-02 12:30:55 | LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender (lien direct) | >An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […] | Tool Threat | ||
|
2022-08-02 07:44:54 | Gootkit AaaS malware is still active and uses updated tactics (lien direct) | >Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […] | Malware | ★★ | |
|
2022-08-02 07:34:52 | Austria investigates DSIRF firm for allegedly developing Subzero spyware (lien direct) | >Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows […] | Threat | ★★ | |
|
2022-08-01 18:26:37 | ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A. (lien direct) | >The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs […] | Ransomware | ||
|
2022-08-01 16:19:00 | Australian man charged with creating and selling the Imminent Monitor spyware (lien direct) | >An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM). The Australian Federal Police (AFP) launched […] | ★★★★★ | ||
|
2022-08-01 06:43:37 | A flaw in Dahua IP Cameras allows full take over of the devices (lien direct) | >A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). ONVIF provides and promotes standardized interfaces for effective […] | Vulnerability | ||
|
2022-08-01 06:13:32 | US Federal Communications Commission (FCC) warns of the rise of smishing attacks (lien direct) | >The Federal Communications Commission (FCC) warned Americans of the rising threat of smishing (robotexts) attacks. The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams. “The FCC's Robocall Response Team is alerting consumers to the rising […] | Threat | ||
|
2022-07-31 08:43:16 | North Korea-linked SharpTongue spies on email accounts with a malicious browser extension (lien direct) | >North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Researchers from cybersecurity firm Volexity tracked the threat actors as SharpTongue, but […] | Threat | ||
|
2022-07-30 19:40:21 | Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report (lien direct) | I’m proud to announce the release of the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report, Enjoy it! Ransomware has become one of the most dangerous threats for organizations worldwide. Cybercriminal organizations and ransomware gangs have devised new business models that are attracting a broad range of advanced threat actors. It is quite easy today for […] | Ransomware Threat | ||
|
2022-07-30 17:44:15 | (Déjà vu) CISA orders to patch an actively exploited flaw in Confluence servers (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. According to Binding Operational Directive (BOD) […] | |||
|
2022-07-29 13:55:57 | Microsoft experts linked the Raspberry Robin malware to Evil Corp operation (lien direct) | >Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […] | Malware | ||
|
2022-07-29 12:29:53 | Strong Authentication – Robust Identity and Access Management Is a Strategic Choice (lien direct) | >Passwords no longer meet the demands of today's identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,” Sarah […] | |||
|
2022-07-29 11:27:26 | (Déjà vu) Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center (lien direct) | >Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […] | Vulnerability | ||
|
2022-07-29 08:06:44 | (Déjà vu) Malware-laced npm packages used to target Discord users (lien direct) | >Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […] | Malware | ||
|
2022-07-28 20:59:37 | Akamai blocked the largest DDoS attack ever on its European customers (lien direct) | >This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple […] | |||
|
2022-07-28 18:45:08 | LibreOffice fixed 3 flaws, including a code execution issue (lien direct) | >LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office productivity software suite, a project of The Document Foundation (TDF). LibreOffice maintainers addressed three security flaws in their suit, including an arbitrary code execution issue tracked as CVE-2022-26305. The CVE-2022-26305 flaw is classified as the execution of untrusted […] | |||
|
2022-07-28 17:34:58 | Threat actors use new attack techniques after Microsoft blocked macros by default (lien direct) | >Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that […] | Threat | ||
|
2022-07-28 15:01:14 | ENISA provides data related to major telecom security incidents in 2021 (lien direct) | >ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to […] | |||
|
2022-07-28 11:04:36 | European firm DSIRF behind the attacks with Subzero surveillance malware (lien direct) | >Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] | Malware Threat | ||
|
2022-07-28 07:57:27 | Spain police arrested two men accused of cyber attacks on radioactivity alert network (RAR) (lien direct) | >The Spanish police arrested two individuals accused to have hacked the country’s radioactivity alert network (RAR) in 2021. The Spanish police have arrested two men suspected to be the hackers behind cyberattacks that hit the country’s radioactivity alert network (RAR) between March and June 2021. The RAR system is a mesh of gamma radiation detection […] | |||
|
2022-07-27 20:17:57 | Attackers increasingly abusing IIS extensions to establish covert backdoors (lien direct) | >Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […] | Threat |
To see everything:
Our RSS (filtrered)
