What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-28 04:36:37 | Russia-linked threat actors launched hundreds of cyberattacks on Ukraine (lien direct) | Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion. Microsoft states that at least six separate Russia-linked threat actors launched more than 237 operations against Ukraine starting just before the invasion. The cyber attacks included destructive wipers that were used to target critical infrastructure in a hybrid war […] | Threat | ||
|
2022-04-27 14:32:47 | US Department of State offers $10M reward for info to locate six Russian Sandworm members (lien direct) | The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. The US Department of State is offering up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of […] | |||
|
2022-04-27 10:38:38 | Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats (lien direct) | Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities […] | |||
|
2022-04-27 08:52:46 | Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack (lien direct) | The German wind turbine giant Deutsche Windtechnik was hit by a targeted cyberattack earlier this month. German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month. The attack took place during the night between April 11 and 12, the company switched off remote […] | |||
|
2022-04-27 07:15:07 | Conti ransomware operations surge despite the recent leak (lien direct) | Conti ransomware gang continues to target organizations worldwide despite the massive data leak has shed light on its operations. Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities. The group’s activity returned to the levels […] | Ransomware Threat | ||
|
2022-04-26 18:00:59 | Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks (lien direct) | The Iran-linked APT group Rocket Kitten has been observed exploiting a recently patched CVE-2022-22954 VMware flaw. Iran-linked Rocket Kitten APT group has been observed exploiting a recently patched CVE-2022-22954 VMware Workspace ONE Access flaw to deploy ‘Core Impact’ Backdoor. The CVE-2022-22954 vulnerability is a server-side template injection remote code execution issue, it was rated 9.8 […] | Vulnerability | APT 35 | |
|
2022-04-26 11:41:53 | (Déjà vu) CISA adds new Microsoft, Linux, and Jenkins flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US Critical Infrastructure Security Agency (CISA) adds seven new flaws to its Known Exploited Vulnerabilities Catalog, including Microsoft, Linux, and Jenkins bugs. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems According to Binding Operational Directive (BOD) 22-01: Reducing […] | |||
|
2022-04-26 09:36:30 | Stormous ransomware gang claims to have hacked Coca-Cola (lien direct) | The Stormous ransomware gang claims to have hacked the multinational beverage corporation Coca-Cola Company. The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB. The group recently launched a poll asking members […] | Ransomware | ||
|
2022-04-26 08:25:03 | North Korea-linked APT37 targets journalists with GOLDBACKDOOR (lien direct) | North Korea-linked APT37 group is targeting journalists that focus on DPRK with a new piece of malware. North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. The campaign was discovered by journalists at NK News, an American news site that focuses on North […] | Cloud | APT 37 | |
|
2022-04-26 07:10:29 | Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time (lien direct) | An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the […] | |||
|
2022-04-25 17:43:58 | Iran announced to have foiled massive cyberattacks on public services (lien direct) | State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted […] | |||
|
2022-04-25 08:52:35 | BlackCat Ransomware gang breached over 60 orgs worldwide (lien direct) | At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI. The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November. […] | Ransomware | ||
|
2022-04-25 08:09:22 | Experts warn of a surge in zero-day flaws observed and exploited in 2021 (lien direct) | The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google and Mandiant have published two reports that highlight a surge in the discovery of zero-day flaws exploited by threat actors in attacks in the wild. Google's Project Zero researchers reported that 58 zero-day were discovered […] | Threat | ||
|
2022-04-24 13:57:11 | Atlassian addresses a critical Jira authentication bypass flaw (lien direct) | Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by […] | Vulnerability Threat | ||
|
2022-04-24 12:46:13 | Since declaring cyber war on Russia Anonymous leaked 5.8 TB of Russian data (lien direct) | OpRussia continues unabated, since declaring ‘cyber war’ on Russia Anonymous has now published approximately 5.8 TB of Russian data. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues to collect successes, the collective claims to have published approximately 5.8 TB of Russian data via DDoSecrets. The collective vows to release […] | |||
|
2022-04-24 09:21:28 | (Déjà vu) Apr 17 – Apr 23 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 23 – Phishing attacks using the topic “Azovstal” targets Ukrainian entities Ukrainian CERT-UA warns of phishing […] | |||
|
2022-04-24 08:55:32 | Security Affairs newsletter Round 362 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. T-Mobile confirms Lapsus$ had access its systems Are you using Java 15/16/17 or 18 […] | |||
|
2022-04-23 20:31:33 | T-Mobile confirms Lapsus$ had access its systems (lien direct) | Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of […] | |||
|
2022-04-23 18:12:53 | Are you using Java 15/16/17 or 18 in production? Patch them now! (lien direct) | A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS score: 7.5), in Java. The vulnerability was discovered by ForgeRock researcher Neil Madden, who notified Oracle on November 11, 2021. An […] | Vulnerability | ||
|
2022-04-23 08:37:17 | Phishing attacks using the topic “Azovstal” targets entities in Ukraine (lien direct) | Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal”. The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening […] | |||
|
2022-04-22 22:51:34 | Conti ransomware claims responsibility for the attack on Costa Rica (lien direct) | Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a ransomware attack has crippled the government infrastructure of Costa Rica causing chaos. The Conti ransomware gang claimed responsibility for the attack, while the Costa Rican government refused to pay a ransom. “The Costa Rican state […] | Ransomware | ||
|
2022-04-22 14:27:58 | Cyber Insurance and the Changing Global Risk Environment (lien direct) | When security fails, cyber insurance can become crucial for ensuring continuity. Cyber has changed everything around us – even the way we tackle geopolitical crisis and conflicts. WhenEinstein was asked what a war will look like in the future, he couldn’t have predicted the importance ofdigital technology for modern societies. According to a report by […] | |||
|
2022-04-22 14:07:06 | A stored XSS flaw in RainLoop allows stealing users\' emails (lien direct) | Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. The vulnerability is a stored […] | Vulnerability | ||
|
2022-04-22 11:28:51 | QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS (lien direct) | Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do […] | |||
|
2022-04-22 08:21:05 | Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits (lien direct) | Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS exploits. The Pwn2Own Miami 2022 is a hacking contest organized by Trend Micro's Zero Day Initiative (ZDI) that focuses on demonstrating exploits for ICS systems belonging to the following categories: the OPC UA Server, Control […] | |||
|
2022-04-22 07:26:53 | Lemon_Duck cryptomining botnet targets Docker servers (lien direct) | The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was […] | |||
|
2022-04-21 20:17:50 | Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack (lien direct) | A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. The ALAC […] | Hack | ||
|
2022-04-21 13:54:42 | Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors (lien direct) | Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the […] | |||
|
2022-04-21 11:49:20 | Static SSH host key in Cisco Umbrella allows stealing admin credentials (lien direct) | Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773, that could be exploited by an unauthenticated attacker to steal admin credentials remotely. Umbrella is Cisco’s cloud-based Secure Internet Gateway (SIG) […] | Vulnerability | ||
|
2022-04-21 07:58:50 | CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable (lien direct) | CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and […] | |||
|
2022-04-21 07:15:37 | US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors\' attacks (lien direct) | Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada, New Zealand, and the United Kingdom) issued a joint advisory warning of cyber attacks on critical infrastructure conducted by Russia-linked threat actors and criminal cyber threats. […] | Threat | ||
|
2022-04-20 19:30:08 | Russian Gamaredon APT continues to target Ukraine (lien direct) | Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and ACTINIUM) continues to target Ukraine and it is using new variants of the custom Pterodo backdoor (aka Pteranodon). The cyberespionage group is behind a recent series of spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian […] | Threat | ||
|
2022-04-20 13:47:13 | Anonymous hacked other Russian organizations, some of the breaches could be severe (lien direct) | The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked to the famous collective continues to target Russian organizations, the hacktivist are breaching their systems and leak stolen data online. Below the organizations breached in the last three days, since my previous update: Tendertech is […] | |||
|
2022-04-20 09:42:26 | (Déjà vu) CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog (lien direct) | US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have […] | Vulnerability | ||
|
2022-04-20 06:44:41 | New BotenaGo variant specifically targets Lilin security camera DVR devices (lien direct) | Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages thirty-three exploits to target millions of routers and IoT devices. BotenaGo was written in Golang (Go) and at the […] | Malware | ||
|
2022-04-20 06:41:44 | QNAP users are recommended to disable UPnP port forwarding on routers (lien direct) | QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices. Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect their network-attached storage (NAS) devices from attacks. UPnP is an insecure protocol, it uses network UDP […] | |||
|
2022-04-19 14:38:29 | ESET warns of three flaws that affect over 100 Lenovo notebook models (lien direct) | Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its notebook models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga […] | |||
|
2022-04-19 12:29:55 | Kaspersky releases a free decryptor for Yanluowang ransomware (lien direct) | Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom. The Yanluowang ransomware was […] | Ransomware Malware Vulnerability | ||
|
2022-04-19 10:03:43 | NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks (lien direct) | Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists. […] | Threat | ||
|
2022-04-19 08:54:40 | New SolarMarker variant upgrades evasion abilities to avoid detection (lien direct) | Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid detection. SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo) is a fileless .NET RAT that implements backdoor capabilities and allows operators to steal […] | Malware | ||
|
2022-04-19 07:29:15 | Crooks steal $182 million from Beanstalk DeFi platform (lien direct) | Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million. The decentralized, credit-based finance system Beanstalk suffered a security breach that resulted in financial losses of $182 million. Researchers at blockchain analysis firm PeckShield reported that the attackers have stolen $80 M for the hacker. PeckShield first reported […] | |||
|
2022-04-18 17:46:46 | Experts spotted Industrial Spy, a new stolen data marketplace (lien direct) | A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the […] | Malware Threat | ||
|
2022-04-18 08:13:33 | CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: […] | |||
|
2022-04-18 08:04:46 | (Déjà vu) Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 16 – The unceasing action of Anonymous against Russia This week the Anonymous collective and its […] | |||
|
2022-04-17 17:53:00 | Enemybot, a new DDoS botnet appears in the threat landscape (lien direct) | Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet […] | Threat | ||
|
2022-04-17 14:58:53 | Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns (lien direct) | GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, […] | Threat | ||
|
2022-04-17 09:53:35 | Security Affairs newsletter Round 361 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The […] | APT 38 APT 28 | ||
|
2022-04-16 20:30:51 | U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist (lien direct) | The U.S. government blames North Korea-linked APT Lazarus for the recent $600 million Ronin Validator cyber heist. The U.S. government attributes the recent $600 million Ronin Validator cryptocurrencty heist to the North Korea-linked APT Lazarus. The U.S. Treasury announced in a notice the sanctions against the Ethereum address used by the APT to receive the […] | APT 38 APT 28 | ||
|
2022-04-16 17:00:40 | The unceasing action of Anonymous against Russia (lien direct) | This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data. This week Anonymous and other hacker groups affiliated with the collective have launched multiple attacks against Russian government agencies and organizations. The week started with the announcement of the hack of Russia's Ministry of Culture, Anonymous leaked 446 […] | Hack | ||
|
2022-04-16 11:49:34 | Threat actors target the Ukrainian gov with IcedID malware (lien direct) | Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats […] | Malware Threat |
To see everything:
Our RSS (filtrered)
