What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-19 22:31:24 | Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild (lien direct) | >A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] | Vulnerability Threat | ||
|
2022-06-19 07:00:00 | Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS (lien direct) | >Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices. The ransomware, tracked by Intezer as “QNAPCrypt” and “eCh0raix” by Anomali, is […] | Ransomware | ||
|
2022-06-18 17:39:53 | US DoJ announced to have shut down the Russian RSOCKS Botnet (lien direct) | >The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS. The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS as part of an international police operation that involved law enforcement partners from Germany, the Netherlands, and […] | |||
|
2022-06-18 06:47:02 | MaliBot Android Banking Trojan targets Spain and Italy (lien direct) | >Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. The experts documented attacks against multiple banks, including UniCredit, Santander, CaixaBank, and CartaBCC. […] | Malware | ||
|
2022-06-17 23:00:30 | Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed (lien direct) | >China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] | Vulnerability Threat | ||
|
2022-06-17 20:00:33 | Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company (lien direct) | >Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] | Malware Threat Cloud | APT 37 | |
|
2022-06-17 06:34:51 | A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould (lien direct) | >Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. “Proofpoint has discovered a potentially dangerous piece […] | |||
|
2022-06-16 21:53:40 | BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers (lien direct) | >The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] | Ransomware Threat | ||
|
2022-06-16 15:07:19 | ALPHV/BlackCat ransomware gang starts publishing victims\' data on the clear web (lien direct) | ALPHV/BlackCat ransomware group began publishing victims’ data on the clear web to increase the pressure on them and force them to pay the ransom. ALPHV/BlackCat ransomware group has adopted a new strategy to force victims into paying the ransom, the gang began publishing victims’ data on the clear web to increase the pressure. Publishing data online will […] | |||
|
2022-06-16 10:14:49 | Researchers disclosed a remote code execution flaw in Fastjson Library (lien direct) | >Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. […] | Vulnerability | ||
|
2022-06-16 08:41:13 | (Déjà vu) Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager (lien direct) | >Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass […] | Vulnerability | ||
|
2022-06-16 07:00:36 | Malicious apps continue to spread through the Google Play Store (lien direct) | >Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. However, the experts warn that info-stealing Trojans are the […] | Malware | ||
|
2022-06-15 22:59:44 | Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips (lien direct) | >Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel […] | Vulnerability | ||
|
2022-06-15 18:39:38 | A critical flaw in Citrix Application Delivery Management allows resetting admin passwords (lien direct) | >Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform […] | Vulnerability | ||
|
2022-06-15 14:51:22 | Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign (lien direct) | >Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses basic SSH dictionary attack to implement wormable behavior, it also […] | |||
|
2022-06-15 07:32:03 | Let\'s give a look at the Dark Web Price Index 2022 (lien direct) | PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products available in the black marketplaces and related to the period between February 2021 and June 2022. The document updates the information […] | |||
|
2022-06-14 23:11:08 | A flaw in Zimbra email suite allows stealing login credentials of the users (lien direct) | >A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user […] | Vulnerability | ||
|
2022-06-14 07:16:17 | API Security Best Practices (lien direct) | >Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. APIs are the gateway to providing the high security of data in an […] | |||
|
2022-06-14 07:06:29 | SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases (lien direct) | >Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. SeaFlower maintains the functionality […] | Malware | ||
|
2022-06-14 02:48:40 | Experts spotted Syslogk, a Linux rootkit under development (lien direct) | >Experts spotted a new Linux rootkit, dubbed 'Syslogk,' that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed 'Syslogk,' that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily […] | |||
|
2022-06-13 18:30:20 | Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability (lien direct) | >Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). Nation-state actors […] | Tool Vulnerability | ||
|
2022-06-13 14:54:32 | GALLIUM APT used a new PingPull RAT in recent campaigns (lien direct) | >China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe, and Africa. China-linked Gallium APT (aka Softcell) used a previously undocumented remote access Trojan dubbed PingPull in recent attacks aimed at organizations in Southeast Asia, Europe, and Africa. Researchers from Palo Alto Networks defined the […] | |||
|
2022-06-13 13:18:30 | HelloXD Ransomware operators install MicroBackdoor on target systems (lien direct) | >Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] | Ransomware Threat | ||
|
2022-06-13 07:52:41 | Using WiFi connection probe requests to track users (lien direct) | >Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about […] | |||
|
2022-06-12 22:21:36 | Security Affairs newsletter Round 369 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws […] | Ransomware | ||
|
2022-06-12 14:14:51 | Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers (lien direct) | >Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134, affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from […] | Ransomware | ★★★ | |
|
2022-06-12 09:36:08 | HID Mercury Access Controller flaws could allow to unlock Doors (lien direct) | >Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions […] | |||
|
2022-06-11 16:16:48 | Iran-linked Lyceum APT adds a new .NET DNS Backdoor to its arsenal (lien direct) | >Iran-linked Lyceum APT group uses a new .NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new .NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT […] | |||
|
2022-06-11 13:34:12 | PACMAN, a new attack technique against Apple M1 CPUs (lien direct) | >PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. The pointer authentication codes (PACs) allow to detect and guard against unexpected changes to pointers in memory. […] | Hack | ||
|
2022-06-10 20:51:38 | Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (lien direct) | >Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […] | Vulnerability Threat | ||
|
2022-06-10 14:37:16 | Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques (lien direct) | >The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] | Ransomware Malware | ||
|
2022-06-10 08:24:56 | Vice Society ransomware gang adds the Italian City of Palermo to its data leak site (lien direct) | >The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the […] | Ransomware | ||
|
2022-06-09 19:10:49 | (Déjà vu) Symbiote, a nearly-impossible-to-detect Linux malware (lien direct) | >Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. The name comes from the concept of symbiote which is an organism that lives in symbiosis with another organism, exactly like this implant does with […] | Threat | ||
|
2022-06-09 14:52:45 | Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia (lien direct) | >Researchers spotted a previously undocumented Chinese-speaking APT, tracked as Aoqin Dragon, targeting entities in Southeast Asia and Australia. SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast Asia and Australia carried out by a previously undocumented Chinese-speaking APT tracked as Aoqin Dragon. The APT primary focus on cyberespionage against targets […] | |||
|
2022-06-09 10:54:48 | New Emotet variant uses a module to steal data from Google Chrome (lien direct) | >Researchers spotted a new variant of the Emotet bot that uses a new module to steal credit card information stored in the Chrome web browser. Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing module used to siphon credit card information stored in the Chrome […] | |||
|
2022-06-09 08:48:41 | Tainted CCleaner Pro Cracker spreads via Black Seo campaign (lien direct) | >Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign […] | Malware | CCleaner CCleaner | ★★★ |
|
2022-06-08 21:24:02 | 0Patch released unofficial security patch for new DogWalk Windows zero-day (lien direct) | >0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. The issue impacts all Windows versions, starting from Windows 7 and Server Server 2008, including the latest releases. The flaw […] | Tool Vulnerability | ||
|
2022-06-08 13:56:38 | US dismantled and seized SSNDOB cybercrime marketplace (lien direct) | >An international operation led by the US authorities dismantled and seized the infrastructure of the online marketplace SSNDOB. US DoJ announced the seizure of the SSNDOB Marketplace, a series of websites offering personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. According to the authorities, the […] | |||
|
2022-06-08 09:53:30 | China-linked threat actors have breached telcos and network service providers (lien direct) | >China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target […] | Threat | ||
|
2022-06-08 07:55:06 | Black Basta ransomware now supports encrypting VMware ESXi servers (lien direct) | >Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of […] | Ransomware | ||
|
2022-06-07 14:19:53 | Evil Corp gang starts using LockBit Ransomware to evade sanctions (lien direct) | >Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] | Ransomware Threat | ★★ | |
|
2022-06-07 08:55:47 | Black Basta ransomware operators leverage QBot for lateral movements (lien direct) | >The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] | Ransomware Malware Threat | ||
|
2022-06-06 22:39:43 | Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant (lien direct) | >LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have […] | Ransomware | ||
|
2022-06-06 20:15:11 | Microsoft seized 41 domains used by Iran-linked Bohrium APT (lien direct) | >Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed […] | Threat | ||
|
2022-06-06 12:11:08 | Another nation-state actor exploits Microsoft Follina to attack European and US entities (lien direct) | >A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On May 31, Microsoft released […] | Vulnerability | ||
|
2022-06-06 10:36:13 | Red TIM Research discovers a Command Injection with a 9,8 score on Resi (lien direct) | >During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It's been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8. This vulnerability comes from a failure to check the parameters sent as inputs into the […] | Vulnerability | ||
|
2022-06-06 07:05:21 | Exclusive: Pro-Russia group \'Cyber Spetsnaz\' is attacking government agencies (lien direct) | Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they're leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Following the attacks of the Killnet Collective, the group responsible […] | |||
|
2022-06-05 18:11:36 | PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online (lien direct) | >Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. Bleeping Computer reported that starting from Friday afternoon, a proof-of-concept exploit for this issue was publicly shared. Researchers from cybersecurity firm […] | Vulnerability | ||
|
2022-06-05 16:13:32 | Security Affairs newsletter Round 368 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Anonymous: Operation Russia after 100 days of war GitLab addressed critical account take over via […] | |||
|
2022-06-05 13:58:11 | Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club (lien direct) | >Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted […] | Threat |
To see everything:
Our RSS (filtrered)
