What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
SecurityAffairs.webp 2022-07-27 14:51:28 DUCKTAIL operation targets Facebook\'s Business and Ad accounts (lien direct) >Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook's Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […] Threat
SecurityAffairs.webp 2022-07-27 11:25:33 The strange similarities between Lockbit 3.0 and Blackmatter ransomware (lien direct) >Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […] Ransomware ★★★
SecurityAffairs.webp 2022-07-26 18:57:31 U.S. increased rewards for info on North Korea-linked threat actors to $10 million (lien direct) >The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the 'significant cyber threat' posed by the North Korean nation-state actors […] Threat
SecurityAffairs.webp 2022-07-26 16:14:12 Threat actors leverages DLL-SideLoading to spread Qakbot malware (lien direct) >Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […] Malware
SecurityAffairs.webp 2022-07-26 06:22:58 Zero Day attacks target online stores using PrestaShop (lien direct) >Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] Vulnerability Threat
SecurityAffairs.webp 2022-07-25 23:10:18 CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China (lien direct) >Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] Malware Threat
SecurityAffairs.webp 2022-07-25 18:00:48 Flaws in FileWave MDM could have allowed hacking +1000 organizzations (lien direct) >Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may […]
SecurityAffairs.webp 2022-07-25 11:01:11 Lockbit ransomware gang claims to have breached the Italian Revenue Agency (lien direct) >The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […] Ransomware
SecurityAffairs.webp 2022-07-25 06:27:21 Amadey malware spreads via software cracks laced with SmokeLoader (lien direct) >Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […] Malware
SecurityAffairs.webp 2022-07-25 06:21:14 Drupal developers fixed a code execution flaw in the popular CMS (lien direct) >Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately […]
SecurityAffairs.webp 2022-07-24 13:53:53 Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? (lien direct) >North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […] Threat Cloud APT 37 APT 28
SecurityAffairs.webp 2022-07-24 08:29:58 A database containing data of 5.4 million Twitter accounts available for sale (lien direct) >Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] Vulnerability Threat
SecurityAffairs.webp 2022-07-23 18:27:23 FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks (lien direct) >The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] Ransomware Threat
SecurityAffairs.webp 2022-07-23 05:00:47 SonicWall fixed critical SQLi in Analytics and GMS products (lien direct) >Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System (GMS) products. Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked as CVE-2022-22280 (CVSS score 9.4), in Analytics On-Prem and Global Management System (GMS) products. “Improper Neutralization of Special Elements used in an […]
SecurityAffairs.webp 2022-07-22 18:51:02 Account lockout policy in Windows 11 is enabled by default to block block brute force attacks (lien direct) >Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. The lockout policy was set to limit the number of failed sign-in attempts to […]
SecurityAffairs.webp 2022-07-22 11:27:57 Hackers breached Ukrainian radio station to spread fake news about Zelensky \'s health (lien direct) Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President Volodymyr Zelensky Threat actors breached the Ukrainian radio station TAVR Media this week, the attackers spread a fake message on the health status of the Zelensky. The Kyiv Independent reported that a music program on […] Threat
SecurityAffairs.webp 2022-07-22 08:32:11 Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists (lien direct) >The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which […]
SecurityAffairs.webp 2022-07-22 05:45:39 (Déjà vu) TA4563 group leverages EvilNum malware to target European financial and investment entities (lien direct) >A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] Malware Threat
SecurityAffairs.webp 2022-07-21 20:20:16 Threat actors target software firm in Ukraine using GoMet backdoor (lien direct) >Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that […] Malware
SecurityAffairs.webp 2022-07-21 17:37:51 Lightning Framework, a previously undetected malware that targets Linux systems (lien direct) >Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits. “Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has […] Malware
SecurityAffairs.webp 2022-07-21 13:49:01 Atlassian patched a critical Confluence vulnerability (lien direct) >Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions for Confluence […] Vulnerability
SecurityAffairs.webp 2022-07-21 09:22:03 Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices (lien direct) >Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices. The flaws addressed by Apple lead to arbitrary code execution, privilege escalation, denial-of-service (DoS), and information disclosure. Below is the list of Apple […] Guideline
SecurityAffairs.webp 2022-07-21 08:06:47 8220 Gang Cloud Botnet infected 30,000 host globally (lien direct) >The crimeware group known as 8220 Gang expanded over the last month their Cloud Botnet to roughly 30,000 hosts globally.  Researchers from SentinelOne reported that low-skill crimeware 8220 Gang has expanded their Cloud Botnet over the last month to roughly 30,000 hosts globally.  The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by […]
SecurityAffairs.webp 2022-07-20 20:16:43 New Luna ransomware targets Windows, Linux and ESXi systems (lien direct) >Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written […] Ransomware
SecurityAffairs.webp 2022-07-20 14:53:48 Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers (lien direct) >Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles. An attacker […] Hack
SecurityAffairs.webp 2022-07-20 05:51:49 EU warns of risks of spillover effects associated with the ongoing war in Ukraine (lien direct) >The Council of the European Union (EU) warns of malicious cyber activities conducted by threat actors in the context of the ongoing conflict between Russia and Ukraine. The Council of the European Union (EU) warns of the risks associated with the malicious cyber activities conducted by threat actors in the context of the ongoing conflict […] Threat
SecurityAffairs.webp 2022-07-20 05:39:58 Belgium claims China-linked APT groups hit its ministries (lien direct) >The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the […] Threat
SecurityAffairs.webp 2022-07-19 20:07:23 CloudMensis spyware went undetected for many years (lien direct) >Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively uses public cloud storage services as C2. The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. […] Malware
SecurityAffairs.webp 2022-07-19 13:41:49 Russia-linked APT29 relies on Google Drive, Dropbox to evade detection (lien direct) >Russia-linked threat actors APT29 are using the Google Drive cloud storage service to evade detection. Palo Alto Networks researchers reported that the Russia-linked APT29 group, tracked by the researchers as Cloaked Ursa, started using the Google Drive cloud storage service to evade detection. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least […] Threat APT 29
SecurityAffairs.webp 2022-07-19 10:25:34 Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users (lien direct) >The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. Crooks contact US investors claiming to offer legitimate cryptocurrency investment services, and attempt to trick them […]
SecurityAffairs.webp 2022-07-19 08:44:47 Several apps on the Play Store used to spread Joker, Facestealer and Coper malware (lien direct) >Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […] Malware
SecurityAffairs.webp 2022-07-18 19:49:05 MLNK Builder 4.2 released in Dark Web – malicious shortcut-based attacks are on the rise (lien direct) >Cybercriminals released a new MLNK Builder 4.2 tool for malicious shortcuts (LNK) generation with an improved Powershell and VBS Obfuscator Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, has detected an update of one of the most popular tools used by cybercriminals to generate malicious LNK files, so frequently used for […] Tool
SecurityAffairs.webp 2022-07-18 14:58:33 Tor Browser 11.5 is optimized to automatically bypass censorship (lien direct) >The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented browser implements new features to fight censorship. With previous versions of the browser, circumventing censorship of the […]
SecurityAffairs.webp 2022-07-18 11:44:08 A massive cyberattack hit Albania (lien direct) >A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many […]
SecurityAffairs.webp 2022-07-18 10:43:56 Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw (lien direct) >Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due […] Vulnerability
SecurityAffairs.webp 2022-07-18 07:23:20 Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment (lien direct) >The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons The customers of the company are the richest people on the globe, including […] Ransomware Guideline
SecurityAffairs.webp 2022-07-17 19:24:43 Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever (lien direct) >Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the […] Threat
SecurityAffairs.webp 2022-07-17 17:56:22 Google is going to remove App Permissions List from the Play Store (lien direct) >Google is going to remove the app permissions list from the official Play Store for both the mobile app and the web. As part of the “Data safety” initiative for the Android app on the Play Store, Google plans to remove the app permissions list from both the mobile app and the web. In April, […]
SecurityAffairs.webp 2022-07-17 04:44:08 APT groups target journalists and media organizations since 2021 (lien direct) >Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that APT groups are regularly targeting and posing as journalists and media organizations since early 2021. The media sector is a privileged target for this category of attackers due to the access its operators have to […]
SecurityAffairs.webp 2022-07-16 19:49:50 Critical flaw in Netwrix Auditor application allows arbitrary code execution (lien direct) >A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected devices. Netwrix Auditor is a an auditing software that allows organizations to monitor their IT infrastructure, […] Vulnerability
SecurityAffairs.webp 2022-07-16 14:16:22 CISA urges to fix multiple critical flaws in Juniper Networks products (lien direct) >CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Controller. Threat actors can exploit some of these vulnerabilities […] Threat
SecurityAffairs.webp 2022-07-16 13:14:26 Threat actors exploit a flaw in Digium Phone Software to target VoIP servers (lien direct) >Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] Vulnerability Threat
SecurityAffairs.webp 2022-07-15 22:27:19 Tainted password-cracking software for industrial systems used to spread P2P Sality bot (lien direct) >Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] Vulnerability Threat
SecurityAffairs.webp 2022-07-15 14:33:04 Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons (lien direct) >Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] Vulnerability Threat
SecurityAffairs.webp 2022-07-15 12:08:14 Holy Ghost ransomware operation is linked to North Korea (lien direct) >Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] Ransomware Threat
SecurityAffairs.webp 2022-07-15 07:26:04 RedAlert, LILITH, and 0mega, 3 new ransomware in the wild (lien direct) >Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] Ransomware Threat
SecurityAffairs.webp 2022-07-14 18:32:55 Mantis botnet powered the largest HTTPS DDoS attack in June (lien direct) >The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet. In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called Mantis. The Mantis botnet generated 26 million request per second using approximately 5000 hijacked virtual […]
SecurityAffairs.webp 2022-07-14 16:38:02 The new Retbleed speculative execution attack impacts both Intel and AMD chips (lien direct) >Researchers warn of a new vulnerability, dubbed Retbleed, that impacts multiple older AMD and Intel microprocessors. ETH Zurich researchers Johannes Wikner and Kaveh Razavi discovered a new vulnerability, dubbed Retbleed, that affects multiple older AMD and Intel microprocessors. An attacker can exploit the flaw to bypass current defenses and perform in Spectre-based attacks. The Retbleed vulnerability is tracked as […]
SecurityAffairs.webp 2022-07-14 10:17:48 Former CIA employee Joshua Schulte was convicted of Vault 7 massive leak (lien direct) >Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency's hacking tools and leaking them to WikiLeaks in 2017. The huge trove of data, […]
SecurityAffairs.webp 2022-07-14 09:24:51 Microsoft published exploit code for a macOS App sandbox escape flaw (lien direct) >Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […] Vulnerability
Last update at: 2024-03-28 18:10:12
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter