What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-14 07:42:48 | VMware fixed a flaw in vCenter Server discovered eight months ago (lien direct) | >VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […] | Vulnerability | ||
|
2022-07-13 18:29:04 | Qakbot operations continue to evolve to avoid detection (lien direct) | >Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] | Malware Threat | ||
|
2022-07-13 14:46:34 | Three UEFI Firmware flaws found in tens of Lenovo Notebook models (lien direct) | >IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these […] | |||
|
2022-07-13 05:56:54 | Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021 (lien direct) | >A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and bypass the authentication process even when the victim has enabled the MFA. In AiTM phishing, threat actors set up a proxy […] | Threat | ||
|
2022-07-12 22:07:16 | The President of European Central Bank Christine Lagarde targeted by hackers (lien direct) | >Christine Lagarde, the president of the European Central Bank, was the target of a failed hacking attempt. The European Central Bank confirmed that its President, Christine Lagarde, was the target of a failed hacking attempt. The European Central Bank revealed that the hacking attempt took place recently, but the good news it that its experts […] | |||
|
2022-07-12 15:25:06 | Flaws in the ExpressLRS Protocol allow the takeover of drones (lien direct) | >The protocol for radio-controlled (RC) drones, named ExpressLRS, is affected by vulnerabilities that can allow device takeover. Researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which can be exploited to take over unmanned vehicles. ExpressLRS is a high-performance open-source radio control link that provides a low latency radio control […] | |||
|
2022-07-12 09:21:37 | Microsoft announced the general availability of Windows Autopatch feature (lien direct) | >Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows […] | |||
|
2022-07-12 07:26:21 | Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM (lien direct) | >Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant […] | Threat | ||
|
2022-07-11 14:42:18 | A fake job offer via LinkedIn allowed to steal $540M from Axie Infinity (lien direct) | >Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million. In March, threat actors stole almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity's Ronin network bridge. The attack took place on March 23rd, but […] | Threat | ||
|
2022-07-11 10:42:22 | Anubis Networks is back with new C2 server (lien direct) | >A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 […] | |||
|
2022-07-11 09:27:27 | BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands (lien direct) | >BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim's passwords, and confidential documents. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim's passwords, and confidential documents leaked in the TOR network Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, […] | Ransomware | ||
|
2022-07-11 07:50:42 | Experts warn of the new 0mega ransomware operation (lien direct) | >BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations. Victims of the ransomware reported that […] | Ransomware | ||
|
2022-07-10 17:40:13 | Experts demonstrate how to unlock several Honda models via Rolling-PWN attack (lien direct) | >Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles- A remote keyless entry system (RKE) […] | Vulnerability | ||
|
2022-07-10 16:07:44 | French telephone operator La Poste Mobile suffered a ransomware attack (lien direct) | >French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. The company pointed out that threat actors may have accessed data of its customers, […] | Ransomware Threat | ||
|
2022-07-10 14:41:29 | Security Affairs newsletter Round 373 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Apple Lockdown Mode will protect users against highly targeted cyberattacks Fortinet addressed multiple vulnerabilities in several products Rozena backdoor delivered by exploiting the Follina bug Ongoing Raspberry Robin campaign leverages […] | ★★★★★ | ||
|
2022-07-09 16:53:07 | Apple Lockdown Mode will protect users against highly targeted cyberattacks (lien direct) | >Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against “highly targeted cyberattacks.” The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks. The new feature will be implemented in iOS 16, iPadOS […] | Cloud | APT 37 | |
|
2022-07-09 13:17:53 | Fortinet addressed multiple vulnerabilities in several products (lien direct) | >Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise. Four of the fixed issues have been rated as a “high” severity, they are […] | |||
|
2022-07-09 12:36:19 | Previously undocumented Rozena backdoor delivered by exploiting the Follina bug (lien direct) | >Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the previously undocumented Rozena backdoor. Fortinet FortiGuard Labs researchers observed a phishing campaign that is leveraging the recently disclosed Follina security vulnerability (CVE-2022-30190, CVSS score 7.8) to distribute a previously undocumented backdoor on Windows systems. The Follina issue is a remote code execution vulnerability […] | Vulnerability | ||
|
2022-07-09 10:04:58 | Ongoing Raspberry Robin campaign leverages compromised QNAP devices (lien direct) | >Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses […] | Malware | ||
|
2022-07-09 04:59:16 | Evolution of the LockBit Ransomware operation relies on new techniques (lien direct) | >Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] | Ransomware Threat | ||
|
2022-07-08 18:41:45 | Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions (lien direct) | >Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […] | Vulnerability | ||
|
2022-07-08 14:04:16 | Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free (lien direct) | >Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. The security firm states that the […] | Ransomware Tool | ||
|
2022-07-08 10:59:40 | Discussing the risks of bullying for anonymous social app NGL (lien direct) | >This is a transcription of my complete interview with the program NEWSFEED at TRT, during which we discussed NGL software and the risks of bullying. Why are anonymous social apps like NGL cause for concern? What exactly makes them dangerous for minors? We have long debated the potential impact of social media on the mental […] | |||
|
2022-07-08 10:25:18 | Russian Cybercrime Trickbot Group is systematically attacking Ukraine (lien direct) | >The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] | Ransomware Malware | ||
|
2022-07-08 07:23:07 | New Checkmate ransomware target QNAP NAS devices (lien direct) | >Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] | Ransomware Threat | ||
|
2022-07-07 20:08:30 | Large-scale cryptomining campaign is targeting the NPM JavaScript package repository (lien direct) | >Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […] | Threat | ||
|
2022-07-07 13:49:58 | North Korea-linked APTs use Maui Ransomware to target the Healthcare industry (lien direct) | >US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] | Ransomware Threat | ||
|
2022-07-07 10:16:53 | ENISA released the Threat Landscape Methodology (lien direct) | >I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual […] | Threat | ||
|
2022-07-07 09:34:15 | OrBit, a new sophisticated Linux malware still undetected (lien direct) | >Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […] | Malware | ||
|
2022-07-07 07:50:59 | OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE (lien direct) | >The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […] | Guideline | ||
|
2022-07-06 23:08:11 | Marriott International suffered a new data breach, attackers stole 20GB of data (lien direct) | >Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland (BWIA), […] | Data Breach Threat | ||
|
2022-07-06 17:34:14 | Cyberattacks against law enforcement are on the rise (lien direct) | >Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong […] | Threat | ||
|
2022-07-06 15:20:36 | Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild (lien direct) | >Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and […] | Tool | ||
|
2022-07-06 09:38:38 | New Hive ransomware variant is written in Rust and use improved encryption method (lien direct) | >Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] | Ransomware Malware | ||
|
2022-07-06 06:59:29 | Malicious NPM packages used to grab data from apps, websites (lien direct) | >Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps and web forms on websites that included the modules. The malicious NPM modules were delivered as part of a […] | |||
|
2022-07-05 14:59:54 | Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro (lien direct) | >Iran's Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran's Fars News Agency reported on Monday that operating systems and servers of the Tel Aviv Metro were hit by a massive cyberattack. The rail system is still under construction and according to The Jerusalem Post, […] | |||
|
2022-07-05 14:29:21 | Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict (lien direct) | >The Cyber Police of Ukraine arrested nine members of a cybercriminal gang that has stolen 100 million hryvnias via phishing attacks. The Cyber Police of Ukraine arrested nine members of a cybercriminal organization that stole 100 million hryvnias via phishing attacks. The crooks created more than 400 phishing sites for obtaining the banking data of […] | |||
|
2022-07-05 09:17:05 | Threat actors compromised British Army \'s Twitter, YouTube accounts to promote crypto scams (lien direct) | >Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. The YouTube account was used to transmit an older Elon Musk clip that attempts to trick users into visiting cryptocurrency scam […] | |||
|
2022-07-05 07:44:27 | AstraLocker ransomware operators shut down their operations (lien direct) | >AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] | Ransomware Malware | ||
|
2022-07-04 21:16:22 | (Déjà vu) Google fixes the fourth Chrome zero-day in 2022 (lien direct) | >Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […] | Vulnerability | ||
|
2022-07-04 18:37:06 | (Déjà vu) Data of a billion Chinese residents available for sale on a cybercrime forum (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 18:37:06 | Data of a billion Chinese residents available for sale on the dark web (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 14:49:21 | Popular Django web framework affected by a SQL Injection flaw. Upgrade it now! (lien direct) | >The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the framework, Django 4.0.6 and 3.2.14, addressed a high-severity SQL […] | |||
|
2022-07-04 09:44:23 | Unfaithful HackerOne employee steals bug reports to claim additional bounties (lien direct) | >Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […] | Vulnerability | ||
|
2022-07-04 08:05:41 | Threat Report Portugal: Q2 2022 (lien direct) | >The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […] | Threat | ||
|
2022-07-04 07:16:39 | CISA orders federal agencies to patch CVE-2022-26925 by July 22 (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […] | Vulnerability | ||
|
2022-07-03 21:15:49 | Tens of Jenkins plugins are affected by zero-day vulnerabilities (lien direct) | >Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands […] | |||
|
2022-07-03 17:32:54 | Microsoft: Raspberry Robin worm already infected hundreds of networks (lien direct) | >Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […] | Malware | ||
|
2022-07-03 16:10:18 | Security Affairs newsletter Round 372 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […] | Ransomware Tool | ||
|
2022-07-03 13:31:15 | Half of actively exploited zero-day issues in H1 2022 are variants of previous flaws (lien direct) | >Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so […] |
To see everything:
Our RSS (filtrered)
