What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-02 19:59:23 | The role of Social Media in modern society – Social Media Day 22 interview (lien direct) | >This is a transcription of an interview I had at Iran International broadcaster, I discussed about the role of social media in modern society. What’s the Middle East government’s role on Cyber bullying towards opposition activists? Middle East governments play a crucial role in cyberbullying against the opposition. Several independent organizations for the protection of […] | |||
|
2022-07-02 19:41:06 | Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool (lien direct) | >Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Plus tool. The tool allows monitoring activities of […] | Tool | ||
|
2022-07-02 05:03:39 | A ransomware attack forced publishing giant Macmillan to shuts down its systems (lien direct) | >A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] | Ransomware Threat | ||
|
2022-07-01 20:24:31 | SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide (lien direct) | >Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager. In late April 2022, […] | |||
|
2022-07-01 14:44:34 | A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers (lien direct) | >Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to […] | Threat | ||
|
2022-07-01 06:06:02 | Pro-Russian hackers launched a massive DDoS attack against Norway (lien direct) | >Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s most important websites and online services were taken down by a massive DDoS attack conducted by a pro-Russian group. NSM did not explicitly attribute the […] | |||
|
2022-06-30 23:00:44 | Korean cybersecurity agency released a free decryptor for Hive ransomware (lien direct) | >Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […] | Ransomware | ||
|
2022-06-30 17:58:47 | Experts blame North Korea-linked Lazarus APT for the Harmony hack (lien direct) | >North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's […] | Hack Threat | APT 38 | |
|
2022-06-30 14:13:23 | Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker (lien direct) | >A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S. to charges related to his involvement with the Russian cybercrime group NetWalker. In March, the man was extradited to the United States to face charges […] | Guideline | ||
|
2022-06-30 06:36:46 | YTStealer info-stealing malware targets YouTube content creators (lien direct) | >Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment […] | Malware | ||
|
2022-06-29 14:48:08 | Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers (lien direct) | >Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […] | Hack Vulnerability | ||
|
2022-06-29 10:40:13 | Mitre shared 2022 CWE Top 25 most dangerous software weaknesses (lien direct) | >The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. The presence of these vulnerabilities within the infrastructure of an organization could potentially expose it to […] | |||
|
2022-06-29 09:31:40 | RansomHouse gang claims to have stolen 450GB of data from chip maker giant AMD (lien direct) | >The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak it or sell it if the company will not pay […] | |||
|
2022-06-28 21:25:04 | NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE\'S SOCIOECONOMIC STRUCTURE (lien direct) | >This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state's socioeconomic structure Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could have a significant impact on international affairs, politics, and on the economy, as much as states do. Non-state actors […] | |||
|
2022-06-28 21:24:18 | ZuoRAT malware hijacks SOHO Routers to spy in the vitims (lien direct) | >A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] | Malware Threat | ||
|
2022-06-28 14:40:50 | LockBit 3.0 introduces important novelties, including a bug bounty program (lien direct) | >The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is […] | Ransomware | ||
|
2022-06-28 11:02:10 | Latest OpenSSL version is affected by a remote memory corruption flaw (lien direct) | >Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to […] | Vulnerability | ||
|
2022-06-28 06:38:41 | Two critical flaws affect CODESYS ICS Automation Software (lien direct) | >CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The […] | Guideline | ||
|
2022-06-27 19:40:14 | (Déjà vu) The government of Lithuania confirmed it had been hit by an intense cyberattack (lien direct) | >Lithuania confirmed it had been hit by an “intense” cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad. The government of Lithuania announced on Monday that it had been hit by an “intense” cyberattack, likely launched from Moscow, days after the Russian government protested restrictions Vilnius imposed on the rail […] | |||
|
2022-06-27 14:46:33 | New Matanbuchus Campaign drops Cobalt Strike beacons (lien direct) | >Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] | Malware Threat | ||
|
2022-06-27 12:33:37 | Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company (lien direct) | >Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced to halt production due to a cyberattack. According to the Associated Press, Khuzestan Steel Company has a monopoly […] | |||
|
2022-06-27 10:23:24 | Ukrainian telecommunications operators hit by DarkCrystal RAT malware (lien direct) | >The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […] | Malware | ||
|
2022-06-27 08:12:53 | Threat actors stole $100M in crypto assets from Harmony (lien direct) | >Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's Horizon […] | Threat | ||
|
2022-06-26 18:27:26 | Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day (lien direct) | >A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […] | Threat | ||
|
2022-06-26 14:23:43 | Security Affairs newsletter Round 371 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware Multiple malicious packages […] | |||
|
2022-06-26 13:40:00 | China-linked APT Bronze Starlight deploys ransomware as a smokescreen (lien direct) | >China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […] | Ransomware | APT 10 | |
|
2022-06-26 09:32:45 | Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas (lien direct) | >Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […] | Threat | ||
|
2022-06-25 20:08:23 | (Déjà vu) Oracle spent 6 months to fix \'Mega\' flaws in the Fusion Middleware (lien direct) | Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to Oracle by researchers PeterJson of VNG Corporation and Nguyen Jang of VNPT in October 2021. […] | |||
|
2022-06-25 17:52:29 | Multiple malicious packages in PyPI repository found stealing AWS secrets (lien direct) | >Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […] | |||
|
2022-06-25 11:59:00 | Attackers exploited a zero-day in Mitel VOIP devices to compromise a network (lien direct) | >Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] | Ransomware Vulnerability Threat | ||
|
2022-06-24 15:07:56 | Threat actors continue to exploit Log4Shell in VMware Horizon Systems (lien direct) | >The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to […] | |||
|
2022-06-24 13:52:37 | Vulnerabilities in the Jacuzzi SmartTub app could allow to access users\' data (lien direct) | >Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher Eaton Zveare warns. The experts attempted to notify the company without success, meantime the flaws have been addressed. The SmartTub app, which is […] | |||
|
2022-06-24 07:14:03 | (Déjà vu) Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users (lien direct) | >Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with […] | Threat | ||
|
2022-06-23 18:40:55 | Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor (lien direct) | >China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] | Malware Tool | APT 23 | |
|
2022-06-23 13:35:23 | NSO Group told lawmakers that Pegasus spyware was used by at least 5 European countries (lien direct) | >The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region. NSO Group’s General Counsel Chaim Gelfand admitted that the company […] | |||
|
2022-06-23 10:48:05 | QNAP warns of a critical PHP flaw that could lead to remote code execution (lien direct) | >Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […] | Vulnerability | ||
|
2022-06-23 07:53:28 | Researchers found flaws in MEGA that allowed to decrypt of user data (lien direct) | >Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat actors to decrypt user data stored in encrypted form. Data on Mega services is end-to-end encrypted client-side […] | Threat | ||
|
2022-06-22 20:51:22 | Exclusive: Lithuania under cyber-attack after the ban on Russian railway goods (lien direct) | >Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets […] | |||
|
2022-06-22 13:49:09 | Magecart attacks are still around but are more difficult to detect (lien direct) | >Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes researchers warn that the Client-side Magecart attacks are still targeting organizations, but are more covert. The researchers recently uncovered two […] | Threat | ||
|
2022-06-22 10:03:29 | Thank you!!! SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 (lien direct) | >I'm proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. The winners of the annual European Cybersecurity Blogger Awards have been announced. Security affairs has been voted for the third consecutive year as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards […] | |||
|
2022-06-22 09:21:23 | Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer (lien direct) | >Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. Since January 2022, the Bitdefender Cyber Threat Intelligence Lab observed operators behind the RIG Exploit Kit pushing the Dridex banking trojan instead of the Raccoon Stealer. The switch occurred in February when Raccoon Stealer temporarily halted […] | Threat | ||
|
2022-06-22 07:31:01 | Flagstar Bank discloses a data breach that impacted 1.5 Million individuals (lien direct) | >US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was […] | Data Breach | ||
|
2022-06-21 15:05:21 | New ToddyCat APT targets high-profile entities in Europe and Asia (lien direct) | >Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The threat […] | Threat | ||
|
2022-06-21 12:01:07 | New DFSCoerce NTLM relay attack allows taking control over Windows domains (lien direct) | >Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The DFSCoerce attack relies on the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to […] | Threat | ||
|
2022-06-21 07:20:48 | Cybercriminals Use Azure Front Door in Phishing Attacks (lien direct) | >Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services […] | |||
|
2022-06-20 21:46:13 | Russian APT28 hacker accused of the NATO think tank hack in Germany (lien direct) | >The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […] | Hack | APT 28 | |
|
2022-06-20 14:37:44 | Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild (lien direct) | >Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620, was fixed for the first time in 2013, but in […] | Vulnerability | ||
|
2022-06-20 12:12:45 | (Déjà vu) Security Affairs newsletter Round 370 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. US DoJ announced to have shut down the Russian RSOCKS Botnet MaliBot Android Banking Trojan […] | |||
|
2022-06-20 11:41:56 | Cisco will not address critical RCE in end-of-life Small Business RV routers (lien direct) | >Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage upgrading to newer models. The vulnerability, which received a CVSS severity rating of 9.8 out of 10.0, […] | |||
|
2022-06-20 09:41:01 | BRATA Android Malware evolves and targets the UK, Spain, and Italy (lien direct) | >The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first spotted in 2019 by security experts at Kaspersky, the name BRAT comes from 'Brazilian RAT Android,' because at the time it was used to […] | Malware |
To see everything:
Our RSS (filtrered)
