What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-09 12:17:11 | CERT-UA warns of malspam attacks distributing the Jester info stealer (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer called Jester Stealer. The malicious messages spotted by the Ukrainian CERT have the subject line “chemical attack” and contain a link to a […] | Malware | ★★★ | |
|
2022-05-09 09:18:34 | Experts developed exploits for CVE-2022-1388 RCE in F5 BIG-IP products (lien direct) | A few days after F5 addressed the critical CVE-2022-1388 Remote Code execution flaw in its BIG-IP products, researchers created exploits for it. Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. The company addressed a total of 43 […] | |||
|
2022-05-09 07:25:05 | Experts uncovered a new wave of attacks conducted by Mustang Panda (lien direct) | China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks. In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting phishing attacks against European entities, including Russian organizations. The attacks were also reported by Google's TAG team, which confirmed they were for […] | |||
|
2022-05-08 20:58:14 | Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) (lien direct) | Conti Ransomware gang claims to have hacked the Peru MOF – Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 GB. The Conti ransomware gang added the Peru MOF – Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak site. The National Directorate of Intelligence is the premier intelligence agency […] | Ransomware | ||
|
2022-05-08 15:44:28 | (Déjà vu) May 01 – May 07 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing Russia invasion that occurred in the previous weeks: May 06 – Anonymous and Ukraine IT Army continue to target Russian entities The Anonymous collective and […] | ★★★ | ||
|
2022-05-08 15:21:43 | NIST published updated guidance for supply chain risks (lien direct) | The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply chain attacks. NIST has published the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations” in response to the Executive Order […] | ★★★★ | ||
|
2022-05-08 11:10:10 | US agricultural machinery manufacturer AGCO suffered a ransomware attack (lien direct) | The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware attack impacted some of its production facilities. The company was forced to shut down portions of its IT systems in response to the incident. AGCO did […] | Ransomware | ||
|
2022-05-08 08:15:14 | Security Affairs newsletter Round 364 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Raspberry Robin spreads via removable USB devices Malware campaign hides a shellcode into Windows […] | Malware | ||
|
2022-05-08 08:01:13 | US DoS offers a reward of up to $15M for info on Conti ransomware gang (lien direct) | The US Government offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The US Department of State offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The reward is offered under the Department […] | Ransomware Guideline | ||
|
2022-05-07 15:30:03 | Raspberry Robin spreads via removable USB devices (lien direct) | Researchers discovered a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that spreads via removable USB devices. Cybersecurity researchers from Red Canary have spotted a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that propagates through removable USB devices. “Raspberry Robin is Red Canary's name for a cluster of activity we first observed […] | ★★★★ | ||
|
2022-05-07 13:24:57 | Malware campaign hides a shellcode into Windows event logs (lien direct) | Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. The technique allows hiding a fileless Trojan, the experts also […] | Malware | ★★★★ | |
|
2022-05-07 10:45:56 | US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT (lien direct) | The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder the funds stolen from Axie Infinity’s Ronin bridge. This is the first time ever, Treasury is sanctioning a virtual currency mixer. […] | APT 38 APT 28 | ★★★ | |
|
2022-05-06 21:01:39 | How the thriving fraud industry within Facebook attacks independent media (lien direct) | Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again got DDoSed, as they are a frequent target of such digital attacks. However, when we noticed that the attack traffic came from […] | ★★★ | ||
|
2022-05-06 18:38:36 | QNAP fixes multiple flaws, including a QVR RCE vulnerability (lien direct) | QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score of 9.8), that could be exploited by a remote attacker to execute arbitrary commands on vulnerable QVR systems. QNAP QVR is a video surveillance […] | Vulnerability | ★★★★ | |
|
2022-05-06 14:16:08 | Anonymous and Ukraine IT Army continue to target Russian entities (lien direct) | The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities. The Anonymous collective continues its cyber war on Russian businesses and government organizations. Below is the list of the most recent organizations targeted by the collective that also leaked stolen data through the DDoSecrets platform: CorpMSP is […] | ★★★★ | ||
|
2022-05-06 13:28:06 | NetDooka framework distributed via a pay-per-install (PPI) malware service (lien direct) | Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro researchers uncovered a sophisticated malware framework dubbed NetDooka that is distributed via a pay-per-install (PPI) service known as PrivateLoader and includes multiple components, including a loader, a dropper, a protection driver, and a full-featured remote […] | Malware | ★★★★ | |
|
2022-05-06 10:02:23 | Vulnerable Docker Installations Are A Playhouse for Malware Attacks (lien direct) | Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […] | Malware Threat | ||
|
2022-05-06 07:26:25 | Ukraine IT Army hit EGAIS portal impacting Russia\'s alcohol distribution (lien direct) | Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia’s alcohol distribution. The collective of hacktivists Ukraine IT Army has launched a series of massive DDoS attacks on the Unified State Automated Alcohol Accounting Information System (EGAIS) portal, which is considered crucial for alcohol distribution in Russia. […] | |||
|
2022-05-05 19:47:00 | Google addresses actively exploited Android flaw in the kernel (lien direct) | Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600. The CVE-2021-22600 is a privilege escalation issue that […] | Vulnerability | ||
|
2022-05-05 14:51:11 | (Déjà vu) Cisco addresses three bugs in Enterprise NFVIS Software (lien direct) | Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting the Enterprise NFV Infrastructure Software (NFVIS) that could be exploited by attackers to take control over the hosts. “Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure […] | |||
|
2022-05-05 13:45:51 | A couple of 10-Year-Old flaws affect Avast and AVG antivirus (lien direct) | Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions. The bugs reside in the anti-rootkit kernel driver named aswArPot.sys which […] | |||
|
2022-05-05 09:47:30 | F5 warns its customers of tens of flaws in its products (lien direct) | Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. The company addressed a total of 43 vulnerabilities, the most severe one is a critical […] | |||
|
2022-05-04 22:06:34 | China-linked Winnti APT steals intellectual property from companies worldwide (lien direct) | A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation CuckooBees, aimed at stealing intellectual property from the victims. The campaign flew under the radar since at least 2019, it was attributed by the experts to […] | APT 41 | ||
|
2022-05-04 14:50:37 | Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites (lien direct) | Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army, are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The DDoS attacks also targeted three Lithuanian media websites. The attacks were monitored by […] | |||
|
2022-05-04 12:39:23 | Experts linked multiple ransomware strains North Korea-backed APT38 group (lien direct) | Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Ransomware Medical | APT 38 | |
|
2022-05-04 09:58:57 | An expert shows how to stop popular ransomware samples via DLL hijacking (lien direct) | A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil, LockBit, AvosLocker, and Black Basta, are affected by flaws that could be exploited block file encryption. Page shared its findings through its […] | Ransomware Malware | ||
|
2022-05-03 23:21:00 | China-linked APT Curious Gorge targeted Russian govt agencies (lien direct) | China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge, is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity […] | Threat | ||
|
2022-05-03 14:44:16 | A DNS flaw impacts a library used by millions of IoT devices (lien direct) | A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of all versions of the uClibc-ng […] | Vulnerability | ||
|
2022-05-03 10:56:27 | China-linked Moshen Dragon abuses security software to sideload malware (lien direct) | A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage […] | Malware | ||
|
2022-05-03 08:40:18 | UNC3524 APT uses IP cameras to deploy backdoors and target Exchange (lien direct) | A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. Once gained initial access to the target systems, […] | |||
|
2022-05-03 06:08:45 | Package Analysis dynamic analyzes packages in open-source repositories (lien direct) | The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis, to perform dynamic analysis of the packages uploaded to popular open-source repositories. […] | Tool | ||
|
2022-05-02 18:32:10 | Car rental company Sixt hit by a cyberattack that caused temporary disruptions (lien direct) | The car rental company Sixt announced it was hit by a cyberattack that is causing temporary business disruptions at customer care centers and selective branches. The car rental company Sixt detected IT anomalies on April 29th, 2022 and immediately activated the incident response procedures. Later, the company confirmed that it was hit by a cyber-attack […] | |||
|
2022-05-02 14:30:49 | The mystery behind the samples of the new REvil ransomware operation (lien direct) | The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS […] | Ransomware | ||
|
2022-05-02 08:13:08 | Group-IB CEO remains in prison – the Russian-led company has been \'blacklisted\' in Italy (lien direct) | The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies. Originally […] | |||
|
2022-05-02 07:36:15 | IoT and Cybersecurity: What\'s the Future? (lien direct) | IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes […] | |||
|
2022-05-02 05:34:39 | Russia-linked APT29 targets diplomatic and government organizations (lien direct) | Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers from Mandiant have spotted a spear-phishing campaign, launched by the Russia-linked APT29 group, on targeting diplomats and government entities. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least 2014, […] | APT 29 | ||
|
2022-05-01 14:29:38 | Synology and QNAP warn of critical Netatalk flaws in some of their products (lien direct) | Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […] | |||
|
2022-05-01 13:13:29 | Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol (lien direct) | Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million. Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers […] | Threat | ||
|
2022-05-01 08:00:12 | (Déjà vu) Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 30 – Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites A series of DDoS […] | |||
|
2022-05-01 07:35:36 | Security Affairs newsletter Round 363 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers Emotet tests […] | |||
|
2022-04-30 21:04:02 | Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers (lien direct) | Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. Microsoft addressed a couple of vulnerabilities impacting the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. The vulnerabilities were discovered by researchers at cloud […] | |||
|
2022-04-30 17:27:35 | Emotet tests new attack chain in low volume campaigns (lien direct) | Emotet operators are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default. The threat actors are adopting the […] | Threat | ||
|
2022-04-30 13:51:19 | Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites (lien direct) | A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites. The Romanian national cyber security and incident response team, DNSC, warns of a series of distributed denial-of-service (DDoS) attacks targeting government websites. The attacks have started on April 29, 2022, at 04:00. The attacks were allegedly launched by Pro-Russian group […] | |||
|
2022-04-29 07:31:32 | Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector (lien direct) | OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have published more than 6 TB of Russian data via DDoSecrets. This is my update […] | |||
|
2022-04-29 06:59:25 | Hurry up, disable AFP on your QNAP NAS until the vendor fixes 8 bugs (lien direct) | QNAP urges customers to disable the AFP file service protocol on their NAS devices until it fixes critical Netatalk flaws. Taiwanese vendor QNAP is warning customers to disable the AFP file service protocol on their network-attached storage (NAS) deviced until it fixes several critical Netatalk vulnerabilities. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems […] | |||
|
2022-04-29 05:33:50 | It\'s Called BadUSB for a Reason (lien direct) | Cybercrime gang FIN7's badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and […] | |||
|
2022-04-29 05:24:34 | Ongoing DDoS attacks from compromised sites hit Ukraine (lien direct) | Ukraine CERT-UA warns of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. Ukraine ‘s computer emergency response team (CERT-UA) announced that it is investigating, along with the National Bank of Ukraine (CSIRT-NBU), ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal. The attacks originated from compromised […] | |||
|
2022-04-28 14:49:32 | Bumblebee, a new malware loader used by multiple crimeware threat actors (lien direct) | Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. The loader appears to be under development and is a highly sophisticated […] | Malware Threat | ||
|
2022-04-28 13:49:47 | (Déjà vu) CISA published 2021 Top 15 most exploited software vulnerabilities (lien direct) | Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United […] | |||
|
2022-04-28 09:36:59 | CloudFlare blocked a record HTTPs DDoS attack peaking at 15 rps (lien direct) | Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS). Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company. The company blocked the attack earlier this month, the experts […] |
To see everything:
Our RSS (filtrered)
