What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-15 22:13:40 | Threat actors use Zimbra exploits to target organizations in Ukraine (lien direct) | Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). “Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch […] | Vulnerability Threat | ||
|
2022-04-15 19:49:36 | Conti Ransomware Gang claims responsibility for the Nordex hack (lien direct) | The Conti ransomware gang has claimed responsibility for the recent attack against Nordex, one of the largest manufacturers of wind turbines. The Conti ransomware gang claimed responsibility for the cyberattack that hit the manufacturer of wind turbines Nordex on March 31, 2022. Nordex Group shut down “IT systems across multiple locations and business units” as […] | Ransomware Hack | ||
|
2022-04-15 14:37:07 | ZingoStealer crimeware released for free in the cybercrime ecosystem (lien direct) | A new powerful crimeware called ZingoStealer was released for free by a threat actor known as Haskers Gang. ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The threat actors were also offering their own crypter, dubbed […] | Threat | ||
|
2022-04-15 11:51:54 | Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover (lien direct) | Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass […] | Vulnerability | ★★★★★ | |
|
2022-04-15 10:25:30 | Google fixed third zero-day in Chrome since the start of 2022 (lien direct) | Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The CVE-2022-1364 zero-day is a type confusion issue […] | Vulnerability Threat | ||
|
2022-04-15 09:08:13 | Ways to Develop a Cybersecurity Training Program for Employees (lien direct) | Cybersecurity experts would have you believe that your organization's employees have a crucial role in bolstering or damaging your company’s security initiatives. While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. According to a recent industry report […] | Data Breach Studies | ||
|
2022-04-15 08:25:20 | Analysis of the SunnyDay ransomware (lien direct) | The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator, and Payment45. Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found. […] | Ransomware | ||
|
2022-04-14 15:10:01 | US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices (lien direct) | The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) to warn of offensive capabilities developed by […] | Threat | ||
|
2022-04-14 14:13:56 | (Déjà vu) CISA adds Windows CLFS Driver Privilege Escalation flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-24521 privilege escalation vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB […] | Vulnerability | ★★★★ | |
|
2022-04-14 10:42:53 | Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited (lien direct) | Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability […] | Vulnerability Threat | ||
|
2022-04-14 04:36:27 | Microsoft has taken legal and technical action to dismantle the Zloader botnet (lien direct) | Microsoft’s Digital Crimes Unit (DCU) announced to have shut down dozens C2 servers used by the infamous ZLoader botnet. Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by […] | |||
|
2022-04-13 19:32:18 | CVE-2021-31805 RCE bug in Apache Struts was finally patched (lien direct) | Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 to 2.5.29. […] | |||
|
2022-04-13 14:52:23 | China-linked Hafnium APT leverages Tarrask malware to gain persistence (lien direct) | China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities […] | Malware Threat | ||
|
2022-04-13 12:15:55 | (Déjà vu) JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals (lien direct) | Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon's TUG autonomous mobile robots. Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous mobile robots, collectively named JekyllBot:5, that could be exploited by remote attackers to hack the devices. According to a US CISA advisory, the […] | Hack | ||
|
2022-04-13 07:05:40 | EU officials were targeted with Israeli surveillance software (lien direct) | According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. The report did not attribute the […] | |||
|
2022-04-12 22:44:56 | Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities (lien direct) | Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities in multiple products, including Microsoft Windows and Windows Components, Microsoft Defender and Defender for Endpoint, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Office and Office […] | |||
|
2022-04-12 18:31:35 | (Déjà vu) Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums (lien direct) | The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET. The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol's European Cybercrime Centre. Operation TOURNIQUET was conducted by law […] | |||
|
2022-04-12 14:05:20 | Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers (lien direct) | Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by […] | Malware Threat | ||
|
2022-04-12 11:23:22 | NGINX project maintainers fix flaws in LDAP Reference Implementation (lien direct) | The maintainers of the NGINX web server project addressed a zero-day vulnerability in the Lightweight Directory Access Protocol (LDAP) Reference Implementation. The maintainers of the NGINX web server project have released security updates to address a zero-day vulnerability that resides in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. The NGINX LDAP reference implementation uses […] | Vulnerability | ||
|
2022-04-12 08:36:41 | CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, […] | ★★★★ | ||
|
2022-04-11 22:19:17 | Anonymous hacked Russia\'s Ministry of Culture and leaked 446 GB (lien direct) | The Anonymous collective has hacked Russia’s Ministry of Culture and leaked 446 GB of data through the DDoSecrets platform. Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over 500,000 emails. The dump includes three datasets, the largest one is related to the Ministry of Culture […] | |||
|
2022-04-11 20:47:50 | FFDroider, a new information-stealing malware disguised as Telegram app (lien direct) | Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider, that disguises itself as the popular instant messaging app Telegram. The malware was derived to siphon credentials and cookies from infected machines. “Recently, ThreatLabz identified a novel windows […] | Malware | ||
|
2022-04-11 14:48:18 | SuperCare Health discloses a data breach that Impacted +300K people (lien direct) | SuperCare Health, a leading respiratory care provider in the Western U.S, disclosed a data breach that impacted more than 300,000 individuals. SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others. The company notified impacted individuals and law enforcement […] | Data Breach Guideline | ||
|
2022-04-11 10:27:37 | Microsoft\'s Autopatch feature improves the patch management process (lien direct) | Microsoft announced a feature called Autopatch that will allow organizations to keep their systems up-to-date starting with Windows Enterprise E3 (July 2022). Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises […] | |||
|
2022-04-11 07:27:59 | Dependency Review GitHub Action prevents adding known flaws in the code (lien direct) | Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply […] | |||
|
2022-04-11 07:19:41 | Securing Easy Appointments and earning CVE-2022-0482 (lien direct) | Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […] | Vulnerability Threat | ||
|
2022-04-10 20:19:39 | Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict (lien direct) | This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion of Ukraine that occurred in the previous weeks: April 8 – Anonymous and the IT ARMY of Ukraine continue to target Russian entities […] | |||
|
2022-04-10 09:08:13 | NB65 group targets Russia with a modified version of Conti\'s ransomware (lien direct) | NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer, NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. The NB65 hacking group, since the beginning of the invasion, the […] | Ransomware | ||
|
2022-04-10 08:00:43 | Security Affairs newsletter Round 360 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. A DDoS attack took down Finnish govt sites as Ukraine's President addresses MPs SharkBot […] | |||
|
2022-04-10 07:53:57 | Facebook blocked Russia and Belarus threat actors\' activity against Ukraine (lien direct) | Facebook/Meta said Russia-linked threat actors are attempting to use the social network against Ukraine with hate speech, bullying, and fake news. Facebook/Meta revealed that Russia-linked threat actors are attempting to weaponize the social network to target Ukraine. The company blocked about 200 accounts operated from Russia that were used to falsely report people for various […] | Threat | ||
|
2022-04-09 15:49:41 | A DDoS attack took down Finnish govt sites as Ukraine\'s President addresses MPs (lien direct) | A massive DDoS attack took down Finnish government websites while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs). On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign Affairs. The attack started at about noon, while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs). “A […] | |||
|
2022-04-09 15:00:05 | SharkBot Banking Trojan spreads through fake AV apps on Google Play (lien direct) | Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Researchers from the Check Point Research (CPR) team discovered several malicious Android apps on the official Google Play Store masqueraded as antivirus solutions that were used to deliver the SharkBot banking Trojan. Sharkbot is an information stealer steals used […] | |||
|
2022-04-09 12:06:00 | China-linked threat actors target Indian Power Grid organizations (lien direct) | China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka […] | Threat | APT 1 | |
|
2022-04-09 07:45:29 | A Mirai-based botnet is exploiting the Spring4Shell vulnerability (lien direct) | Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […] | Vulnerability Threat | ||
|
2022-04-08 21:00:18 | 15 Cybersecurity Measures for the Cloud Era (lien direct) | Which are the most important cybersecurity measures that businesses can take to protect themselves in the cloud era? We are now firmly in the era of cloud data and storage. In fact, it's become quite difficult to find a service that doesn't rely on the cloud in some way. This ubiquity has led to increased […] | |||
|
2022-04-08 14:17:01 | Anonymous and the IT ARMY of Ukraine continue to target Russian entities (lien direct) | The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company […] | |||
|
2022-04-08 11:02:23 | A Ukrainian man is the third FIN7 member sentenced in the United States (lien direct) | A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). The man […] | |||
|
2022-04-08 09:43:52 | Microsoft disrupted APT28 attacks on Ukraine through a court order (lien direct) | Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 […] | APT 28 | ||
|
2022-04-08 07:16:58 | Hamas-linked threat actors target high-profile Israeli individuals (lien direct) | Hamas-linked threat actors conducted an elaborate campaign aimed at high-profile Israeli individuals employed in sensitive sectors. Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns targeting Israeli high-profile targets working for sensitive defense, law enforcement, and emergency services organizations. The threat actors use sophisticated social engineering techniques to infect Windows and Android […] | Threat | APT-C-23 | |
|
2022-04-07 14:56:47 | Colibri Loader employs clever persistence mechanism (lien direct) | Recently discovered malware loader Colibri leverages a trivial and efficient persistence mechanism to deploy Windows Vidar data stealer. Malwarebytes researchers observed a new loader, dubbed Colibri, which has been used to deploy a Windows information stealer tracked as Vidar in a recent campaign. The Colibri Loader first appeared in the threat landscape in August 2021 […] | Malware Threat | ||
|
2022-04-07 13:11:33 | CVE-2022-22292 flaw could allow hacking of Samsung Android devices (lien direct) | Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung […] | Vulnerability | ||
|
2022-04-07 10:02:42 | Palo Alto Networks devices affected by CVE-2022-0778 OpenSSL bug (lien direct) | Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778, that affects some of its firewall, VPN, and XDR products. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project […] | |||
|
2022-04-07 07:10:28 | VMware addressed several critical vulnerabilities in multiple products (lien direct) | VMware fixed critical vulnerabilities in multiple products that could be exploited by remote attackers to execute arbitrary code. VMware has addressed critical remote code vulnerabilities in multiple products, including VMware's Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. The virtualization giant urges its customers to address […] | |||
|
2022-04-06 22:13:34 | US dismantled the Russia-linked Cyclops Blink botnet (lien direct) | The U.S. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. The U.S. government announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. “The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet […] | |||
|
2022-04-06 14:57:35 | Ukraine warns of attacks aimed at taking over Telegram accounts (lien direct) | Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors […] | Threat | ||
|
2022-04-06 14:01:25 | Block discloses data breach involving Cash App potentially impacting 8.2 million US customers (lien direct) | Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers. The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to […] | Data Breach | ||
|
2022-04-06 10:45:18 | U.S. Treasury Department sanctions darkweb marketplace Hydra Market (lien direct) | The U.S. Treasury Department sanctioned the Hydra Market, the world’s largest and longest-running dark web marketplace. The U.S. Treasury Department sanctioned the darkweb marketplace Hydra Market, the same day Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down the illegal platform. The seizure of the Hydra Market is the result of an international […] | |||
|
2022-04-06 08:23:02 | A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems (lien direct) | Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down part of its infrastructure. Nordex Group, one of the world's largest manufacturers of wind turbines, was the victim of a cyberattack that forced the company to take down multiple systems. The attack was […] | |||
|
2022-04-06 07:01:59 | Germany police shut down Hydra Market dark web marketplace (lien direct) | Germany’s Federal Criminal Police Office shut down Hydra Market, the Russian-language darknet marketplace specialized in drug dealing. Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down Hydra, one of the world’s largest dark web marketplace. The seizure of the Hydra Market is the result of an international investigation conducted by the […] | |||
|
2022-04-05 20:28:28 | Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns (lien direct) | Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon, Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” the campaign aims at […] |
To see everything:
Our RSS (filtrered)
