What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-05 09:51:08 | (Déjà vu) Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild (lien direct) | >Atlassian has addressed on Friday an actively exploited critical remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Early this week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the […] | Vulnerability | ||
|
2022-06-04 15:05:19 | Anonymous: Operation Russia after 100 days of war (lien direct) | >Operation Russia continues, albeit much more slowly than last month, RKPLaw, Vyberi Radio, and Metprom Group are the last victims. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, albeit much more slowly than last month. The collective recently leaked stolen data via DDoSecrets. This is my update on the […] | |||
|
2022-06-04 08:36:53 | GitLab addressed critical account take over via SCIM email change (lien direct) | >GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting […] | Vulnerability | ||
|
2022-06-03 23:46:21 | LuoYu APT delivers WinDealer malware via man-on-the-side attacks (lien direct) | >Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […] | Malware Tool | ||
|
2022-06-03 14:45:49 | Clipminer Botnet already allowed operators to make at least $1.7 Million (lien direct) | >The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec's Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft […] | Threat | ||
|
2022-06-03 10:13:39 | Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited (lien direct) | >Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has […] | Vulnerability | ||
|
2022-06-03 07:29:58 | Microsoft blocked Polonium attacks against Israeli organizations (lien direct) | >Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli […] | |||
|
2022-06-02 18:34:36 | LockBit ransomware attack impacted production in a Mexican Foxconn plant (lien direct) | >LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for an attack and announced that it […] | Ransomware | ||
|
2022-06-02 17:09:12 | Conti leaked chats confirm that the gang\'s ability to conduct firmware-based attacks (lien direct) | The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to […] | Ransomware Threat | ||
|
2022-06-02 13:17:48 | An international police operation dismantled FluBot spyware (lien direct) | >An international law enforcement operation involving 11 countries resulted in the takedown of the FluBot Android malware. An international law enforcement operation involving 11 countries led to the takedown of the infamous FluBot Android malware. The investigation involved law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United […] | ★★★★★ | ||
|
2022-06-02 05:33:25 | A critical RCE flaw in Horde Webmail has yet to be addressed (lien direct) | >A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a specially crafted email. Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source Horde Webmail client. Horde Webmail allows users to manage contacts, the flaw could be exploited by an authenticated user […] | Vulnerability | ||
|
2022-06-01 20:56:34 | New XLoader Botnet version uses new techniques to obscure its C2 servers (lien direct) | >A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such as a new technique to obscure the Command and Control infrastructure XLoader has been observed since 2020, it […] | |||
|
2022-06-01 13:08:21 | Experts uncovered over 3.6M accessible MySQL servers worldwide (lien direct) | >Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP and uncovered 3.6M installs worldwide responding to their queries. These publicly accessible MySQL server instances represent a potential attack surface for their owners. “These are instances that respond to our […] | |||
|
2022-06-01 10:25:39 | China-linked TA413 group actively exploits Microsoft Follina zero-day flaw (lien direct) | >A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word […] | |||
|
2022-06-01 06:53:54 | Hive ransomware gang hit Costa Rica public health service (lien direct) | >Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating […] | Ransomware | ||
|
2022-05-31 14:28:17 | SideWinder carried out over 1,000 attacks since April 2020 (lien direct) | >SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). The group stands out for the high frequency and persistence of its attacks, researchers believe that the […] | Threat | APT-C-17 | |
|
2022-05-31 11:19:10 | Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina (lien direct) | >Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite. “On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows […] | Tool | ||
|
2022-05-31 07:13:32 | Experts warn of ransomware attacks against government organizations of small states (lien direct) | >Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the […] | Ransomware | ||
|
2022-05-30 20:07:36 | Three Nigerian men arrested in INTERPOL Operation Killer Bee (lien direct) | >Interpol arrested three Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions and steal sensitive data. Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer Bee. The three men are suspected of using the Agent Tesla RAT to reroute financial transactions […] | |||
|
2022-05-30 14:49:23 | A new WhatsApp OTP scam could allow the hijacking of users\' accounts (lien direct) | Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users' accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users' accounts through phone calls. The fraudulent scheme is simple, threat actors make a phone call […] | Threat | ||
|
2022-05-30 12:06:51 | Multiple Microsoft Office versions impacted by an actively exploited zero-day (lien direct) | >A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell […] | |||
|
2022-05-30 11:20:08 | GoodWill Ransomware victims have to perform socially driven activities to decryption their data (lien direct) | >Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK's Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in […] | Ransomware Threat | ★★★ | |
|
2022-05-30 07:09:17 | EnemyBot malware adds new exploits to target CMS servers and Android devices (lien direct) | >The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the […] | Malware | ★★★★★ | |
|
2022-05-29 18:43:42 | Pro-Russian hacker group KillNet plans to attack Italy on May 30 (lien direct) | >Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian 'hacktivist' group Killnet is one of the most active non-state actors operating since the beginning of the Russian […] | |||
|
2022-05-29 14:33:42 | (Déjà vu) Security Affairs newsletter Round 367 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks The […] | |||
|
2022-05-29 13:39:10 | US man sentenced to 4 years in prison for his role in Infraud scheme (lien direct) | >A man from New York was sentenced to four years in prison for trading stolen credit card data and assisting the Infraud Organization. John Telusma (aka ‘Peterelliot’), a New York man from New York (37), was sentenced this week to four years in prison for purchasing stolen or compromised credit cards and assisting the Infraud […] | |||
|
2022-05-28 15:55:27 | Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (lien direct) | >360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […] | Malware Threat | ||
|
2022-05-28 15:02:13 | The strange link between Industrial Spy and the Cuba ransomware operation (lien direct) | >The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […] | Ransomware Malware | ||
|
2022-05-28 13:30:21 | Reuters: Russia-linked APT behind Brexit leak website (lien direct) | >Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from Brexit supporters, including […] | Threat Guideline | ||
|
2022-05-28 11:01:18 | GitHub: Nearly 100,000 NPM Users\' credentials stolen in the April OAuth token attack (lien direct) | GitHub provided additional details into the theft of its integration OAuth tokens that occurred in April, with nearly 100,000 NPM users’ credentials. GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials. In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain […] | Threat | ||
|
2022-05-27 21:37:22 | Android pre-installed apps are affected by high-severity vulnerabilities (lien direct) | >Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities (CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601) in a mobile framework, owned by mce Systems, that is used by several mobile carriers in pre-installed Android System apps. The researchers discovered the flaws in September 2021 and […] | |||
|
2022-05-27 14:45:01 | GhostTouch: how to remotely control touchscreens with EMI (lien direct) | >Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals. According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic […] | |||
|
2022-05-27 13:22:16 | FBI: Compromised US academic credentials available on various cybercrime forums (lien direct) | >The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks […] | Threat | ||
|
2022-05-27 09:56:59 | ERMAC 2.0 Android Banking Trojan targets over 400 apps (lien direct) | >A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July […] | |||
|
2022-05-27 05:58:22 | Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw (lien direct) | >Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) […] | Vulnerability Threat | ||
|
2022-05-26 20:40:28 | Exposed: the threat actors who are poisoning Facebook (lien direct) | >An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An investigation of the infamous “Is That You?” video scam has led Cybernews researchers to a cybercriminal stronghold, from which threat actors have been infecting the social media giant with […] | Threat | ||
|
2022-05-26 19:28:44 | Zyxel addresses four flaws affecting APs, AP controllers, and firewalls (lien direct) | >Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Below is the list of the four vulnerabilities, the most severe one is a command injection flaw in some CLI commands […] | |||
|
2022-05-26 14:38:43 | Experts warn of a new malvertising campaign spreading the ChromeLoader (lien direct) | >Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […] | Malware | ||
|
2022-05-26 10:31:24 | Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed (lien direct) | >The maintainers of the Tails project (The Amnesic Incognito Live System) warn users that the Tor Browser bundled with the OS could expose their sensitive information. The maintainers confirmed that Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information. “We recommend that you stop using Tails until the release of 5.1 […] | |||
|
2022-05-26 09:13:55 | Italy announced its National Cybersecurity Strategy 2022/26 (lien direct) | >Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government’s commitment to addressing cyber threats and increasing the resilience of the country to cyber attacks. The strategy is aligned with the […] | Threat | ||
|
2022-05-25 22:36:59 | Unknown APT group is targeting Russian government entities (lien direct) | >An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. The threat actors behind the attacks […] | Threat | ||
|
2022-05-25 18:57:20 | Internationa police operation led to the arrest of the SilverTerrier gang leader (lien direct) | >The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime group as a result of an international operation. The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime gang (aka TMT) after a year-long investigation codenamed “Operation Delilah.” SilverTerrier has been active since at least 2014 and focuses on BEC […] | Guideline | ||
|
2022-05-25 11:12:40 | (Déjà vu) Chaining Zoom bugs is possible to hack users in a chat by sending them a message (lien direct) | >Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022-22784 through CVE-2022-22787, […] | Hack | ||
|
2022-05-25 08:36:10 | CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR (CVE-2022-20821). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: […] | |||
|
2022-05-24 18:18:56 | Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT (lien direct) | >Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited to deploy malware. In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen […] | Threat | ||
|
2022-05-24 13:16:01 | Microsoft warns of new highly evasive web skimming campaigns (lien direct) | >Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. The threat actors obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded in […] | Threat | ||
|
2022-05-24 09:06:15 | Nation-state malware could become a commodity on dark web soon, Interpol warns (lien direct) | >Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non […] | Malware | ||
|
2022-05-23 22:03:19 | Russia-linked Turla APT targets Austria, Estonia, and NATO platform (lien direct) | >Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO's […] | Threat | ||
|
2022-05-23 17:17:24 | Russia-linked Fronton botnet could run disinformation campaigns (lien direct) | >Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “Digital Revolution” claimed to have hacked a subcontractor to the Russian FSB. The […] | Threat | ||
|
2022-05-23 13:45:02 | A flaw in PayPal can allow attackers to steal money from users\' account (lien direct) | A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered an unpatched flaw in PayPal that could allow attackers to trick users into completing transactions controlled by the […] |
To see everything:
Our RSS (filtrered)
