What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-23 09:04:29 | Cytrox\'s Predator spyware used zero-day exploits in 3 campaigns (lien direct) | Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. The five 0-day vulnerabilities […] | Threat | ||
|
2022-05-23 06:56:23 | Threat actors target the infoSec community with fake PoC exploits (lien direct) | >Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library […] | Malware Threat | ||
|
2022-05-22 17:32:55 | Security Affairs newsletter Round 366 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Asian media company Nikkei suffered a ransomware attack Russia-linked Sandworm continues to conduct attacks against […] | Ransomware | ||
|
2022-05-22 15:48:25 | North Korea-linked Lazarus APT uses Log4J to target VMware servers (lien direct) | >North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […] | Vulnerability Threat | APT 38 | |
|
2022-05-22 09:20:42 | The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000 (lien direct) | >The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer […] | |||
|
2022-05-21 22:21:10 | (Déjà vu) Asian media company Nikkei suffered a ransomware attack (lien direct) | >The media company Nikkei has disclosed a ransomware attack and revealed that the incident might have impacted customer data. The Japanese-based media company Nikkey is focused on the business and financial industry, it is the world’s largest financial newspaper. This week the company disclosed a security breach, ransomware infected one of its servers at a […] | Ransomware | ||
|
2022-05-21 14:31:01 | Russia-linked Sandworm continues to conduct attacks against Ukraine (lien direct) | >Security researchers from ESET reported that the Russia-linked APT group Sandworm continues to target Ukraine. Security experts from ESET reported that the Russia-linked cyberespionage group Sandworm continues to launch cyber attacks against entities in Ukraine. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU's Main Center for […] | ★★★ | ||
|
2022-05-21 11:14:50 | Cisco fixes an IOS XR flaw actively exploited in the wild (lien direct) | >Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked as CVE-2022-20821 (CVSS score: 6.5), that threat actors are actively exploiting in attacks in the wild. The flaw resides in […] | Vulnerability Threat | ||
|
2022-05-20 22:11:35 | QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices (lien direct) | >Taiwanese vendor QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates. Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The company issued the alert in response to a new wave of DeadBolt […] | Ransomware | ||
|
2022-05-20 20:13:17 | Pwn2Own Vancouver 2022 D2 (lien direct) | >During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. The T0 group demonstrated an exploit for an improper access control flaw […] | |||
|
2022-05-20 14:36:00 | The activity of the Linux XorDdos bot increased by 254% over the last six months (lien direct) | >Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second […] | Threat | ||
|
2022-05-20 10:10:32 | Conti ransomware is shutting down operations, what will happen now? (lien direct) | >The Conti ransomware gang shut down its operation, and some of its administrators announced a branding of the gang. Advanced Intel researcher Yelisey Boguslavskiy announced the that Conti Ransomware gang shuts its infrastructure and some of its administrators announced a rebranding of the popular RaaS operation. The news was reported by BleepingComputer that citing Boguslavskiy confirmed […] | Ransomware | ||
|
2022-05-19 17:44:14 | Google OAuth client library flaw allowed to deploy of malicious payloads (lien direct) | >Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token […] | |||
|
2022-05-19 15:03:25 | (Déjà vu) Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000 (lien direct) | >White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro's Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit […] | |||
|
2022-05-19 12:54:00 | China-linked Space Pirates APT targets the Russian aerospace industry (lien direct) | >A new China-linked cyberespionage group known as ‘Space Pirates’ is targeting enterprises in the Russian aerospace industry. A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT […] | |||
|
2022-05-19 06:13:42 | CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws (lien direct) | >CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 to order federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws or to remove the affected products from their networks by May 23, 2022. The list of impacted […] | |||
|
2022-05-18 21:29:54 | VMware fixed a critical auth bypass issue in some of its products (lien direct) | >VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately. “This critical vulnerability should be patched or mitigated immediately per the […] | Vulnerability Threat | ||
|
2022-05-18 20:04:37 | Microsoft warns of attacks targeting MSSQL servers using the tool sqlps (lien direct) | >Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. The attacks are using the legitimate tool sqlps.exe, a sort of SQL Server PowerShell file, as a LOLBin (short for living-off-the-land binary). Microsoft warned of […] | Tool Threat | ||
|
2022-05-18 14:37:54 | Microsoft warns of the rise of cryware targeting hot wallets (lien direct) | >Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […] | Malware Threat | ||
|
2022-05-18 09:54:41 | Conti Ransomware gang threatens to overthrow the government of Costa Rica (lien direct) | >The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. “The Costa Rican state will not pay anything to these cybercriminals.” said […] | Ransomware | ||
|
2022-05-18 07:41:40 | Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift (lien direct) | >Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. The new version is written in Swift and relies on the AWS infrastructure to host its malicious payloads. […] | Malware Threat | ||
|
2022-05-17 19:10:57 | Venezuelan cardiologist accused of operating and selling Thanos ransomware (lien direct) | >The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a. Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware […] | Ransomware Malware Threat | ||
|
2022-05-17 11:43:14 | Over 200 Apps on Play Store were distributing Facestealer info-stealer (lien direct) | >Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices. The malicious apps are able to steal credentials, Facebook cookies, and other personally identifiable information. Some […] | |||
|
2022-05-17 07:11:06 | (Déjà vu) CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency added the recently disclosed remote code execution bug, tracked as CVE-2022-30525, affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […] | |||
|
2022-05-17 05:19:04 | A custom PowerShell RAT uses to target German users using Ukraine crisis as bait (lien direct) | >Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis. Malwarebytes experts uncovered a campaign that targets German users with custom PowerShell RAT targeting. The threat actors attempt to trick victims into opening weaponized documents by using the current situation in Ukraine as bait. The […] | Threat | ||
|
2022-05-16 14:48:12 | Experts show how to run malware on chips of a turned-off iPhone (lien direct) | >Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” A team of researchers from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt demonstrated a technique to tamper with the firmware and load malware onto a chip while an […] | Malware | ||
|
2022-05-16 10:36:47 | (Déjà vu) Ukrainian national sentenced to 4 years in prison for selling access to hacked servers (lien direct) | >A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old Ukrainian national, has been sentenced to four years in prison for selling access to comprised servers on the dark web. The man was arrested in Poland in October 2020 and pleaded guilty […] | Guideline | ||
|
2022-05-16 05:28:25 | Eternity Project: You can pay $260 for a stealer and $490 for a ransomware (lien direct) | >Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named 'Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The experts discovered the marketplace during a […] | Ransomware Threat | ||
|
2022-05-15 16:47:51 | (Déjà vu) May 08 – May 14 Ukraine – Russia the silent cyber conflict (lien direct) | >This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing Russia invasion that occurred in the previous weeks: May 14 – The LEGION collective calls to action to attack the final of the Eurovision song […] | |||
|
2022-05-15 14:34:10 | Security Affairs newsletter Round 365 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The LEGION collective calls to action to attack the final of the Eurovision song contest […] | |||
|
2022-05-15 12:48:16 | Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT (lien direct) | >Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign conducted by Armageddon APT using GammaLoad.PS1_v2 malware. Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign using messages with subject “On revenge in Kherson!” and containing the “Plan Kherson.htm” attachment. The HTM-file will decode and create an archive named “Herson.rar”, which contains a file-shortcut […] | |||
|
2022-05-15 11:25:31 | Sysrv-K, a new variant of the Sysrv botnet includes new exploits (lien direct) | >Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. Threat actors use the botnet in a cryptomining campaign targeting Windows […] | Threat | ||
|
2022-05-14 16:45:53 | The LEGION collective calls to action to attack the final of the Eurovision song contest (lien direct) | >The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group […] | |||
|
2022-05-14 14:45:51 | OpRussia update: Anonymous breached other organizations (lien direct) | >Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of […] | |||
|
2022-05-14 13:00:21 | Pro-Russian hacktivists target Italy government websites (lien direct) | >Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health. A group of Pro-Russian hackers known as “Killnet” launched an attack against multiple websites of several Italian institutions, including the senate, the National Institute of Health, and the Automobile Club d’Italia (ACI), the national drivers’ […] | |||
|
2022-05-13 21:30:47 | SonicWall urges customers to fix SMA 1000 vulnerabilities (lien direct) | >SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. An attacker can exploit the vulnerabilities to bypass authorization and, potentially, compromise vulnerable devices. The first issue, tracked as […] | |||
|
2022-05-13 14:52:37 | Zyxel fixed firewall unauthenticated remote command injection issue (lien direct) | Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. The issue was discovered […] | Vulnerability | ||
|
2022-05-13 06:52:53 | Iran-linked COBALT MIRAGE group uses ransomware in its operations (lien direct) | Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked […] | Ransomware Threat | APT 15 APT 15 | ★★★★ |
|
2022-05-12 20:52:17 | New Nerbian RAT spreads via malspam campaigns using COVID-19 (lien direct) | Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated anti-analysis and anti-reversing capabilities. The malware spreads via malspam campaigns using COVID-19 and World Health Organization (WHO) themes. The name of the RAT […] | Malware | ★★ | |
|
2022-05-12 13:57:50 | Massive hacking campaign compromised thousands of WordPress websites (lien direct) | Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content […] | ★★★ | ||
|
2022-05-12 12:00:08 | Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC (lien direct) | Experts at TIM research laboratory, Red Team Research (RTR), have disclosed a couple of bugs affecting F5 Traffix SDC. Among these 45 bugs fixed by the well-known manufacturer of computer security systems, 2 were detected by TIM research laboratory, Red Team Research (RTR), as part of the bug hunting activities, on the F5® Traffix® Signaling […] | ★★★ | ||
|
2022-05-12 10:10:25 | Five Eyes agencies warn of attacks on MSPs (lien direct) | Cybersecurity authorities from Five Eye warn of threats targeting managed service providers (MSPs) and potential supply chain attacks through them. Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. this week released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. “The cybersecurity authorities of the United Kingdom, […] | ★★★ | ||
|
2022-05-11 21:45:31 | (Déjà vu) CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog (lien direct) | US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known […] | ★★★ | ||
|
2022-05-11 06:11:18 | Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack (lien direct) | Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components, .NET and Visual Studio, […] | ★★★ | ||
|
2022-05-11 06:03:47 | EU condemns Russian cyber operations against Ukraine (lien direct) | The European Union condemns the cyberattacks conducted by Russia against Ukraine, which targeted the satellite KA-SAT network. The European Union accused Russia of the cyberattack that hit the satellite KA-SAT network in Ukraine, operated by Viasat, on February 24. This cyberattack caused communication outages and disruptions in Ukraine, it also impacted several EU Member States. 5,800 […] | ★★★ | ||
|
2022-05-10 14:29:10 | Microsoft fixed RCE flaw in a driver used by Azure Synapse and Data Factory (lien direct) | Microsoft disclosed a now-fixed vulnerability in Azure Synapse and Azure Data Factory that could have allowed remote code execution. Microsoft announced to have addressed a critical remote code execution flaw, tracked as CVE-2022-29972 and named SynLapse, affecting Azure Synapse and Azure Data Factory. The vulnerability was discovered by researchers from Orca Security and resides in […] | Vulnerability | ★★ | |
|
2022-05-10 06:55:14 | Hacktivists hacked Russian TV schedules during Victory Day and displayed anti-war messages (lien direct) | Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site. Hacktivists and white hat hackers continue to support Ukraine against the Russian invasion, in a recent attack, they defaced Russian TV with anti-war messages and took down the RuTube video streaming site. The attack took place during Russia’s […] | ★★★ | ||
|
2022-05-10 06:41:59 | Threat actors are actively exploiting CVE-2022-1388 RCE in F5 BIG-IP (lien direct) | Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its […] | Threat | ★★★★ | |
|
2022-05-10 06:04:58 | Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service (lien direct) | The Resecurity HUNTER unit identified a new underground service called ‘Frappo’, which is available on the Dark Web. “Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. The platform has been built by […] | ★★★★ | ||
|
2022-05-09 15:53:48 | DCRat, only $5 for a fully working remote access trojan (lien direct) | Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. The DCRat backdoor is very cheap, it appears to […] | ★★★ |
To see everything:
Our RSS (filtrered)
